1 | // SPDX-License-Identifier: GPL-2.0 |
---|---|
2 | |
3 | #include <linux/stddef.h> |
4 | #include <linux/bpf.h> |
5 | #include <sys/types.h> |
6 | #include <sys/socket.h> |
7 | #include <bpf/bpf_helpers.h> |
8 | #include <bpf/bpf_endian.h> |
9 | |
10 | static __always_inline int bind_prog(struct bpf_sock_addr *ctx, int family) |
11 | { |
12 | struct bpf_sock *sk; |
13 | |
14 | sk = ctx->sk; |
15 | if (!sk) |
16 | return 0; |
17 | |
18 | if (sk->family != family) |
19 | return 0; |
20 | |
21 | if (ctx->type != SOCK_STREAM) |
22 | return 0; |
23 | |
24 | /* Return 1 OR'ed with the first bit set to indicate |
25 | * that CAP_NET_BIND_SERVICE should be bypassed. |
26 | */ |
27 | if (ctx->user_port == bpf_htons(111)) |
28 | return (1 | 2); |
29 | |
30 | return 1; |
31 | } |
32 | |
33 | SEC("cgroup/bind4") |
34 | int bind_v4_prog(struct bpf_sock_addr *ctx) |
35 | { |
36 | return bind_prog(ctx, AF_INET); |
37 | } |
38 | |
39 | SEC("cgroup/bind6") |
40 | int bind_v6_prog(struct bpf_sock_addr *ctx) |
41 | { |
42 | return bind_prog(ctx, AF_INET6); |
43 | } |
44 | |
45 | char _license[] SEC("license") = "GPL"; |
46 |