sock_flags_kern.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt

sock_flags_kern.c (1188B)

      1#include <uapi/linux/bpf.h>
      2#include <linux/socket.h>
      3#include <linux/net.h>
      4#include <uapi/linux/in.h>
      5#include <uapi/linux/in6.h>
      6#include <bpf/bpf_helpers.h>
      7
      8SEC("cgroup/sock1")
      9int bpf_prog1(struct bpf_sock *sk)
     10{
     11	char fmt[] = "socket: family %d type %d protocol %d\n";
     12	char fmt2[] = "socket: uid %u gid %u\n";
     13	__u64 gid_uid = bpf_get_current_uid_gid();
     14	__u32 uid = gid_uid & 0xffffffff;
     15	__u32 gid = gid_uid >> 32;
     16
     17	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
     18	bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid);
     19
     20	/* block PF_INET6, SOCK_RAW, IPPROTO_ICMPV6 sockets
     21	 * ie., make ping6 fail
     22	 */
     23	if (sk->family == PF_INET6 &&
     24	    sk->type == SOCK_RAW   &&
     25	    sk->protocol == IPPROTO_ICMPV6)
     26		return 0;
     27
     28	return 1;
     29}
     30
     31SEC("cgroup/sock2")
     32int bpf_prog2(struct bpf_sock *sk)
     33{
     34	char fmt[] = "socket: family %d type %d protocol %d\n";
     35
     36	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
     37
     38	/* block PF_INET, SOCK_RAW, IPPROTO_ICMP sockets
     39	 * ie., make ping fail
     40	 */
     41	if (sk->family == PF_INET &&
     42	    sk->type == SOCK_RAW  &&
     43	    sk->protocol == IPPROTO_ICMP)
     44		return 0;
     45
     46	return 1;
     47}
     48
     49char _license[] SEC("license") = "GPL";