cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

bind_perm.c (840B)

      1// SPDX-License-Identifier: GPL-2.0
      2
      3#include <linux/stddef.h>
      4#include <linux/bpf.h>
      5#include <sys/types.h>
      6#include <sys/socket.h>
      7#include <bpf/bpf_helpers.h>
      8#include <bpf/bpf_endian.h>
      9
     10static __always_inline int bind_prog(struct bpf_sock_addr *ctx, int family)
     11{
     12	struct bpf_sock *sk;
     13
     14	sk = ctx->sk;
     15	if (!sk)
     16		return 0;
     17
     18	if (sk->family != family)
     19		return 0;
     20
     21	if (ctx->type != SOCK_STREAM)
     22		return 0;
     23
     24	/* Return 1 OR'ed with the first bit set to indicate
     25	 * that CAP_NET_BIND_SERVICE should be bypassed.
     26	 */
     27	if (ctx->user_port == bpf_htons(111))
     28		return (1 | 2);
     29
     30	return 1;
     31}
     32
     33SEC("cgroup/bind4")
     34int bind_v4_prog(struct bpf_sock_addr *ctx)
     35{
     36	return bind_prog(ctx, AF_INET);
     37}
     38
     39SEC("cgroup/bind6")
     40int bind_v6_prog(struct bpf_sock_addr *ctx)
     41{
     42	return bind_prog(ctx, AF_INET6);
     43}
     44
     45char _license[] SEC("license") = "GPL";