1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0 2*4882a593Smuzhiyun #include <netinet/in.h> 3*4882a593Smuzhiyun #include <linux/bpf.h> 4*4882a593Smuzhiyun #include <bpf/bpf_helpers.h> 5*4882a593Smuzhiyun 6*4882a593Smuzhiyun char _license[] SEC("license") = "GPL"; 7*4882a593Smuzhiyun __u32 _version SEC("version") = 1; 8*4882a593Smuzhiyun 9*4882a593Smuzhiyun SEC("cgroup/getsockopt/child") _getsockopt_child(struct bpf_sockopt * ctx)10*4882a593Smuzhiyunint _getsockopt_child(struct bpf_sockopt *ctx) 11*4882a593Smuzhiyun { 12*4882a593Smuzhiyun __u8 *optval_end = ctx->optval_end; 13*4882a593Smuzhiyun __u8 *optval = ctx->optval; 14*4882a593Smuzhiyun 15*4882a593Smuzhiyun if (ctx->level != SOL_IP || ctx->optname != IP_TOS) 16*4882a593Smuzhiyun return 1; 17*4882a593Smuzhiyun 18*4882a593Smuzhiyun if (optval + 1 > optval_end) 19*4882a593Smuzhiyun return 0; /* EPERM, bounds check */ 20*4882a593Smuzhiyun 21*4882a593Smuzhiyun if (optval[0] != 0x80) 22*4882a593Smuzhiyun return 0; /* EPERM, unexpected optval from the kernel */ 23*4882a593Smuzhiyun 24*4882a593Smuzhiyun ctx->retval = 0; /* Reset system call return value to zero */ 25*4882a593Smuzhiyun 26*4882a593Smuzhiyun optval[0] = 0x90; 27*4882a593Smuzhiyun ctx->optlen = 1; 28*4882a593Smuzhiyun 29*4882a593Smuzhiyun return 1; 30*4882a593Smuzhiyun } 31*4882a593Smuzhiyun 32*4882a593Smuzhiyun SEC("cgroup/getsockopt/parent") _getsockopt_parent(struct bpf_sockopt * ctx)33*4882a593Smuzhiyunint _getsockopt_parent(struct bpf_sockopt *ctx) 34*4882a593Smuzhiyun { 35*4882a593Smuzhiyun __u8 *optval_end = ctx->optval_end; 36*4882a593Smuzhiyun __u8 *optval = ctx->optval; 37*4882a593Smuzhiyun 38*4882a593Smuzhiyun if (ctx->level != SOL_IP || ctx->optname != IP_TOS) 39*4882a593Smuzhiyun return 1; 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun if (optval + 1 > optval_end) 42*4882a593Smuzhiyun return 0; /* EPERM, bounds check */ 43*4882a593Smuzhiyun 44*4882a593Smuzhiyun if (optval[0] != 0x90) 45*4882a593Smuzhiyun return 0; /* EPERM, unexpected optval from the kernel */ 46*4882a593Smuzhiyun 47*4882a593Smuzhiyun ctx->retval = 0; /* Reset system call return value to zero */ 48*4882a593Smuzhiyun 49*4882a593Smuzhiyun optval[0] = 0xA0; 50*4882a593Smuzhiyun ctx->optlen = 1; 51*4882a593Smuzhiyun 52*4882a593Smuzhiyun return 1; 53*4882a593Smuzhiyun } 54*4882a593Smuzhiyun 55*4882a593Smuzhiyun SEC("cgroup/setsockopt") _setsockopt(struct bpf_sockopt * ctx)56*4882a593Smuzhiyunint _setsockopt(struct bpf_sockopt *ctx) 57*4882a593Smuzhiyun { 58*4882a593Smuzhiyun __u8 *optval_end = ctx->optval_end; 59*4882a593Smuzhiyun __u8 *optval = ctx->optval; 60*4882a593Smuzhiyun 61*4882a593Smuzhiyun if (ctx->level != SOL_IP || ctx->optname != IP_TOS) 62*4882a593Smuzhiyun return 1; 63*4882a593Smuzhiyun 64*4882a593Smuzhiyun if (optval + 1 > optval_end) 65*4882a593Smuzhiyun return 0; /* EPERM, bounds check */ 66*4882a593Smuzhiyun 67*4882a593Smuzhiyun optval[0] += 0x10; 68*4882a593Smuzhiyun ctx->optlen = 1; 69*4882a593Smuzhiyun 70*4882a593Smuzhiyun return 1; 71*4882a593Smuzhiyun } 72