[linux-2.6-block.git] / samples / bpf / test_probe_write_user_kern.c

/* Copyright (c) 2016 Sargun Dhillon <sargun@sargun.me>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of version 2 of the GNU General Public
 * License as published by the Free Software Foundation.
 */
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <uapi/linux/bpf.h>
#include <linux/version.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h>
#include "trace_common.h"

struct {
	__uint(type, BPF_MAP_TYPE_HASH);
	__type(key, struct sockaddr_in);
	__type(value, struct sockaddr_in);
	__uint(max_entries, 256);
} dnat_map SEC(".maps");

/* kprobe is NOT a stable ABI
 * kernel functions can be removed, renamed or completely change semantics.
 * Number of arguments and their positions can change, etc.
 * In such case this bpf+kprobe example will no longer be meaningful
 *
 * This example sits on a syscall, and the syscall ABI is relatively stable
 * of course, across platforms, and over time, the ABI may change.
 */
SEC("kprobe/" SYSCALL(sys_connect))
int bpf_prog1(struct pt_regs *ctx)
{
	struct pt_regs *real_regs = (struct pt_regs *)PT_REGS_PARM1_CORE(ctx);
	void *sockaddr_arg = (void *)PT_REGS_PARM2_CORE(real_regs);
	int sockaddr_len = (int)PT_REGS_PARM3_CORE(real_regs);
	struct sockaddr_in new_addr, orig_addr = {};
	struct sockaddr_in *mapped_addr;

	if (sockaddr_len > sizeof(orig_addr))
		return 0;

	if (bpf_probe_read_user(&orig_addr, sizeof(orig_addr), sockaddr_arg) != 0)
		return 0;

	mapped_addr = bpf_map_lookup_elem(&dnat_map, &orig_addr);
	if (mapped_addr != NULL) {
		memcpy(&new_addr, mapped_addr, sizeof(new_addr));
		bpf_probe_write_user(sockaddr_arg, &new_addr,
				     sizeof(new_addr));
	}
	return 0;
}

char _license[] SEC("license") = "GPL";
u32 _version SEC("version") = LINUX_VERSION_CODE;
Commit	Line	Data
cf9b1199 SD	1	/* Copyright (c) 2016 Sargun Dhillon <sargun@sargun.me>
	2	*
	3	* This program is free software; you can redistribute it and/or
	4	* modify it under the terms of version 2 of the GNU General Public
	5	* License as published by the Free Software Foundation.
	6	*/
	7	#include <linux/skbuff.h>
	8	#include <linux/netdevice.h>
	9	#include <uapi/linux/bpf.h>
	10	#include <linux/version.h>
7cf245a3 THJ	11	#include <bpf/bpf_helpers.h>
7cf245a3 THJ	12	#include <bpf/bpf_tracing.h>
af9bd3e3 DL	13	#include <bpf/bpf_core_read.h>
af9bd3e3 DL	14	#include "trace_common.h"
cf9b1199	15
3677d0a1 DL	16	struct {
	17	__uint(type, BPF_MAP_TYPE_HASH);
	18	__type(key, struct sockaddr_in);
	19	__type(value, struct sockaddr_in);
	20	__uint(max_entries, 256);
	21	} dnat_map SEC(".maps");
cf9b1199 SD	22
	23	/* kprobe is NOT a stable ABI
	24	* kernel functions can be removed, renamed or completely change semantics.
	25	* Number of arguments and their positions can change, etc.
	26	* In such case this bpf+kprobe example will no longer be meaningful
	27	*
	28	* This example sits on a syscall, and the syscall ABI is relatively stable
	29	* of course, across platforms, and over time, the ABI may change.
	30	*/
af9bd3e3	31	SEC("kprobe/" SYSCALL(sys_connect))
cf9b1199 SD	32	int bpf_prog1(struct pt_regs *ctx)
cf9b1199 SD	33	{
af9bd3e3 DL	34	struct pt_regs real_regs = (struct pt_regs )PT_REGS_PARM1_CORE(ctx);
	35	void sockaddr_arg = (void )PT_REGS_PARM2_CORE(real_regs);
	36	int sockaddr_len = (int)PT_REGS_PARM3_CORE(real_regs);
cf9b1199 SD	37	struct sockaddr_in new_addr, orig_addr = {};
cf9b1199 SD	38	struct sockaddr_in *mapped_addr;
cf9b1199 SD	39
	40	if (sockaddr_len > sizeof(orig_addr))
	41	return 0;
	42
251e2d33	43	if (bpf_probe_read_user(&orig_addr, sizeof(orig_addr), sockaddr_arg) != 0)
cf9b1199 SD	44	return 0;
	45
	46	mapped_addr = bpf_map_lookup_elem(&dnat_map, &orig_addr);
	47	if (mapped_addr != NULL) {
	48	memcpy(&new_addr, mapped_addr, sizeof(new_addr));
	49	bpf_probe_write_user(sockaddr_arg, &new_addr,
	50	sizeof(new_addr));
	51	}
	52	return 0;
	53	}
	54
	55	char _license[] SEC("license") = "GPL";
	56	u32 _version SEC("version") = LINUX_VERSION_CODE;