Commit | Line | Data |
---|---|---|
cf9b1199 SD |
1 | /* Copyright (c) 2016 Sargun Dhillon <sargun@sargun.me> |
2 | * | |
3 | * This program is free software; you can redistribute it and/or | |
4 | * modify it under the terms of version 2 of the GNU General Public | |
5 | * License as published by the Free Software Foundation. | |
6 | */ | |
7 | #include <linux/skbuff.h> | |
8 | #include <linux/netdevice.h> | |
9 | #include <uapi/linux/bpf.h> | |
10 | #include <linux/version.h> | |
7cf245a3 THJ |
11 | #include <bpf/bpf_helpers.h> |
12 | #include <bpf/bpf_tracing.h> | |
af9bd3e3 DL |
13 | #include <bpf/bpf_core_read.h> |
14 | #include "trace_common.h" | |
cf9b1199 | 15 | |
3677d0a1 DL |
16 | struct { |
17 | __uint(type, BPF_MAP_TYPE_HASH); | |
18 | __type(key, struct sockaddr_in); | |
19 | __type(value, struct sockaddr_in); | |
20 | __uint(max_entries, 256); | |
21 | } dnat_map SEC(".maps"); | |
cf9b1199 SD |
22 | |
23 | /* kprobe is NOT a stable ABI | |
24 | * kernel functions can be removed, renamed or completely change semantics. | |
25 | * Number of arguments and their positions can change, etc. | |
26 | * In such case this bpf+kprobe example will no longer be meaningful | |
27 | * | |
28 | * This example sits on a syscall, and the syscall ABI is relatively stable | |
29 | * of course, across platforms, and over time, the ABI may change. | |
30 | */ | |
af9bd3e3 | 31 | SEC("kprobe/" SYSCALL(sys_connect)) |
cf9b1199 SD |
32 | int bpf_prog1(struct pt_regs *ctx) |
33 | { | |
af9bd3e3 DL |
34 | struct pt_regs *real_regs = (struct pt_regs *)PT_REGS_PARM1_CORE(ctx); |
35 | void *sockaddr_arg = (void *)PT_REGS_PARM2_CORE(real_regs); | |
36 | int sockaddr_len = (int)PT_REGS_PARM3_CORE(real_regs); | |
cf9b1199 SD |
37 | struct sockaddr_in new_addr, orig_addr = {}; |
38 | struct sockaddr_in *mapped_addr; | |
cf9b1199 SD |
39 | |
40 | if (sockaddr_len > sizeof(orig_addr)) | |
41 | return 0; | |
42 | ||
251e2d33 | 43 | if (bpf_probe_read_user(&orig_addr, sizeof(orig_addr), sockaddr_arg) != 0) |
cf9b1199 SD |
44 | return 0; |
45 | ||
46 | mapped_addr = bpf_map_lookup_elem(&dnat_map, &orig_addr); | |
47 | if (mapped_addr != NULL) { | |
48 | memcpy(&new_addr, mapped_addr, sizeof(new_addr)); | |
49 | bpf_probe_write_user(sockaddr_arg, &new_addr, | |
50 | sizeof(new_addr)); | |
51 | } | |
52 | return 0; | |
53 | } | |
54 | ||
55 | char _license[] SEC("license") = "GPL"; | |
56 | u32 _version SEC("version") = LINUX_VERSION_CODE; |