1 // SPDX-License-Identifier: GPL-2.0 2 #include <netinet/in.h> 3 #include <linux/bpf.h> 4 #include "bpf_helpers.h" 5 6 char _license[] SEC("license") = "GPL"; 7 __u32 _version SEC("version") = 1; 8 9 SEC("cgroup/getsockopt/child") _getsockopt_child(struct bpf_sockopt * ctx)10int _getsockopt_child(struct bpf_sockopt *ctx) 11 { 12 __u8 *optval_end = ctx->optval_end; 13 __u8 *optval = ctx->optval; 14 15 if (ctx->level != SOL_IP || ctx->optname != IP_TOS) 16 return 1; 17 18 if (optval + 1 > optval_end) 19 return 0; /* EPERM, bounds check */ 20 21 if (optval[0] != 0x80) 22 return 0; /* EPERM, unexpected optval from the kernel */ 23 24 ctx->retval = 0; /* Reset system call return value to zero */ 25 26 optval[0] = 0x90; 27 ctx->optlen = 1; 28 29 return 1; 30 } 31 32 SEC("cgroup/getsockopt/parent") _getsockopt_parent(struct bpf_sockopt * ctx)33int _getsockopt_parent(struct bpf_sockopt *ctx) 34 { 35 __u8 *optval_end = ctx->optval_end; 36 __u8 *optval = ctx->optval; 37 38 if (ctx->level != SOL_IP || ctx->optname != IP_TOS) 39 return 1; 40 41 if (optval + 1 > optval_end) 42 return 0; /* EPERM, bounds check */ 43 44 if (optval[0] != 0x90) 45 return 0; /* EPERM, unexpected optval from the kernel */ 46 47 ctx->retval = 0; /* Reset system call return value to zero */ 48 49 optval[0] = 0xA0; 50 ctx->optlen = 1; 51 52 return 1; 53 } 54 55 SEC("cgroup/setsockopt") _setsockopt(struct bpf_sockopt * ctx)56int _setsockopt(struct bpf_sockopt *ctx) 57 { 58 __u8 *optval_end = ctx->optval_end; 59 __u8 *optval = ctx->optval; 60 61 if (ctx->level != SOL_IP || ctx->optname != IP_TOS) 62 return 1; 63 64 if (optval + 1 > optval_end) 65 return 0; /* EPERM, bounds check */ 66 67 optval[0] += 0x10; 68 ctx->optlen = 1; 69 70 return 1; 71 } 72