feat: deploy static web with mdbook (#11)

src/19-lsm-connect/.gitignore

@@ -0,0 +1,6 @@
+.vscode
+package.json
+*.o
+*.skel.json
+*.skel.yaml
+package.yaml

src/19-lsm-connect/README.md

@@ -0,0 +1,39 @@
+# eBPF 入门实践教程：使用 LSM 进行安全检测防御
+
+## 背景
+
+TODO
+
+## LSM 概述
+
+TODO
+
+## 编写 eBPF 程序
+
+TODO
+
+## 编译运行
+
+```console
+docker run -it -v `pwd`/:/src/ yunwei37/ebpm:latest
+```
+
+or compile with `ecc`:
+
+```console
+$ ecc lsm-connect.bpf.c
+Compiling bpf object...
+Packing ebpf object and config into package.json...
+```
+
+Run:
+
+```console
+sudo ecli  examples/bpftools/lsm-connect/package.json
+```
+
+## 总结
+
+TODO
+
+参考：<https://github.com/leodido/demo-cloud-native-ebpf-day>

src/19-lsm-connect/lsm-connect.bpf.c

@@ -0,0 +1,41 @@
+#include "vmlinux.h"
+#include <bpf/bpf_core_read.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+char LICENSE[] SEC("license") = "GPL";
+
+#define EPERM 1
+#define AF_INET 2
+
+const __u32 blockme = 16843009; // 1.1.1.1 -> int
+
+SEC("lsm/socket_connect")
+int BPF_PROG(restrict_connect, struct socket *sock, struct sockaddr *address, int addrlen, int ret)
+{
+    // Satisfying "cannot override a denial" rule
+    if (ret != 0)
+    {
+        return ret;
+    }
+
+    // Only IPv4 in this example
+    if (address->sa_family != AF_INET)
+    {
+        return 0;
+    }
+
+    // Cast the address to an IPv4 socket address
+    struct sockaddr_in *addr = (struct sockaddr_in *)address;
+
+    // Where do you want to go?
+    __u32 dest = addr->sin_addr.s_addr;
+    bpf_printk("lsm: found connect to %d", dest);
+
+    if (dest == blockme)
+    {
+        bpf_printk("lsm: blocking %d", dest);
+        return -EPERM;
+    }
+    return 0;
+}