add full index

19-lsm-connect/.gitignore

@@ -0,0 +1,6 @@
+.vscode
+package.json
+*.o
+*.skel.json
+*.skel.yaml
+package.yaml

19-lsm-connect/README.md

@@ -0,0 +1,34 @@
+---
+layout: post
+title: lsm-connect
+date: 2022-10-10 16:18
+category: bpftools
+author: yunwei37
+tags: [bpftools, examples, lsm, no-output]
+summary: BPF LSM program (on socket_connect hook) that prevents any connection towards 1.1.1.1 to happen. Found in demo-cloud-native-ebpf-day
+---
+
+
+## run
+
+```console
+docker run -it -v `pwd`/:/src/ yunwei37/ebpm:latest
+```
+
+or compile with `ecc`:
+
+```console
+$ ecc lsm-connect.bpf.c
+Compiling bpf object...
+Packing ebpf object and config into package.json...
+```
+
+Run:
+
+```console
+sudo ecli  examples/bpftools/lsm-connect/package.json
+```
+
+## reference
+
+<https://github.com/leodido/demo-cloud-native-ebpf-day>

19-lsm-connect/lsm-connect.bpf.c

@@ -0,0 +1,41 @@
+#include "vmlinux.h"
+#include <bpf/bpf_core_read.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+char LICENSE[] SEC("license") = "GPL";
+
+#define EPERM 1
+#define AF_INET 2
+
+const __u32 blockme = 16843009; // 1.1.1.1 -> int
+
+SEC("lsm/socket_connect")
+int BPF_PROG(restrict_connect, struct socket *sock, struct sockaddr *address, int addrlen, int ret)
+{
+    // Satisfying "cannot override a denial" rule
+    if (ret != 0)
+    {
+        return ret;
+    }
+
+    // Only IPv4 in this example
+    if (address->sa_family != AF_INET)
+    {
+        return 0;
+    }
+
+    // Cast the address to an IPv4 socket address
+    struct sockaddr_in *addr = (struct sockaddr_in *)address;
+
+    // Where do you want to go?
+    __u32 dest = addr->sin_addr.s_addr;
+    bpf_printk("lsm: found connect to %d", dest);
+
+    if (dest == blockme)
+    {
+        bpf_printk("lsm: blocking %d", dest);
+        return -EPERM;
+    }
+    return 0;
+}