From c76bf5557d8d9d77f4163d7b92d9bdb7f6bf794d Mon Sep 17 00:00:00 2001 From: lizefan Date: Wed, 11 Jun 2025 11:39:41 +0800 Subject: [PATCH] set customization in bpf Signed-off-by: lizefan --- include/uapi/linux/bpf.h | 4 +++- src/bpf_helper_defs.h | 26 ++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 7a54982..31d69b4 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -5891,7 +5891,9 @@ union bpf_attr { FN(user_ringbuf_drain, 209, ##ctx) \ FN(cgrp_storage_get, 210, ##ctx) \ FN(cgrp_storage_delete, 211, ##ctx) \ - /* */ + FN(sock_tcp_send_reset, 500, ##ctx) \ + FN(bpf_sock_destroy, 501, ##ctx) \ + /* customization from 500 */ /* backwards-compatibility macros for users of __BPF_FUNC_MAPPER that don't * know or care about integer value that is now passed as second argument diff --git a/src/bpf_helper_defs.h b/src/bpf_helper_defs.h index 90eec74..de0e867 100644 --- a/src/bpf_helper_defs.h +++ b/src/bpf_helper_defs.h @@ -4763,4 +4763,30 @@ static void *(*bpf_cgrp_storage_get)(void *map, struct cgroup *cgroup, void *val */ static long (*bpf_cgrp_storage_delete)(void *map, struct cgroup *cgroup) = (void *) 211; +/* + * bpf_sock_tcp_send_reset + * + * Redirect if netfirewall intercepts socket TCP interception, + * we need to actively send a reset packet to disconnect the current TCP connection. + * + * Returns + * The helper returns Send packet reset success. + */ +static int (*bpf_sock_tcp_send_reset)(struct __sk_buff *skb) = (void *) 500; +/* + * bpf_sock_destroy + * + * Destroy the given socket with ECONNABORTED error code. + * The function expects a non-NULL pointer to a socket, and invokes the + * protocol specific socket destroy handlers. + * + * The helper can only be called from BPF contexts that have acquired the socket + * locks. + * + * Returns + * On error, may return EPROTONOSUPPORT, EINVAL. + * EPROTONOSUPPORT if protocol specific destroy handler is not supported. + * 0 otherwise. + */ +static int (*bpf_sock_destroy)(struct __sk_buff *skb) = (void *) 501; -- Gitee