1 files changed, 16 insertions, 0 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 9639334ebb7c..f70586b50838 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -140,6 +140,21 @@ int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
 }
 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
+static int tcp_v4_pre_connect(struct sock *sk, struct sockaddr *uaddr,
+                              int addr_len)
+{
+        /* This check is replicated from tcp_v4_connect() and intended to
+         * prevent BPF program called below from accessing bytes that are out
+         * of the bound specified by user in addr_len.
+         */
+        if (addr_len < sizeof(struct sockaddr_in))
+                return -EINVAL;
+        sock_owned_by_me(sk);
+        return BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr);
+}
 /* This will initiate an outgoing connection. */
 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
 {
@@ -2408,6 +2423,7 @@ struct proto tcp_prot = {
        .name                   = "TCP",
        .owner                  = THIS_MODULE,
        .close                  = tcp_close,
+        .pre_connect            = tcp_v4_pre_connect,
        .connect                = tcp_v4_connect,
        .disconnect             = tcp_disconnect,
        .accept                 = inet_csk_accept,

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 9639334ebb7c..f70586b50838 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c
@@ -140,6 +140,21 @@ int tcp_twsk_unique(struct sock sk, struct sock sktw, void *twp)
140	}	140	}
141	EXPORT_SYMBOL_GPL(tcp_twsk_unique);	141	EXPORT_SYMBOL_GPL(tcp_twsk_unique);
142		142
		143	static int tcp_v4_pre_connect(struct sock sk, struct sockaddr uaddr,
		144	int addr_len)
		145	{
		146	/* This check is replicated from tcp_v4_connect() and intended to
		147	* prevent BPF program called below from accessing bytes that are out
		148	* of the bound specified by user in addr_len.
		149	*/
		150	if (addr_len < sizeof(struct sockaddr_in))
		151	return -EINVAL;
		152
		153	sock_owned_by_me(sk);
		154
		155	return BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr);
		156	}
		157
143	/* This will initiate an outgoing connection. */	158	/* This will initiate an outgoing connection. */
144	int tcp_v4_connect(struct sock sk, struct sockaddr uaddr, int addr_len)	159	int tcp_v4_connect(struct sock sk, struct sockaddr uaddr, int addr_len)
145	{	160	{
@@ -2408,6 +2423,7 @@ struct proto tcp_prot = {
2408	.name = "TCP",	2423	.name = "TCP",
2409	.owner = THIS_MODULE,	2424	.owner = THIS_MODULE,
2410	.close = tcp_close,	2425	.close = tcp_close,
		2426	.pre_connect = tcp_v4_pre_connect,
2411	.connect = tcp_v4_connect,	2427	.connect = tcp_v4_connect,
2412	.disconnect = tcp_disconnect,	2428	.disconnect = tcp_disconnect,
2413	.accept = inet_csk_accept,	2429	.accept = inet_csk_accept,