View paste VYWA

New paste Repaste Download

	`int deny_socket_bind(unsigned long long * ctx):`
	`; int BPF_PROG(deny_socket_bind, struct socket sock, struct sockaddr address,`
	`0: (b4) w6 = 0`
	`; int BPF_PROG(deny_socket_bind, struct socket sock, struct sockaddr address,`
	`1: (79) r8 = (u64 )(r1 +16)`
	`2: (79) r7 = (u64 )(r1 +8)`
	`; const u32 uid = bpf_get_current_uid_gid() & 0xFFFFFFFF;`
	`3: (85) call bpf_get_current_uid_gid#299776`
	`; if (is_allowed_user(uid)) {`
	`4: (16) if w0 == 0x0 goto pc+49`
	`; if (address->sa_family != AF_ALG) {`
	`5: (69) r1 = (u16 )(r7 +0)`
	`; if (address->sa_family != AF_ALG) {`
	`6: (a6) if w8 < 0x24 goto pc+47`
	`7: (56) if w1 != 0x26 goto pc+46`
	`8: (bf) r8 = r0`
	`9: (bf) r1 = r10`
	`10: (07) r1 += -36`
	`; if (bpf_probe_read_kernel(&alg, sizeof(alg), address) != 0) {`
	`11: (b4) w2 = 36`
	`12: (bf) r3 = r7`
	`13: (85) call bpf_probe_read_kernel#-154784`
	`; if (bpf_probe_read_kernel(&alg, sizeof(alg), address) != 0) {`
	`14: (55) if r0 != 0x0 goto pc+39`
	`; if (alg.salg_name[i] != target[i]) {`
	`15: (71) r1 = (u8 )(r10 -12)`
	`; if (alg.salg_name[i] != target[i]) {`
	`16: (56) if w1 != 0x61 goto pc+37`
	`17: (71) r1 = (u8 )(r10 -11)`
	`18: (56) if w1 != 0x75 goto pc+35`
	`19: (71) r1 = (u8 )(r10 -10)`
	`20: (56) if w1 != 0x74 goto pc+33`
	`21: (71) r1 = (u8 )(r10 -9)`
	`22: (56) if w1 != 0x68 goto pc+31`
	`23: (71) r1 = (u8 )(r10 -8)`
	`24: (56) if w1 != 0x65 goto pc+29`
	`25: (71) r1 = (u8 )(r10 -7)`
	`26: (56) if w1 != 0x6e goto pc+27`
	`27: (71) r1 = (u8 )(r10 -6)`
	`28: (56) if w1 != 0x63 goto pc+25`
	`29: (71) r1 = (u8 )(r10 -5)`
	`30: (56) if w1 != 0x65 goto pc+23`
	`31: (71) r1 = (u8 )(r10 -4)`
	`32: (56) if w1 != 0x73 goto pc+21`
	`33: (71) r1 = (u8 )(r10 -3)`
	`34: (56) if w1 != 0x6e goto pc+19`
	`; struct Event *event = bpf_ringbuf_reserve(&EVENTS, sizeof(struct Event), 0);`
	`35: (18) r1 = map[id:334]`
	`37: (b7) r2 = 24`
	`38: (b7) r3 = 0`
	`39: (85) call bpf_ringbuf_reserve#415648`
	`40: (bf) r7 = r0`
	`41: (b4) w6 = -13`
	`; if (event != NULL) {`
	`42: (15) if r7 == 0x0 goto pc+11`
	`; event->pid = bpf_get_current_pid_tgid() >> 32;`
	`43: (85) call bpf_get_current_pid_tgid#299696`
	`; event->uid = uid;`
	`44: (63) (u32 )(r7 +4) = r8`
	`; event->pid = bpf_get_current_pid_tgid() >> 32;`
	`45: (77) r0 >>= 32`
	`; event->pid = bpf_get_current_pid_tgid() >> 32;`
	`46: (63) (u32 )(r7 +0) = r0`
	`; bpf_get_current_comm(&event->comm, sizeof(event->comm));`
	`47: (bf) r1 = r7`
	`48: (07) r1 += 8`
	`; bpf_get_current_comm(&event->comm, sizeof(event->comm));`
	`49: (b4) w2 = 16`
	`50: (85) call bpf_get_current_comm#299904`
	`; bpf_ringbuf_submit(event, 0);`
	`51: (bf) r1 = r7`
	`52: (b7) r2 = 0`
	`53: (85) call bpf_ringbuf_submit#415712`
	`; int BPF_PROG(deny_socket_bind, struct socket sock, struct sockaddr address,`
	`54: (bc) w0 = w6`
	`55: (95) exit`

int deny_socket_bind(unsigned long long * ctx):
; int BPF_PROG(deny_socket_bind, struct socket *sock, struct sockaddr *address,
   0: (b4) w6 = 0
; int BPF_PROG(deny_socket_bind, struct socket *sock, struct sockaddr *address,
   1: (79) r8 = *(u64 *)(r1 +16)
   2: (79) r7 = *(u64 *)(r1 +8)
; const u32 uid = bpf_get_current_uid_gid() & 0xFFFFFFFF;
   3: (85) call bpf_get_current_uid_gid#299776
; if (is_allowed_user(uid)) {
   4: (16) if w0 == 0x0 goto pc+49
; if (address->sa_family != AF_ALG) {
   5: (69) r1 = *(u16 *)(r7 +0)
; if (address->sa_family != AF_ALG) {
   6: (a6) if w8 < 0x24 goto pc+47
   7: (56) if w1 != 0x26 goto pc+46
   8: (bf) r8 = r0
   9: (bf) r1 = r10
  10: (07) r1 += -36
; if (bpf_probe_read_kernel(&alg, sizeof(alg), address) != 0) {
  11: (b4) w2 = 36
  12: (bf) r3 = r7
  13: (85) call bpf_probe_read_kernel#-154784
; if (bpf_probe_read_kernel(&alg, sizeof(alg), address) != 0) {
  14: (55) if r0 != 0x0 goto pc+39
; if (alg.salg_name[i] != target[i]) {
  15: (71) r1 = *(u8 *)(r10 -12)
; if (alg.salg_name[i] != target[i]) {
  16: (56) if w1 != 0x61 goto pc+37
  17: (71) r1 = *(u8 *)(r10 -11)
  18: (56) if w1 != 0x75 goto pc+35
  19: (71) r1 = *(u8 *)(r10 -10)
  20: (56) if w1 != 0x74 goto pc+33
  21: (71) r1 = *(u8 *)(r10 -9)
  22: (56) if w1 != 0x68 goto pc+31
  23: (71) r1 = *(u8 *)(r10 -8)
  24: (56) if w1 != 0x65 goto pc+29
  25: (71) r1 = *(u8 *)(r10 -7)
  26: (56) if w1 != 0x6e goto pc+27
  27: (71) r1 = *(u8 *)(r10 -6)
  28: (56) if w1 != 0x63 goto pc+25
  29: (71) r1 = *(u8 *)(r10 -5)
  30: (56) if w1 != 0x65 goto pc+23
  31: (71) r1 = *(u8 *)(r10 -4)
  32: (56) if w1 != 0x73 goto pc+21
  33: (71) r1 = *(u8 *)(r10 -3)
  34: (56) if w1 != 0x6e goto pc+19
; struct Event *event = bpf_ringbuf_reserve(&EVENTS, sizeof(struct Event), 0);
  35: (18) r1 = map[id:334]
  37: (b7) r2 = 24
  38: (b7) r3 = 0
  39: (85) call bpf_ringbuf_reserve#415648
  40: (bf) r7 = r0
  41: (b4) w6 = -13
; if (event != NULL) {
  42: (15) if r7 == 0x0 goto pc+11
; event->pid = bpf_get_current_pid_tgid() >> 32;
  43: (85) call bpf_get_current_pid_tgid#299696
; event->uid = uid;
  44: (63) *(u32 *)(r7 +4) = r8
; event->pid = bpf_get_current_pid_tgid() >> 32;
  45: (77) r0 >>= 32
; event->pid = bpf_get_current_pid_tgid() >> 32;
  46: (63) *(u32 *)(r7 +0) = r0
; bpf_get_current_comm(&event->comm, sizeof(event->comm));
  47: (bf) r1 = r7
  48: (07) r1 += 8
; bpf_get_current_comm(&event->comm, sizeof(event->comm));
  49: (b4) w2 = 16
  50: (85) call bpf_get_current_comm#299904
; bpf_ringbuf_submit(event, 0);
  51: (bf) r1 = r7
  52: (b7) r2 = 0
  53: (85) call bpf_ringbuf_submit#415712
; int BPF_PROG(deny_socket_bind, struct socket *sock, struct sockaddr *address,
  54: (bc) w0 = w6
  55: (95) exit

Filename: None. Size: 3kb. View raw, , hex, or download this file.

This paste expires on 2026-06-01 15:53:35.945039+00:00. Pasted through web.

Are you sure you'd like to remove this file?