#include <linux/bpf.h>#include <bpf/bpf_helpers.h>#include <netinet/in.h>

1. #include <linux/bpf.h>
2. #include <bpf/bpf_helpers.h>
3. #include <netinet/in.h>
4.  
5. #define SEC(NAME) __attribute__((section(NAME), used))
6.  
7. static const char http_host[] = "Host: blah.acmecorp.com";
8.  
9. SEC("socket_filter")
10. int egress_firewall(struct __sk_buff *skb) {
11. // Assuming Ethernet (without VLAN tags) + IPv4 + TCP without options
12. int eth_header_len = 14; // Ethernet header length
13. int ip_header_len = 20; // Minimum IP header length
14. int tcp_header_len = 20; // Minimum TCP header length
15. int total_headers_len = eth_header_len + ip_header_len + tcp_header_len;
16.  
17. if (skb->data + total_headers_len > skb->data_end) {
18. return 1; // Pass the packet if we can't inspect the whole header
19. }
20.  
21. // Check if destination port is 80 (HTTP)
22. unsigned short dest_port = load_half(skb, eth_header_len + ip_header_len + 2);
23. if (dest_port != __constant_htons(80)) {
24. return 1; // Allow if not HTTP
25. }
26.  
27. // Start of the payload
28. const char *payload = (const char *)(long)skb->data + total_headers_len;
29. // Payload length
30. unsigned int payload_len = skb->data_end - skb->data - total_headers_len;
31.  
32. // Search for the "Host:" header within the payload
33. for (int i = 0; i < payload_len - sizeof(http_host) + 1; i++) {
34. if (bpf_memcmp(payload + i, http_host, sizeof(http_host) - 1) == 0) {
35. return 1; // Found the header, allow the packet
36. }
37. }
38.  
39. return 0; // Drop the packet if the specific "Host:" header is not found
40. }
41.  
42. char _license[] SEC("license") = "GPL";
43.