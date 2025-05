int handle_connect_redirect ( struct bpf_sock_addr * ctx , __be32 original_ip ,

bool is_connect4 , struct redirect_result * result )

__be32 new_ip = original_ip ;

__be16 new_port = ctx -> user_port ;

if ( ctx -> user_port == bpf_htons ( 53 ))

new_ip = const_mitm_proxy_address ; // Our MITM DNS server we're using for intercept

new_port = bpf_htons ( const_dns_proxy_port );

result -> is_redirected = did_redirect ;

result -> ip = new_ip ;

result -> port = new_port ;

return 1 ;

SEC ( "cgroup/connect4" )

int connect4 ( struct bpf_sock_addr * ctx )

struct redirect_result r =

. ip = ctx -> user_ip4 ,

. port = ctx -> user_port ,

. is_redirected = false ,

;

handle_connect_redirect ( ctx , ctx -> user_ip4 , true , & r );

if ( r . is_redirected )

// If we redirected the request then we need to update the socket

// destination to the new IP and port

ctx -> user_ip4 = r . ip ;

ctx -> user_port = r . port ;