Update bpf-prog/block-iptables/bpf/src/block_iptables.bpf.c

santhoshmprabhu · Copilot · web-flow · commit 1af271c4e966 · 2025-07-29T16:09:00.000-07:00
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
Signed-off-by: Santhosh  Prabhu  &lt;6684582+santhoshmprabhu@users.noreply.github.com&gt;
diff --git a/bpf-prog/block-iptables/bpf/src/block_iptables.bpf.c b/bpf-prog/block-iptables/bpf/src/block_iptables.bpf.c
@@ -80,7 +80,7 @@ int BPF_PROG(iptables_legacy_block, struct socket *sock, int level, int optname)
 
     // bpf_printk("setsockopt called %d %d\n", level, optname);
     if (level == 0 /*IPPROTO_IP*/ || level == 41 /*IPPROTO_IP6*/) {
-        if (optname == 64) { // 64 represents IPT_SO_SET_REPLACE or IP6T_SO_SET_REPLACE, depending on the level
+        if (optname == IPT_SO_SET_REPLACE) { // IPT_SO_SET_REPLACE represents IPT_SO_SET_REPLACE or IP6T_SO_SET_REPLACE, depending on the level
             if (is_host_ns() && !is_allowed_parent()) {
                 return -EPERM;
             }

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ int BPF_PROG(iptables_legacy_block, struct socket *sock, int level, int optname)`
`80`	`80`
`81`	`81`	`// bpf_printk("setsockopt called %d %d\n", level, optname);`
`82`	`82`	`if (level == 0 /IPPROTO_IP/ \|\| level == 41 /IPPROTO_IP6/) {`
`83`		`- if (optname == 64) { // 64 represents IPT_SO_SET_REPLACE or IP6T_SO_SET_REPLACE, depending on the level`
	`83`	`+ if (optname == IPT_SO_SET_REPLACE) { // IPT_SO_SET_REPLACE represents IPT_SO_SET_REPLACE or IP6T_SO_SET_REPLACE, depending on the level`
`84`	`84`	`if (is_host_ns() && !is_allowed_parent()) {`
`85`	`85`	`return -EPERM;`
`86`	`86`	`}`