From 19c6d5a02e63b8d60d57b634d6855f310dce7d67 Mon Sep 17 00:00:00 2001
From: kevin_fxf <kevin_fxf@163.com>
Date: Tue, 4 Feb 2025 20:55:11 +0800
Subject: [PATCH] restricted-network.bpf.o load failed due to directly
 dereferencing 'address->sa_family'

---
 pkg/bpf/c/restricted-network.bpf.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/pkg/bpf/c/restricted-network.bpf.c b/pkg/bpf/c/restricted-network.bpf.c
index f178e25..ad0c0b9 100644
--- a/pkg/bpf/c/restricted-network.bpf.c
+++ b/pkg/bpf/c/restricted-network.bpf.c
@@ -134,8 +134,9 @@ static inline int get_net_perm(struct network_safeguard_config *c, struct sockad
   int allow_uid = -EPERM;
   int allow_gid = -EPERM;
 
-  bool is_ipv6 = (address->sa_family == AF_INET6);
-  bool is_ipv4 = (address->sa_family == AF_INET);
+  unsigned short family = BPF_CORE_READ(address, sa_family);  
+  bool is_ipv6 = (family == AF_INET6);
+  bool is_ipv4 = (family == AF_INET);
 
   if (!(is_ipv4 || is_ipv6))
     return 0;
@@ -263,8 +264,9 @@ static inline int get_net_perm(struct network_safeguard_config *c, struct sockad
 
 static inline void reoprt_net_events(struct network_safeguard_config *c, int can_access, unsigned long long *ctx, 
                                     struct socket *sock, struct sockaddr *address){
-  bool is_ipv6 = (address->sa_family == AF_INET6);
-  bool is_ipv4 = (address->sa_family == AF_INET);
+  unsigned short family = BPF_CORE_READ(address, sa_family);
+  bool is_ipv6 = (family == AF_INET6);
+  bool is_ipv4 = (family == AF_INET);
 
   u64 cg = bpf_get_current_cgroup_id();
 
-- 
Gitee