forked from sagarbhure/eBPFShield
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
61 additions
and
58 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,81 +1,83 @@ | ||
| #include <linux/file.h> | ||
| #include <linux/net.h> | ||
| #include <linux/sched.h> | ||
| #include <linux/socket.h> | ||
| #include <linux/net.h> | ||
| #include <linux/file.h> | ||
| #include <net/sock.h> | ||
| #include <uapi/linux/in.h> | ||
|
|
||
| BPF_PERF_OUTPUT(events); | ||
|
|
||
| struct netevent_t { | ||
| u32 pid; | ||
| u64 ts; | ||
| char comm[TASK_COMM_LEN]; | ||
| int fd; | ||
| int uid; | ||
| unsigned short port; | ||
| unsigned int address; | ||
| int inet_family; | ||
| u32 pid; | ||
| u64 ts; | ||
| char comm[TASK_COMM_LEN]; | ||
| int fd; | ||
| int uid; | ||
| unsigned short port; | ||
| unsigned int address; | ||
| int inet_family; | ||
| }; | ||
|
|
||
| extern struct socket *sockfd_lookup(int fd, int *err); | ||
| extern unsigned long __fdget(unsigned int fd); | ||
| extern unsigned long __fdget_raw(unsigned int fd); | ||
|
|
||
| int probe_connect_enter(struct pt_regs *ctx, int sockfd, struct sockaddr *addr, | ||
| int addrlen) { | ||
| struct sockaddr_in *poop = (struct sockaddr_in *)addr; | ||
| if (poop->sin_family != AF_INET) { | ||
| return 0; | ||
| } | ||
|
|
||
| int probe_connect_enter (struct pt_regs *ctx, int sockfd, struct sockaddr* addr, int addrlen) { | ||
| struct sockaddr_in* poop = (struct sockaddr_in*) addr; | ||
| if (poop->sin_family != AF_INET) { | ||
| return 0; | ||
| } | ||
|
|
||
| //__fdget_raw(sockfd); | ||
| //struct socket* test = sockfd_lookup(sockfd, NULL); | ||
| struct netevent_t netevent = {}; | ||
| netevent.pid = bpf_get_current_pid_tgid(); | ||
| netevent.ts = bpf_ktime_get_ns(); | ||
| //netevent.fd = sk->__sk_common.skc_family; | ||
| netevent.uid = bpf_get_current_uid_gid(); | ||
| netevent.port = poop->sin_port; | ||
| netevent.address = poop->sin_addr.s_addr; | ||
| bpf_get_current_comm(&netevent.comm, sizeof(netevent.comm)); | ||
| events.perf_submit(ctx, &netevent, sizeof(netevent)); | ||
| //__fdget_raw(sockfd); | ||
| // struct socket* test = sockfd_lookup(sockfd, NULL); | ||
| struct netevent_t netevent = {}; | ||
| netevent.pid = bpf_get_current_pid_tgid(); | ||
| netevent.ts = bpf_ktime_get_ns(); | ||
| // netevent.fd = sk->__sk_common.skc_family; | ||
| netevent.uid = bpf_get_current_uid_gid(); | ||
| netevent.port = poop->sin_port; | ||
| netevent.address = poop->sin_addr.s_addr; | ||
| bpf_get_current_comm(&netevent.comm, sizeof(netevent.comm)); | ||
| events.perf_submit(ctx, &netevent, sizeof(netevent)); | ||
|
|
||
| return 0; | ||
| return 0; | ||
| } | ||
|
|
||
| int tcp_v4 (struct pt_regs *ctx, struct sock *sk, struct sockaddr *uaddr, int addr_len) { | ||
| struct sockaddr_in* poop = (struct sockaddr_in*) uaddr; | ||
| if (poop->sin_family != AF_INET) { | ||
| return 0; | ||
| } | ||
| int tcp_v4(struct pt_regs *ctx, struct sock *sk, struct sockaddr *uaddr, | ||
| int addr_len) { | ||
| struct sockaddr_in *poop = (struct sockaddr_in *)uaddr; | ||
| if (poop->sin_family != AF_INET) { | ||
| return 0; | ||
| } | ||
|
|
||
| struct netevent_t netevent = {}; | ||
| netevent.pid = bpf_get_current_pid_tgid(); | ||
| netevent.ts = bpf_ktime_get_ns(); | ||
| netevent.fd = sk->__sk_common.skc_family; | ||
| netevent.uid = bpf_get_current_uid_gid(); | ||
| netevent.port = poop->sin_port; | ||
| netevent.address = poop->sin_addr.s_addr; | ||
| bpf_get_current_comm(&netevent.comm, sizeof(netevent.comm)); | ||
| events.perf_submit(ctx, &netevent, sizeof(netevent)); | ||
| struct netevent_t netevent = {}; | ||
| netevent.pid = bpf_get_current_pid_tgid(); | ||
| netevent.ts = bpf_ktime_get_ns(); | ||
| netevent.fd = sk->__sk_common.skc_family; | ||
| netevent.uid = bpf_get_current_uid_gid(); | ||
| netevent.port = poop->sin_port; | ||
| netevent.address = poop->sin_addr.s_addr; | ||
| bpf_get_current_comm(&netevent.comm, sizeof(netevent.comm)); | ||
| events.perf_submit(ctx, &netevent, sizeof(netevent)); | ||
|
|
||
| return 0; | ||
| return 0; | ||
| } | ||
|
|
||
| int udp_v4 (struct pt_regs *ctx, struct sock *sk, struct msghdr *msg, size_t len) { | ||
| struct netevent_t netevent = {}; | ||
| sk = (struct sock *)PT_REGS_PARM1(ctx); | ||
| int udp_v4(struct pt_regs *ctx, struct sock *sk, struct msghdr *msg, | ||
| size_t len) { | ||
| struct netevent_t netevent = {}; | ||
| sk = (struct sock *)PT_REGS_PARM1(ctx); | ||
|
|
||
| netevent.pid = bpf_get_current_pid_tgid(); | ||
| netevent.ts = bpf_ktime_get_ns(); | ||
| netevent.fd = sk->__sk_common.skc_family; | ||
| netevent.uid = bpf_get_current_uid_gid(); | ||
| netevent.port = 0x35;//poop->sin_port; | ||
| netevent.address = 0;//poop->sin_addr.s_addr; | ||
| strcpy(netevent.comm, "sagar"); | ||
| // bpf_get_current_comm(&netevent.comm, sizeof(netevent.comm)); | ||
| events.perf_submit(ctx, &netevent, sizeof(netevent)); | ||
| netevent.pid = bpf_get_current_pid_tgid(); | ||
| netevent.ts = bpf_ktime_get_ns(); | ||
| netevent.fd = sk->__sk_common.skc_family; | ||
| netevent.uid = bpf_get_current_uid_gid(); | ||
| netevent.port = 0x35; // poop->sin_port; | ||
| netevent.address = 0; // poop->sin_addr.s_addr; | ||
| strcpy(netevent.comm, "sagar"); | ||
| // bpf_get_current_comm(&netevent.comm, sizeof(netevent.comm)); | ||
| events.perf_submit(ctx, &netevent, sizeof(netevent)); | ||
|
|
||
| return 0; | ||
| return 0; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
|
|
||
| from functools import reduce | ||
|
|
||
|
|
||
| class TaggedIpList: | ||
| def __init__(self, tag, handle): | ||
| self.addresses = [] | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| #! /usr/bin/env python3 | ||
| #!/usr/bin/python3 | ||
|
|
||
| from ebpfshield.helpers import TaggedIpList | ||
| import argcomplete | ||
|
|
||