admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-22 17:53:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Modularized the communication buffers

Browse Source
This commit is contained in:
h3xduck
2021-12-30 12:48:45 -05:00
parent d5478ed7a0
commit 19a11da18f
6 changed files with 967 additions and 920 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
src/.output/xdp_filter.bpf.o
View File

Binary file not shown.

BIN
src/.output/xdp_filter.o
View File

Binary file not shown.

1801
src/.output/xdp_filter.skel.h
View File

File diff suppressed because it is too large Load Diff

BIN
src/bin/xdp_filter
View File

Binary file not shown.

40
src/ebpf/include/bpf/fs.h
View File

@@ -11,15 +11,9 @@
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h> #include <bpf/bpf_core_read.h>
#include "../common/constants.h" #include "../../../common/constants.h"
#include "../common/map_defs.h" #include "../../../common/map_defs.h"
#include "../data/ring_buffer.h"
#define RING_BUFFER_MAX_ELEMS 256
//Ring buffer - For communication ebpf -> userspace
struct {
__uint(type, BPF_MAP_TYPE_RINGBUF);
__uint(max_entries, RING_BUFFER_MAX_ELEMS * 1024); //Multiple struct rb_event(s) must fit here
} rb_comm SEC(".maps");
//BPF map //BPF map
/*struct { /*struct {
@@ -36,30 +30,14 @@ struct {
*/ */
SEC("tp/sched/sched_process_exec") SEC("tp/sched/sched_process_exec")
int handle_exec(struct trace_event_raw_sched_process_exec *ctx){ int handle_exec(struct trace_event_raw_sched_process_exec *ctx){
struct task_struct *task; pid_t pid = bpf_get_current_pid_tgid() >> 32;
unsigned fname_off; char* message = "PROCESS ACTIVATED\0";
struct rb_event *e;
pid_t pid;
int ts;
pid = bpf_get_current_pid_tgid() >> 32; //Just deactivated for now, but working
ts = bpf_ktime_get_ns(); /*if(ring_buffer_send(&rb_comm, pid, INFO, 0, message)<0){
bpf_printk("ERROR printing in RB_COMM at fs module");
}*/
/* reserve sample from BPF ringbuf */
e = bpf_ringbuf_reserve(&rb_comm, sizeof(*e), 0);
if (!e){
return 0;
}
e->pid = pid;
e->event_type = INFO;
e->code = 0;
char* message = "HOLA\0";
bpf_probe_read_str(&e->message, sizeof(message), message);
/* successfully submit it to user-space for post-processing */
bpf_ringbuf_submit(e, 0);
return 0; return 0;
} }

46
src/ebpf/include/data/ring_buffer.h Normal file
View File

@@ -0,0 +1,46 @@
#ifndef __RING_BUFFER_H
#define __RING_BUFFER_H
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h>
#include "../../../common/map_defs.h"
#define RING_BUFFER_MAX_ELEMS 256
/**
* @brief Ring buffer for general communication kernel->userspace
*
*/
struct ring_buffer {
__uint(type, BPF_MAP_TYPE_RINGBUF);
__uint(max_entries, RING_BUFFER_MAX_ELEMS * 1024); //Multiple struct rb_event(s) must fit here
};
struct ring_buffer rb_comm SEC(".maps");
/**
* @brief Sends an event into the specified ring kernel buffer
*
* @return 0 if ok, -1 if error
*/
static __always_inline int ring_buffer_send(struct ring_buffer *rb, int pid, event_type_t event_type, int code, char* message){
struct rb_event *event = (struct rb_event*) bpf_ringbuf_reserve(rb, sizeof(struct rb_event), 0);
if(!event){
return -1;
}
event->code = code;
event->event_type = event_type;
event->pid = pid;
bpf_probe_read_kernel_str(&event->message, sizeof(message), message);
bpf_ringbuf_submit(event, 0);
return 0;
}
#endif