admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-20 08:43:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Completed packet parsing at tc hook

Browse Source
This commit is contained in:
h3xduck
2022-04-13 16:56:17 -04:00
parent 7157729334
commit c3bffb6f84
7 changed files with 45 additions and 438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/ebpf/include/bpf/tc.c
View File

@@ -1,39 +1,49 @@
#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/pkt_cls.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <arpa/inet.h>
#include <linux/swab.h>
#include <bpf/bpf_tracing.h>
#include <bpf/bpf_helpers.h>
struct pkt_ctx_t {
struct cursor *c;
struct ethhdr *eth;
struct iphdr *ipv4;
struct tcphdr *tcp;
struct udphdr *udp;
struct http_req_t *http_req;
};
#include "../../../common/constants.h"
SEC("classifier/egress")
int classifier(struct __sk_buff *skb){
void *data_end = (void *)(unsigned long long)skb->data_end;
void *data = (void *)(unsigned long long)skb->data;
struct ethhdr *eth = data;
bpf_printk("Heey\n");
if (data + sizeof(struct ethhdr) > data_end)
return TC_ACT_SHOT;
if (eth->h_proto == ___constant_swab16(ETH_P_IP))
/*
* Packet processing is not implemented in this sample. Parse
* IPv4 header, possibly push/pop encapsulation headers, update
* header fields, drop or transmit based on network policy,
* collect statistics and store them in a eBPF map...
*/
return 0;//process_packet(skb);
else
void *data = (void *)(__u64)skb->data;
void *data_end = (void *)(__u64)skb->data_end;
bpf_printk("TC egress classifier called\n");
//We are interested on parsing TCP/IP packets so let's assume we have one
//Ethernet header
struct ethhdr *eth_hdr = data;
if(eth_hdr->h_proto != htons(ETH_P_IP)){
//Not an IP packet
return TC_ACT_OK;
}
//IP header
struct iphdr *ip_hdr = (struct iphdr*)data + sizeof(struct ethhdr);
if(ip_hdr->protocol != IPPROTO_TCP){
return TC_ACT_OK;
}
//TCP header
struct tcphdr *tcp_hdr = (struct tcphdr *)data + sizeof(struct ethhdr) + sizeof(struct iphdr);
//We now proceed to scan for our backdoor packets
__u16 dest_port = ntohs(tcp_hdr->dest);
if(dest_port != SECRET_PACKET_DEST_PORT){
return TC_ACT_OK;
}
return TC_ACT_OK;
}
char _license[4] SEC("license") = "GPL";