Fixed the whole header setup, now correctly using the kernel headers instead of normal development ones. Ready to go on with original plan of file system hooking

2025-12-24 18:33:08 +08:00 · 2022-01-06 13:31:52 -05:00
parent 4882ce790c
commit 193d9ec28f
16 changed files with 128072 additions and 50 deletions
--- a/src/ebpf/include/bpf/fs.h
+++ b/src/ebpf/include/bpf/fs.h
@@ -1,13 +1,13 @@
 #ifndef __FS_H
 #define __FS_H

-//#include "vmlinux.h"
-#include <stdio.h>
+#include "newnewvmlinux.h"
+/*#include <stdio.h>
 #include <linux/types.h>
 #include <unistd.h>
 #include <string.h>
 #include <linux/ptrace.h>
-#include <linux/stat.h>
+#include <linux/stat.h>*/

 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_tracing.h>
--- a/src/ebpf/include/bpf/sched.h
+++ b/src/ebpf/include/bpf/sched.h
@@ -1,12 +1,14 @@
 #ifndef __SCHED_H
 #define __SCHED_H

-#include <stdio.h>
+#/*include <stdio.h>
 #include <linux/types.h>
 #include <unistd.h>
 #include <string.h>

-#include <linux/bpf.h>
+#include <linux/bpf.h>*/
+#include "newnewvmlinux.h"
+
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_tracing.h>
 #include <bpf/bpf_core_read.h>
--- a/src/ebpf/include/data/ring_buffer.h
+++ b/src/ebpf/include/data/ring_buffer.h
@@ -1,8 +1,10 @@
 #ifndef __RING_BUFFER_H
 #define __RING_BUFFER_H

-#include <linux/bpf.h>
-#include <bpf/bpf_helpers.h>
+/*#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>*/
+#include "newnewvmlinux.h"
+
 #include <bpf/bpf_tracing.h>
 #include <bpf/bpf_core_read.h>

--- a/src/ebpf/include/packet/packet_manager.h
+++ b/src/ebpf/include/packet/packet_manager.h
@@ -1,9 +1,10 @@
 #ifndef __PACKET_MANAGER_H__
 #define __PACKET_MANAGER_H__
-#include <linux/bpf.h>
+/*#include <linux/bpf.h>
 #include <linux/if_ether.h>
 #include <linux/if.h>
-#include <linux/limits.h>
+#include <linux/limits.h>*/
+#include "newnewvmlinux.h"

 /* BOUND CHECKING*/

--- a/src/ebpf/include/packet/protocol/ip_helper.h
+++ b/src/ebpf/include/packet/protocol/ip_helper.h
@@ -1,12 +1,13 @@
 #ifndef __IP_HELPER_H__
 #define __IP_HELPER_H__

-#include <linux/ip.h>
+/*#include <linux/ip.h>
 #include <linux/types.h>

-#include <linux/bpf.h>
+#include <linux/bpf.h>*/
 #include <bpf/bpf_endian.h>
 #include <bpf/bpf_helpers.h>
+#include "newnewvmlinux.h"

 /**
 * IP checksum calculation.
@@ -22,7 +23,7 @@ static __always_inline unsigned short checksum(unsigned short *addr, int nbytes)
        nbytes -= 2;
    }
    if(nbytes>0){
-        sum +=htons((unsigned char)*addr);
+        sum +=bpf_htons((unsigned char)*addr);
    }
        
    while (sum>>16){
--- a/src/ebpf/include/packet/protocol/tcp_helper.h
+++ b/src/ebpf/include/packet/protocol/tcp_helper.h
@@ -1,16 +1,16 @@
 #ifndef __TCP_HELPER_H__
 #define __TCP_HELPER_H__

-#include <linux/tcp.h>
-#include <linux/ip.h>
-
+/*#include <linux/tcp.h>
+#include <linux/ip.h>*/
+#include "newnewvmlinux.h"

 static __always_inline int get_tcp_src_port(struct tcphdr *tcp){
-    return ntohs(tcp->source);
+    return bpf_ntohs(tcp->source);
 }

 static __always_inline int get_tcp_dest_port(struct tcphdr *tcp){
-    return ntohs(tcp->dest);
+    return bpf_ntohs(tcp->dest);
 }

 /**
@@ -27,7 +27,7 @@ static __always_inline unsigned short tcp_checksum(unsigned short *addr, int nby
        nbytes -= 2;
    }
    if(nbytes>0){
-        sum += htons((unsigned char)*addr);
+        sum += bpf_htons((unsigned char)*addr);
    }
            
    while (sum>>16){
--- a/src/ebpf/include/xdp/xdp_helper.h
+++ b/src/ebpf/include/xdp/xdp_helper.h
@@ -1,7 +1,8 @@
 #ifndef __XDP_HELPER_H__
 #define __XDP_HELPER_H__

-#include <linux/types.h>
+//#include <linux/types.h>
+#include "newnewvmlinux.h"

 #include <bpf/bpf_helpers.h>

@@ -84,7 +85,7 @@ static __always_inline struct expand_return expand_tcp_packet_payload(struct xdp

    //We modify the fields we care about of the headers
    bpf_printk("before: %i, checksum %u\n", ret.ip->tot_len, ret.ip->check);
-    ret.ip->tot_len = htons(ntohs(ret.ip->tot_len) + more_bytes);
+    ret.ip->tot_len = bpf_htons(bpf_ntohs(ret.ip->tot_len) + more_bytes);
    __u32 csum = 0;
    ret.ip->check = 0;
 	ipv4_csum(ret.ip, sizeof(struct iphdr), &csum);
--- a/src/ebpf/xdp_filter.bpf.c
+++ b/src/ebpf/xdp_filter.bpf.c
@@ -1,5 +1,5 @@
 //Linux system includes
-#include <unistd.h>
+/*#include <unistd.h>
 #include <stdbool.h>
 #include <linux/tcp.h>
 #include <linux/udp.h>
@@ -13,13 +13,16 @@
 #include <arpa/inet.h>
 #include <linux/if_ether.h>
 #include <linux/ip.h>
-#include <linux/udp.h>
+#include <linux/udp.h>*/
+
+
+#include "newnewvmlinux.h"

 //BPF & libbpf dependencies
-#include <linux/bpf.h>
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_tracing.h>
 #include <bpf/bpf_core_read.h>
+#include <bpf/bpf_endian.h>

 //User-kernel dependencies
 #include "../user/include/xdp_filter.h"
@@ -36,6 +39,7 @@
 #include "include/bpf/fs.h"

 char LICENSE[] SEC("license") = "Dual BSD/GPL";
+#define ETH_ALEN 6

 //Ethernet frame struct
 struct eth_hdr {
@@ -83,11 +87,11 @@ int xdp_receive(struct xdp_md *ctx){
    }

    if (get_tcp_dest_port(tcp) != SECRET_PACKET_DEST_PORT){
-        bpf_printk("E %i\n", ntohs(tcp->dest));
+        bpf_printk("E %i\n", bpf_ntohs(tcp->dest));
        return XDP_PASS;
    }

-    payload_size = ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4);
+    payload_size = bpf_ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4);
    payload = (void *)tcp + tcp->doff*4;

    // We use "size - 1" to account for the final '\0', but depending on the program use
@@ -142,7 +146,7 @@ int xdp_receive(struct xdp_md *ctx){
            return XDP_PASS;
        }

-        payload_size = ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4);
+        payload_size = bpf_ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4);
        payload = (void *)tcp + tcp->doff*4;
        
        //Quite a trick to avoid the verifier complaining when it's clear we are OK with the payload