admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-16 23:33:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed the whole header setup, now correctly using the kernel headers instead of normal development ones. Ready to go on with original plan of file system hooking

Browse Source
This commit is contained in:
h3xduck
2022-01-06 13:31:52 -05:00
parent 4882ce790c
commit 193d9ec28f
16 changed files with 128072 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.vscode/settings.json vendored
View File

@@ -12,6 +12,11 @@
"libbpf.h": "c", "libbpf.h": "c",
"bpf_tracing.h": "c", "bpf_tracing.h": "c",
"ptrace.h": "c", "ptrace.h": "c",
"stat.h": "c" "stat.h": "c",
"udp.h": "c",
"tcp.h": "c",
"if_link.h": "c",
"netlink.h": "c",
"bpf_helper_defs.h": "c"
} }
} }

BIN
src/.output/xdp_filter.bpf.o
View File

Binary file not shown.

BIN
src/.output/xdp_filter.o Normal file
View File

Binary file not shown.

1101
src/.output/xdp_filter.skel.h
View File

File diff suppressed because it is too large Load Diff

15
src/Makefile
View File

@@ -9,22 +9,15 @@ USER_INCLUDES_DIR := $(abspath ./user/include/)
USER_INCLUDES_HDR := $(wildcard $(USER_INCLUDES_DIR)/**/*.h) USER_INCLUDES_HDR := $(wildcard $(USER_INCLUDES_DIR)/**/*.h)
USER_INCLUDES_SRC := $(wildcard $(USER_INCLUDES_DIR)/**/*.c) USER_INCLUDES_SRC := $(wildcard $(USER_INCLUDES_DIR)/**/*.c)
USER_INCLUDES_OBJ := $(USER_INCLUDES_SRC:.c=.o) USER_INCLUDES_OBJ := $(USER_INCLUDES_SRC:.c=.o)
VMLINUX := ./vmlinux/newvmlinux.h VMLINUX := ./vmlinux/newnewvmlinux.h
USER := user USER := user
EBPF := ebpf EBPF := ebpf
COMMON_INCLUDES := -I$(abspath ./ebpf/include) -I$(abspath ./user/include) COMMON_INCLUDES := -I$(abspath ./ebpf/include) -I$(abspath ./user/include)
# Use our own libbpf API headers and Linux UAPI headers distributed with # Use our own libbpf API headers and Linux UAPI headers distributed with
# libbpf to avoid dependency on system-wide headers, which could be missing or # libbpf to avoid dependency on system-wide headers, which could be missing or
# outdated # outdated
INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi #-I$(dir $(VMLINUX)) INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi -I$(dir $(VMLINUX))
KINCLUDES := -I$(OUTPUT) \ #INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi -I/lib/modules/5.11.0-41-generic/build/include -I/lib/modules/$$(uname -r)/build/include/uapi -I/lib/modules/$$(uname -r)/build/include/generated/uapi -I/lib/modules/$$(uname -r)/build/arch/x86/include -I/lib/modules/$$(uname -r)/build/arch/x86/include/generated #-I$(dir $(VMLINUX))
-I./libbpf/include/uapi \
-I/lib/modules/5.11.0-41-generic/build/include \
-I/lib/modules/$$(uname -r)/build/include/uapi \
-I/lib/modules/$$(uname -r)/build/include/generated/uapi \
-I/lib/modules/$$(uname -r)/build/arch/x86/include \
-I/lib/modules/$$(uname -r)/build/arch/x86/include/uapi \
-I/lib/modules/$$(uname -r)/build/arch/x86/include/generated #-I$(dir $(VMLINUX))
CFLAGS := -g -Wall CFLAGS := -g -Wall
ARCH := $(shell uname -m | sed 's/x86_64/x86/') ARCH := $(shell uname -m | sed 's/x86_64/x86/')
@@ -79,7 +72,7 @@ $(LIBBPF_OBJ): $(wildcard $(LIBBPF_SRC)/*.[ch] $(LIBBPF_SRC)/Makefile) | $(OUTPU
# Build BPF code # Build BPF code
$(OUTPUT)/%.bpf.o: $(EBPF)/%.bpf.c $(LIBBPF_OBJ) $(wildcard $(EBPF)/%.h) | $(OUTPUT) $(OUTPUT)/%.bpf.o: $(EBPF)/%.bpf.c $(LIBBPF_OBJ) $(wildcard $(EBPF)/%.h) | $(OUTPUT)
$(call msg,BPF,$@) $(call msg,BPF,$@)
$(Q)$(CLANG) -g -O2 -fno-builtin -target bpf -emit-llvm -D__KERNEL__ -D__ASM_SYSREG_H -D__TARGET_ARCH_$(ARCH) $(KINCLUDES) $(COMMON_INCLUDES) $(CLANG_BPF_SYS_INCLUDES) -c $(filter %.c,$^) -o - | llc -march=bpf -filetype=obj -o $@ $(Q)$(CLANG) -g -O2 -fno-builtin -target bpf -D__KERNEL__ -D__TARGET_ARCH_$(ARCH) $(INCLUDES) $(COMMON_INCLUDES) $(CLANG_BPF_SYS_INCLUDES) -c $(filter %.c,$^) -o $@
$(Q)$(LLVM_STRIP) -g $@ # strip useless DWARF info $(Q)$(LLVM_STRIP) -g $@ # strip useless DWARF info
# Generate BPF skeletons # Generate BPF skeletons

BIN
src/bin/xdp_filter Executable file
View File

Binary file not shown.

5
src/common/map_defs.h
View File

@@ -19,7 +19,8 @@ struct rb_event {
}; };
//sched_process_exec tracepoint contents //sched_process_exec tracepoint contents
struct trace_entry { //now included in vmlinux
/*struct trace_entry {
short unsigned int type; short unsigned int type;
unsigned char flags; unsigned char flags;
unsigned char preempt_count; unsigned char preempt_count;
@@ -31,6 +32,6 @@ struct trace_event_raw_sched_process_exec {
int pid; int pid;
int old_pid; int old_pid;
char __data[0]; char __data[0];
}; };*/
#endif #endif

6
src/ebpf/include/bpf/fs.h
View File

@@ -1,13 +1,13 @@
#ifndef __FS_H #ifndef __FS_H
#define __FS_H #define __FS_H
//#include "vmlinux.h" #include "newnewvmlinux.h"
#include <stdio.h> /*#include <stdio.h>
#include <linux/types.h> #include <linux/types.h>
#include <unistd.h> #include <unistd.h>
#include <string.h> #include <string.h>
#include <linux/ptrace.h> #include <linux/ptrace.h>
#include <linux/stat.h> #include <linux/stat.h>*/
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>

6
src/ebpf/include/bpf/sched.h
View File

@@ -1,12 +1,14 @@
#ifndef __SCHED_H #ifndef __SCHED_H
#define __SCHED_H #define __SCHED_H
#include <stdio.h> #/*include <stdio.h>
#include <linux/types.h> #include <linux/types.h>
#include <unistd.h> #include <unistd.h>
#include <string.h> #include <string.h>
#include <linux/bpf.h> #include <linux/bpf.h>*/
#include "newnewvmlinux.h"
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h> #include <bpf/bpf_core_read.h>

6
src/ebpf/include/data/ring_buffer.h
View File

@@ -1,8 +1,10 @@
#ifndef __RING_BUFFER_H #ifndef __RING_BUFFER_H
#define __RING_BUFFER_H #define __RING_BUFFER_H
#include <linux/bpf.h> /*#include <linux/bpf.h>
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>*/
#include "newnewvmlinux.h"
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h> #include <bpf/bpf_core_read.h>

5
src/ebpf/include/packet/packet_manager.h
View File

@@ -1,9 +1,10 @@
#ifndef __PACKET_MANAGER_H__ #ifndef __PACKET_MANAGER_H__
#define __PACKET_MANAGER_H__ #define __PACKET_MANAGER_H__
#include <linux/bpf.h> /*#include <linux/bpf.h>
#include <linux/if_ether.h> #include <linux/if_ether.h>
#include <linux/if.h> #include <linux/if.h>
#include <linux/limits.h> #include <linux/limits.h>*/
#include "newnewvmlinux.h"
/* BOUND CHECKING*/ /* BOUND CHECKING*/

7
src/ebpf/include/packet/protocol/ip_helper.h
View File

@@ -1,12 +1,13 @@
#ifndef __IP_HELPER_H__ #ifndef __IP_HELPER_H__
#define __IP_HELPER_H__ #define __IP_HELPER_H__
#include <linux/ip.h> /*#include <linux/ip.h>
#include <linux/types.h> #include <linux/types.h>
#include <linux/bpf.h> #include <linux/bpf.h>*/
#include <bpf/bpf_endian.h> #include <bpf/bpf_endian.h>
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
#include "newnewvmlinux.h"
/** /**
* IP checksum calculation. * IP checksum calculation.
@@ -22,7 +23,7 @@ static __always_inline unsigned short checksum(unsigned short *addr, int nbytes)
nbytes -= 2; nbytes -= 2;
} }
if(nbytes>0){ if(nbytes>0){
sum +=htons((unsigned char)*addr); sum +=bpf_htons((unsigned char)*addr);
} }
while (sum>>16){ while (sum>>16){

12
src/ebpf/include/packet/protocol/tcp_helper.h
View File

@@ -1,16 +1,16 @@
#ifndef __TCP_HELPER_H__ #ifndef __TCP_HELPER_H__
#define __TCP_HELPER_H__ #define __TCP_HELPER_H__
#include <linux/tcp.h> /*#include <linux/tcp.h>
#include <linux/ip.h> #include <linux/ip.h>*/
#include "newnewvmlinux.h"
static __always_inline int get_tcp_src_port(struct tcphdr *tcp){ static __always_inline int get_tcp_src_port(struct tcphdr *tcp){
return ntohs(tcp->source); return bpf_ntohs(tcp->source);
} }
static __always_inline int get_tcp_dest_port(struct tcphdr *tcp){ static __always_inline int get_tcp_dest_port(struct tcphdr *tcp){
return ntohs(tcp->dest); return bpf_ntohs(tcp->dest);
} }
/** /**
@@ -27,7 +27,7 @@ static __always_inline unsigned short tcp_checksum(unsigned short *addr, int nby
nbytes -= 2; nbytes -= 2;
} }
if(nbytes>0){ if(nbytes>0){
sum += htons((unsigned char)*addr); sum += bpf_htons((unsigned char)*addr);
} }
while (sum>>16){ while (sum>>16){

5
src/ebpf/include/xdp/xdp_helper.h
View File

@@ -1,7 +1,8 @@
#ifndef __XDP_HELPER_H__ #ifndef __XDP_HELPER_H__
#define __XDP_HELPER_H__ #define __XDP_HELPER_H__
#include <linux/types.h> //#include <linux/types.h>
#include "newnewvmlinux.h"
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
@@ -84,7 +85,7 @@ static __always_inline struct expand_return expand_tcp_packet_payload(struct xdp
//We modify the fields we care about of the headers //We modify the fields we care about of the headers
bpf_printk("before: %i, checksum %u\n", ret.ip->tot_len, ret.ip->check); bpf_printk("before: %i, checksum %u\n", ret.ip->tot_len, ret.ip->check);
ret.ip->tot_len = htons(ntohs(ret.ip->tot_len) + more_bytes); ret.ip->tot_len = bpf_htons(bpf_ntohs(ret.ip->tot_len) + more_bytes);
__u32 csum = 0; __u32 csum = 0;
ret.ip->check = 0; ret.ip->check = 0;
ipv4_csum(ret.ip, sizeof(struct iphdr), &csum); ipv4_csum(ret.ip, sizeof(struct iphdr), &csum);

16
src/ebpf/xdp_filter.bpf.c
View File

@@ -1,5 +1,5 @@
//Linux system includes //Linux system includes
#include <unistd.h> /*#include <unistd.h>
#include <stdbool.h> #include <stdbool.h>
#include <linux/tcp.h> #include <linux/tcp.h>
#include <linux/udp.h> #include <linux/udp.h>
@@ -13,13 +13,16 @@
#include <arpa/inet.h> #include <arpa/inet.h>
#include <linux/if_ether.h> #include <linux/if_ether.h>
#include <linux/ip.h> #include <linux/ip.h>
#include <linux/udp.h> #include <linux/udp.h>*/
#include "newnewvmlinux.h"
//BPF & libbpf dependencies //BPF & libbpf dependencies
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h> #include <bpf/bpf_core_read.h>
#include <bpf/bpf_endian.h>
//User-kernel dependencies //User-kernel dependencies
#include "../user/include/xdp_filter.h" #include "../user/include/xdp_filter.h"
@@ -36,6 +39,7 @@
#include "include/bpf/fs.h" #include "include/bpf/fs.h"
char LICENSE[] SEC("license") = "Dual BSD/GPL"; char LICENSE[] SEC("license") = "Dual BSD/GPL";
#define ETH_ALEN 6
//Ethernet frame struct //Ethernet frame struct
struct eth_hdr { struct eth_hdr {
@@ -83,11 +87,11 @@ int xdp_receive(struct xdp_md *ctx){
} }
if (get_tcp_dest_port(tcp) != SECRET_PACKET_DEST_PORT){ if (get_tcp_dest_port(tcp) != SECRET_PACKET_DEST_PORT){
bpf_printk("E %i\n", ntohs(tcp->dest)); bpf_printk("E %i\n", bpf_ntohs(tcp->dest));
return XDP_PASS; return XDP_PASS;
} }
payload_size = ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4); payload_size = bpf_ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4);
payload = (void *)tcp + tcp->doff*4; payload = (void *)tcp + tcp->doff*4;
// We use "size - 1" to account for the final '\0', but depending on the program use // We use "size - 1" to account for the final '\0', but depending on the program use
@@ -142,7 +146,7 @@ int xdp_receive(struct xdp_md *ctx){
return XDP_PASS; return XDP_PASS;
} }
payload_size = ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4); payload_size = bpf_ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4);
payload = (void *)tcp + tcp->doff*4; payload = (void *)tcp + tcp->doff*4;
//Quite a trick to avoid the verifier complaining when it's clear we are OK with the payload //Quite a trick to avoid the verifier complaining when it's clear we are OK with the payload

126931
src/vmlinux/newnewvmlinux.h Normal file
View File

File diff suppressed because it is too large Load Diff