mirror of
https://github.com/h3xduck/TripleCross.git
synced 2025-12-16 23:33:06 +08:00
Fixed the whole header setup, now correctly using the kernel headers instead of normal development ones. Ready to go on with original plan of file system hooking
This commit is contained in:
h3xduck
7
.vscode/settings.json
vendored
7
.vscode/settings.json
vendored
@@ -12,6 +12,11 @@
|
||||
"libbpf.h": "c",
|
||||
"bpf_tracing.h": "c",
|
||||
"ptrace.h": "c",
|
||||
"stat.h": "c"
|
||||
"stat.h": "c",
|
||||
"udp.h": "c",
|
||||
"tcp.h": "c",
|
||||
"if_link.h": "c",
|
||||
"netlink.h": "c",
|
||||
"bpf_helper_defs.h": "c"
|
||||
}
|
||||
}
|
||||
Binary file not shown.
BIN
src/.output/xdp_filter.o
Normal file
BIN
src/.output/xdp_filter.o
Normal file
Binary file not shown.
File diff suppressed because it is too large
Load Diff
15
src/Makefile
15
src/Makefile
@@ -9,22 +9,15 @@ USER_INCLUDES_DIR := $(abspath ./user/include/)
|
||||
USER_INCLUDES_HDR := $(wildcard $(USER_INCLUDES_DIR)/**/*.h)
|
||||
USER_INCLUDES_SRC := $(wildcard $(USER_INCLUDES_DIR)/**/*.c)
|
||||
USER_INCLUDES_OBJ := $(USER_INCLUDES_SRC:.c=.o)
|
||||
VMLINUX := ./vmlinux/newvmlinux.h
|
||||
VMLINUX := ./vmlinux/newnewvmlinux.h
|
||||
USER := user
|
||||
EBPF := ebpf
|
||||
COMMON_INCLUDES := -I$(abspath ./ebpf/include) -I$(abspath ./user/include)
|
||||
# Use our own libbpf API headers and Linux UAPI headers distributed with
|
||||
# libbpf to avoid dependency on system-wide headers, which could be missing or
|
||||
# outdated
|
||||
INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi #-I$(dir $(VMLINUX))
|
||||
KINCLUDES := -I$(OUTPUT) \
|
||||
-I./libbpf/include/uapi \
|
||||
-I/lib/modules/5.11.0-41-generic/build/include \
|
||||
-I/lib/modules/$$(uname -r)/build/include/uapi \
|
||||
-I/lib/modules/$$(uname -r)/build/include/generated/uapi \
|
||||
-I/lib/modules/$$(uname -r)/build/arch/x86/include \
|
||||
-I/lib/modules/$$(uname -r)/build/arch/x86/include/uapi \
|
||||
-I/lib/modules/$$(uname -r)/build/arch/x86/include/generated #-I$(dir $(VMLINUX))
|
||||
INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi -I$(dir $(VMLINUX))
|
||||
#INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi -I/lib/modules/5.11.0-41-generic/build/include -I/lib/modules/$$(uname -r)/build/include/uapi -I/lib/modules/$$(uname -r)/build/include/generated/uapi -I/lib/modules/$$(uname -r)/build/arch/x86/include -I/lib/modules/$$(uname -r)/build/arch/x86/include/generated #-I$(dir $(VMLINUX))
|
||||
CFLAGS := -g -Wall
|
||||
ARCH := $(shell uname -m | sed 's/x86_64/x86/')
|
||||
|
||||
@@ -79,7 +72,7 @@ $(LIBBPF_OBJ): $(wildcard $(LIBBPF_SRC)/*.[ch] $(LIBBPF_SRC)/Makefile) | $(OUTPU
|
||||
# Build BPF code
|
||||
$(OUTPUT)/%.bpf.o: $(EBPF)/%.bpf.c $(LIBBPF_OBJ) $(wildcard $(EBPF)/%.h) | $(OUTPUT)
|
||||
$(call msg,BPF,$@)
|
||||
$(Q)$(CLANG) -g -O2 -fno-builtin -target bpf -emit-llvm -D__KERNEL__ -D__ASM_SYSREG_H -D__TARGET_ARCH_$(ARCH) $(KINCLUDES) $(COMMON_INCLUDES) $(CLANG_BPF_SYS_INCLUDES) -c $(filter %.c,$^) -o - | llc -march=bpf -filetype=obj -o $@
|
||||
$(Q)$(CLANG) -g -O2 -fno-builtin -target bpf -D__KERNEL__ -D__TARGET_ARCH_$(ARCH) $(INCLUDES) $(COMMON_INCLUDES) $(CLANG_BPF_SYS_INCLUDES) -c $(filter %.c,$^) -o $@
|
||||
$(Q)$(LLVM_STRIP) -g $@ # strip useless DWARF info
|
||||
|
||||
# Generate BPF skeletons
|
||||
|
||||
BIN
src/bin/xdp_filter
Executable file
BIN
src/bin/xdp_filter
Executable file
Binary file not shown.
@@ -19,7 +19,8 @@ struct rb_event {
|
||||
};
|
||||
|
||||
//sched_process_exec tracepoint contents
|
||||
struct trace_entry {
|
||||
//now included in vmlinux
|
||||
/*struct trace_entry {
|
||||
short unsigned int type;
|
||||
unsigned char flags;
|
||||
unsigned char preempt_count;
|
||||
@@ -31,6 +32,6 @@ struct trace_event_raw_sched_process_exec {
|
||||
int pid;
|
||||
int old_pid;
|
||||
char __data[0];
|
||||
};
|
||||
};*/
|
||||
|
||||
#endif
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
#ifndef __FS_H
|
||||
#define __FS_H
|
||||
|
||||
//#include "vmlinux.h"
|
||||
#include <stdio.h>
|
||||
#include "newnewvmlinux.h"
|
||||
/*#include <stdio.h>
|
||||
#include <linux/types.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <linux/ptrace.h>
|
||||
#include <linux/stat.h>
|
||||
#include <linux/stat.h>*/
|
||||
|
||||
#include <bpf/bpf_helpers.h>
|
||||
#include <bpf/bpf_tracing.h>
|
||||
|
||||
@@ -1,12 +1,14 @@
|
||||
#ifndef __SCHED_H
|
||||
#define __SCHED_H
|
||||
|
||||
#include <stdio.h>
|
||||
#/*include <stdio.h>
|
||||
#include <linux/types.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <linux/bpf.h>
|
||||
#include <linux/bpf.h>*/
|
||||
#include "newnewvmlinux.h"
|
||||
|
||||
#include <bpf/bpf_helpers.h>
|
||||
#include <bpf/bpf_tracing.h>
|
||||
#include <bpf/bpf_core_read.h>
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
#ifndef __RING_BUFFER_H
|
||||
#define __RING_BUFFER_H
|
||||
|
||||
#include <linux/bpf.h>
|
||||
#include <bpf/bpf_helpers.h>
|
||||
/*#include <linux/bpf.h>
|
||||
#include <bpf/bpf_helpers.h>*/
|
||||
#include "newnewvmlinux.h"
|
||||
|
||||
#include <bpf/bpf_tracing.h>
|
||||
#include <bpf/bpf_core_read.h>
|
||||
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
#ifndef __PACKET_MANAGER_H__
|
||||
#define __PACKET_MANAGER_H__
|
||||
#include <linux/bpf.h>
|
||||
/*#include <linux/bpf.h>
|
||||
#include <linux/if_ether.h>
|
||||
#include <linux/if.h>
|
||||
#include <linux/limits.h>
|
||||
#include <linux/limits.h>*/
|
||||
#include "newnewvmlinux.h"
|
||||
|
||||
/* BOUND CHECKING*/
|
||||
|
||||
|
||||
@@ -1,12 +1,13 @@
|
||||
#ifndef __IP_HELPER_H__
|
||||
#define __IP_HELPER_H__
|
||||
|
||||
#include <linux/ip.h>
|
||||
/*#include <linux/ip.h>
|
||||
#include <linux/types.h>
|
||||
|
||||
#include <linux/bpf.h>
|
||||
#include <linux/bpf.h>*/
|
||||
#include <bpf/bpf_endian.h>
|
||||
#include <bpf/bpf_helpers.h>
|
||||
#include "newnewvmlinux.h"
|
||||
|
||||
/**
|
||||
* IP checksum calculation.
|
||||
@@ -22,7 +23,7 @@ static __always_inline unsigned short checksum(unsigned short *addr, int nbytes)
|
||||
nbytes -= 2;
|
||||
}
|
||||
if(nbytes>0){
|
||||
sum +=htons((unsigned char)*addr);
|
||||
sum +=bpf_htons((unsigned char)*addr);
|
||||
}
|
||||
|
||||
while (sum>>16){
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
#ifndef __TCP_HELPER_H__
|
||||
#define __TCP_HELPER_H__
|
||||
|
||||
#include <linux/tcp.h>
|
||||
#include <linux/ip.h>
|
||||
|
||||
/*#include <linux/tcp.h>
|
||||
#include <linux/ip.h>*/
|
||||
#include "newnewvmlinux.h"
|
||||
|
||||
static __always_inline int get_tcp_src_port(struct tcphdr *tcp){
|
||||
return ntohs(tcp->source);
|
||||
return bpf_ntohs(tcp->source);
|
||||
}
|
||||
|
||||
static __always_inline int get_tcp_dest_port(struct tcphdr *tcp){
|
||||
return ntohs(tcp->dest);
|
||||
return bpf_ntohs(tcp->dest);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -27,7 +27,7 @@ static __always_inline unsigned short tcp_checksum(unsigned short *addr, int nby
|
||||
nbytes -= 2;
|
||||
}
|
||||
if(nbytes>0){
|
||||
sum += htons((unsigned char)*addr);
|
||||
sum += bpf_htons((unsigned char)*addr);
|
||||
}
|
||||
|
||||
while (sum>>16){
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
#ifndef __XDP_HELPER_H__
|
||||
#define __XDP_HELPER_H__
|
||||
|
||||
#include <linux/types.h>
|
||||
//#include <linux/types.h>
|
||||
#include "newnewvmlinux.h"
|
||||
|
||||
#include <bpf/bpf_helpers.h>
|
||||
|
||||
@@ -84,7 +85,7 @@ static __always_inline struct expand_return expand_tcp_packet_payload(struct xdp
|
||||
|
||||
//We modify the fields we care about of the headers
|
||||
bpf_printk("before: %i, checksum %u\n", ret.ip->tot_len, ret.ip->check);
|
||||
ret.ip->tot_len = htons(ntohs(ret.ip->tot_len) + more_bytes);
|
||||
ret.ip->tot_len = bpf_htons(bpf_ntohs(ret.ip->tot_len) + more_bytes);
|
||||
__u32 csum = 0;
|
||||
ret.ip->check = 0;
|
||||
ipv4_csum(ret.ip, sizeof(struct iphdr), &csum);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
//Linux system includes
|
||||
#include <unistd.h>
|
||||
/*#include <unistd.h>
|
||||
#include <stdbool.h>
|
||||
#include <linux/tcp.h>
|
||||
#include <linux/udp.h>
|
||||
@@ -13,13 +13,16 @@
|
||||
#include <arpa/inet.h>
|
||||
#include <linux/if_ether.h>
|
||||
#include <linux/ip.h>
|
||||
#include <linux/udp.h>
|
||||
#include <linux/udp.h>*/
|
||||
|
||||
|
||||
#include "newnewvmlinux.h"
|
||||
|
||||
//BPF & libbpf dependencies
|
||||
#include <linux/bpf.h>
|
||||
#include <bpf/bpf_helpers.h>
|
||||
#include <bpf/bpf_tracing.h>
|
||||
#include <bpf/bpf_core_read.h>
|
||||
#include <bpf/bpf_endian.h>
|
||||
|
||||
//User-kernel dependencies
|
||||
#include "../user/include/xdp_filter.h"
|
||||
@@ -36,6 +39,7 @@
|
||||
#include "include/bpf/fs.h"
|
||||
|
||||
char LICENSE[] SEC("license") = "Dual BSD/GPL";
|
||||
#define ETH_ALEN 6
|
||||
|
||||
//Ethernet frame struct
|
||||
struct eth_hdr {
|
||||
@@ -83,11 +87,11 @@ int xdp_receive(struct xdp_md *ctx){
|
||||
}
|
||||
|
||||
if (get_tcp_dest_port(tcp) != SECRET_PACKET_DEST_PORT){
|
||||
bpf_printk("E %i\n", ntohs(tcp->dest));
|
||||
bpf_printk("E %i\n", bpf_ntohs(tcp->dest));
|
||||
return XDP_PASS;
|
||||
}
|
||||
|
||||
payload_size = ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4);
|
||||
payload_size = bpf_ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4);
|
||||
payload = (void *)tcp + tcp->doff*4;
|
||||
|
||||
// We use "size - 1" to account for the final '\0', but depending on the program use
|
||||
@@ -142,7 +146,7 @@ int xdp_receive(struct xdp_md *ctx){
|
||||
return XDP_PASS;
|
||||
}
|
||||
|
||||
payload_size = ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4);
|
||||
payload_size = bpf_ntohs(ip->tot_len) - (tcp->doff * 4) - (ip->ihl * 4);
|
||||
payload = (void *)tcp + tcp->doff*4;
|
||||
|
||||
//Quite a trick to avoid the verifier complaining when it's clear we are OK with the payload
|
||||
|
||||
126931
src/vmlinux/newnewvmlinux.h
Normal file
126931
src/vmlinux/newnewvmlinux.h
Normal file
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user