Added more communication utils between userspace and kernel:

* Included maps and kernel ring buffer communication * Extended the ebpf structure to include more modules * New utils in both user and kernelspace * Other changes * This update precedes a great effort on researching and learning and linux kernel tracing and studing ebpfkit from defcon. More functionalities should come rather quickly now.
2025-12-25 10:53:09 +08:00 · 2021-12-29 14:44:09 -05:00
parent 510fc89de0
commit d5478ed7a0
12 changed files with 1014 additions and 793 deletions
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -0,0 +1,8 @@
+#ifndef __CONSTANTS_H
+#define __CONSTANTS_H
+
+#define SECRET_PACKET_PAYLOAD "XDP_PoC_0"
+#define SECRET_PACKET_DEST_PORT 9000
+#define SUBSTITUTION_NEW_PAYLOAD "The previous message has been hidden ;)"
+
+#endif
--- a/src/common/map_defs.h
+++ b/src/common/map_defs.h
@@ -0,0 +1,36 @@
+#ifndef __MAP_DEFS_H
+#define __MAP_DEFS_H
+
+#define RB_EVENT_MAX_MESSAGE_SIZE 512
+
+typedef enum {
+    INFO,
+    DEBUG,
+    EXIT,
+    ERROR
+} event_type_t;
+
+struct rb_event {
+	int pid;
+    char message[RB_EVENT_MAX_MESSAGE_SIZE];
+    int code;
+    event_type_t event_type;
+};
+
+
+//sched_process_exec tracepoint contents
+struct trace_entry {
+	short unsigned int type;
+	unsigned char flags;
+	unsigned char preempt_count;
+	int pid;
+};
+struct trace_event_raw_sched_process_exec {
+	struct trace_entry ent;
+	unsigned int __data_loc_filename;
+	int pid;
+	int old_pid;
+	char __data[0];
+};
+
+#endif