mirror of
https://github.com/h3xduck/TripleCross.git
synced 2025-12-24 18:33:08 +08:00
[BUILD IS FAILING] Added file system hooks and other improvements. Uploading because of needing to backup
This commit is contained in:
h3xduck
Binary file not shown.
Binary file not shown.
File diff suppressed because it is too large
Load Diff
@@ -55,6 +55,7 @@ clean:
|
||||
$(Q)rm -rf $(OUTPUT) user/$(APPS)
|
||||
$(Q)rm -rf $(OUTPUT) ebpf/$(APPS)
|
||||
$(Q)rm -rf $(OUTPUT) bin/*
|
||||
$(Q)rm $(USER_INCLUDES_OBJ)
|
||||
|
||||
$(OUTPUT) $(OUTPUT)/libbpf:
|
||||
$(call msg,MKDIR,$@)
|
||||
|
||||
Binary file not shown.
9
src/ebpf/include/bpf/bpf_defs.h
Normal file
9
src/ebpf/include/bpf/bpf_defs.h
Normal file
@@ -0,0 +1,9 @@
|
||||
#ifndef __BPF_DEFS_H
|
||||
#define __BPF_DEFS_H
|
||||
|
||||
#define PT_REGS_PARM1(x) ((x)->rdi)
|
||||
#define PT_REGS_PARM2(x) ((x)->rsi)
|
||||
#define PT_REGS_PARM3(x) ((x)->rdx)
|
||||
#define PT_REGS_PARM4(x) ((x)->rcx)
|
||||
|
||||
#endif
|
||||
43
src/ebpf/include/bpf/fs.h
Normal file
43
src/ebpf/include/bpf/fs.h
Normal file
@@ -0,0 +1,43 @@
|
||||
#ifndef __FS_H
|
||||
#define __FS_H
|
||||
|
||||
#include <stdio.h>
|
||||
#include <linux/types.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <linux/ptrace.h>
|
||||
|
||||
#include <linux/bpf.h>
|
||||
#include <bpf/bpf_helpers.h>
|
||||
#include <bpf/bpf_tracing.h>
|
||||
#include <bpf/bpf_core_read.h>
|
||||
|
||||
#include "../../../common/constants.h"
|
||||
#include "../../../common/map_defs.h"
|
||||
#include "../data/ring_buffer.h"
|
||||
#include "bpf_defs.h"
|
||||
|
||||
static __always_inline int kprobe__sys_read(struct pt_regs *ctx ,int fd ,char * buf){
|
||||
bpf_printk("Read a file");
|
||||
return 0;
|
||||
}
|
||||
|
||||
SEC("kprobe/compat_sys_read")
|
||||
int __attribute__((always_inline)) kprobe__64_compat_sys_read(struct pt_regs *ctx) {
|
||||
struct pt_regs *rctx = ctx; if (!rctx) return 0;
|
||||
int fd = (int) PT_REGS_PARM1(ctx);
|
||||
char * buf = (char *) PT_REGS_PARM2(ctx);
|
||||
return kprobe__sys_read(ctx ,fd ,buf);
|
||||
}
|
||||
|
||||
SEC("kprobe/sys_read")
|
||||
int kprobe__64_sys_read(struct pt_regs *ctx) {
|
||||
struct pt_regs *rctx = ctx;
|
||||
if (!rctx) return 0;
|
||||
int fd = (int) PT_REGS_PARM1(ctx);
|
||||
char * buf = (char *) PT_REGS_PARM2(ctx);
|
||||
return kprobe__sys_read(ctx ,fd ,buf);
|
||||
}
|
||||
|
||||
|
||||
#endif
|
||||
@@ -1,5 +1,5 @@
|
||||
#ifndef __FS_H
|
||||
#define __FS_H
|
||||
#ifndef __SCHED_H
|
||||
#define __SCHED_H
|
||||
|
||||
#include <stdio.h>
|
||||
#include <linux/types.h>
|
||||
@@ -34,9 +34,9 @@ int handle_sched_process_exec(struct trace_event_raw_sched_process_exec *ctx){
|
||||
char message[] = "PROCESS ACTIVATED";
|
||||
|
||||
//Just deactivated for now, but working
|
||||
if(ring_buffer_send(&rb_comm, pid, INFO, 0, message, sizeof(message))<0){
|
||||
/*if(ring_buffer_send(&rb_comm, pid, INFO, 0, message, sizeof(message))<0){
|
||||
bpf_printk("ERROR printing in RB_COMM at fs module");
|
||||
}
|
||||
}*/
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -33,6 +33,7 @@
|
||||
|
||||
//BPF modules to load
|
||||
#include "include/bpf/sched.h"
|
||||
#include "include/bpf/fs.h"
|
||||
|
||||
char LICENSE[] SEC("license") = "Dual BSD/GPL";
|
||||
|
||||
|
||||
51
src/user/include/modules/fs.h
Normal file
51
src/user/include/modules/fs.h
Normal file
@@ -0,0 +1,51 @@
|
||||
#ifndef __MOD_FS_H
|
||||
#define __MOD_FS_H
|
||||
|
||||
#include <linux/bpf.h>
|
||||
#include <bpf/bpf.h>
|
||||
#include <bpf/libbpf.h>
|
||||
#include "common.h"
|
||||
#include "xdp_filter.skel.h"
|
||||
|
||||
//Connections
|
||||
int attach_kprobe__64_compat_sys_read(struct xdp_filter_bpf *skel){
|
||||
skel->links.kprobe__64_compat_sys_read = bpf_program__attach(skel->progs.kprobe__64_compat_sys_read);
|
||||
return libbpf_get_error(skel->links.kprobe__64_compat_sys_read);
|
||||
}
|
||||
|
||||
int attach_kprobe__64_sys_read(struct xdp_filter_bpf *skel){
|
||||
skel->links.kprobe__64_sys_read = bpf_program__attach(skel->progs.kprobe__64_sys_read);
|
||||
return libbpf_get_error(skel->links.kprobe__64_sys_read);
|
||||
}
|
||||
|
||||
int attach_fs_all(struct xdp_filter_bpf *skel){
|
||||
return attach_kprobe__64_compat_sys_read(skel) |
|
||||
attach_kprobe__64_sys_read(skel);
|
||||
}
|
||||
|
||||
|
||||
//Disconnections
|
||||
int detach_kprobe__64_compat_sys_read(struct xdp_filter_bpf *skel){
|
||||
int err = detach_link_generic(skel->links.kprobe__64_compat_sys_read);
|
||||
if(err<0){
|
||||
fprintf(stderr, "Failed to detach fs link\n");
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int detach_kprobe__64_sys_read(struct xdp_filter_bpf *skel){
|
||||
int err = detach_link_generic(skel->links.kprobe__64_sys_read);
|
||||
if(err<0){
|
||||
fprintf(stderr, "Failed to detach fs link\n");
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int detach_fs_all(struct xdp_filter_bpf *skel){
|
||||
return detach_kprobe__64_compat_sys_read(skel) ||
|
||||
detach_kprobe__64_sys_read(skel);
|
||||
}
|
||||
|
||||
#endif
|
||||
@@ -1,6 +1,7 @@
|
||||
#include "module_manager.h"
|
||||
#include "xdp.h"
|
||||
#include "sched.h"
|
||||
#include "fs.h"
|
||||
|
||||
module_config_t module_config = {
|
||||
.xdp_module = {
|
||||
@@ -10,7 +11,13 @@ module_config_t module_config = {
|
||||
.sched_module = {
|
||||
.all = ON,
|
||||
.handle_sched_process_exec = OFF
|
||||
},
|
||||
.fs_module = {
|
||||
.all = ON,
|
||||
.kprobe__64_compat_sys_read = OFF,
|
||||
.kprobe__64_sys_read = OFF
|
||||
}
|
||||
|
||||
};
|
||||
|
||||
module_config_attr_t module_config_attr = {
|
||||
@@ -45,6 +52,15 @@ int setup_all_modules(){
|
||||
}
|
||||
if(ret!=0) return -1;
|
||||
|
||||
//FS (File system)
|
||||
if(config.fs_module.all == ON){
|
||||
ret = attach_fs_all(attr.skel);
|
||||
}else{
|
||||
if(config.fs_module.kprobe__64_compat_sys_read == ON) ret = attach_kprobe__64_compat_sys_read(attr.skel);
|
||||
if(config.fs_module.kprobe__64_sys_read == ON) ret = attach_kprobe__64_sys_read(attr.skel);
|
||||
}
|
||||
if(ret!=0) return -1;
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -23,6 +23,12 @@ typedef struct module_config_t{
|
||||
char handle_sched_process_exec;
|
||||
}sched_module;
|
||||
|
||||
struct fs_module {
|
||||
char all;
|
||||
char kprobe__64_compat_sys_read;
|
||||
char kprobe__64_sys_read;
|
||||
}fs_module;
|
||||
|
||||
} module_config_t;
|
||||
|
||||
//Configuration struct. Used by the module manager to
|
||||
@@ -38,6 +44,10 @@ typedef struct module_config_attr_t{
|
||||
void* __empty;
|
||||
}sched_module;
|
||||
|
||||
struct fs_module_attr {
|
||||
void* __empty;
|
||||
}fs_module;
|
||||
|
||||
} module_config_attr_t;
|
||||
|
||||
//An unique module configutation struct and attr
|
||||
|
||||
@@ -7,10 +7,6 @@
|
||||
#include "common.h"
|
||||
#include "xdp_filter.skel.h"
|
||||
|
||||
//TODO RESOLVE THE FACT THAT THESE ARE NOT COMPILED WITH REFERENCE TO XDP_FILTER_BPF
|
||||
//COMPLETE CONFIG
|
||||
//CHECK EVERYTHING STILL WORKS
|
||||
|
||||
//Connections
|
||||
int attach_handle_sched_process_exec(struct xdp_filter_bpf *skel){
|
||||
skel->links.handle_sched_process_exec = bpf_program__attach(skel->progs.handle_sched_process_exec);
|
||||
|
||||
@@ -197,10 +197,11 @@ int main(int argc, char**argv){
|
||||
module_config_attr.xdp_module.ifindex = ifindex;
|
||||
//SCHED
|
||||
module_config.sched_module.all = ON;
|
||||
//FS
|
||||
module_config.fs_module.all = ON;
|
||||
|
||||
module_config_attr.skel = skel;
|
||||
err = setup_all_modules();
|
||||
|
||||
// Set up ring buffer polling --> Main communication buffer kernel->user
|
||||
rb = ring_buffer__new(bpf_map__fd(skel->maps.rb_comm), handle_rb_event, NULL, NULL);
|
||||
if (rb==NULL) {
|
||||
|
||||
Reference in New Issue
Block a user