From 8312c7c6b51bce0e05b62c7b36e11d95db833106 Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Thu, 11 Jan 2024 10:03:40 +0100
Subject: [PATCH] Add UDPLite check to ip4_datagram_connect hook

---
 .../ebpf/connection_listener/bpf_bpfeb.o      | Bin 32288 -> 32456 bytes
 .../ebpf/connection_listener/bpf_bpfel.o      | Bin 32288 -> 32456 bytes
 firewall/interception/ebpf/programs/monitor.c |  18 +++++++++++-------
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o b/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o
index 4049e6dc2ad85a000ced63e516ca94b2110e7b48..7c9e91d7fc08c2f663505f09277b49d41c45a58b 100644
GIT binary patch
delta 2361
zcmZ9OO>7%Q6oB81f46BXH%b$S8oD&K>!P-H3Q2m1@G1xqi69yEKo1pl!3r%+QcD$T
z634Q+MIwOPsYImaU@j;J4z65@6hXBT9CEZ!4>@pHsXg?-AreSbq6psGT{mxM<bCtL
z_ukB#-8VCG>$%weS2WMa<>`C*syuWI0OZvn*pEFNPJnr9W<m_BRQTmv4|2*1Wl|8n
z@eyRn{U|{a%#SaFt6e>zK8+j=U51mLmC)T$@j)j!_Tx$Qbt%{R?Zcl%=V9r+kg)*}
z>jH?M)Ij-!nC(oK|C8cKXY!M(sP}<z4D`iu*3aCzT_I?8<n$Pb=Mw#t9r@Tp5Emn8
zpGD5Op<dkQAd_eZf1dO`kmewAZyw?(auOe$XCwvk4fNN+WCjZG6Qv!H)5FN;Jb$Ji
z<P7;Ok4N4DSw4Vz#pgR9uaJMy=kGwSyoP#%@!P1cGVaIx&}0T$?Yhr@f?OR(y~TI{
z^-ae8sJA^neir1~an!dMlYiUe%qt)_XhB`ZNz4yB%s`)PmoW`^#yE+kK%`ITPKfcn
z()AMbO6M}g;}eKC8P_pEueL7+<XHeEDEeFjxk>RC7*m20V~W4RnBpspDSmN}>zg#7
zv1f1-_%+H<LK@Iyeu`gbObPswWOhJqk-yFSG=7UQ`E8HWeQ;L(O1t0j3@F_uo?_?i
ze(B)u$DhZv%hfN}?u(dm=0?=rxk5isEN;X!Z9Z)2S@rweS27({-!7SIZ9aD(f!2`g
z!&<8L{NO=%KHmcWs6Xb<9E87+=>TC9S(R8A5^<GX_(q&l_QLu1X{Wn|$3BY>XDi5g
z@*lz{j1RWFg@WRHd;#@@DqqhDqjTqaHC*381FhZ<2-6!ec2|X8sppT-3vo6z&TDLG
zTnutOQVJR(6^$DjH#Kf)+}7CExEtU)M4W&DBD+C$OUvFkn$Y~F#(9k`jf<S|4v3bx
z0lA`aL*u5#Esfh6+ZuNn(;XCbn1OgV$T37-^H@S-Q{%kGmd3?Bru+~q?HOFIXxz}a
zsc}o=w#K%`-51=48ZN*=VW@$dUmRXRjSicC9^z}n>i*4l>rYT)CnHXWma#!2IH!==
zzA;W|JgM=F#utNJFy?{=gO<t@&{8>X^ms5i{L+y6a`Eq@qnE~EW@;+$b)%QYJo3BO
z@!FbFjrpj0ymVyW(rFxzO$@2{@(*HB*~{<XjTEm=h*f1(3!<wUDA$#Z(z(4-5Konb
z@|kM5(nh&?yY}Y3a>|>?_+CxdCJef9uo*?QS{s*3S!LG>uWoxr_x7gGzu#l`F9oT|
F{{a{~43+=@

delta 2207
zcmZA1UuaWj6aet^eNED&otTccrr1GT|Cl<p*ReKzC^mG859_2(9}0?1wO~fm7zSgp
zX-yb?DC-81udqDkX=LC-B!XqI5%8st8Tc@m4+TYh5DZvQoMSsD_tu<yF1=sQ@0|19
zd;8r#JO8TEJ5@NTZ<X#@S>5#!0O+p|!3X#YJwZ5pXC|t;&7S_I*VDCh4I-3(6r>Tt
z*B2mYlKMpT&$iSl6{*I?ejBNd%>S;;+pDA1XYnuF0;>S+6##YDOfDW((dy#je_Hib
z7jI-$&Ijs+#u^>#TY!)M0CmL+Fcd|PQW7`J4}AsNk9qJr{vLF&7h}2#s*`;fhinh@
zgC3-Mn3?Ky?bLq{^h6&(4knz$6VQ{?5VJk-Ip|9VFitz(0zF6djN@NGCy!yAXFiMZ
z2J?p)7ntc{i;iD`&Wz*vp~Mp17?+vp02SMVpMqW;#CV&T>N~cFUV{FSE~w5N!uT&{
zT9F3xF+4xKVF{eDe=C{?#0kpJ>UaW0{{<}}osjx*e{bp!GgE(rnffi}98H+D6T|00
z7iq#AGfjvyQ-6Y)`qRwRpJAr{JTvugw7gKH358aoNE3?8G@<PHSI}juS6H3qZ!=T9
z=6DD6ee?HHf42{G9iMXivzLmVX49FxuY9JKyyj~@?Ewr2%;n`9dibHauo5;;mq*Pf
zsm|f%4WgN}{eyd3GqR6nhX8x#OzNchA$353DW-l_L1W##c!A#F=KaK9x((bhw=Jp%
zarfYkn-#->`u9DD@j>(G=BV;lJ?X3`w~GmXtHIN7o8DGl_tL>xzc(yw3CDzI-OhRA
z?u0ijoEI(#mxL?AHQ~C;Iq>ef65wsPO`i+?ANzvBVPQ)+COpfHudXl76X>*XUbrA!
z60Qi>gzL=o>G18c1i9gMJCd(Jdr&wmYzfDNXIrN8LwmfHXgV#N7cK~wge$@|;m2rt
zqdd@wBVND@9F$rAZnI|{Bf90z3*+A+o59Q%IqG3gzW<%u0ea0?J<u<FTzFD=M)-=`
z2Ls9dM9-m6U#~fF>vfkkKMpg~)7JbL{hXTr%uKGFH=8SmJ2F3EH*WY1sjNIuev`<a
zqc|H?A@e*trOGC<I;A2ef#bF*<5)A#ajcuj8jT4YCro+mbjS5Q`%r;Z(^!iJ5{|;g
dx;?Hl8zymk>ImI2+?pR<T3LHt?FFGi=zsG!08jt`

diff --git a/firewall/interception/ebpf/connection_listener/bpf_bpfel.o b/firewall/interception/ebpf/connection_listener/bpf_bpfel.o
index 1c31943f1e2187d77302f5ed0927928351901a05..cece72609e0da964205245ef0ca990c457f2f92e 100644
GIT binary patch
delta 2422
zcmZA3UuaWT7y$6^oHnsRg|xFV)vB>tjm44FwbsH|Gi94>eTYvA$_&`mf33}wVbiAE
z$X@!;VdQMAgFa+0qYrzi3uDcgQpO(o7<{TQArE`#-U<^`ROa`cdt$$Qhu(AV?>ql`
z{^Ta5S8DaOD#rEcsrx+z-P#2j0Iq(y4Re5Y6}$J@fa);2oA=(UBuuKQdk=<h9g5rH
zzZF0XpDsnh)>m(uYk_?_a-=-n^h2*YTW;@vaKzlrB+8FIf1t__GoLnv7PbIX@%qEG
zjvQ8_<-w8vwc1@CygaSEt=#~jnt~SW_bc0@pM{<Kv0T4W5O;pq1rWHPU=-sCSD)J5
zK?kB5TJV{CA03Hlp#QS&AUf*Yc>v4%v}Y$n6(|tw(?HWC*RX?*(;7}Vw;jUrVGSwg
zQ&@ldh=#25x77ZMhDqn2&^>t#1?G>?v&?OIPeYLf!dPM6`9JL7_^gH!^A7YPa~pce
z`Pe~#gL4{|ncL8-&U<kJJqsGD%ux>mYb+2!Z!lAX=gd(wxUHZLseXOy>I2lbj!gBV
zqJE6oqXFuBTW^qL6=;C8^9;>kQNuarC_2L&L0@5}`dMbGKe=fSs6k;fU<a6GrUpf3
zsz1+611vhP(TXhNmauYazsyYSSDd$Y_u=XPOGC{CaHVZpceba$hD(lrbSV8(ZvMRf
zi`rtIj2$rZW2x44EZB}$5Kk<nQS*50t`2saA9G!1Zv1F(7<&U~vKvWH^%Qb(>Yb;T
z=HKze{--t+u)D)cwQUuE7PJ4x_v(bH+&F)RhL5{SR7_3@$CG}b8E>t4rI@MyIp(nW
zVj`hJ<?kkLHG6B+0u$YWc&!UVfJ*)H5Z=SWG2x_eN;utU4>FAb$O;#Pi^3)0CE*p}
zYJ)v|7c~R`HiYf6@D-qCVvY$Xg;T<5ZX6#nJb=y$7lez#CE+FE72ztgM|)ah0rG}0
z;MWT!IvVy22*-qz!YSeOrajwXW;0-&6)p%Dg-gOq!Yjhnw|>W;QSEI2ZQ5^ty(iyd
zr)=j;AG$ei^Xu(X-ajlt3-(mFnU)Gu{gc(nOpix}-xnShzR>88VXQF#dEq(X1>s1v
zW7kge&E&Ivy%&$e@X3=&|JHl4-<P|+hwr)}Qy34LS}q!TH)m%BJB^z9O--80)F=3!
zQqu!!)(lP$sjA6gK5r_R*USsd*UeylNIf?>n^!PjG%xZ)q0SM%r=QJ-GXtTu314Y*
gXJ$ahbLRJ%58|uievsbzl;}pkq})>59~=~a1KKSN1poj5

delta 2223
zcmZA2OK1~a6ae6JZ*5Hc{c&1#OnpGqTGOI76*U#A&98`{B2`=z6q{H<rLU-nu@5Kw
zDs-V3xq@BBjkMq*8o_QV0XJR7g&^Xhq6k7kK|%3>o->&?C+Cv6GvAqW=5goFWcs(t
z{!*E+&R%)cl-4zCKm)+J^NX<uSguyxIT%&T%olyZt^w$22)pq&3Lu1A-L_?V^p^aK
zs-6}V&hOej)tGPWno{P+$>#ir_<^dx@IrtbE)UJl(;HPZpE&(TtGayR%#d<?8vyhy
z9twY#@MzE00aTw*5XE@2d!ADKD7xCO!H+S@`yXvv8Z2fXI_P=zdfZ>H-7BPgvJXwy
zPJV>-b*<WgRxj`l1HLv5G0%Ik;NN2!lAiC<0Xj9LJU>7;^=e2n??aC=*P=7b7JAI{
z7p&irax`RFU|CATICCvJ=Xq;AK>e_WN#<JgwC7KF15GzI6q$qQSIjp0Gjo%Jf$uCp
z1#^#r4oC%l@6pViz+$HSAT#BMnCXJT%#<HtcBr7k3mk61I~dc@$s9z-nQio0X39@8
zQ+|q>^3%+eKU#J-P(h{~04f+`rh;+L6L^94I6e}#pXw)>slMQO8uJ5B%<G<&wmZ*@
zIJo$u`B$3HW>N2B<ug;g-70EY`flsz4d%$;I`h77lM0xc{uOmUF&Ci9t#dcM?yLE)
zzd4}sMEG6+m^=OVlw}$Rjvt}7mS#CM+D(q(LT%3BNXZLuW#JNIru<IkCFbQov-0Pw
zlNT2_GgN_%R(@PQ3)8hwo7-;*hlC@-G2xC%I}oo7KvFm@oDt3n=Y$Kw#R@wBGZg_G
z0b%fo5fBauM}%X-9o%?+i1PqCDV!G02xo<J!Uf?XvqR5(h6UU?APo4ar#3$aghRp+
z;h1no*^WEu;^lzrq;Og|Bb*h^2^WOl%zJ6+6`Gw7pv{fT*VbI8f$;8`hT|@`*^t`n
z%(4h={t{jsp!)Kttrp%S+$MZT_(Y{`=&cOE@)f~4+ibq_ttQg70}k!k6Y1JctCp^9
zrfu+`866A;Zly{WWtoY=r^;^<L;LY7GcgoZLGyN~U5%Ty!|f_;64+0g``8!ETkMNw
z?FjV=>|4$Kk@mpX?$VKl&Bu{w;Osz2A=7v@sz+1i)YaYLWM3&rUtemp`Ue+ppxnQ9
GivI<jC;Sco

diff --git a/firewall/interception/ebpf/programs/monitor.c b/firewall/interception/ebpf/programs/monitor.c
index 6f486419..b436c695 100644
--- a/firewall/interception/ebpf/programs/monitor.c
+++ b/firewall/interception/ebpf/programs/monitor.c
@@ -105,19 +105,23 @@ int BPF_PROG(udp_v4_connect, struct sock *sk) {
 	// Read PID (Careful: This is the Thread Group ID in kernel speak!)
 	udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32));
 
-	// Set src and dist ports
+	// Set src and dst ports
 	udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num);
 	udp_info->dport = sk->__sk_common.skc_dport;
 
-	// Set src and dist IPs
+	// Set src and dst IPs
 	udp_info->saddr[0] = __builtin_bswap32(sk->__sk_common.skc_rcv_saddr);
 	udp_info->daddr[0] = __builtin_bswap32(sk->__sk_common.skc_daddr);
 
 	// Set IP version
 	udp_info->ipVersion = 4;
 
-	// Set protocol. No way to detect udplite for ipv4
-	udp_info->protocol = UDP;
+	// Set protocol
+	if(sk->sk_protocol == IPPROTO_UDPLITE) {
+		udp_info->protocol = UDPLite;
+	} else {
+		udp_info->protocol = UDP;
+	}
 
 	// Send event
 	bpf_ringbuf_submit(udp_info, 0);
@@ -154,11 +158,11 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) {
 	// Read PID (Careful: This is the Thread Group ID in kernel speak!)
 	udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32));
 
-	// Set src and dist ports
+	// Set src and dst ports
 	udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num);
 	udp_info->dport = sk->__sk_common.skc_dport;
 
-	// Set src and dist IPs
+	// Set src and dst IPs
 	for(int i = 0; i < 4; i++) {
 		udp_info->saddr[i] = __builtin_bswap32(sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32[i]);
 	}
@@ -169,7 +173,7 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) {
 	// IP version
 	udp_info->ipVersion = 6;
 
-	// Set protocol for UDPLite
+	// Set protocol
 	if(sk->sk_protocol == IPPROTO_UDPLITE) {
 		udp_info->protocol = UDPLite;
 	} else {