vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-01 10:09:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #1415 from safing/fix/ebpf-missing-udp.pcflag

Browse source 
Use sk->sk_protocol instead of udp.pcflag to detect UDPLite protocol in eBPF
This commit is contained in:
Daniel Hovie 2024-01-11 10:11:46 +01:00 committed by GitHub
commit f239769ea9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 14 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
firewall/interception/ebpf/connection_listener/bpf_bpfeb.o
View file

Binary file not shown.

BIN
firewall/interception/ebpf/connection_listener/bpf_bpfel.o
View file

Binary file not shown.

24
firewall/interception/ebpf/programs/monitor.c
View file

@ -105,19 +105,23 @@ int BPF_PROG(udp_v4_connect, struct sock *sk) {
// Read PID (Careful: This is the Thread Group ID in kernel speak!) // Read PID (Careful: This is the Thread Group ID in kernel speak!)
udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32)); udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32));
// Set src and dist ports // Set src and dst ports
udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num); udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num);
udp_info->dport = sk->__sk_common.skc_dport; udp_info->dport = sk->__sk_common.skc_dport;
// Set src and dist IPs // Set src and dst IPs
udp_info->saddr[0] = __builtin_bswap32(sk->__sk_common.skc_rcv_saddr); udp_info->saddr[0] = __builtin_bswap32(sk->__sk_common.skc_rcv_saddr);
udp_info->daddr[0] = __builtin_bswap32(sk->__sk_common.skc_daddr); udp_info->daddr[0] = __builtin_bswap32(sk->__sk_common.skc_daddr);
// Set IP version // Set IP version
udp_info->ipVersion = 4; udp_info->ipVersion = 4;
// Set protocol. No way to detect udplite for ipv4 // Set protocol
udp_info->protocol = UDP; if(sk->sk_protocol == IPPROTO_UDPLITE) {
udp_info->protocol = UDPLite;
} else {
udp_info->protocol = UDP;
}
// Send event // Send event
bpf_ringbuf_submit(udp_info, 0); bpf_ringbuf_submit(udp_info, 0);
@ -154,11 +158,11 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) {
// Read PID (Careful: This is the Thread Group ID in kernel speak!) // Read PID (Careful: This is the Thread Group ID in kernel speak!)
udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32)); udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32));
// Set src and dist ports // Set src and dst ports
udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num); udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num);
udp_info->dport = sk->__sk_common.skc_dport; udp_info->dport = sk->__sk_common.skc_dport;
// Set src and dist IPs // Set src and dst IPs
for(int i = 0; i < 4; i++) { for(int i = 0; i < 4; i++) {
udp_info->saddr[i] = __builtin_bswap32(sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32[i]); udp_info->saddr[i] = __builtin_bswap32(sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32[i]);
} }
@ -169,11 +173,11 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) {
// IP version // IP version
udp_info->ipVersion = 6; udp_info->ipVersion = 6;
// Set protocol for UDPLite // Set protocol
if(us->udp.pcflag == 0) { if(sk->sk_protocol == IPPROTO_UDPLITE) {
udp_info->protocol = UDP;
} else {
udp_info->protocol = UDPLite; udp_info->protocol = UDPLite;
} else {
udp_info->protocol = UDP;
} }
// Send event // Send event

0
firewall/interception/ebpf/programs/update.sh Normal file → Executable file
View file