mirror of
https://github.com/safing/portmaster
synced 2025-09-02 02:29:12 +00:00
106 lines
No EOL
2.4 KiB
C
106 lines
No EOL
2.4 KiB
C
#include "vmlinux-x86.h"
|
|
#include "bpf/bpf_helpers.h"
|
|
#include "bpf/bpf_tracing.h"
|
|
|
|
typedef unsigned char u8;
|
|
typedef short int s16;
|
|
typedef short unsigned int u16;
|
|
typedef int s32;
|
|
typedef unsigned int u32;
|
|
typedef long long int s64;
|
|
typedef long long unsigned int u64;
|
|
typedef u16 le16;
|
|
typedef u16 be16;
|
|
typedef u32 be32;
|
|
typedef u64 be64;
|
|
typedef u32 wsum;
|
|
|
|
|
|
#define AF_INET 2
|
|
#define AF_INET6 10
|
|
#define TASK_COMM_LEN 16
|
|
|
|
char __license[] SEC("license") = "Dual MIT/GPL";
|
|
|
|
struct
|
|
{
|
|
__uint(type, BPF_MAP_TYPE_RINGBUF);
|
|
__uint(max_entries, 1 << 24);
|
|
} events SEC(".maps");
|
|
|
|
/**
|
|
* The sample submitted to userspace over a ring buffer.
|
|
* Emit struct event's type info into the ELF's BTF so bpf2go
|
|
* can generate a Go type from it.
|
|
*/
|
|
struct event {
|
|
be32 saddr[4];
|
|
be32 daddr[4];
|
|
u16 sport;
|
|
u16 dport;
|
|
u32 pid;
|
|
u8 ipVersion;
|
|
};
|
|
struct event *unused __attribute__((unused));
|
|
|
|
SEC("fexit/tcp_v4_connect")
|
|
int BPF_PROG(tcp_v4_connect, struct sock *sk) {
|
|
if (sk->__sk_common.skc_family != AF_INET) {
|
|
return 0;
|
|
}
|
|
|
|
struct tcp_sock *ts = bpf_skc_to_tcp_sock(sk);
|
|
if (!ts) {
|
|
return 0;
|
|
}
|
|
|
|
struct event *tcp_info;
|
|
tcp_info = bpf_ringbuf_reserve(&events, sizeof(struct event), 0);
|
|
if (!tcp_info) {
|
|
return 0;
|
|
}
|
|
|
|
tcp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid());
|
|
tcp_info->dport = sk->__sk_common.skc_dport;
|
|
tcp_info->sport = sk->__sk_common.skc_num;
|
|
tcp_info->saddr[0] = __builtin_bswap32(sk->__sk_common.skc_rcv_saddr);
|
|
tcp_info->daddr[0] = __builtin_bswap32(sk->__sk_common.skc_daddr);
|
|
tcp_info->ipVersion = 4;
|
|
|
|
bpf_ringbuf_submit(tcp_info, 0);
|
|
return 0;
|
|
};
|
|
|
|
SEC("fexit/tcp_v6_connect")
|
|
int BPF_PROG(tcp_v6_connect, struct sock *sk) {
|
|
if (sk->__sk_common.skc_family != AF_INET6) {
|
|
return 0;
|
|
}
|
|
|
|
struct tcp_sock *ts = bpf_skc_to_tcp_sock(sk);
|
|
if (!ts) {
|
|
return 0;
|
|
}
|
|
|
|
struct event *tcp_info;
|
|
tcp_info = bpf_ringbuf_reserve(&events, sizeof(struct event), 0);
|
|
if (!tcp_info) {
|
|
return 0;
|
|
}
|
|
|
|
tcp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid());
|
|
for(int i = 0; i < 4; i++) {
|
|
tcp_info->saddr[i] = __builtin_bswap32(sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32[i]);
|
|
}
|
|
for(int i = 0; i < 4; i++) {
|
|
tcp_info->daddr[i] = __builtin_bswap32(sk->__sk_common.skc_v6_daddr.in6_u.u6_addr32[i]);
|
|
}
|
|
tcp_info->dport = sk->__sk_common.skc_dport;
|
|
tcp_info->sport = sk->__sk_common.skc_num;
|
|
tcp_info->ipVersion = 6;
|
|
|
|
bpf_ringbuf_submit(tcp_info, 0);
|
|
return 0;
|
|
};
|
|
|
|
// SEC("fentry/udp_sendmsg")
|