Skip to content

Commit 03863a2

Browse files
gustavo-iniguez-goyagustavo-iniguez-goya
committed
ebpf fixed on 32bits archs
 - fixed loading iptunnel_xmit on i686 and armhf. - disable inet_dgram_connect on armhf for now due to errors.
1 parent f997000 commit 03863a2

File tree

3 files changed

+55
-37
lines changed

3 files changed

+55
-37
lines changed

ebpf_prog/common.h

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -87,10 +87,10 @@ struct data_t {
8787
// maps
8888

8989
struct {
90-
__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
91-
__type(key, u32);
92-
__type(value, struct data_t);
93-
__uint(max_entries, 1);
90+
__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
91+
__type(key, u32);
92+
__type(value, struct data_t);
93+
__uint(max_entries, 1);
9494
} heapstore SEC(".maps");
9595

9696
#endif

ebpf_prog/common_defs.h

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,10 +23,10 @@ typedef u64 pid_size_t;
2323
typedef u64 uid_size_t;
2424

2525
enum bpf_pin_type {
26-
PIN_NONE = 0,
27-
PIN_OBJECT_NS,
28-
PIN_GLOBAL_NS,
29-
PIN_CUSTOM_NS,
26+
PIN_NONE = 0,
27+
PIN_OBJECT_NS,
28+
PIN_GLOBAL_NS,
29+
PIN_CUSTOM_NS,
3030
};
3131
//-----------------------------------
3232

ebpf_prog/opensnitch.c

Lines changed: 47 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -342,17 +342,22 @@ int kprobe__udpv6_sendmsg(struct pt_regs *ctx)
342342
return 0;
343343
};
344344

345+
// FIXME: armhf
346+
#if defined(__arm__)
347+
SEC("kprobe/inet_dgram_connect")
348+
int kprobe__inet_dgram_connect(int retval)
349+
{
350+
// empty kprobe, so the ebpf lib does not complain about missing kprobe on 32bits archs.
351+
return 0;
352+
}
353+
354+
#else
345355

346356
SEC("kprobe/inet_dgram_connect")
347357
int kprobe__inet_dgram_connect(struct pt_regs *ctx)
348358
{
349-
#if defined(__i386__)
350-
struct socket *skt = (struct socket *)PT_REGS_PARM1(ctx);
351-
struct sockaddr *saddr = (struct sockaddr *)PT_REGS_PARM2(ctx);
352-
#else
353359
struct socket *skt = (struct socket *)PT_REGS_PARM1(ctx);
354360
struct sockaddr *saddr = (struct sockaddr *)PT_REGS_PARM2(ctx);
355-
#endif
356361

357362
u64 pid_tgid = bpf_get_current_pid_tgid();
358363
u64 skp = (u64)skt;
@@ -361,6 +366,18 @@ int kprobe__inet_dgram_connect(struct pt_regs *ctx)
361366
bpf_map_update_elem(&icmpsock, &pid_tgid, &sa, BPF_ANY);
362367
return 0;
363368
}
369+
#endif
370+
371+
// FIXME: armhf
372+
#if defined(__arm__)
373+
SEC("kretprobe/inet_dgram_connect")
374+
int kretprobe__inet_dgram_connect(int retval)
375+
{
376+
// empty kprobe, so the ebpf lib does not complain about missing kprobe on 32bits archs.
377+
return 0;
378+
}
379+
380+
#else
364381

365382
SEC("kretprobe/inet_dgram_connect")
366383
int kretprobe__inet_dgram_connect(int retval)
@@ -474,45 +491,47 @@ int kretprobe__inet_dgram_connect(int retval)
474491

475492
return 0;
476493
};
477-
478-
// TODO: for 32bits
479-
#if defined(__arm__) && !defined(__i386__)
480-
SEC("kprobe/iptunnel_xmit")
481-
int kprobe__iptunnel_xmit(struct pt_regs *ctx)
482-
{
483-
// empty kprobe, so the ebpf lib does not complain about missing kprobe on 32bits archs.
484-
return 0;
485-
}
486-
#else
494+
#endif
487495

488496
SEC("kprobe/iptunnel_xmit")
489497
int kprobe__iptunnel_xmit(struct pt_regs *ctx)
490498
{
491499
struct sk_buff *skb = (struct sk_buff *)PT_REGS_PARM3(ctx);
492500
u32 src = (u32)PT_REGS_PARM4(ctx);
493-
u32 dst = (u32)PT_REGS_PARM5(ctx);
494-
501+
u32 dst = 0;
495502
u16 sport = 0;
496-
unsigned char *head;
497-
u16 pkt_hdr;
498-
__builtin_memset(&head, 0, sizeof(head));
499-
__builtin_memset(&pkt_hdr, 0, sizeof(pkt_hdr));
500-
bpf_probe_read(&head, sizeof(head), &skb->head);
503+
struct udp_key_t udp_key;
504+
struct udp_value_t udp_value;
505+
u16 pkt_hdr = 0;
501506
bpf_probe_read(&pkt_hdr, sizeof(pkt_hdr), &skb->transport_header);
507+
508+
#if defined(__i386__)
509+
dst = (u32)(ctx->sp + 20);
510+
#else
511+
dst = (u32)PT_REGS_PARM5(ctx);
512+
#endif
513+
514+
#if defined(__i386__) || defined(__arm__)
515+
unsigned char *data=NULL;
516+
bpf_probe_read(&data, sizeof(data), &skb->data);
517+
unsigned char *udp_start = data + pkt_hdr;
518+
519+
bpf_probe_read(&sport, sizeof(sport), udp_start);
520+
bpf_probe_read(&udp_key.dport, sizeof(udp_key.dport), &udp_start+2);
521+
#else
522+
unsigned char *head;
502523
struct udphdr *udph;
503524
__builtin_memset(&udph, 0, sizeof(udph));
525+
__builtin_memset(&head, 0, sizeof(head));
504526

527+
bpf_probe_read(&head, sizeof(head), &skb->head);
505528
udph = (struct udphdr *)(head + pkt_hdr);
506529
bpf_probe_read(&sport, sizeof(sport), &udph->source);
530+
bpf_probe_read(&udp_key.dport, sizeof(udp_key.dport), &udph->dest);
531+
#endif
507532
sport = (sport >> 8) | ((sport << 8) & 0xff00);
508533

509-
struct udp_key_t udp_key;
510-
struct udp_value_t udp_value;
511-
__builtin_memset(&udp_key, 0, sizeof(udp_key));
512-
__builtin_memset(&udp_value, 0, sizeof(udp_value));
513-
514534
bpf_probe_read(&udp_key.sport, sizeof(udp_key.sport), &sport);
515-
bpf_probe_read(&udp_key.dport, sizeof(udp_key.dport), &udph->dest);
516535
bpf_probe_read(&udp_key.saddr, sizeof(udp_key.saddr), &src);
517536
bpf_probe_read(&udp_key.daddr, sizeof(udp_key.daddr), &dst);
518537

@@ -528,7 +547,6 @@ int kprobe__iptunnel_xmit(struct pt_regs *ctx)
528547
return 0;
529548
};
530549

531-
#endif
532550

533551
char _license[] SEC("license") = "GPL";
534552
// this number will be interpreted by the elf loader

0 commit comments

Comments
 (0)