|
32 | 32 | class linux_check_afinfo(linux_common.AbstractLinuxCommand): |
33 | 33 | """Verifies the operation function pointers of network protocols""" |
34 | 34 |
|
35 | | - def check_members(self, var_ops, var_name, members, modules): |
36 | | - |
| 35 | + def check_members(self, var_ops, members, modules): |
37 | 36 | for (hooked_member, hook_address) in self.verify_ops(var_ops, members, modules): |
38 | 37 | yield (hooked_member, hook_address) |
39 | 38 |
|
40 | 39 | def check_afinfo(self, var_name, var, op_members, seq_members, modules): |
41 | | - |
42 | | - for (hooked_member, hook_address) in self.check_members(var.seq_fops, var_name, op_members, modules): |
| 40 | + for (hooked_member, hook_address) in self.check_members(var.seq_fops, op_members, modules): |
43 | 41 | yield (var_name, hooked_member, hook_address) |
44 | | - |
| 42 | + |
45 | 43 | # newer kernels |
46 | 44 | if hasattr(var, "seq_ops"): |
47 | | - for (hooked_member, hook_address) in self.check_members(var.seq_ops, var_name, seq_members, modules): |
| 45 | + for (hooked_member, hook_address) in self.check_members(var.seq_ops, seq_members, modules): |
48 | 46 | yield (var_name, hooked_member, hook_address) |
49 | 47 |
|
50 | 48 | elif not self.is_known_address(var.seq_show, modules): |
51 | 49 | yield (var_name, "show", var.seq_show) |
52 | 50 |
|
53 | | - def calculate(self): |
54 | | - linux_common.set_plugin_members(self) |
55 | | - |
56 | | - modules = linux_lsmod.linux_lsmod(self._config).get_modules() |
| 51 | + def _pre_4_18(self, modules, seq_members): |
57 | 52 | op_members = self.profile.types['file_operations'].keywords["members"].keys() |
58 | | - seq_members = self.profile.types['seq_operations'].keywords["members"].keys() |
59 | 53 |
|
60 | 54 | tcp = ("tcp_seq_afinfo", ["tcp6_seq_afinfo", "tcp4_seq_afinfo"]) |
61 | 55 | udp = ("udp_seq_afinfo", ["udplite6_seq_afinfo", "udp6_seq_afinfo", "udplite4_seq_afinfo", "udp4_seq_afinfo"]) |
62 | 56 | protocols = [tcp, udp] |
63 | 57 |
|
64 | | - for proto in protocols: |
65 | | - |
| 58 | + for proto in protocols: |
66 | 59 | struct_type = proto[0] |
67 | 60 |
|
68 | 61 | for global_var_name in proto[1]: |
69 | | - |
70 | 62 | global_var_addr = self.addr_space.profile.get_symbol(global_var_name) |
71 | | - |
72 | 63 | if not global_var_addr: |
73 | 64 | continue |
74 | 65 |
|
75 | 66 | global_var = obj.Object(struct_type, offset = global_var_addr, vm = self.addr_space) |
76 | 67 |
|
77 | 68 | for (name, member, address) in self.check_afinfo(global_var_name, global_var, op_members, seq_members, modules): |
78 | 69 | yield (name, member, address) |
| 70 | + |
| 71 | + # https://lore.kernel.org/patchwork/patch/901043/ |
| 72 | + def _4_18_plus(self, modules, seq_members): |
| 73 | + ops_structs = ["raw_seq_ops", "udp_seq_ops", "arp_seq_ops", "unix_seq_ops", "udp6_seq_ops" |
| 74 | + "raw6_seq_ops", "tcp_seq_ops", "tcp4_seq_ops", "tcp6_seq_ops", "packet_seq_ops"] |
| 75 | + |
| 76 | + for op_struct in ops_structs: |
| 77 | + var_addr = self.profile.get_symbol(op_struct) |
| 78 | + if var_addr == None: |
| 79 | + continue |
| 80 | + |
| 81 | + var = obj.Object("seq_operations", offset = var_addr, vm = self.addr_space) |
| 82 | + |
| 83 | + for hooked_member, hook_address in self.check_members(var, seq_members, modules): |
| 84 | + yield op_struct, hooked_member, hook_address |
| 85 | + |
| 86 | + def calculate(self): |
| 87 | + linux_common.set_plugin_members(self) |
| 88 | + |
| 89 | + modules = linux_lsmod.linux_lsmod(self._config).get_modules() |
| 90 | + seq_members = self.profile.types['seq_operations'].keywords["members"].keys() |
| 91 | + |
| 92 | + if self.addr_space.profile.obj_has_member("tcp_seq_afinfo", "seq_fops"): |
| 93 | + func = self._pre_4_18 |
| 94 | + else: |
| 95 | + func = self._4_18_plus |
| 96 | + |
| 97 | + for name, member, address in func(modules, seq_members): |
| 98 | + yield name, member, address |
79 | 99 |
|
80 | 100 | def render_text(self, outfd, data): |
81 | 101 |
|
|
0 commit comments