Skip to content

Commit

Permalink
fix #3
Browse files Browse the repository at this point in the history
Signed-off-by: Quentin JEROME <[email protected]>
  • Loading branch information
qjerome committed Sep 20, 2023
1 parent 3fe1199 commit 6b13658
Show file tree
Hide file tree
Showing 17 changed files with 554 additions and 14 deletions.
3 changes: 3 additions & 0 deletions kunai-common/src/co_re.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ pub use core_exec::*;
mod core_bpf;
pub use core_bpf::*;

mod core_socket_filters;
pub use core_socket_filters::*;

mod core_lkm;
pub use core_lkm::*;

Expand Down
35 changes: 35 additions & 0 deletions kunai-common/src/co_re/c/shim.c
Original file line number Diff line number Diff line change
Expand Up @@ -391,14 +391,47 @@ struct bpf_prog
enum bpf_attach_type expected_attach_type;
unsigned char tag[BPF_TAG_SIZE];
struct bpf_prog_aux *aux;
struct sock_fprog_kern *orig_prog;
} __attribute__((preserve_access_index));

SHIM(bpf_prog, aux);
SHIM(bpf_prog, orig_prog);
ARRAY_SHIM(bpf_prog, tag);
SHIM(bpf_prog, type);
SHIM(bpf_prog, expected_attach_type);
SHIM(bpf_prog, len);

struct sock_filter
{ /* Filter block */
__u16 code; /* Actual filter code */
__u8 jt; /* Jump true */
__u8 jf; /* Jump false */
__u32 k; /* Generic multiuse field */
} __attribute__((preserve_access_index));

SHIM(sock_filter, code);
SHIM(sock_filter, jt);
SHIM(sock_filter, jf);
SHIM(sock_filter, k);

struct sock_fprog
{
unsigned short len;
struct sock_filter *filter;
} __attribute__((preserve_access_index));

SHIM(sock_fprog, len);
SHIM(sock_fprog, filter);

struct sock_fprog_kern
{
u16 len;
struct sock_filter *filter;
} __attribute__((preserve_access_index));

SHIM(sock_fprog_kern, len);
SHIM(sock_fprog_kern, filter);

struct linux_binprm
{
struct mm_struct *mm;
Expand Down Expand Up @@ -534,11 +567,13 @@ SHIM(sk_buff_head, qlen);
struct sock
{
struct sock_common __sk_common;
__u8 sk_protocol;
__u16 sk_type;
struct sk_buff_head sk_receive_queue;
} __attribute__((preserve_access_index));

SHIM_REF(sock, __sk_common);
SHIM_BITFIELD(sock, sk_protocol);
SHIM_BITFIELD(sock, sk_type);
SHIM_REF(sock, sk_receive_queue)

Expand Down
3 changes: 2 additions & 1 deletion kunai-common/src/co_re/core_bpf.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use aya_bpf::helpers::bpf_probe_read_kernel_buf;

use super::gen::{self, *};
use super::{rust_shim_kernel_impl, CoRe};
use super::{rust_shim_kernel_impl, sock_fprog_kern, CoRe};

#[allow(non_camel_case_types)]
pub type bpf_ksym = CoRe<gen::bpf_ksym>;
Expand All @@ -19,6 +19,7 @@ impl bpf_prog {
rust_shim_kernel_impl!(pub, ty, bpf_prog, r#type, u32);
rust_shim_kernel_impl!(pub, bpf_prog, expected_attach_type, u32);
rust_shim_kernel_impl!(pub, bpf_prog, aux, bpf_prog_aux);
rust_shim_kernel_impl!(pub, bpf_prog, orig_prog, sock_fprog_kern);
rust_shim_kernel_impl!(pub, bpf_prog, tag, *mut u8);

pub unsafe fn tag_array(&self) -> Option<[u8; 8]> {
Expand Down
3 changes: 3 additions & 0 deletions kunai-common/src/co_re/core_sock.rs
Original file line number Diff line number Diff line change
Expand Up @@ -57,19 +57,22 @@ pub type sock = CoRe<gen::sock>;
impl sock {
rust_shim_kernel_impl!(pub, sk_common, sock, __sk_common, sock_common);
rust_shim_kernel_impl!(pub, sock, sk_type, u16);
rust_shim_kernel_impl!(pub, sock, sk_protocol, u8);
rust_shim_kernel_impl!(pub, sock, sk_receive_queue, sk_buff_head);
}

#[allow(non_camel_case_types)]
pub type sock_common = CoRe<gen::sock_common>;

#[repr(C)]
#[allow(non_camel_case_types)]
struct skc_addrpair {
skc_daddr: u32,
skc_rcv_saddr: u32,
}

#[repr(C)]
#[allow(non_camel_case_types)]
struct skc_portpair {
skc_dport: u16,
skc_num: u16,
Expand Down
40 changes: 40 additions & 0 deletions kunai-common/src/co_re/core_socket_filters.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
use super::gen::{self, *};
use super::{rust_shim_kernel_impl, CoRe};

#[allow(non_camel_case_types)]
pub type sock_fprog = CoRe<gen::sock_fprog>;

impl sock_fprog {
rust_shim_kernel_impl!(pub, sock_fprog, len, u16);
rust_shim_kernel_impl!(pub, sock_fprog, filter, sock_filter);

pub unsafe fn size(&self) -> Option<usize> {
Some(self.len()? as usize * core::mem::size_of::<gen::sock_filter>())
}
}

#[allow(non_camel_case_types)]
pub type sock_fprog_kern = CoRe<gen::sock_fprog_kern>;

impl sock_fprog_kern {
rust_shim_kernel_impl!(pub, sock_fprog_kern, len, u16);
rust_shim_kernel_impl!(pub, sock_fprog_kern, filter, sock_filter);

pub unsafe fn byte_size_from_len(len: u16) -> usize {
len as usize * core::mem::size_of::<gen::sock_filter>()
}

pub unsafe fn byte_size(&self) -> Option<usize> {
Some(Self::byte_size_from_len(self.len()?))
}
}

#[allow(non_camel_case_types)]
pub type sock_filter = CoRe<gen::sock_filter>;

impl sock_filter {
rust_shim_kernel_impl!(pub, sock_filter, code, u16);
rust_shim_kernel_impl!(pub, sock_filter, jt, u8);
rust_shim_kernel_impl!(pub, sock_filter, jf, u8);
rust_shim_kernel_impl!(pub, sock_filter, k, u32);
}
115 changes: 115 additions & 0 deletions kunai-common/src/co_re/gen.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
pub type __u64 = ::core::ffi::c_ulonglong;
pub type __u32 = ::core::ffi::c_uint;
pub type __u16 = ::core::ffi::c_ushort;
pub type u16_ = __u16;
pub type __u8 = ::core::ffi::c_uchar;
pub type __be16 = __u16;
pub type __be32 = __u32;
Expand Down Expand Up @@ -770,6 +771,7 @@ pub struct bpf_prog {
pub expected_attach_type: bpf_attach_type,
pub tag: [::core::ffi::c_uchar; 8usize],
pub aux: *mut bpf_prog_aux,
pub orig_prog: *mut sock_fprog_kern,
}
extern "C" {
pub fn shim_bpf_prog_aux(bpf_prog: *mut bpf_prog) -> *mut bpf_prog_aux;
Expand All @@ -780,6 +782,15 @@ extern "C" {
extern "C" {
pub fn shim_bpf_prog_aux_exists(bpf_prog: *mut bpf_prog) -> bool;
}
extern "C" {
pub fn shim_bpf_prog_orig_prog(bpf_prog: *mut bpf_prog) -> *mut sock_fprog_kern;
}
extern "C" {
pub fn shim_bpf_prog_orig_prog_user(bpf_prog: *mut bpf_prog) -> *mut sock_fprog_kern;
}
extern "C" {
pub fn shim_bpf_prog_orig_prog_exists(bpf_prog: *mut bpf_prog) -> bool;
}
extern "C" {
pub fn shim_bpf_prog_tag(bpf_prog: *mut bpf_prog) -> *mut ::core::ffi::c_uchar;
}
Expand Down Expand Up @@ -818,6 +829,103 @@ extern "C" {
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct sock_filter {
pub code: __u16,
pub jt: __u8,
pub jf: __u8,
pub k: __u32,
}
extern "C" {
pub fn shim_sock_filter_code(sock_filter: *mut sock_filter) -> ::core::ffi::c_ushort;
}
extern "C" {
pub fn shim_sock_filter_code_user(sock_filter: *mut sock_filter) -> ::core::ffi::c_ushort;
}
extern "C" {
pub fn shim_sock_filter_code_exists(sock_filter: *mut sock_filter) -> bool;
}
extern "C" {
pub fn shim_sock_filter_jt(sock_filter: *mut sock_filter) -> ::core::ffi::c_uchar;
}
extern "C" {
pub fn shim_sock_filter_jt_user(sock_filter: *mut sock_filter) -> ::core::ffi::c_uchar;
}
extern "C" {
pub fn shim_sock_filter_jt_exists(sock_filter: *mut sock_filter) -> bool;
}
extern "C" {
pub fn shim_sock_filter_jf(sock_filter: *mut sock_filter) -> ::core::ffi::c_uchar;
}
extern "C" {
pub fn shim_sock_filter_jf_user(sock_filter: *mut sock_filter) -> ::core::ffi::c_uchar;
}
extern "C" {
pub fn shim_sock_filter_jf_exists(sock_filter: *mut sock_filter) -> bool;
}
extern "C" {
pub fn shim_sock_filter_k(sock_filter: *mut sock_filter) -> ::core::ffi::c_uint;
}
extern "C" {
pub fn shim_sock_filter_k_user(sock_filter: *mut sock_filter) -> ::core::ffi::c_uint;
}
extern "C" {
pub fn shim_sock_filter_k_exists(sock_filter: *mut sock_filter) -> bool;
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct sock_fprog {
pub len: ::core::ffi::c_ushort,
pub filter: *mut sock_filter,
}
extern "C" {
pub fn shim_sock_fprog_len(sock_fprog: *mut sock_fprog) -> ::core::ffi::c_ushort;
}
extern "C" {
pub fn shim_sock_fprog_len_user(sock_fprog: *mut sock_fprog) -> ::core::ffi::c_ushort;
}
extern "C" {
pub fn shim_sock_fprog_len_exists(sock_fprog: *mut sock_fprog) -> bool;
}
extern "C" {
pub fn shim_sock_fprog_filter(sock_fprog: *mut sock_fprog) -> *mut sock_filter;
}
extern "C" {
pub fn shim_sock_fprog_filter_user(sock_fprog: *mut sock_fprog) -> *mut sock_filter;
}
extern "C" {
pub fn shim_sock_fprog_filter_exists(sock_fprog: *mut sock_fprog) -> bool;
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct sock_fprog_kern {
pub len: u16_,
pub filter: *mut sock_filter,
}
extern "C" {
pub fn shim_sock_fprog_kern_len(sock_fprog_kern: *mut sock_fprog_kern)
-> ::core::ffi::c_ushort;
}
extern "C" {
pub fn shim_sock_fprog_kern_len_user(
sock_fprog_kern: *mut sock_fprog_kern,
) -> ::core::ffi::c_ushort;
}
extern "C" {
pub fn shim_sock_fprog_kern_len_exists(sock_fprog_kern: *mut sock_fprog_kern) -> bool;
}
extern "C" {
pub fn shim_sock_fprog_kern_filter(sock_fprog_kern: *mut sock_fprog_kern) -> *mut sock_filter;
}
extern "C" {
pub fn shim_sock_fprog_kern_filter_user(
sock_fprog_kern: *mut sock_fprog_kern,
) -> *mut sock_filter;
}
extern "C" {
pub fn shim_sock_fprog_kern_filter_exists(sock_fprog_kern: *mut sock_fprog_kern) -> bool;
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct linux_binprm {
pub mm: *mut mm_struct,
pub file: *mut file,
Expand Down Expand Up @@ -1148,6 +1256,7 @@ extern "C" {
#[derive(Copy, Clone)]
pub struct sock {
pub __sk_common: sock_common,
pub sk_protocol: __u8,
pub sk_type: __u16,
pub sk_receive_queue: sk_buff_head,
}
Expand All @@ -1160,6 +1269,12 @@ extern "C" {
extern "C" {
pub fn shim_sock___sk_common_exists(sock: *mut sock) -> bool;
}
extern "C" {
pub fn shim_sock_sk_protocol(sock: *mut sock) -> ::core::ffi::c_uchar;
}
extern "C" {
pub fn shim_sock_sk_protocol_exists(sock: *mut sock) -> bool;
}
extern "C" {
pub fn shim_sock_sk_type(sock: *mut sock) -> ::core::ffi::c_ushort;
}
Expand Down
8 changes: 7 additions & 1 deletion kunai-common/src/events.rs
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,10 @@ pub enum Type {
InitModule = 20,
#[str("bpf_prog_load")]
BpfProgLoad,
#[str("bpf_socket_filter")]
BpfSocketFilter,
//#[str("bpf_socket_prog")]
//BpfSocketProg,

// memory stuffs
#[str("mprotect_exec")]
Expand Down Expand Up @@ -106,6 +110,7 @@ pub enum Type {
#[str("file_rename")]
FileRename,

// Materialize end of possible events
#[str("end_event")]
EndEvents = 1000,

Expand All @@ -115,7 +120,7 @@ pub enum Type {
#[str("cache_hash")]
CacheHash,

// !!! all new event types must be put befor max
// !!! all new event types must be put before max
#[str("max")]
Max,
}
Expand Down Expand Up @@ -463,6 +468,7 @@ macro_rules! max {
pub const MAX_EVENT_SIZE: usize = max!(
core::mem::size_of::<ExecveEvent>(),
core::mem::size_of::<BpfProgLoadEvent>(),
core::mem::size_of::<BpfSocketFilterEvent>(),
core::mem::size_of::<ConnectEvent>(),
core::mem::size_of::<DnsQueryEvent>(),
core::mem::size_of::<ExitEvent>(),
Expand Down
12 changes: 11 additions & 1 deletion kunai-common/src/events/bpf.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use super::Event;
use crate::string::String;
use crate::{buffer::Buffer, net::SocketInfo, string::String};

pub const KSYM_NAME_LEN: usize = 512;
pub const BPF_OBJ_NAME_LEN: usize = 16;
Expand Down Expand Up @@ -30,3 +30,13 @@ pub struct BpfProgData {
pub verified_insns: Option<u32>,
pub loaded: bool,
}

pub type BpfSocketFilterEvent = Event<BpfSocketFilter>;

#[repr(C)]
pub struct BpfSocketFilter {
pub socket_info: SocketInfo,
pub filter: Buffer<2048>,
pub filter_len: u16,
pub attached: bool,
}
4 changes: 1 addition & 3 deletions kunai-common/src/kunai-macros/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -152,9 +152,7 @@ pub fn str_enum_derive(item: TokenStream) -> TokenStream {
let variants_len = variants.len();

quote!(
use core::str::FromStr;

impl FromStr for #enum_name {
impl core::str::FromStr for #enum_name {
type Err = &'static str;

fn from_str(s: &str) -> Result<Self, Self::Err> {
Expand Down
1 change: 1 addition & 0 deletions kunai-common/src/kunai-macros/tests/macros-tests.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
use core::str::FromStr;
use kunai_macros::{BpfError, StrEnum};
use syn::{Attribute, MetaNameValue};

Expand Down
Loading

0 comments on commit 6b13658

Please sign in to comment.