diff --git a/firewall/interception/ebpf/bandwidth/bpf_bpfeb.o b/firewall/interception/ebpf/bandwidth/bpf_bpfeb.o index 82069f79..4ceee0d9 100644 Binary files a/firewall/interception/ebpf/bandwidth/bpf_bpfeb.o and b/firewall/interception/ebpf/bandwidth/bpf_bpfeb.o differ diff --git a/firewall/interception/ebpf/bandwidth/bpf_bpfel.o b/firewall/interception/ebpf/bandwidth/bpf_bpfel.o index f7974b55..e52039fc 100644 Binary files a/firewall/interception/ebpf/bandwidth/bpf_bpfel.o and b/firewall/interception/ebpf/bandwidth/bpf_bpfel.o differ diff --git a/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o b/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o index 9545daa4..e8e7cdb7 100644 Binary files a/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o and b/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o differ diff --git a/firewall/interception/ebpf/connection_listener/bpf_bpfel.o b/firewall/interception/ebpf/connection_listener/bpf_bpfel.o index e4f9f3f8..5241f58e 100644 Binary files a/firewall/interception/ebpf/connection_listener/bpf_bpfel.o and b/firewall/interception/ebpf/connection_listener/bpf_bpfel.o differ diff --git a/firewall/interception/ebpf/programs/bandwidth.c b/firewall/interception/ebpf/programs/bandwidth.c index b56ce763..04222353 100644 --- a/firewall/interception/ebpf/programs/bandwidth.c +++ b/firewall/interception/ebpf/programs/bandwidth.c @@ -105,7 +105,7 @@ int BPF_PROG(udp_sendmsg, struct sock *sk, struct msghdr *msg, size_t len) { struct sock_common *skc = &sk->__sk_common; // Create a key for the map and set all the nececery information. - struct sk_key key = {0}; + struct sk_key key = {0}; key.protocol = PROTOCOL_UDP; key.src_ip[0] = skc->skc_rcv_saddr; key.dst_ip[0] = skc->skc_daddr; @@ -134,7 +134,7 @@ int BPF_PROG(udp_recvmsg, struct sock *sk, struct msghdr *msg, size_t len, int f struct sock_common *skc = &sk->__sk_common; // Create a key for the map and set all the nececery information. - struct sk_key key = {0}; + struct sk_key key = {0}; key.protocol = PROTOCOL_UDP; key.src_ip[0] = skc->skc_rcv_saddr; key.dst_ip[0] = skc->skc_daddr; diff --git a/firewall/interception/ebpf/programs/monitor.c b/firewall/interception/ebpf/programs/monitor.c index b084a5d8..70bb19de 100644 --- a/firewall/interception/ebpf/programs/monitor.c +++ b/firewall/interception/ebpf/programs/monitor.c @@ -76,7 +76,7 @@ int BPF_PROG(tcp_connect, struct sock *sk) { tcp_info->ipVersion = 6; } - // Send event + // Send event bpf_ringbuf_submit(tcp_info, 0); return 0; }; @@ -95,15 +95,15 @@ int BPF_PROG(udp_v4_connect, struct sock *sk) { return 0; } - // Allocate space for the event. + // Allocate space for the event. struct Event *udp_info; udp_info = bpf_ringbuf_reserve(&pm_connection_events, sizeof(struct Event), 0); if (!udp_info) { return 0; } - // Read PID - udp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid()); + // Read PID (Careful: This is the Thread Group ID in kernel speak!) + udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32)); // Set src and dist ports udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num); @@ -119,7 +119,7 @@ int BPF_PROG(udp_v4_connect, struct sock *sk) { // Set protocol. No way to detect udplite for ipv4 udp_info->protocol = UDP; - // Send event + // Send event bpf_ringbuf_submit(udp_info, 0); return 0; } @@ -138,21 +138,21 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) { return 0; } - // Make sure its udp6 socket + // Make sure its udp6 socket struct udp6_sock *us = bpf_skc_to_udp6_sock(sk); if (!us) { return 0; } - // Allocate space for the event. + // Allocate space for the event. struct Event *udp_info; udp_info = bpf_ringbuf_reserve(&pm_connection_events, sizeof(struct Event), 0); if (!udp_info) { return 0; } - // Read PID - udp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid()); + // Read PID (Careful: This is the Thread Group ID in kernel speak!) + udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32)); // Set src and dist ports udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num); @@ -176,7 +176,7 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) { udp_info->protocol = UDPLite; } - // Send event + // Send event bpf_ringbuf_submit(udp_info, 0); return 0; } \ No newline at end of file