Fix eBPD PID detection for UDP on linux and recompile eBPF programs

2023-08-04 14:10:25 +02:00
parent a76e659989
commit bf6bf0705d
6 changed files with 12 additions and 12 deletions
--- a/firewall/interception/ebpf/bandwidth/bpf_bpfeb.o
+++ b/firewall/interception/ebpf/bandwidth/bpf_bpfeb.o
--- a/firewall/interception/ebpf/bandwidth/bpf_bpfel.o
+++ b/firewall/interception/ebpf/bandwidth/bpf_bpfel.o
--- a/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o
+++ b/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o
--- a/firewall/interception/ebpf/connection_listener/bpf_bpfel.o
+++ b/firewall/interception/ebpf/connection_listener/bpf_bpfel.o
--- a/firewall/interception/ebpf/programs/bandwidth.c
+++ b/firewall/interception/ebpf/programs/bandwidth.c
@@ -105,7 +105,7 @@ int BPF_PROG(udp_sendmsg, struct sock *sk, struct msghdr *msg, size_t len) {
 	struct sock_common *skc = &sk->__sk_common;

 	// Create a key for the map and set all the nececery information.
-  struct sk_key key = {0};
+	struct sk_key key = {0};
 	key.protocol = PROTOCOL_UDP;
 	key.src_ip[0] = skc->skc_rcv_saddr;
 	key.dst_ip[0] = skc->skc_daddr;
@@ -134,7 +134,7 @@ int BPF_PROG(udp_recvmsg, struct sock *sk, struct msghdr *msg, size_t len, int f
 	struct sock_common *skc = &sk->__sk_common;

 	// Create a key for the map and set all the nececery information.
-  struct sk_key key = {0};
+	struct sk_key key = {0};
 	key.protocol = PROTOCOL_UDP;
 	key.src_ip[0] = skc->skc_rcv_saddr;
 	key.dst_ip[0] = skc->skc_daddr;
--- a/firewall/interception/ebpf/programs/monitor.c
+++ b/firewall/interception/ebpf/programs/monitor.c
@@ -76,7 +76,7 @@ int BPF_PROG(tcp_connect, struct sock *sk) {
 		tcp_info->ipVersion = 6;
 	}

-  // Send event
+	// Send event
 	bpf_ringbuf_submit(tcp_info, 0);
 	return 0;
 };
@@ -95,15 +95,15 @@ int BPF_PROG(udp_v4_connect, struct sock *sk) {
 		return 0;
 	}

-  // Allocate space for the event.
+	// Allocate space for the event.
 	struct Event *udp_info;
 	udp_info = bpf_ringbuf_reserve(&pm_connection_events, sizeof(struct Event), 0);
 	if (!udp_info) {
 		return 0;
 	}

-	// Read PID
-	udp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid());
+	// Read PID (Careful: This is the Thread Group ID in kernel speak!)
+	udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32));

 	// Set src and dist ports
 	udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num);
@@ -119,7 +119,7 @@ int BPF_PROG(udp_v4_connect, struct sock *sk) {
 	// Set protocol. No way to detect udplite for ipv4
 	udp_info->protocol = UDP;

-  // Send event
+	// Send event
 	bpf_ringbuf_submit(udp_info, 0);
 	return 0;
 }
@@ -138,21 +138,21 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) {
 		return 0;
 	}

-  // Make sure its udp6 socket
+	// Make sure its udp6 socket
 	struct udp6_sock *us = bpf_skc_to_udp6_sock(sk);
 	if (!us) {
 		return 0;
 	}

-  // Allocate space for the event.
+	// Allocate space for the event.
 	struct Event *udp_info;
 	udp_info = bpf_ringbuf_reserve(&pm_connection_events, sizeof(struct Event), 0);
 	if (!udp_info) {
 		return 0;
 	}

-  // Read PID
-	udp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid());
+	// Read PID (Careful: This is the Thread Group ID in kernel speak!)
+	udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32));

 	// Set src and dist ports
 	udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num);
@@ -176,7 +176,7 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) {
 		udp_info->protocol = UDPLite;
 	}

-  // Send event
+	// Send event
 	bpf_ringbuf_submit(udp_info, 0);
 	return 0;
 }