Fix eBPD PID detection for UDP on linux and recompile eBPF programs

2023-08-04 14:10:25 +02:00
parent a76e659989
commit bf6bf0705d
6 changed files with 12 additions and 12 deletions
--- a/firewall/interception/ebpf/bandwidth/bpf_bpfeb.o
+++ b/firewall/interception/ebpf/bandwidth/bpf_bpfeb.o
--- a/firewall/interception/ebpf/bandwidth/bpf_bpfel.o
+++ b/firewall/interception/ebpf/bandwidth/bpf_bpfel.o
--- a/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o
+++ b/firewall/interception/ebpf/connection_listener/bpf_bpfeb.o
--- a/firewall/interception/ebpf/connection_listener/bpf_bpfel.o
+++ b/firewall/interception/ebpf/connection_listener/bpf_bpfel.o
--- a/firewall/interception/ebpf/programs/monitor.c
+++ b/firewall/interception/ebpf/programs/monitor.c
@@ -102,8 +102,8 @@ int BPF_PROG(udp_v4_connect, struct sock *sk) {
 		return 0;
 	}

-	// Read PID
-	udp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid());
+	// Read PID (Careful: This is the Thread Group ID in kernel speak!)
+	udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32));

 	// Set src and dist ports
 	udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num);
@@ -151,8 +151,8 @@ int BPF_PROG(udp_v6_connect, struct sock *sk) {
 		return 0;
 	}

-  // Read PID
-	udp_info->pid = __builtin_bswap32((u32)bpf_get_current_pid_tgid());
+	// Read PID (Careful: This is the Thread Group ID in kernel speak!)
+	udp_info->pid = __builtin_bswap32((u32)(bpf_get_current_pid_tgid() >> 32));

 	// Set src and dist ports
 	udp_info->sport = __builtin_bswap16(sk->__sk_common.skc_num);