mirror of
https://github.com/evilsocket/opensnitch.git
synced 2025-03-04 00:24:40 +01:00
ebpf,dns: initialized structs
On the previus commit we just disabled dns uprobes for armhf/i386 to avoid loading errors. A better fix is to initialized the structs used. On armhf still fails after loading it, when attaching to the uprobes (offsets?), and on i386 it doesn't seem to send anything to userspace (more analysis needed). - Increased the number of IPs associated with a domain that are delivered to userspace. (getfedora.org returns 30 ipv4+ipv6). - Fixed getting the aliases of a domain when using gethostbyname().
This commit is contained in:
Gustavo Iñiguez Goia
parent
55678b4d3b
commit
27509d6fe0
1 changed files with 7 additions and 20 deletions
|
|
@ -33,8 +33,9 @@
|
|||
|
||||
//-----------------------------------
|
||||
|
||||
// random values
|
||||
#define MAX_ALIASES 5
|
||||
#define MAX_IPS 5
|
||||
#define MAX_IPS 30
|
||||
|
||||
struct nameLookupEvent {
|
||||
u32 addr_type;
|
||||
|
|
@ -104,8 +105,6 @@ int uretprobe__gethostbyname(struct pt_regs *ctx) {
|
|||
char **ips = {0};
|
||||
bpf_probe_read(&ips, sizeof(ips), &host->h_addr_list);
|
||||
|
||||
#if !defined(__i386__) && !defined(__arm__)
|
||||
|
||||
#pragma clang loop unroll(full)
|
||||
for (int i = 0; i < MAX_IPS; i++) {
|
||||
char *ip={0};
|
||||
|
|
@ -134,7 +133,7 @@ int uretprobe__gethostbyname(struct pt_regs *ctx) {
|
|||
#pragma clang loop unroll(full)
|
||||
for (int j = 0; j < MAX_ALIASES; j++) {
|
||||
char *alias = {0};
|
||||
bpf_probe_read(&alias, sizeof(alias), &aliases[i]);
|
||||
bpf_probe_read(&alias, sizeof(alias), &aliases[j]);
|
||||
|
||||
if (alias == NULL) {
|
||||
return 0;
|
||||
|
|
@ -145,8 +144,6 @@ int uretprobe__gethostbyname(struct pt_regs *ctx) {
|
|||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -188,15 +185,11 @@ int ret_addrinfo(struct pt_regs *ctx) {
|
|||
}
|
||||
|
||||
struct addrinfo **res_p={0};
|
||||
__builtin_memset(&res_p, 0, sizeof(res_p));
|
||||
bpf_probe_read(&res_p, sizeof(res_p), &addrinfo_args->addrinfo_ptr);
|
||||
|
||||
#if !defined(__i386__) && !defined(__arm__)
|
||||
|
||||
#pragma clang loop unroll(full)
|
||||
for (int i = 0; i < MAX_IPS; i++) {
|
||||
struct addrinfo *res = {0};
|
||||
__builtin_memset(&res, 0, sizeof(res));
|
||||
struct addrinfo *res={0};
|
||||
bpf_probe_read(&res, sizeof(res), res_p);
|
||||
if (res == NULL) {
|
||||
goto out;
|
||||
|
|
@ -206,13 +199,11 @@ int ret_addrinfo(struct pt_regs *ctx) {
|
|||
|
||||
if (data.addr_type == AF_INET) {
|
||||
struct sockaddr_in *ipv4={0};
|
||||
__builtin_memset(&ipv4, 0, sizeof(ipv4));
|
||||
bpf_probe_read(&ipv4, sizeof(ipv4), &res->ai_addr);
|
||||
// Only copy the 4 relevant bytes
|
||||
bpf_probe_read_user(&data.ip, 4, &ipv4->sin_addr);
|
||||
} else if(data.addr_type == AF_INET6) {
|
||||
struct sockaddr_in6 *ipv6={0};
|
||||
__builtin_memset(&ipv6, 0, sizeof(ipv6));
|
||||
bpf_probe_read(&ipv6, sizeof(ipv6), &res->ai_addr);
|
||||
|
||||
bpf_probe_read_user(&data.ip, sizeof(data.ip), &ipv6->sin6_addr);
|
||||
|
|
@ -226,9 +217,7 @@ int ret_addrinfo(struct pt_regs *ctx) {
|
|||
bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &data,
|
||||
sizeof(data));
|
||||
|
||||
|
||||
struct addrinfo * next={0};
|
||||
__builtin_memset(&next, 0, sizeof(next));
|
||||
bpf_probe_read(&next, sizeof(next), &res->ai_next);
|
||||
if (next == NULL){
|
||||
goto out;
|
||||
|
|
@ -236,8 +225,6 @@ int ret_addrinfo(struct pt_regs *ctx) {
|
|||
res_p = &next;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
out:
|
||||
bpf_map_delete_elem(&addrinfo_args_hash, &tid);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue