From fbdef1673dcbc5c0bb64405d4dfaa247c3cafec7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gustavo=20I=C3=B1iguez=20Goia?= <gooffy1@gmail.com>
Date: Tue, 21 Jan 2025 00:56:02 +0100
Subject: [PATCH] ebpf: obtain udpv6 source IP in more scenarios

Following the previous change 20a03e11fe5a650fe73f139f156dfae89184e24f,
now we obtain the source IP for UDPv6 connections with it's set in
an ancillary message.
---
 ebpf_prog/opensnitch.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ebpf_prog/opensnitch.c b/ebpf_prog/opensnitch.c
index feb0b27a..496619dc 100644
--- a/ebpf_prog/opensnitch.c
+++ b/ebpf_prog/opensnitch.c
@@ -313,11 +313,12 @@ int kprobe__udpv6_sendmsg(struct pt_regs *ctx)
     bpf_probe_read(&udpv6_key.sport, sizeof(udpv6_key.sport), &sk->__sk_common.skc_num);
     bpf_probe_read(&udpv6_key.saddr, sizeof(udpv6_key.saddr), &sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32);
 
-    // TODO: obtain IPs from ancillary messages if daddr == 0 || saddr == 0
-    // https://elixir.bootlin.com/linux/v4.4.60/source/net/ipv4/ip_sockglue.c#L224
-    //
-    // IPV6_PKTINFO, in6_pktinfo
-
+    if (udpv6_key.saddr.part1 == 0){
+        u64 cmsg=0;
+        bpf_probe_read(&cmsg, sizeof(cmsg), &msg->msg_control);
+        struct in6_pktinfo *inpkt = (struct in6_pktinfo *)CMSG_DATA(cmsg);
+        bpf_probe_read(&udpv6_key.saddr, sizeof(udpv6_key.saddr), &inpkt->ipi6_addr.s6_addr32);
+    }
 
 #if defined(__i386__)
     struct sock_on_x86_32_t sock;