mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 00:24:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ebpf: obtain udpv6 source IP in more scenarios

Browse source 
Following the previous change 20a03e11fe,
now we obtain the source IP for UDPv6 connections with it's set in
an ancillary message.
This commit is contained in:
Gustavo Iñiguez Goia 2025-01-21 00:56:02 +01:00
parent 20a03e11fe
commit fbdef1673d
Failed to generate hash of commit
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
ebpf_prog/opensnitch.c
View file

@ -313,11 +313,12 @@ int kprobe__udpv6_sendmsg(struct pt_regs *ctx)
bpf_probe_read(&udpv6_key.sport, sizeof(udpv6_key.sport), &sk->__sk_common.skc_num);
bpf_probe_read(&udpv6_key.saddr, sizeof(udpv6_key.saddr), &sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32);
// TODO: obtain IPs from ancillary messages if daddr == 0 || saddr == 0
// https://elixir.bootlin.com/linux/v4.4.60/source/net/ipv4/ip_sockglue.c#L224
//
// IPV6_PKTINFO, in6_pktinfo
if (udpv6_key.saddr.part1 == 0){
u64 cmsg=0;
bpf_probe_read(&cmsg, sizeof(cmsg), &msg->msg_control);
struct in6_pktinfo *inpkt = (struct in6_pktinfo *)CMSG_DATA(cmsg);
bpf_probe_read(&udpv6_key.saddr, sizeof(udpv6_key.saddr), &inpkt->ipi6_addr.s6_addr32);
}
#if defined(__i386__)
struct sock_on_x86_32_t sock;