mirror of
https://github.com/evilsocket/opensnitch.git
synced 2025-03-04 08:34:40 +01:00
ba64379348
- Don't rename libbpf's bpf_map_def struct, and distribute the needed bpf
headers.
The bpf_map_def struct has been deprecated for quite some time now,
and it was been removed on >= 6.2 anyway.
We still need it, because we use gobpf.
- Improved compilation behaviour:
- We don't require the kernel sources anymore. We can just use the
kernel headers from the distribution.
- There's no need to copy the sources to the kernel tree, the modules
can be compiled from the ebpf_prog/ dir.
- Compiling against kernels 6.x seems to solve the problem we had with
VPNs, where connections were not intercepted with modules compiled
against 5.8, on kernels >= 5.19.
The modules has been tested on kernels 4.17, 5.4, 5.10, 5.15, 6.1 and
6.2 (kernel connections included).
Closes: #939
40 lines
918 B
C
40 lines
918 B
C
#ifndef OPENSNITCH_COMMON_DEFS_H
|
|
#define OPENSNITCH_COMMON_DEFS_H
|
|
|
|
#include <linux/sched.h>
|
|
#include <linux/ptrace.h>
|
|
#include <uapi/linux/bpf.h>
|
|
#include "bpf_headers/bpf_helpers.h"
|
|
#include "bpf_headers/bpf_tracing.h"
|
|
//#include <bpf/bpf_core_read.h>
|
|
|
|
#define BUF_SIZE_MAP_NS 256
|
|
#define MAPSIZE 12000
|
|
|
|
// even though we only need 32 bits of pid, on x86_32 ebpf verifier complained when pid type was set to u32
|
|
typedef u64 pid_size_t;
|
|
typedef u64 uid_size_t;
|
|
|
|
|
|
//-------------------------------map definitions
|
|
// which github.com/iovisor/gobpf/elf expects
|
|
typedef struct bpf_map_def {
|
|
unsigned int type;
|
|
unsigned int key_size;
|
|
unsigned int value_size;
|
|
unsigned int max_entries;
|
|
unsigned int map_flags;
|
|
unsigned int pinning;
|
|
char namespace[BUF_SIZE_MAP_NS];
|
|
} bpf_map_def;
|
|
|
|
enum bpf_pin_type {
|
|
PIN_NONE = 0,
|
|
PIN_OBJECT_NS,
|
|
PIN_GLOBAL_NS,
|
|
PIN_CUSTOM_NS,
|
|
};
|
|
//-----------------------------------
|
|
|
|
#endif
|
|
|