diff options
| author | Paul Buetow <paul@buetow.org> | 2024-02-13 11:58:27 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-02-13 11:58:27 +0200 |
| commit | 39aa916833b81df498c4dab8e6168e62276e31b5 (patch) | |
| tree | 579a4218c3e7247b0608246da2ac346d75be4137 | |
| parent | cf73e5aa79cc6f6e147a5df55bad52f30706a5c3 (diff) | |
can pass config struct and also have a generic filter function in BPF
| -rw-r--r-- | ioriotng.bpf.c | 33 | ||||
| -rw-r--r-- | maps.bpf.h | 3 |
2 files changed, 12 insertions, 24 deletions
diff --git a/ioriotng.bpf.c b/ioriotng.bpf.c index 0621851..5555144 100644 --- a/ioriotng.bpf.c +++ b/ioriotng.bpf.c @@ -5,20 +5,15 @@ #include <bpf/bpf_helpers.h> #include "maps.bpf.h" -// TODO: Make UID_FILTER configurable via a flag from the userland part. -// For now, this is set to my own user for development purposes. -#define UID_FILTER 1001 - - -SEC("tracepoint/syscalls/sys_enter_open") -int handle_enter_open(struct trace_event_raw_sys_enter *ctx) { +static inline int filter() { u32 key = 1; struct config *c = bpf_map_lookup_elem(&config_map, &key); - if (!c) { - return 0; - } + return c == NULL || (bpf_get_current_uid_gid() & 0xFFFFFFFF) != c->uid_filter; +} - if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != c->x) +SEC("tracepoint/syscalls/sys_enter_open") +int handle_enter_open(struct trace_event_raw_sys_enter *ctx) { + if (filter()) return 0; u32 tid = bpf_get_current_pid_tgid(); @@ -37,7 +32,7 @@ int handle_enter_open(struct trace_event_raw_sys_enter *ctx) { SEC("tracepoint/syscalls/sys_exit_open") int handle_exit_open(struct trace_event_raw_sys_exit *ctx) { - if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER) + if (filter()) return 0; u32 tid = bpf_get_current_pid_tgid(); @@ -55,13 +50,7 @@ int handle_exit_open(struct trace_event_raw_sys_exit *ctx) { SEC("tracepoint/syscalls/sys_enter_openat") int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { - u32 key = 1; - struct config *c = bpf_map_lookup_elem(&config_map, &key); - if (!c) { - return 0; - } - - if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != c->x) + if (filter()) return 0; u32 tid = bpf_get_current_pid_tgid(); @@ -80,7 +69,7 @@ int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { SEC("tracepoint/syscalls/sys_exit_openat") int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { - if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER) + if (filter()) return 0; return handle_exit_open(ctx); @@ -88,7 +77,7 @@ int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { SEC("tracepoint/syscalls/sys_enter_close") int handle_enter_close(struct trace_event_raw_sys_enter *ctx) { - if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER) + if (filter()) return 0; u32 tid = bpf_get_current_pid_tgid(); @@ -105,7 +94,7 @@ int handle_enter_close(struct trace_event_raw_sys_enter *ctx) { SEC("tracepoint/syscalls/sys_exit_close") int handle_exit_close(struct trace_event_raw_sys_enter *ctx) { - if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER) + if (filter()) return 0; u32 tid = bpf_get_current_pid_tgid(); @@ -5,8 +5,7 @@ #define MAX_PROGNAME_LENGTH 16 struct config { - int x; - char y; + __u32 uid_filter; }; struct { |