diff options
| -rw-r--r-- | Makefile | 8 | ||||
| -rw-r--r-- | TODO.md | 15 | ||||
| -rw-r--r-- | internal/c/filter.c | 10 | ||||
| -rw-r--r-- | internal/c/flags.h | 4 | ||||
| -rw-r--r-- | internal/flags/flags.go | 13 | ||||
| -rw-r--r-- | internal/generated/Makefile | 4 |
6 files changed, 24 insertions, 30 deletions
@@ -5,9 +5,7 @@ export GOARCH = amd64 export CGO_CFLAGS = -I$(LIBBPFGO)/output -I$(LIBBPFGO)/selftest/common export CGO_LDFLAGS = -lelf -lzstd $(LIBBPFGO)/output/libbpf.a -all: build run - -build: bpfbuild gobuild +all: bpfbuild gobuild .PHONY: bpfbuild bpfbuild: @@ -27,7 +25,3 @@ clean: find . -type f -name ioriotng -delete if [ -e ioriotng.bpf.o ]; then rm ioriotng.bpf.o; fi make -C ./internal/c clean - -.PHONY: run -run: - sudo ./ioriotng -uid $$(id -u) diff --git a/TODO.md b/TODO.md deleted file mode 100644 index b2bc4f6..0000000 --- a/TODO.md +++ /dev/null @@ -1,15 +0,0 @@ -# TODO - -## Functionality - -* Send PID and/or file pattern dynamically to the BPF program (command line flags) -* Capture all *open* and *close* syscalls (e.g. from debugfs?) - * Could write a Go code to check for available syscalls and then alert? -* ... - -## Refactor - -* Error wrapping -* vet -* Move have a ./internal/ioriot.bpf.c and ./internal/ioriot.go as starting points -* Move main.go to ./cmd/ioriot diff --git a/internal/c/filter.c b/internal/c/filter.c index a91eb84..93497c7 100644 --- a/internal/c/filter.c +++ b/internal/c/filter.c @@ -1,5 +1,13 @@ //+build ignore static __always_inline int filter() { - return (bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER; + if ((bpf_get_current_pid_tgid() >> 32) == PID_FILTER) + return 0; + + /* + if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) == UID_FILTER) + return 0; + */ + + return 1; } diff --git a/internal/c/flags.h b/internal/c/flags.h index 53b9492..eb7ec83 100644 --- a/internal/c/flags.h +++ b/internal/c/flags.h @@ -1,4 +1,4 @@ //+build ignore -const volatile u32 UID_FILTER = 0; -volatile u32 DYNAMIC_UID_FILTER = 0; +// const volatile u32 UID_FILTER = -1; +const volatile u32 PID_FILTER = -1; diff --git a/internal/flags/flags.go b/internal/flags/flags.go index f139654..fbb0569 100644 --- a/internal/flags/flags.go +++ b/internal/flags/flags.go @@ -9,11 +9,13 @@ import ( type Flags struct { UidFilter int + PidFilter int EventMapSize int } func New() (flags Flags) { - flag.IntVar(&flags.UidFilter, "uid", 0, "Filter for processes with UID") + // flag.IntVar(&flags.UidFilter, "uid", 0, "Filter for user ID") + flag.IntVar(&flags.PidFilter, "pid", 0, "Filter for processes ID") flag.IntVar(&flags.EventMapSize, "mapSize", 4096*16, "BPF FD event ring buffer map size") flag.Parse() @@ -21,8 +23,13 @@ func New() (flags Flags) { } func (flags Flags) SetBPF(bpfModule *bpf.Module) error { - if err := bpfModule.InitGlobalVariable("UID_FILTER", uint32(flags.UidFilter)); err != nil { - return fmt.Errorf("unable to set up UID_FILTER global variable: %w", err) + /* + if err := bpfModule.InitGlobalVariable("UID_FILTER", uint32(flags.UidFilter)); err != nil { + return fmt.Errorf("unable to set up UID_FILTER global variable: %w", err) + } + */ + if err := bpfModule.InitGlobalVariable("PID_FILTER", uint32(flags.PidFilter)); err != nil { + return fmt.Errorf("unable to set up PID_FILTER global variable: %w", err) } return nil } diff --git a/internal/generated/Makefile b/internal/generated/Makefile index 7734ff5..1f5bf05 100644 --- a/internal/generated/Makefile +++ b/internal/generated/Makefile @@ -4,9 +4,9 @@ generate: tracepoints types .PHONY: tracepoints tracepoints: - cat ../c/tracepoints/*.c | raku tracepoints.raku | goimports | gofmt | tee tracepoints/tracepoints.go + cat ../c/tracepoints/*.c | raku tracepoints.raku | goimports | gofmt > tracepoints/tracepoints.go .PHONY: types types: - cat ../c/types.h | raku nqc.raku | goimports | gofmt | tee types/types.go + cat ../c/types.h | raku nqc.raku | goimports | gofmt > types/types.go |