diff options
| -rw-r--r-- | internal/ioriotng.go | 21 | ||||
| -rw-r--r-- | ioriotng.bpf.c | 17 | ||||
| -rw-r--r-- | maps.bpf.h | 12 |
3 files changed, 48 insertions, 2 deletions
diff --git a/internal/ioriotng.go b/internal/ioriotng.go index ca2a02e..b34a5cf 100644 --- a/internal/ioriotng.go +++ b/internal/ioriotng.go @@ -10,6 +10,7 @@ import ( "log" "runtime" "sync" + "unsafe" "ioriotng/internal/debugfs" "ioriotng/internal/tracepoints" @@ -69,6 +70,22 @@ func resizeMap(module *bpf.Module, name string, size uint32) error { return nil } +func config(bpfModule *bpf.Module) error { + configMap, err := bpfModule.GetMap("config_map") + if err != nil { + return err + } + + config := struct { + UidFilter int32 + }{ + UidFilter: 1001, // TODO: Make configurable via flag, + } + + key := uint32(1) + return configMap.Update(unsafe.Pointer(&key), unsafe.Pointer(&config)) +} + func Run() { // To consider for implementation! log.Println(debugfs.TracepointsWithFd()) @@ -91,6 +108,10 @@ func Run() { log.Fatal(err) } + if err := config(bpfModule); err != nil { + log.Fatal(err) + } + if err := tracepoints.AttachSyscalls(bpfModule); err != nil { log.Fatal(err) } diff --git a/ioriotng.bpf.c b/ioriotng.bpf.c index 8f39573..0621851 100644 --- a/ioriotng.bpf.c +++ b/ioriotng.bpf.c @@ -9,9 +9,16 @@ // For now, this is set to my own user for development purposes. #define UID_FILTER 1001 + SEC("tracepoint/syscalls/sys_enter_open") int handle_enter_open(struct trace_event_raw_sys_enter *ctx) { - if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER) + u32 key = 1; + struct config *c = bpf_map_lookup_elem(&config_map, &key); + if (!c) { + return 0; + } + + if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != c->x) return 0; u32 tid = bpf_get_current_pid_tgid(); @@ -48,7 +55,13 @@ int handle_exit_open(struct trace_event_raw_sys_exit *ctx) { SEC("tracepoint/syscalls/sys_enter_openat") int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { - if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER) + u32 key = 1; + struct config *c = bpf_map_lookup_elem(&config_map, &key); + if (!c) { + return 0; + } + + if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != c->x) return 0; u32 tid = bpf_get_current_pid_tgid(); @@ -4,6 +4,18 @@ #define MAX_FILENAME_LENGTH 256 #define MAX_PROGNAME_LENGTH 16 +struct config { + int x; + char y; +}; + +struct { + __uint(type, BPF_MAP_TYPE_HASH); + __type(key, u32); + __type(value, struct config); + __uint(max_entries, 1 << 24); +} config_map SEC(".maps"); + struct open_event { __s32 fd; __s32 op_id; |