-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1a33172
commit 416c37f
Showing
10 changed files
with
1,273 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,82 @@ | ||
| #include <linux/sched.h> | ||
| #include <linux/socket.h> | ||
| #include <linux/net.h> | ||
| #include <linux/file.h> | ||
| #include <net/sock.h> | ||
| #include <uapi/linux/in.h> | ||
|
|
||
| BPF_PERF_OUTPUT(events); | ||
|
|
||
| struct netevent_t { | ||
| u32 pid; | ||
| u64 ts; | ||
| char comm[TASK_COMM_LEN]; | ||
| int fd; | ||
| int uid; | ||
| unsigned short port; | ||
| unsigned int address; | ||
| int inet_family; | ||
| }; | ||
|
|
||
| extern struct socket *sockfd_lookup(int fd, int *err); | ||
| extern unsigned long __fdget(unsigned int fd); | ||
| extern unsigned long __fdget_raw(unsigned int fd); | ||
|
|
||
|
|
||
| int probe_connect_enter (struct pt_regs *ctx, int sockfd, struct sockaddr* addr, int addrlen) { | ||
| struct sockaddr_in* poop = (struct sockaddr_in*) addr; | ||
| if (poop->sin_family != AF_INET) { | ||
| return 0; | ||
| } | ||
|
|
||
| //__fdget_raw(sockfd); | ||
| //struct socket* test = sockfd_lookup(sockfd, NULL); | ||
| struct netevent_t netevent = {}; | ||
| netevent.pid = bpf_get_current_pid_tgid(); | ||
| netevent.ts = bpf_ktime_get_ns(); | ||
| //netevent.fd = sk->__sk_common.skc_family; | ||
| netevent.uid = bpf_get_current_uid_gid(); | ||
| netevent.port = poop->sin_port; | ||
| netevent.address = poop->sin_addr.s_addr; | ||
| bpf_get_current_comm(&netevent.comm, sizeof(netevent.comm)); | ||
| events.perf_submit(ctx, &netevent, sizeof(netevent)); | ||
|
|
||
| return 0; | ||
| } | ||
|
|
||
| int tcp_v4 (struct pt_regs *ctx, struct sock *sk, struct sockaddr *uaddr, int addr_len) { | ||
| struct sockaddr_in* poop = (struct sockaddr_in*) uaddr; | ||
| if (poop->sin_family != AF_INET) { | ||
| return 0; | ||
| } | ||
|
|
||
| struct netevent_t netevent = {}; | ||
| netevent.pid = bpf_get_current_pid_tgid(); | ||
| netevent.ts = bpf_ktime_get_ns(); | ||
| netevent.fd = sk->__sk_common.skc_family; | ||
| netevent.uid = bpf_get_current_uid_gid(); | ||
| netevent.port = poop->sin_port; | ||
| netevent.address = poop->sin_addr.s_addr; | ||
| bpf_get_current_comm(&netevent.comm, sizeof(netevent.comm)); | ||
| events.perf_submit(ctx, &netevent, sizeof(netevent)); | ||
|
|
||
| return 0; | ||
| } | ||
|
|
||
| int udp_v4 (struct pt_regs *ctx, struct sock *sk, struct msghdr *msg, size_t len) { | ||
| struct netevent_t netevent = {}; | ||
| sk = (struct sock *)PT_REGS_PARM1(ctx); | ||
|
|
||
| netevent.pid = bpf_get_current_pid_tgid(); | ||
| netevent.ts = bpf_ktime_get_ns(); | ||
| netevent.fd = sk->__sk_common.skc_family; | ||
| netevent.uid = bpf_get_current_uid_gid(); | ||
| netevent.port = 0x35;//poop->sin_port; | ||
| netevent.address = 0;//poop->sin_addr.s_addr; | ||
| strcpy(netevent.comm, "sagar"); | ||
| // bpf_get_current_comm(&netevent.comm, sizeof(netevent.comm)); | ||
| events.perf_submit(ctx, &netevent, sizeof(netevent)); | ||
|
|
||
| return 0; | ||
| } | ||
|
|
Empty file.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
|
|
||
| from functools import reduce | ||
|
|
||
| class TaggedIpList: | ||
| def __init__(self, tag, handle): | ||
| self.addresses = [] | ||
| self.tag = tag | ||
| for line in handle: | ||
| line = line.strip() | ||
|
|
||
| if line and line[0] == "#": | ||
| continue | ||
|
|
||
| self.addresses.append(self.ip2int(line)) | ||
|
|
||
| self.addresses = sorted(self.addresses) | ||
|
|
||
| def check_membership(self, ip_address): | ||
| ip_address = self.ip2int(ip_address) | ||
|
|
||
| low = 0 | ||
| high = len(self.addresses)-1 | ||
|
|
||
| while high >= low: | ||
| midpoint = (low + high)//2 | ||
| if self.addresses[midpoint] == ip_address: | ||
| return True | ||
| elif self.addresses[midpoint] > ip_address: | ||
| high = midpoint-1 | ||
| elif self.addresses[midpoint] < ip_address: | ||
| low = midpoint+1 | ||
|
|
||
| return False | ||
|
|
||
| def ip2int(self, ip): | ||
| return reduce(lambda out, x: (out << 8) + int(x), ip.split('.'), 0) | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| # IP Feeds | ||
|
|
||
| By default this is empty. Add new feeds by running `./update_feeds.sh` in the root directory of this project. |
Oops, something went wrong.