diff options
| author |   Nicolas Douma <nicolas@serveur.io> | 2020-04-28 03:44:47 +0200 |
|---|---|---|
| committer | Nicolas Douma <nicolas@serveur.io> | 2020-04-28 03:44:47 +0200 |
| commit | 3150b4f2bb215c9a04a53c398666c0f6796ac8d0 (patch) | |
| tree | f6ca15fc7894a2ee8e60c4a60996633b230d7ec1 | |
| parent | Prevent SO_BINDTODEVICE setsockopt so that the program doesn't escape wg (diff) | |
| download | netifexec-3150b4f2bb215c9a04a53c398666c0f6796ac8d0.tar.xz netifexec-3150b4f2bb215c9a04a53c398666c0f6796ac8d0.zip | |
Add some documentation for the BPF programs
| -rw-r--r-- | netifexec.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/netifexec.c b/netifexec.c index 0f8dd13..2ab44af 100644 --- a/netifexec.c +++ b/netifexec.c @@ -374,6 +374,15 @@ static void hook_sock_create(int cgroupfd, char *iface) int index = ifindex(iface); + /* + * 0: (b7) r2 = 1073741824 + * 1: (63) *(u32 *)(r1 +452) = r2 + * 2: (b7) r2 = 38 + * 3: (63) *(u32 *)(r1 +20) = r2 + * 4: (b7) r0 = 1 + * 5: (95) exit + */ + struct bpf_insn bpf_program[] = { BPF_MOV64_IMM(BPF_REG_2, 0x40000000), // use r2 as scratch BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_2, offsetof(struct bpf_sock, mark)), // load r2 into r1 @@ -382,6 +391,7 @@ static void hook_sock_create(int cgroupfd, char *iface) BPF_MOV64_IMM(BPF_REG_0, 1), // verdict BPF_EXIT_INSN() }; + // FIXME: initialize with zeroes, pad with zeroes at the end struct bpf_load_program_attr load_program_attr = { .prog_type = BPF_PROG_TYPE_CGROUP_SOCK, .expected_attach_type = BPF_CGROUP_INET_SOCK_CREATE, @@ -446,6 +456,7 @@ static void hook_setsockopt(int cgroupfd, char *iface) BPF_MOV64_IMM(BPF_REG_0, 1), BPF_EXIT_INSN() }; + // FIXME: initialize with zeroes, pad with zeroes at the end struct bpf_load_program_attr load_program_attr = { .prog_type = BPF_PROG_TYPE_CGROUP_SOCKOPT, .expected_attach_type = BPF_CGROUP_SETSOCKOPT, |