Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ebpf: fix socket_accept event #3240

Merged
merged 2 commits into from
Jun 15, 2023
Merged

ebpf: fix socket_accept event #3240

merged 2 commits into from
Jun 15, 2023

Conversation

NDStrahilevitz
Copy link
Collaborator

@NDStrahilevitz NDStrahilevitz commented Jun 14, 2023
edited
Loading

commit a68570d

    ebpf: simplify socket_accept tailcall
    
    Use the existing sockaddr buffer submit helper, instead of manually
    parsing and submitting.

commit 5d843b0

    ebpf: fix socket_accept event
    
    1. Event definition was missing a tail call register for the accept
    syscalls in the sys_exit_init program.
    2. The sockfd argument was not saved into the argument buffer.

Fix #3229

@NDStrahilevitz
ebpf: fix socket_accept event
5d843b0 
1. Event definition was missing a tail call register for the accept
syscalls in the sys_exit_init program.
2. The sockfd argument was not saved into the argument buffer.
@NDStrahilevitz NDStrahilevitz self-assigned this Jun 14, 2023
AsafEitani
AsafEitani approved these changes Jun 15, 2023
View reviewed changes
Copy link
Contributor

@AsafEitani AsafEitani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@NDStrahilevitz
ebpf: simplify socket_accept tailcall
a68570d 
Use the existing sockaddr buffer submit helper, instead of manually
parsing and submitting.
rafaeldtinoco
rafaeldtinoco approved these changes Jun 15, 2023
View reviewed changes
Copy link
Contributor

@rafaeldtinoco rafaeldtinoco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

quite a nice change! well done. LGTM (have not tested, assuming you did) but looks nice.

@NDStrahilevitz NDStrahilevitz merged commit eb3c959 into aquasecurity:main Jun 15, 2023
25 checks passed
@NDStrahilevitz NDStrahilevitz deleted the fix_socket_accept branch June 15, 2023 17:15
NDStrahilevitz added a commit to NDStrahilevitz/tracee that referenced this pull request Jul 3, 2023
@NDStrahilevitz
ebpf: fix socket_accept event (aquasecurity#3240)
6f3e6d2 
1. Event definition was missing a tail call register for the accept
syscalls in the sys_exit_init program.
2. The sockfd argument was not saved into the argument buffer.
3. Refactor: Use the existing sockaddr buffer submit helper
instead of manually parsing and submitting.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafaeldtinoco rafaeldtinoco rafaeldtinoco approved these changes

@AsafEitani AsafEitani AsafEitani approved these changes

@yanivagman yanivagman Awaiting requested review from yanivagman

Assignees

@NDStrahilevitz NDStrahilevitz

Labels
area/ebpf area/events backport/v0.17.0 kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

socket_accept event not triggering alongside security_socket_accept
3 participants
@NDStrahilevitz @rafaeldtinoco @AsafEitani