diff options
author | Alice Frosi <afrosi@redhat.com> | 2022-12-21 14:49:09 +0100 |
---|---|---|
committer | Alice Frosi <afrosi@redhat.com> | 2022-12-21 14:55:52 +0100 |
commit | f9613be602d9ff4f999fd216b52c59cd68cf71a3 (patch) | |
tree | 51c3c1c17f8e9029610e7de671da79a6cebae779 /build.c | |
parent | b8989e6bc221c7273ad70e2361a4f0457422cebe (diff) | |
download | seitan-f9613be602d9ff4f999fd216b52c59cd68cf71a3.tar seitan-f9613be602d9ff4f999fd216b52c59cd68cf71a3.tar.gz seitan-f9613be602d9ff4f999fd216b52c59cd68cf71a3.tar.bz2 seitan-f9613be602d9ff4f999fd216b52c59cd68cf71a3.tar.lz seitan-f9613be602d9ff4f999fd216b52c59cd68cf71a3.tar.xz seitan-f9613be602d9ff4f999fd216b52c59cd68cf71a3.tar.zst seitan-f9613be602d9ff4f999fd216b52c59cd68cf71a3.zip |
Generation of bpf program
The build binary creates the bpf filter based on the syscalls defined in
struct bpf_call. E.g:
./build test.bpf
First, a table with the filtered syscalls is built in ascending order of
syscall number and including the amount of syscalls of that type.
After, the BPF filter with a binary search tree is constructed with:
1. the nodes for the tree search
2. the leaves with all the syscall numbers
3. every syscall arguments if present
Then, the BPF instructions are written in the input file.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
Diffstat (limited to 'build.c')
-rw-r--r-- | build.c | 108 |
1 files changed, 19 insertions, 89 deletions
@@ -1,102 +1,32 @@ -// SPDX-License-Identifier: AGPL-3.0-or-later - -/* SEITAN - Syscall Expressive Interpreter, Transformer and Notifier - * - * build.c - Build BPF program and transformation table blobs - * - * Copyright (c) 2022 Red Hat GmbH - * Author: Stefano Brivio <sbrivio@redhat.com> - */ - -#include <stdio.h> +#define _GNU_SOURCE +#include <stdbool.h> #include <stddef.h> +#include <stdio.h> #include <stdlib.h> #include <string.h> -#include <fcntl.h> #include <unistd.h> -#include <linux/audit.h> -#include <linux/filter.h> -#include <linux/seccomp.h> - -struct syscall_numbers { - char name[1024]; - long number; -}; - -enum transform { - NONE, - FD1_UNIX, - FDRET_SRC, - DEV_CHECK, -}; - #include "filter.h" -#include "numbers.h" -struct table { - enum transform type; - long number; - - char arg[6][1024]; +struct bpf_call calls[] = { + { + .name = "connect", + .args = { 0, 111, 0, 0, 0, 0 }, + .check_arg = { false, false, false, false, false, false }, + }, }; -static struct table t[16]; - -int main(void) +int main(int argc, char **argv) { - struct table *tp = t; - char buf[BUFSIZ]; - FILE *fp; - int fd; - - fd = open(BUILD_BPF_OUT, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, - S_IRUSR | S_IWUSR); - write(fd, BUILD_PROFILE, sizeof(BUILD_PROFILE)); - close(fd); - - fp = fopen(BUILD_IN, "r"); - while (fgets(buf, BUFSIZ, fp)) { - char name[1024]; - char type[1024]; - unsigned i; - - if (*buf == '\n' || *buf == '#') - continue; - if (sscanf(buf, "%s %s " /* syscall, type */ - "%s %s %s %s %s %s", name, type, - tp->arg[0], tp->arg[1], tp->arg[2], - tp->arg[3], tp->arg[4], tp->arg[5]) < 3) - continue; - - for (i = 0; i < sizeof(numbers) / sizeof(numbers[0]); i++) { - if (!strcmp(name, numbers[i].name)) - break; - } - - if (i == sizeof(numbers)) - continue; - - if (!strcmp(type, "fd1_unix")) - tp->type = 1; - else if (!strcmp(type, "fdret_src")) - tp->type = 2; - else if (!strcmp(type, "dev_check")) - tp->type = 3; - else - continue; - - tp->number = numbers[i].number; - - tp++; + int ret; + if (argc < 2) { + perror("missing input file"); + exit(EXIT_FAILURE); + } + ret = convert_bpf(argv[1], calls, sizeof(calls) / sizeof(calls[0])); + if (ret < 0) { + perror("converting bpf program"); + exit(EXIT_FAILURE); } - fclose(fp); - - fd = open(BUILD_TRANSFORM_OUT, - O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); - - write(fd, t, sizeof(t)); - close(fd); - return 0; } |