| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Mostly assorted fixes, a new FDGET operation (get a copy of the
target file descriptor via pidfd_getfd()) and a new "FD" flag that
means we have to do that on direct tag reference.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tests for checking the filter build recompile and are successfull.
Changes:
- spotted a couple of bugs for adding the arguments in the filter
- readded function `filter_flush_args` to flush_args; this is needed
to distinguish when the arguments belong to the same block or are different
entries to the same syscall
- build the filter in a way that CMP_EQ corresponds to BPF_JEQ and we
don't need to awkwardly negate the operations (still TODO for AND_EQ)
|
|
|
|
| |
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
|
|
|
| |
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
|
|
|
|
|
| |
As discussed with Alice -- 'reuse lint' passes now.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
|
|
|
|
|
|
| |
Changes:
- fix initialization of size
- addedfew comments
- finish to fix the test_filter_build tests
|
|
|
|
|
|
|
| |
Add filter_flush_args() to flush the arguments when finish to add the
syscall arguments.
Fixed test compilation after refactoring.
|
|
|
|
|
|
| |
Add:
- ignore_args field for the filter.
- use MAX_FILTER to define the filter size in the eater
|
|
|
|
|
|
|
|
|
|
|
| |
Attempt to simplify the filter build:
- storing all the bpf_args in a common array and saving the index of
each entry in filter_input
- added new flag to filter_add_arg for append an argument to an entry
- split large loop in filter_build in multiple functions
- adjust and refactor tests/units/test_filter
The tests in test_filter_build.c still need to be fixed
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pseudorandom changes and progress around cooker and seitan:
- cooker:
- rename matching functions, split match.c
- fix up SELECT semantics
- add some form of handling for all syscalls in the example
(some stubs)
- OP_CMP for all basic and compound types except for flags
- link jumps to next block and next match
- completed implementation of tags
- gluten write
- filter clean-ups, write filters (probably not working)
- seitan:
- load gluten and source instructions and data from there
$ ./seitan-cooker cooker/example.hjson example.gluten example.bpf
Parsing block 0
Parsing match 0: connect
Found description for connect
0: OP_NR: if syscall number is not 0, jump to next block
Parsing match argument fd
setting tag reference 'fd'
tag 'fd' now refers to seccomp data at 0
Parsing match argument addr
allocating 128 at offset 0
1: OP_LOAD: #0 < args[1] (size: 128)
C#0: (INT) 1
2: OP_CMP: if temporary data: #0 NE (size: 4) read-only data: #0, jump to next block
C#4: (STRING:24) /var/run/pr-helper.sock
3: OP_CMP: if temporary data: #0 NE (size: 24) read-only data: #4, jump to next block
Linking match...
Linking block...
linked jump of instruction #0 to #4
linked jump of instruction #2 to #4
linked jump of instruction #3 to #4
Parsing block 1
Parsing match 0: ioctl
Found description for ioctl
4: OP_NR: if syscall number is not 112, jump to next block
Parsing match argument path
Parsing match argument request
C#28: (INT) 1074025674
5: OP_CMP: if seccomp data: #1 NE (size: 4) read-only data: #28, jump to next block
Parsing match argument ifr
allocating 40 at offset 128
6: OP_LOAD: #128 < args[2] (size: 40)
C#32: (STRING:5) tap0
7: OP_CMP: if temporary data: #128 NE (size: 5) read-only data: #32, jump to next block
C#37: (INT) 1
8: OP_CMP: if temporary data: #128 NE (size: 4) read-only data: #37, jump to next block
Linking match...
Linking block...
linked jump of instruction #4 to #9
linked jump of instruction #5 to #9
linked jump of instruction #7 to #9
linked jump of instruction #8 to #9
Parsing block 2
Parsing match 0: unshare
Found description for unshare
9: OP_NR: if syscall number is not 164, jump to next block
Parsing match argument flags
Linking match...
Linking block...
linked jump of instruction #9 to #10
Parsing block 3
Parsing match 0: unshare
Found description for unshare
10: OP_NR: if syscall number is not 164, jump to next block
Parsing match argument flags
Linking match...
Linking block...
linked jump of instruction #10 to #11
Parsing block 4
Parsing match 0: mknod
Found description for mknod
11: OP_NR: if syscall number is not 164, jump to next block
Parsing match argument path
allocating 1 at offset 168
12: OP_LOAD: #168 < args[0] (size: 1)
setting tag reference 'path'
tag 'path' now refers to temporary data at 168
Parsing match argument mode
Parsing match argument major
Parsing match argument minor
setting tag reference 'minor'
tag 'minor' now refers to seccomp data at 2
Linking match...
Linking block...
linked jump of instruction #11 to #13
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
| |
|
|
|
|
| |
The logging will be handled different using op_log
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
An additional notification is need either when we jump from an
instruction without arguments then at the end of the argument checks.
|
| |
|
|
|
|
|
| |
Check sequentially the arguments for a syscall entry. If the check isn't
successful then pass to the next entry.
|
|
|