• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2020 Facebook */
3 
4 #include "vmlinux.h"
5 #include <bpf/bpf_helpers.h>
6 #include <bpf/bpf_tracing.h>
7 #include <bpf/bpf_core_read.h>
8 
9 #define MAX_LEN 256
10 
11 char buf_in1[MAX_LEN] = {};
12 char buf_in2[MAX_LEN] = {};
13 
14 int test_pid = 0;
15 bool capture = false;
16 
17 /* .bss */
18 __u64 payload1_len1 = 0;
19 __u64 payload1_len2 = 0;
20 __u64 total1 = 0;
21 char payload1[MAX_LEN + MAX_LEN] = {};
22 
23 /* .data */
24 int payload2_len1 = -1;
25 int payload2_len2 = -1;
26 int total2 = -1;
27 char payload2[MAX_LEN + MAX_LEN] = { 1 };
28 
29 int payload3_len1 = -1;
30 int payload3_len2 = -1;
31 int total3= -1;
32 char payload3[MAX_LEN + MAX_LEN] = { 1 };
33 
34 int payload4_len1 = -1;
35 int payload4_len2 = -1;
36 int total4= -1;
37 char payload4[MAX_LEN + MAX_LEN] = { 1 };
38 
39 SEC("raw_tp/sys_enter")
handler64_unsigned(void * regs)40 int handler64_unsigned(void *regs)
41 {
42 	int pid = bpf_get_current_pid_tgid() >> 32;
43 	void *payload = payload1;
44 	u64 len;
45 
46 	/* ignore irrelevant invocations */
47 	if (test_pid != pid || !capture)
48 		return 0;
49 
50 	len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
51 	if (len <= MAX_LEN) {
52 		payload += len;
53 		payload1_len1 = len;
54 	}
55 
56 	len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
57 	if (len <= MAX_LEN) {
58 		payload += len;
59 		payload1_len2 = len;
60 	}
61 
62 	total1 = payload - (void *)payload1;
63 
64 	return 0;
65 }
66 
67 SEC("raw_tp/sys_exit")
handler64_signed(void * regs)68 int handler64_signed(void *regs)
69 {
70 	int pid = bpf_get_current_pid_tgid() >> 32;
71 	void *payload = payload3;
72 	long len;
73 
74 	/* ignore irrelevant invocations */
75 	if (test_pid != pid || !capture)
76 		return 0;
77 
78 	len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
79 	if (len >= 0) {
80 		payload += len;
81 		payload3_len1 = len;
82 	}
83 	len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
84 	if (len >= 0) {
85 		payload += len;
86 		payload3_len2 = len;
87 	}
88 	total3 = payload - (void *)payload3;
89 
90 	return 0;
91 }
92 
93 SEC("tp/raw_syscalls/sys_enter")
handler32_unsigned(void * regs)94 int handler32_unsigned(void *regs)
95 {
96 	int pid = bpf_get_current_pid_tgid() >> 32;
97 	void *payload = payload2;
98 	u32 len;
99 
100 	/* ignore irrelevant invocations */
101 	if (test_pid != pid || !capture)
102 		return 0;
103 
104 	len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
105 	if (len <= MAX_LEN) {
106 		payload += len;
107 		payload2_len1 = len;
108 	}
109 
110 	len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
111 	if (len <= MAX_LEN) {
112 		payload += len;
113 		payload2_len2 = len;
114 	}
115 
116 	total2 = payload - (void *)payload2;
117 
118 	return 0;
119 }
120 
121 SEC("tp/raw_syscalls/sys_exit")
handler32_signed(void * regs)122 int handler32_signed(void *regs)
123 {
124 	int pid = bpf_get_current_pid_tgid() >> 32;
125 	void *payload = payload4;
126 	int len;
127 
128 	/* ignore irrelevant invocations */
129 	if (test_pid != pid || !capture)
130 		return 0;
131 
132 	len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
133 	if (len >= 0) {
134 		payload += len;
135 		payload4_len1 = len;
136 	}
137 	len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
138 	if (len >= 0) {
139 		payload += len;
140 		payload4_len2 = len;
141 	}
142 	total4 = payload - (void *)payload4;
143 
144 	return 0;
145 }
146 
147 SEC("tp/syscalls/sys_exit_getpid")
handler_exit(void * regs)148 int handler_exit(void *regs)
149 {
150 	long bla;
151 
152 	if (bpf_probe_read_kernel(&bla, sizeof(bla), 0))
153 		return 1;
154 	else
155 		return 0;
156 }
157 
158 char LICENSE[] SEC("license") = "GPL";
159