diff --git a/.gitignore b/.gitignore index 376b718ec7dae5a5cd25a66e4f8110bd9be7f624..6ca86114b7dafa06dbc36c9c8c3b14211d2fca45 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ output pkg/bpf/bytecode/* *bpf.o tags +tools/load_bpf +load_bpf diff --git a/Makefile b/Makefile index 823c3ab25dcf4b8719fa539b5858d3485fa40618..e3111cb0e37d1db317059a56c8f68360726a4c48 100644 --- a/Makefile +++ b/Makefile @@ -52,6 +52,9 @@ bpf-restricted-mount: $(BPF_BUILDDIR)/restricted-mount.bpf.o .PHONY: bpf-restricted-process bpf-restricted-process: $(BPF_BUILDDIR)/restricted-process.bpf.o +tools: libbpf + gcc -I$(OUTPUT) -L$(OUTPUT) -lbpf tools/load_bpf.c -o tools/load_bpf + .PHONY: build build: libbpf vmlinux bpf-restricted-network bpf-restricted-file bpf-restricted-mount bpf-restricted-process $(CGOFLAG) go build -tags netgo -ldflags "-w -s" -o build/safeguard cmd/safeguard/safeguard.go @@ -63,7 +66,6 @@ build-static: libbpf vmlinux bpf-restricted-network bpf-restricted-file bpf-res vmlinux: $(shell bpftool btf dump file /sys/kernel/btf/vmlinux format c > $(OUTPUT)/vmlinux.h) - clean: rm -rf pkg/bpf/bytecode/* rm -rf output build diff --git a/tools/load_bpf.c b/tools/load_bpf.c new file mode 100644 index 0000000000000000000000000000000000000000..1d298d453db8bbef4eb7118954d6cc1525212f6e --- /dev/null +++ b/tools/load_bpf.c @@ -0,0 +1,84 @@ +#include +#include +#include +#include +#include + +int main(int argc, char** argv) { + struct bpf_object *obj; + const char *filename = "pkg/bpf/bytecode/restricted-mount.bpf.o"; + int err; + + if(argc == 2) filename = argv[1]; + struct rlimit rlim = {RLIM_INFINITY, RLIM_INFINITY}; + if (setrlimit(RLIMIT_MEMLOCK, &rlim)) { + perror("Failed to set RLIMIT_MEMLOCK"); + return 1; + } + obj = bpf_object__open(filename); + if (libbpf_get_error(obj)) { + fprintf(stderr, "Error loading BPF object from file: %s\n", filename); + return 1; + } + obj = bpf_object__open_file(filename, NULL); + if (libbpf_get_error(obj)) { + fprintf(stderr, "Error loading BPF object from file: %s\n", filename); + return 1; + } + FILE *file = fopen(filename, "rb"); + if (file == NULL) { + perror("Failed to open BPF object file"); + return 1; + } + + fseek(file, 0, SEEK_END); + size_t obj_buf_sz = ftell(file); + fseek(file, 0, SEEK_SET); + + void *obj_buf = malloc(obj_buf_sz); + if (obj_buf == NULL) { + perror("Failed to allocate memory for BPF object buffer"); + fclose(file); + return 1; + } + + if (fread(obj_buf, 1, obj_buf_sz, file) != obj_buf_sz) { + perror("Failed to read BPF object file"); + free(obj_buf); + fclose(file); + return 1; + } + + fclose(file); + obj = bpf_object__open_mem(obj_buf, obj_buf_sz, NULL); + if (libbpf_get_error(obj)) { + fprintf(stderr, "Error loading BPF object from memory\n"); + free(obj_buf); + return 1; + } + + printf("YYYY BPF %s\n", bpf_object__name(obj)); + struct bpf_program *p = NULL; + for(;;){ + p = bpf_object__next_program(obj, p); + if (p == NULL) break; + printf("YYYY BPF %s prog, %s, type %d, %d\n", bpf_program__name(p), bpf_program__section_name(p), + bpf_program__type(p), bpf_program__expected_attach_type(p)); + } + sleep(1); + //bpf_object__close(obj); + //return 0; + + err = bpf_object__load(obj); + if (err) { + fprintf(stderr, "Error loading BPF object: %d\n", err); + bpf_object__close(obj); + return 1; + } + + printf("BPF object loaded successfully\n"); + + bpf_object__close(obj); + return 0; + +}