From efe5d6731d622a34f5da9d03eb76ad2cc98a9a88 Mon Sep 17 00:00:00 2001 From: zgzxx Date: Fri, 17 Nov 2023 15:47:43 +0800 Subject: [PATCH] add check for lib and fix build error --- lib/secDetector_sdk.cpp | 16 ++++++++++++++++ observer_agent/CMakeLists.txt | 2 +- observer_agent/ebpf/file_ebpf/file_fentry.bpf.c | 5 +++-- observer_agent/service/ebpf_converter.cpp | 2 +- 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/lib/secDetector_sdk.cpp b/lib/secDetector_sdk.cpp index ade0f48..208f4ac 100644 --- a/lib/secDetector_sdk.cpp +++ b/lib/secDetector_sdk.cpp @@ -18,6 +18,7 @@ #include #include "../observer_agent/grpc_comm/grpc_api.h" +#define ALLTOPIC 0x008FFFFF using namespace std; static string server_address("unix:///var/run/secDetector.sock"); static PubSubClient g_client(grpc::CreateChannel(server_address, grpc::InsecureChannelCredentials())); @@ -31,7 +32,13 @@ extern "C" { void *secSub(const int topic) { + if (!(topic & ALLTOPIC)) + return NULL; + unique_ptr> reader = g_client.Subscribe(topic); + + if (!reader) + return NULL; void * ret_reader = static_cast(reader.get()); g_reader_map.insert(Readmap::value_type(ret_reader, move(reader))); @@ -40,6 +47,12 @@ void *secSub(const int topic) void secUnsub(const int topic, void *reader) { + if (!(topic & ALLTOPIC)) + return; + + if (!reader) + return; + g_client.Publish(topic, "end"); g_client.UnSubscribe(topic); @@ -53,6 +66,9 @@ void secReadFrom(void *reader, char *data, int data_len) { string msg(""); + if (!reader || !data || data_len <= 1) + return; + Readmap::iterator iter = g_reader_map.find(reader); if (iter != g_reader_map.end()) { msg = g_client.ReadFrom(iter->second); diff --git a/observer_agent/CMakeLists.txt b/observer_agent/CMakeLists.txt index fa805bf..a443935 100644 --- a/observer_agent/CMakeLists.txt +++ b/observer_agent/CMakeLists.txt @@ -9,7 +9,7 @@ add_custom_target(grpc_demo ALL add_executable(secDetectord grpc_comm/client.cpp grpc_comm/server.cpp service/main.cpp service/ringbuffer.cpp service/ebpf_converter.cpp) -add_dependencies(secDetectord ebpf) +add_dependencies(secDetectord ebpf file_ebpf) target_include_directories(secDetectord PUBLIC service grpc_comm ${CMAKE_SOURCE_DIR}/include .) target_link_libraries(secDetectord ${CMAKE_CURRENT_BINARY_DIR}/ebpf/.output/fentry.o) diff --git a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c index 2ca7f0e..9c2181f 100644 --- a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c +++ b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c @@ -11,6 +11,8 @@ #define S_IFREG 0100000 #define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) +#define O_CREAT 100 + char LICENSE[] SEC("license") = "Dual BSD/GPL"; struct @@ -94,8 +96,7 @@ int BPF_PROG(do_filp_open_exit, int dfd, struct filename *pathname, const struct { struct ebpf_event *e = NULL; - ///O_CREAT build error - if (op && !(op->open_flag & OP_CREATE)) + if (op && !(op->open_flag & O_CREAT)) return 0; if (!S_ISREG(ret_file->f_inode->i_mode)) return 0; diff --git a/observer_agent/service/ebpf_converter.cpp b/observer_agent/service/ebpf_converter.cpp index c6cd84a..9506099 100644 --- a/observer_agent/service/ebpf_converter.cpp +++ b/observer_agent/service/ebpf_converter.cpp @@ -92,7 +92,7 @@ static std::map convert_funcs = { {CREATFILE, convert_common_file}, {DELFILE, convert_common_file}, {SETFILEATTR, convert_set_file_attr}, - {WRITEDFILE, convert_common_file}, + {WRITEFILE, convert_common_file}, {READFILE, convert_common_file}, }; -- Gitee