■ ■ ■ ■ ■ ■
ebpfguard-ebpf/src/socket_bind.rs
1 | | - | use aya_bpf::{programs::LsmContext, BpfContext}; |
| 1 | + | use aya_bpf::{cty::c_long, programs::LsmContext, BpfContext}; |
2 | 2 | | use ebpfguard_common::{alerts, consts::INODE_WILDCARD, policy::MAX_PORTS}; |
3 | 3 | | |
4 | 4 | | use crate::{ |
| skipped 25 lines |
30 | 30 | | /// } |
31 | 31 | | /// ``` |
32 | 32 | | #[inline(always)] |
33 | | - | pub fn socket_bind(ctx: LsmContext) -> Action { |
| 33 | + | pub fn socket_bind(ctx: LsmContext) -> Result<Action, c_long> { |
34 | 34 | | let sockaddr: *const sockaddr = unsafe { ctx.arg(1) }; |
35 | 35 | | |
36 | 36 | | if unsafe { (*sockaddr).sa_family } != AF_INET { |
37 | | - | return Action::Allow; |
| 37 | + | return Ok(Action::Allow); |
38 | 38 | | } |
39 | 39 | | |
40 | 40 | | let sockaddr_in: *const sockaddr_in = sockaddr as *const sockaddr_in; |
41 | 41 | | let port = u16::from_be(unsafe { (*sockaddr_in).sin_port }); |
42 | 42 | | |
43 | 43 | | if port == 0 { |
44 | | - | return Action::Allow; |
| 44 | + | return Ok(Action::Allow); |
45 | 45 | | } |
46 | 46 | | |
47 | | - | let binprm_inode = current_binprm_inode(); |
| 47 | + | let binprm_inode = current_binprm_inode()?; |
48 | 48 | | |
49 | 49 | | if let Some(ports) = unsafe { ALLOWED_SOCKET_BIND.get(&INODE_WILDCARD) } { |
50 | 50 | | if ports.all() { |
| skipped 4 lines |
55 | 55 | | &alerts::SocketBind::new(ctx.pid(), binprm_inode, port), |
56 | 56 | | 0, |
57 | 57 | | ); |
58 | | - | return Action::Deny; |
| 58 | + | return Ok(Action::Deny); |
59 | 59 | | } |
60 | 60 | | if ports.ports[..MAX_PORTS - 1].contains(&port) { |
61 | 61 | | ALERT_SOCKET_BIND.output( |
| skipped 1 lines |
63 | 63 | | &alerts::SocketBind::new(ctx.pid(), binprm_inode, port), |
64 | 64 | | 0, |
65 | 65 | | ); |
66 | | - | return Action::Deny; |
| 66 | + | return Ok(Action::Deny); |
67 | 67 | | } |
68 | 68 | | } |
69 | 69 | | |
| skipped 4 lines |
74 | 74 | | &alerts::SocketBind::new(ctx.pid(), binprm_inode, port), |
75 | 75 | | 0, |
76 | 76 | | ); |
77 | | - | return Action::Deny; |
| 77 | + | return Ok(Action::Deny); |
78 | 78 | | } |
79 | 79 | | if ports.ports[..MAX_PORTS - 1].contains(&port) { |
80 | 80 | | ALERT_SOCKET_BIND.output( |
| skipped 1 lines |
82 | 82 | | &alerts::SocketBind::new(ctx.pid(), binprm_inode, port), |
83 | 83 | | 0, |
84 | 84 | | ); |
85 | | - | return Action::Deny; |
| 85 | + | return Ok(Action::Deny); |
86 | 86 | | } |
87 | 87 | | } |
88 | 88 | | } else { |
89 | 89 | | if ports.ports[..MAX_PORTS - 1].contains(&port) { |
90 | | - | return Action::Allow; |
| 90 | + | return Ok(Action::Allow); |
91 | 91 | | } |
92 | 92 | | } |
93 | 93 | | } |
| skipped 2 lines |
96 | 96 | | if ports.all() { |
97 | 97 | | if let Some(ports) = unsafe { ALLOWED_SOCKET_BIND.get(&INODE_WILDCARD) } { |
98 | 98 | | if ports.all() { |
99 | | - | return Action::Allow; |
| 99 | + | return Ok(Action::Allow); |
100 | 100 | | } |
101 | 101 | | if ports.ports[..MAX_PORTS - 1].contains(&port) { |
102 | | - | return Action::Allow; |
| 102 | + | return Ok(Action::Allow); |
103 | 103 | | } |
104 | 104 | | } |
105 | 105 | | |
106 | 106 | | if let Some(ports) = unsafe { ALLOWED_SOCKET_BIND.get(&binprm_inode) } { |
107 | 107 | | if ports.all() { |
108 | | - | return Action::Allow; |
| 108 | + | return Ok(Action::Allow); |
109 | 109 | | } |
110 | 110 | | if ports.ports[..MAX_PORTS - 1].contains(&port) { |
111 | | - | return Action::Allow; |
| 111 | + | return Ok(Action::Allow); |
112 | 112 | | } |
113 | 113 | | } |
114 | 114 | | |
| skipped 2 lines |
117 | 117 | | &alerts::SocketBind::new(ctx.pid(), binprm_inode, port), |
118 | 118 | | 0, |
119 | 119 | | ); |
120 | | - | return Action::Deny; |
| 120 | + | return Ok(Action::Deny); |
121 | 121 | | } else { |
122 | 122 | | if ports.ports[..MAX_PORTS - 1].contains(&port) { |
123 | 123 | | ALERT_SOCKET_BIND.output( |
| skipped 1 lines |
125 | 125 | | &alerts::SocketBind::new(ctx.pid(), binprm_inode, port), |
126 | 126 | | 0, |
127 | 127 | | ); |
128 | | - | return Action::Deny; |
| 128 | + | return Ok(Action::Deny); |
129 | 129 | | } |
130 | 130 | | } |
131 | 131 | | } |
132 | 132 | | |
133 | | - | Action::Allow |
| 133 | + | Ok(Action::Allow) |
134 | 134 | | } |
135 | 135 | | |