Comments (10)
from triplecross.
Hello again,
The error you are getting means that the eBPF verifier is rejecting the TC program because of not passing the checks it performs before being getting it loaded into the kernel. Specifically, it seems that it does not like the addition you are doing inside the if for checking the length of the packet.
The verifier is picky and in my experience what is ok for one machine it does not pass for others. I myself just ran this program in Ubuntu 21.04 successfully tho, but you will have to modify the code for running it under 22.04. Also, you will probably get more verifier errors for other parts of the program, not only TC, so I encourage you to try and port it yourself to 22.04.
Let me give you some context about what you are doing there and what you may try to solve it:
- Any TC program needs to check the format of the packet before performing any operation over it (e.g. reading, writing). First, I am checking the length of the packet (defined by data and data_end pointer), and whether it contains an ethernet frame. This is a necessary step, and it will not work if you remove it.
- Once you have check the boundaries of ethernet header, you have to check the boundaries of each network layer header in order (ip, tcp). After that, you can safely access the packet.
Some things you may try:
- Perform the if clause in some other way. Instead of
if((void*)eth + sizeof(struct ethhdr) > data_end)
try separating it:
void* eth_end = (void*)eth + sizeof(struct ethhdr); if((void*)eth_end > data_end)
- Try using
sizeof(eth)
instead ofsizeof(struct ethhdr)
In general, try any variation of what I've done, sometimes it is something small and silly, others not. As a general rule of thumb for your task, be cautious about operations with pointers, loops and accessing the parameters of eBPF functions. Comment the rest of the code and ensure that each piece of the eBPF program can be loaded by itself. It may happen that the eBPF verifier is giving you that error at line 32, but it is because later in the program you are operating with eth
and it does not like it. So my advice for porting this is that you start from a TC program from scratch and then one by one start writing the functionality I have in my program.
from triplecross.
You can also just use Ubuntu 21.04 which is what I used when I developed this, but if you want it for the latest Ubuntu version (and I assume you do given what you told me by email) then this is a task you'll have to do.
Also, if you are going to do this, check out the following comment by me in another thread where I mention other problems you will encounter (seems that you got eBPF working tho, so ignore the first one)
#41 (comment)
from triplecross.
Thanks a lot! Then if i will try in Ubuntu 21.04 that will work?
from triplecross.
Yes it will
from triplecross.
I am closing the issue since we clarified what is going on already. If you have any problems when using 21.04 or you end up porting it to 22.04 and want some advice, you can open another one.
from triplecross.
from triplecross.
What do you mean? It is definitely supported, you can check the requirements here. If you are having any problem please open an issue
from triplecross.
I solved! but now it gives me error when I try to run sudo ./bin/kit -t enp0s3
These are the mistakes
from triplecross.
Hi. I am moving your issue to a new thread since it is unrelated. Please check out #50
from triplecross.
Related Issues (20)
- Final C2 version
- Update C2 V1 to work with complete protocol (shown in image sent by email)
- Update library for new hidden protocol with packet splitting
- TFG documentation writing
- Scanning and writing module at processes memory
- Use openssl to create secure channel connections
- Enhancement: try to hide used space from df and other userspace tools
- make all error~ HOT 12
- segmentation fault when execute_command and the stack overflow caused by parameters HOT 5
- TC program compilation __stack_chk_fail not supported HOT 4
- user/kit.c:395:40: error: ‘XDP_FLAGS_REPLACE’ undeclared (first use in this function) HOT 1
- Makefile 102row -lbpf? how do i install it HOT 3
- Library injection path error: Segfault simple_timer and simple_open HOT 5
- When run deploy.sh, i meet loadbpf: load bpf program failed: Permission denied.
- Cannot injector to victim with -c option HOT 5
- libssl.so.1.1: cannot open shared object file: No such file or directory
- make with libbpf 1.0.1: undefined reference to `bpf_get_link_xdp_id' HOT 1
- Verifier issue when running XDP module HOT 1
- error: unknown target triple 'bpf', please use -triple or -arch
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from triplecross.