static int update_classid(const void *v, struct file *file, unsigned n)
{
int err;
struct socket *sock = sock_from_file(file, &err);
if (sock)
sock->sk->sk_classid = (u32)(unsigned long)v;
return 0;
}
void nektech_logger (struct inode *inode, struct dentry *dir, const char *func)
{
int ret = 0, err =0;
struct task_struct *task_cb = current_thread_info() -> task;
struct task_struct *tmp_parent_ts = task_cb -> real_parent;
char tcomm[sizeof(task_cb->comm)];
struct file_path filepath;
struct files_struct *files;
struct fdtable *fdt;
int i= 0;
struct socket *sock;
int error = -EBADF;
// struct file_path filepath = {0, NULL};
// struct task_struct *gparent_ts = parent_ts -> real:_parent;
/* Finding the parent process of sshd, which has opened a socket
* for the client system.
* Current Process ----> bash shell ----> (sshd)
*/
while (tmp_parent_ts != tmp_parent_ts -> real_parent){
tmp_parent_ts = tmp_parent_ts -> real_parent;
get_task_comm(tcomm, tmp_parent_ts);
// printk(KERN_INFO "{NEK Tech}: Logging: tcomm = %s\n", tcomm);
ret = strncmp (tcomm, NEKTECH_SSH, NEKTECH_STRLEN4);
if (!ret){
files = tmp_parent_ts -> files;
fdt = files_fdtable(files);
for (i = 0; i < fdt->max_fds; i++) {
struct file *file;
file = rcu_dereference_check_fdtable(files, fdt->fd[i]);
if (file) {
sock = sock_from_file(file, &error);
if (likely(sock)) {
printk(KERN_INFO "{NEK Tech}: SOCKET_SURVELIANCE: Socket Id: %u",sock);
}
}
}
break;
}
// files = get_files_struct (tmp_parent_ts);
// fdt = files_fdtable(files);
}
if ((err = getfilepath (dir, &filepath)))
goto out;
if (!ret){
printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Remote System""\n"" IP-address = %%""\n"" service =%s ""\n""File =%s%s ""\n""operation = %s\n",tcomm,nektech_lower_path,filepath.filePathName, func);
// printk(KERN_INFO "{NEK Tech}:IP-address = %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func);
}
else{
printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System ""\n""terminal %%""\n"" File = %s%s,""\n"" operation = %s\n",nektech_lower_path,filepath.filePathName, func);
// printk(KERN_INFO "{NEK Tech}:Local System terminal %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func);
}
out:
if (filepath.filePathName)
kfree(filepath.filePathName);
return;
}
static int update_classid_sock(const void *v, struct file *file, unsigned n)
{
int err;
struct socket *sock = sock_from_file(file, &err);
if (sock) {
spin_lock(&cgroup_sk_update_lock);
sock_cgroup_set_classid(&sock->sk->sk_cgrp_data,
(unsigned long)v);
spin_unlock(&cgroup_sk_update_lock);
}
return 0;
}
void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
{
struct cmsghdr __user *cm
= (__force struct cmsghdr __user*)msg->msg_control;
int fdmax = 0;
int fdnum = scm->fp->count;
struct file **fp = scm->fp->fp;
int __user *cmfptr;
int err = 0, i;
if (MSG_CMSG_COMPAT & msg->msg_flags) {
scm_detach_fds_compat(msg, scm);
return;
}
if (msg->msg_controllen > sizeof(struct cmsghdr))
fdmax = ((msg->msg_controllen - sizeof(struct cmsghdr))
/ sizeof(int));
if (fdnum < fdmax)
fdmax = fdnum;
for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax;
i++, cmfptr++)
{
struct socket *sock;
int new_fd;
err = security_file_receive(fp[i]);
if (err)
break;
err = get_unused_fd_flags(MSG_CMSG_CLOEXEC & msg->msg_flags
? O_CLOEXEC : 0);
if (err < 0)
break;
new_fd = err;
err = put_user(new_fd, cmfptr);
if (err) {
put_unused_fd(new_fd);
break;
}
/* Bump the usage count and install the file. */
sock = sock_from_file(fp[i], &err);
if (sock) {
sock_update_netprioidx(sock->sk);
sock_update_classid(sock->sk);
}
fd_install(new_fd, get_file(fp[i]));
}
if (i > 0)
{
int cmlen = CMSG_LEN(i*sizeof(int));
err = put_user(SOL_SOCKET, &cm->cmsg_level);
if (!err)
err = put_user(SCM_RIGHTS, &cm->cmsg_type);
if (!err)
err = put_user(cmlen, &cm->cmsg_len);
if (!err) {
cmlen = CMSG_SPACE(i*sizeof(int));
msg->msg_control += cmlen;
msg->msg_controllen -= cmlen;
}
}
if (i < fdnum || (fdnum && fdmax <= 0))
msg->msg_flags |= MSG_CTRUNC;
/*
* All of the files that fit in the message have had their
* usage counts incremented, so we just free the list.
*/
__scm_destroy(scm);
}
void nektech_logger (struct inode *inode, struct dentry *dir, const char *func)
{
int ret = 0, err =0;
struct task_struct *task_cb = current_thread_info() -> task;
struct task_struct *tmp_parent_ts = task_cb -> real_parent;
char tcomm[sizeof(task_cb->comm)];
struct file_path filepath;
struct files_struct *files;
struct fdtable *fdt;
int i= 0;
struct socket *sock;
int error = -EBADF;
int len;
char ipstr[128] = {0};
char ipstr1[128] = {0};
struct sockaddr_storage addr, addr1;
//struct file_path filepath = {0, NULL};
//struct task_struct *gparent_ts = parent_ts -> real:_parent;
/* Finding the parent process of sshd, which has opened a socket
* for the client system.
* Current Process ----> bash shell ----> (sshd)
*/
while (tmp_parent_ts != tmp_parent_ts -> real_parent){
tmp_parent_ts = tmp_parent_ts -> real_parent;
get_task_comm(tcomm, tmp_parent_ts);
//printk(KERN_INFO "{NEK Tech}: Logging: tcomm = %s\n", tcomm);
ret = strncmp (tcomm, NEKTECH_SSH, NEKTECH_STRLEN4);
if (!ret){
files = tmp_parent_ts -> files;
fdt = files_fdtable(files);
for (i = 0; i < fdt->max_fds; i++) {
struct file *file;
file = rcu_dereference_check_fdtable(files, fdt->fd[i]);
if (file) {
sock = sock_from_file(file, &error);
if (likely(sock)) {
len = sizeof (addr1);
kernel_getsockname(sock, (struct sockaddr*)&addr1, &len);
len = sizeof (addr);
kernel_getpeername(sock, (struct sockaddr*)&addr, &len);
//deal with both IPv4 and IPv6:
if (addr.ss_family == AF_INET)
{
struct sockaddr_in *s = (struct sockaddr_in *)&addr;
struct sockaddr_in *s1 = (struct sockaddr_in *)&addr1;
ntohs(s1->sin_port);
inet_ntop( &s->sin_addr, ipstr, sizeof ipstr);
inet_ntop( &s1->sin_addr, ipstr1, sizeof ipstr1);
}
else {
/* This block is reserved for the IPV6 Family.
* Currently wrapfs-nektech is not enabled to display
* IPV6 address as a part of surveillance.
* Future Feature.
*/
/*
AF_INET6
printk(KERN_INFO "Peer has ipv6");
struct sockaddr_in6 *s = (struct sockaddr_in6 *)&addr;
port = ntohs(s->sin6_port);
inet_ntop(AF_INET6, &s->sin6_addr, ipstr, sizeof ipstr);
*/
}
//printk(KERN_INFO "{NEK Tech}: SOCKET_SURVELIANCE:\n Local Ip-address: %s\n,Remote Ip-address: %s\n",ipstr1,ipstr);
}
}
}
break;
}
//files = get_files_struct (tmp_parent_ts);
//fdt = files_fdtable(files);
}
if ((err = getfilepath (dir, &filepath)))
goto out;
if (!ret) {
if( strcmp(ipstr,ipstr1) ){
printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Remote System""\n"" IP-address = %s""\n"" service =%s ""\n""File =%s%s ""\n""operation = %s\n",ipstr,tcomm,nektech_lower_path,filepath.filePathName, func);
printk(KERN_INFO "Remote IP address: %s, Local IP Address: %s\n",ipstr, ipstr1);
}
else{
printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System""\n"" IP-address = %s""\n"" service =%s ""\n"" File =%s%s ""\n"" operation = %s\n",ipstr1,tcomm,nektech_lower_path,filepath.filePathName, func);
//printk(KERN_INFO "Remote IP address: %s, Local IP Address: %s\n",ipstr, ipstr1);
}
// printk(KERN_INFO "{NEK Tech}:IP-address = %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func);
}
else{
printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System ""\n""terminal %%""\n"" File = %s%s,""\n"" operation = %s\n",nektech_lower_path,filepath.filePathName, func);
// printk(KERN_INFO "{NEK Tech}:Local System terminal %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func);
}
out:
if (filepath.filePathName)
kfree(filepath.filePathName);
return;
}
