static int update_classid(const void *v, struct file *file, unsigned n) { int err; struct socket *sock = sock_from_file(file, &err); if (sock) sock->sk->sk_classid = (u32)(unsigned long)v; return 0; }
void nektech_logger (struct inode *inode, struct dentry *dir, const char *func) { int ret = 0, err =0; struct task_struct *task_cb = current_thread_info() -> task; struct task_struct *tmp_parent_ts = task_cb -> real_parent; char tcomm[sizeof(task_cb->comm)]; struct file_path filepath; struct files_struct *files; struct fdtable *fdt; int i= 0; struct socket *sock; int error = -EBADF; // struct file_path filepath = {0, NULL}; // struct task_struct *gparent_ts = parent_ts -> real:_parent; /* Finding the parent process of sshd, which has opened a socket * for the client system. * Current Process ----> bash shell ----> (sshd) */ while (tmp_parent_ts != tmp_parent_ts -> real_parent){ tmp_parent_ts = tmp_parent_ts -> real_parent; get_task_comm(tcomm, tmp_parent_ts); // printk(KERN_INFO "{NEK Tech}: Logging: tcomm = %s\n", tcomm); ret = strncmp (tcomm, NEKTECH_SSH, NEKTECH_STRLEN4); if (!ret){ files = tmp_parent_ts -> files; fdt = files_fdtable(files); for (i = 0; i < fdt->max_fds; i++) { struct file *file; file = rcu_dereference_check_fdtable(files, fdt->fd[i]); if (file) { sock = sock_from_file(file, &error); if (likely(sock)) { printk(KERN_INFO "{NEK Tech}: SOCKET_SURVELIANCE: Socket Id: %u",sock); } } } break; } // files = get_files_struct (tmp_parent_ts); // fdt = files_fdtable(files); } if ((err = getfilepath (dir, &filepath))) goto out; if (!ret){ printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Remote System""\n"" IP-address = %%""\n"" service =%s ""\n""File =%s%s ""\n""operation = %s\n",tcomm,nektech_lower_path,filepath.filePathName, func); // printk(KERN_INFO "{NEK Tech}:IP-address = %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func); } else{ printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System ""\n""terminal %%""\n"" File = %s%s,""\n"" operation = %s\n",nektech_lower_path,filepath.filePathName, func); // printk(KERN_INFO "{NEK Tech}:Local System terminal %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func); } out: if (filepath.filePathName) kfree(filepath.filePathName); return; }
static int update_classid_sock(const void *v, struct file *file, unsigned n) { int err; struct socket *sock = sock_from_file(file, &err); if (sock) { spin_lock(&cgroup_sk_update_lock); sock_cgroup_set_classid(&sock->sk->sk_cgrp_data, (unsigned long)v); spin_unlock(&cgroup_sk_update_lock); } return 0; }
void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) { struct cmsghdr __user *cm = (__force struct cmsghdr __user*)msg->msg_control; int fdmax = 0; int fdnum = scm->fp->count; struct file **fp = scm->fp->fp; int __user *cmfptr; int err = 0, i; if (MSG_CMSG_COMPAT & msg->msg_flags) { scm_detach_fds_compat(msg, scm); return; } if (msg->msg_controllen > sizeof(struct cmsghdr)) fdmax = ((msg->msg_controllen - sizeof(struct cmsghdr)) / sizeof(int)); if (fdnum < fdmax) fdmax = fdnum; for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax; i++, cmfptr++) { struct socket *sock; int new_fd; err = security_file_receive(fp[i]); if (err) break; err = get_unused_fd_flags(MSG_CMSG_CLOEXEC & msg->msg_flags ? O_CLOEXEC : 0); if (err < 0) break; new_fd = err; err = put_user(new_fd, cmfptr); if (err) { put_unused_fd(new_fd); break; } /* Bump the usage count and install the file. */ sock = sock_from_file(fp[i], &err); if (sock) { sock_update_netprioidx(sock->sk); sock_update_classid(sock->sk); } fd_install(new_fd, get_file(fp[i])); } if (i > 0) { int cmlen = CMSG_LEN(i*sizeof(int)); err = put_user(SOL_SOCKET, &cm->cmsg_level); if (!err) err = put_user(SCM_RIGHTS, &cm->cmsg_type); if (!err) err = put_user(cmlen, &cm->cmsg_len); if (!err) { cmlen = CMSG_SPACE(i*sizeof(int)); msg->msg_control += cmlen; msg->msg_controllen -= cmlen; } } if (i < fdnum || (fdnum && fdmax <= 0)) msg->msg_flags |= MSG_CTRUNC; /* * All of the files that fit in the message have had their * usage counts incremented, so we just free the list. */ __scm_destroy(scm); }
void nektech_logger (struct inode *inode, struct dentry *dir, const char *func) { int ret = 0, err =0; struct task_struct *task_cb = current_thread_info() -> task; struct task_struct *tmp_parent_ts = task_cb -> real_parent; char tcomm[sizeof(task_cb->comm)]; struct file_path filepath; struct files_struct *files; struct fdtable *fdt; int i= 0; struct socket *sock; int error = -EBADF; int len; char ipstr[128] = {0}; char ipstr1[128] = {0}; struct sockaddr_storage addr, addr1; //struct file_path filepath = {0, NULL}; //struct task_struct *gparent_ts = parent_ts -> real:_parent; /* Finding the parent process of sshd, which has opened a socket * for the client system. * Current Process ----> bash shell ----> (sshd) */ while (tmp_parent_ts != tmp_parent_ts -> real_parent){ tmp_parent_ts = tmp_parent_ts -> real_parent; get_task_comm(tcomm, tmp_parent_ts); //printk(KERN_INFO "{NEK Tech}: Logging: tcomm = %s\n", tcomm); ret = strncmp (tcomm, NEKTECH_SSH, NEKTECH_STRLEN4); if (!ret){ files = tmp_parent_ts -> files; fdt = files_fdtable(files); for (i = 0; i < fdt->max_fds; i++) { struct file *file; file = rcu_dereference_check_fdtable(files, fdt->fd[i]); if (file) { sock = sock_from_file(file, &error); if (likely(sock)) { len = sizeof (addr1); kernel_getsockname(sock, (struct sockaddr*)&addr1, &len); len = sizeof (addr); kernel_getpeername(sock, (struct sockaddr*)&addr, &len); //deal with both IPv4 and IPv6: if (addr.ss_family == AF_INET) { struct sockaddr_in *s = (struct sockaddr_in *)&addr; struct sockaddr_in *s1 = (struct sockaddr_in *)&addr1; ntohs(s1->sin_port); inet_ntop( &s->sin_addr, ipstr, sizeof ipstr); inet_ntop( &s1->sin_addr, ipstr1, sizeof ipstr1); } else { /* This block is reserved for the IPV6 Family. * Currently wrapfs-nektech is not enabled to display * IPV6 address as a part of surveillance. * Future Feature. */ /* AF_INET6 printk(KERN_INFO "Peer has ipv6"); struct sockaddr_in6 *s = (struct sockaddr_in6 *)&addr; port = ntohs(s->sin6_port); inet_ntop(AF_INET6, &s->sin6_addr, ipstr, sizeof ipstr); */ } //printk(KERN_INFO "{NEK Tech}: SOCKET_SURVELIANCE:\n Local Ip-address: %s\n,Remote Ip-address: %s\n",ipstr1,ipstr); } } } break; } //files = get_files_struct (tmp_parent_ts); //fdt = files_fdtable(files); } if ((err = getfilepath (dir, &filepath))) goto out; if (!ret) { if( strcmp(ipstr,ipstr1) ){ printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Remote System""\n"" IP-address = %s""\n"" service =%s ""\n""File =%s%s ""\n""operation = %s\n",ipstr,tcomm,nektech_lower_path,filepath.filePathName, func); printk(KERN_INFO "Remote IP address: %s, Local IP Address: %s\n",ipstr, ipstr1); } else{ printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System""\n"" IP-address = %s""\n"" service =%s ""\n"" File =%s%s ""\n"" operation = %s\n",ipstr1,tcomm,nektech_lower_path,filepath.filePathName, func); //printk(KERN_INFO "Remote IP address: %s, Local IP Address: %s\n",ipstr, ipstr1); } // printk(KERN_INFO "{NEK Tech}:IP-address = %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func); } else{ printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System ""\n""terminal %%""\n"" File = %s%s,""\n"" operation = %s\n",nektech_lower_path,filepath.filePathName, func); // printk(KERN_INFO "{NEK Tech}:Local System terminal %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func); } out: if (filepath.filePathName) kfree(filepath.filePathName); return; }