diff --git a/pkg/security/ebpf/c/include/helpers/network.h b/pkg/security/ebpf/c/include/helpers/network.h index 1198e49d41071e..16029783113d02 100644 --- a/pkg/security/ebpf/c/include/helpers/network.h +++ b/pkg/security/ebpf/c/include/helpers/network.h @@ -5,7 +5,7 @@ #include "constants/macros.h" #include "maps.h" -__attribute__((always_inline)) u32 get_flow_pid(struct pid_route_t *key) { +__attribute__((always_inline)) s64 get_flow_pid(struct pid_route_t *key) { u32 *value = bpf_map_lookup_elem(&flow_pid, key); if (!value) { // Try with IP set to 0.0.0.0 @@ -13,7 +13,7 @@ __attribute__((always_inline)) u32 get_flow_pid(struct pid_route_t *key) { key->addr[1] = 0; value = bpf_map_lookup_elem(&flow_pid, key); if (!value) { - return 0; + return -1; } } diff --git a/pkg/security/ebpf/c/include/hooks/network/tc.h b/pkg/security/ebpf/c/include/hooks/network/tc.h index 2bb8f8b5791c8d..1ed6bdd8d0c66a 100644 --- a/pkg/security/ebpf/c/include/hooks/network/tc.h +++ b/pkg/security/ebpf/c/include/hooks/network/tc.h @@ -60,6 +60,11 @@ int classifier_raw_packet_ingress(struct __sk_buff *skb) { return ACT_OK; } + // do not handle packet without process context + if (pkt->pid < 0) { + return ACT_OK; + } + if (prepare_raw_packet_event(skb) != ACT_OK) { return ACT_OK; } @@ -76,6 +81,11 @@ int classifier_raw_packet_egress(struct __sk_buff *skb) { return ACT_OK; } + // do not handle packet without process context + if (pkt->pid < 0) { + return ACT_OK; + } + if (prepare_raw_packet_event(skb) != ACT_OK) { return ACT_OK; } diff --git a/pkg/security/ebpf/c/include/structs/network.h b/pkg/security/ebpf/c/include/structs/network.h index 9efed0aa257b3d..c2c2293e046738 100644 --- a/pkg/security/ebpf/c/include/structs/network.h +++ b/pkg/security/ebpf/c/include/structs/network.h @@ -64,7 +64,7 @@ struct packet_t { struct namespaced_flow_t translated_ns_flow; u32 offset; - u32 pid; + s64 pid; u32 payload_len; u16 l4_protocol; };