Skip to content

Commit

Permalink
[CWS] skip raw packet event when no process context (DataDog#31429)
Browse files Browse the repository at this point in the history
  • Loading branch information
safchain authored Nov 25, 2024
1 parent 33d1155 commit 7e736b7
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 5 deletions.
13 changes: 9 additions & 4 deletions pkg/security/ebpf/c/include/helpers/network.h
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,15 @@
#include "constants/macros.h"
#include "maps.h"

__attribute__((always_inline)) u32 get_flow_pid(struct pid_route_t *key) {
__attribute__((always_inline)) s64 get_flow_pid(struct pid_route_t *key) {
u32 *value = bpf_map_lookup_elem(&flow_pid, key);
if (!value) {
// Try with IP set to 0.0.0.0
key->addr[0] = 0;
key->addr[1] = 0;
value = bpf_map_lookup_elem(&flow_pid, key);
if (!value) {
return 0;
return -1;
}
}

Expand Down Expand Up @@ -63,8 +63,13 @@ __attribute__((always_inline)) struct packet_t *reset_packet() {
}

__attribute__((always_inline)) void fill_network_process_context(struct process_context_t *process, struct packet_t *pkt) {
process->pid = pkt->pid;
process->tid = pkt->pid;
if (pkt->pid >= 0) {
process->pid = pkt->pid;
process->tid = pkt->pid;
} else {
process->pid = 0;
process->tid = 0;
}
process->netns = pkt->translated_ns_flow.netns;
}

Expand Down
10 changes: 10 additions & 0 deletions pkg/security/ebpf/c/include/hooks/network/tc.h
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,11 @@ int classifier_raw_packet_ingress(struct __sk_buff *skb) {
return ACT_OK;
}

// do not handle packet without process context
if (pkt->pid < 0) {
return ACT_OK;
}

if (prepare_raw_packet_event(skb) != ACT_OK) {
return ACT_OK;
}
Expand All @@ -76,6 +81,11 @@ int classifier_raw_packet_egress(struct __sk_buff *skb) {
return ACT_OK;
}

// do not handle packet without process context
if (pkt->pid < 0) {
return ACT_OK;
}

if (prepare_raw_packet_event(skb) != ACT_OK) {
return ACT_OK;
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/security/ebpf/c/include/structs/network.h
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ struct packet_t {
struct namespaced_flow_t translated_ns_flow;

u32 offset;
u32 pid;
s64 pid;
u32 payload_len;
u16 l4_protocol;
};
Expand Down

0 comments on commit 7e736b7

Please sign in to comment.