Comments (2)
Gui774ume
commented on May 31, 2024
Hey @brant-ruan 👋🏻
Thank you for the heads up ! I had a really quick look, and I can confirm it doesn't build on Ubuntu Hirsute for me either:
from 3278 to 170: R0=pkt(id=0,off=49,r=54,imm=0) R1=pkt(id=0,off=50,r=-2,imm=0) R2=pkt(id=0,off=0,r=54,imm=0) R3=pkt_end(id=0,off=0,imm=0) R4_w=inv(id=17) R5_w=inv(id=17) R6=ctx(id=0,off=0,imm=0) R7=inv(id=8) R8=inv(id=0) R9=inv(id=5) R10=fp0 fp-8=mmmmmmmm
170: (bf) r2 = r4
171: (57) r2 &= 65535
172: (77) r4 >>= 16
173: (57) r4 &= 65535
174: (0f) r4 += r2
175: (bf) r2 = r4
176: (77) r2 >>= 16
177: (0f) r2 += r4
178: (a7) r2 ^= -1
179: (dc) r2 = be16 r2
180: (6b) *(u16 *)(r1 +0) = r2
R1 offset is outside of the packet
processed 9179 insns (limit 1000000) max_states_per_insn 1 total_states 261 peak_states 261 mark_read 242
Looking at the error, it seems that xdp/ingress/syn_loop is attempting to access the packet at an offset that is potentially outside of the packet. I'll try to have a look this week, but no guarantees: we built the rootkit with the intent of demoing a PoC, we don't really expect the code we wrote to work on any other setup than the one we used for testing (= Ubuntu Focal) 😅
from ebpfkit.
brant-ruan
commented on May 31, 2024
Hi @Gui774ume , thanks for replying. OK, I will try to figure out how to fix it as well.
from ebpfkit.
Related Issues (6)
- Is it possible to hide the process? HOT 1
- panic: runtime error: index out of range [32] with length 10 HOT 3
- Error: couldn't start: couldn't init bootstrap manager: load license: missing license section HOT 4
- Error: couldn't start: couldn't start main manager: couldn't start main manager: probes activation validation failed: 2 errors occurred: HOT 3
- #7 i have tried lo, eth0, enp0s3 in my VMs' interface ,but it didn't work. HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ebpfkit.