__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
/*
* eset_wap (ESET Web Access Protection module)
* Copyright (C) 1992-2025 ESET, spol. s r.o.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* In case of any questions, you can contact us at ESET, spol. s r.o., Einsteinova 24, 851 01 Bratislava, Slovakia.
*/
#include "ewap_probes.h"
#include <asm/current.h>
#include <linux/compiler.h>
#include <linux/cred.h>
#include <net/tcp.h>
#include "ewap_connect_data.h"
#include "ewap_ftrace.h"
#include "ewap_helpers.h"
#include "ewap_tracepoints.h"
static int (*tcp_v4_connect_original)(struct sock *sk, struct sockaddr *uaddr,
int addr_len);
static int tcp_v4_connect_handler(struct sock *sk, struct sockaddr *uaddr,
int addr_len) {
int original_call_ret;
int ret;
ewap_pr_log(EWAP_LOG_HOOKS, "tcp_v4_connect_handler hit from pid: %d",
current->tgid);
original_call_ret = tcp_v4_connect_original(sk, uaddr, addr_len);
if (original_call_ret != 0) {
ewap_pr_log(EWAP_LOG_HOOKS,
"not processing unsuccessful original connect (%d)",
original_call_ret);
goto end;
}
ret = ewap_connect_data_save_connection(sk, current->tgid, current_uid().val);
if (unlikely(!ret)) {
ewap_pr_log(EWAP_LOG_HOOKS, "ignoring unknown family %d", sk->sk_family);
}
end:
return original_call_ret;
}
static struct ewap_ftrace_hook v4_connect_ftrace_hook = {
.name = "tcp_v4_connect",
.original = &tcp_v4_connect_original,
.handler = &tcp_v4_connect_handler};
static int (*tcp_v6_connect_original)(struct sock *sk, struct sockaddr *uaddr,
int addr_len);
static int tcp_v6_connect_handler(struct sock *sk, struct sockaddr *uaddr,
int addr_len) {
int original_call_ret;
int ret;
ewap_pr_log(EWAP_LOG_HOOKS, "tcp_v6_connect_handler hit from pid: %d",
current->tgid);
original_call_ret = tcp_v6_connect_original(sk, uaddr, addr_len);
if (original_call_ret != 0) {
ewap_pr_log(EWAP_LOG_HOOKS,
"not processing unsuccessful original connect (%d)",
original_call_ret);
goto end;
}
ret = ewap_connect_data_save_connection(sk, current->tgid, current_uid().val);
if (unlikely(!ret)) {
ewap_pr_log(EWAP_LOG_HOOKS, "ignoring unknown family %d", sk->sk_family);
}
end:
return original_call_ret;
}
static struct ewap_ftrace_hook v6_connect_ftrace_hook = {
.name = "tcp_v6_connect",
.original = &tcp_v6_connect_original,
.handler = &tcp_v6_connect_handler};
static void (*tcp_set_state_original)(struct sock *sk, int state);
static void tcp_set_state_handler(struct sock *sk, int state) {
int ret;
ewap_pr_log(EWAP_LOG_HOOKS, "tcp_set_state_handler hit, from pid: %d",
current->tgid);
if (state == TCP_CLOSE) {
ret = ewap_connect_data_erase_connection(sk);
if (unlikely(!ret)) {
ewap_pr_log(EWAP_LOG_HOOKS, "ignoring unknown family %d", sk->sk_family);
}
} else {
ewap_pr_log(EWAP_LOG_HOOKS,
"ignoring processing of non-close tcp_set_state: %d", state);
}
tcp_set_state_original(sk, state);
}
static struct ewap_ftrace_hook set_state_ftrace_hook = {
.name = "tcp_set_state",
.original = &tcp_set_state_original,
.handler = &tcp_set_state_handler};
static void probe_sched_process_exit(void *data, struct task_struct *task) {
ewap_pr_log(EWAP_LOG_HOOKS,
"sched_process_exit probe called (tgid: %d, pid: %d)", task->tgid,
task->pid);
if (task->tgid == task->pid) {
ewap_connect_data_erase_all_connections(task->tgid);
}
}
static struct ewap_tracepoint sched_process_exit_hook = {
.name = "sched_process_exit",
.handler = &probe_sched_process_exit,
};
int ewap_probes_init(void) {
int ret = 0;
if ((ret = ewap_ftrace_register(&v4_connect_ftrace_hook))) {
ewap_pr_log(EWAP_LOG_ERRORS,
"v4_connect_ftrace_hook probe register failed: %d", ret);
goto err_v4_connect_ftrace_hook;
}
if ((ret = ewap_ftrace_register(&v6_connect_ftrace_hook))) {
ewap_pr_log(EWAP_LOG_ERRORS,
"v6_connect_ftrace_hook probe register failed: %d", ret);
goto err_v6_connect_ftrace_hook;
}
if ((ret = ewap_ftrace_register(&set_state_ftrace_hook))) {
ewap_pr_log(EWAP_LOG_ERRORS,
"set_state_ftrace_hook probe register failed: %d", ret);
goto err_set_state_ftrace_hook;
}
if ((ret = ewap_tracepoint_register(&sched_process_exit_hook))) {
ewap_pr_log(EWAP_LOG_ERRORS,
"probe_sched_process_exit tracepoint register failed: %d", ret);
goto err_probe_sched_process_exit;
}
ewap_pr_log(EWAP_LOG_HOOKS, "all probes initialized");
return 0;
err_probe_sched_process_exit:
ewap_ftrace_unregister(&set_state_ftrace_hook);
err_set_state_ftrace_hook:
ewap_ftrace_unregister(&v6_connect_ftrace_hook);
err_v6_connect_ftrace_hook:
ewap_ftrace_unregister(&v4_connect_ftrace_hook);
err_v4_connect_ftrace_hook:
return ret;
}
void ewap_probes_deinit(void) {
ewap_ftrace_unregister(&set_state_ftrace_hook);
ewap_ftrace_unregister(&v6_connect_ftrace_hook);
ewap_ftrace_unregister(&v4_connect_ftrace_hook);
ewap_tracepoint_unregister(&sched_process_exit_hook);
tracepoint_synchronize_unregister();
ewap_pr_log(EWAP_LOG_HOOKS, "probes deinitialized");
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| .eset_wap.ko.cmd | File | 256 B | 0644 |
|
| .eset_wap.mod.cmd | File | 249 B | 0644 |
|
| .eset_wap.mod.o.cmd | File | 67.08 KB | 0644 |
|
| .eset_wap.o.cmd | File | 139 B | 0644 |
|
| .ewap_connect_data.o.cmd | File | 96.69 KB | 0644 |
|
| .ewap_dev.o.cmd | File | 96.57 KB | 0644 |
|
| .ewap_ftrace.o.cmd | File | 75.29 KB | 0644 |
|
| .ewap_mod.o.cmd | File | 96.6 KB | 0644 |
|
| .ewap_path.o.cmd | File | 65.26 KB | 0644 |
|
| .ewap_pid_map.o.cmd | File | 50.9 KB | 0644 |
|
| .ewap_probes.o.cmd | File | 105.74 KB | 0644 |
|
| .ewap_tcp_map.o.cmd | File | 96.57 KB | 0644 |
|
| .ewap_tracepoints.o.cmd | File | 70.71 KB | 0644 |
|
| .modules.order.cmd | File | 95 B | 0644 |
|
| Makefile | File | 1020 B | 0644 |
|
| eset_wap.h | File | 1.87 KB | 0644 |
|
| eset_wap.ko | File | 1.83 MB | 0644 |
|
| eset_wap.mod | File | 212 B | 0644 |
|
| eset_wap.mod.c | File | 4.51 KB | 0644 |
|
| eset_wap.mod.o | File | 154.31 KB | 0644 |
|
| eset_wap.o | File | 1.67 MB | 0644 |
|
| ewap_connect_data.c | File | 13.81 KB | 0644 |
|
| ewap_connect_data.h | File | 1.71 KB | 0644 |
|
| ewap_connect_data.o | File | 430.97 KB | 0644 |
|
| ewap_dev.c | File | 5.8 KB | 0644 |
|
| ewap_dev.h | File | 975 B | 0644 |
|
| ewap_dev.o | File | 404.02 KB | 0644 |
|
| ewap_ftrace.c | File | 4.7 KB | 0644 |
|
| ewap_ftrace.h | File | 1.18 KB | 0644 |
|
| ewap_ftrace.o | File | 24.3 KB | 0644 |
|
| ewap_helpers.h | File | 2.34 KB | 0644 |
|
| ewap_mod.c | File | 2.22 KB | 0644 |
|
| ewap_mod.o | File | 20.96 KB | 0644 |
|
| ewap_path.c | File | 3.4 KB | 0644 |
|
| ewap_path.h | File | 1.25 KB | 0644 |
|
| ewap_path.o | File | 170.65 KB | 0644 |
|
| ewap_pid_map.c | File | 4.41 KB | 0644 |
|
| ewap_pid_map.h | File | 1.7 KB | 0644 |
|
| ewap_pid_map.o | File | 39.04 KB | 0644 |
|
| ewap_probes.c | File | 5.89 KB | 0644 |
|
| ewap_probes.h | File | 987 B | 0644 |
|
| ewap_probes.o | File | 452.57 KB | 0644 |
|
| ewap_tcp_map.c | File | 6.28 KB | 0644 |
|
| ewap_tcp_map.h | File | 2.09 KB | 0644 |
|
| ewap_tcp_map.o | File | 49.36 KB | 0644 |
|
| ewap_tracepoints.c | File | 1.87 KB | 0644 |
|
| ewap_tracepoints.h | File | 1.18 KB | 0644 |
|
| ewap_tracepoints.o | File | 150.1 KB | 0644 |
|
| modules.order | File | 20 B | 0644 |
|