This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define PFATAL(x...) \ | |
do { \ | |
fprintf(stderr, "[-] SYSTEM ERROR : " x); \ | |
fprintf(stderr, "\n\tLocation : %s(), %s:%u\n", __FUNCTION__, __FILE__, \ | |
__LINE__); \ | |
perror(" OS message "); \ | |
fprintf(stderr, "\n"); \ | |
exit(EXIT_FAILURE); \ | |
} while (0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import os | |
import subprocess | |
import shlex | |
import time | |
import atexit | |
import signal | |
tcpdump_bin = os.popen('which tcpdump').read().strip() | |
def tcpdump_start(port): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
if [ ! -e './venv/bin/doitlive' ]; then | |
echo "Run ./venv/bin/pip3 install doitlive" | |
exit 1 | |
fi | |
if [ `id -u` != '0' ]; then | |
echo "[!] FATAL: run as root" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
a.out invoked oom-killer: gfp_mask=0x2dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=0 | |
CPU: 0 PID: 131 Comm: a.out Not tainted 5.2.1+ #31 | |
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 | |
Call Trace: | |
dump_header.cold.35+0x11/0x985 | |
? ___ratelimit+0x1c6/0x400 | |
oom_kill_process+0x151/0x850 | |
? lockdep_sys_exit+0x50/0x50 | |
? _raw_spin_unlock+0x1f/0x30 | |
? oom_badness.part.26+0x3e1/0x510 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[SETSOCKOPT(SOL_ICMPV6, 1)]: {.bytes = 32} | |
[SETSOCKOPT(SOL_IP, IP_BIND_ADDRESS_NO_PORT)]: {.min = 0, .max = 1} | |
[SETSOCKOPT(SOL_IP, IP_CHECKSUM)]: {.min = 0, .max = 1} | |
[SETSOCKOPT(SOL_IP, IP_FREEBIND)]: {.min = 0, .max = 1} | |
[SETSOCKOPT(SOL_IP, IP_HDRINCL)]: {.min = 0, .max = 1} | |
[SETSOCKOPT(SOL_IP, IP_MINTTL)]: {.min = 0, .max = 255} | |
[SETSOCKOPT(SOL_IP, IP_MTU_DISCOVER)]: {.min = 0, .max = 6} | |
[SETSOCKOPT(SOL_IP, IP_MULTICAST_ALL)]: {.min = 0, .max = 1} | |
// [SETSOCKOPT(SOL_IP, IP_MULTICAST_IF)]: # not settable ?? | |
// [SETSOCKOPT(SOL_IP, IP_MULTICAST_IF)]: # only single value 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
# Before you start you need to either enable flow label reflection | |
# sysctl -w net.ipv6.flowlabel_reflect = 1 | |
# or disable flow label consistency | |
# sysctl -w net.ipv6.flowlabel_consistency = 0 | |
import socket | |
import struct | |
IPV6_FL_A_GET = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <linux/netlink.h> | |
#include <stdint.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <sys/socket.h> | |
#include <unistd.h> | |
uint8_t buf1[] = | |
"\x28\x00\x00\x00\x1c\x00\x1b\x05\xb1\x00\x00\x80\xe2\xfc\x64\xfd\x02" | |
"\x00\x00\x00\x01\x00\x00\x00\x25\x84\x80\xf0\x0a\x00\x01\x00\x00\x40" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ebpf-bug | |
venv | |
ebpf-bug-kern.o | |
ebpf-bug-ebpf.c | |
bpf_helpers.h | |
bpf.h |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* stap -v accept2.stp <port> <seconds> | |
*/ | |
global socks[1024] | |
global intervals | |
probe kernel.function("inet_csk_reqsk_queue_add@net/ipv4/inet_connection_sock.c").call { | |
req = $req | |
socks[req] = gettimeofday_ns() | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BasedOnStyle: LLVM | |
IndentWidth: 8 | |
UseTab: Always | |
BreakBeforeBraces: Linux | |
AllowShortIfStatementsOnASingleLine: false | |
IndentCaseLabels: false | |
AlwaysBreakBeforeMultilineStrings: true | |
AllowShortBlocksOnASingleLine: false | |
ContinuationIndentWidth: 8 |