From: Thomas Walker Lynch Date: Fri, 17 Oct 2025 09:48:30 +0000 (+0000) Subject: counter kmod X-Git-Url: https://git.reasoningtechnology.com/style/static/git-logo.png?a=commitdiff_plain;h=ef80b86cb41203852f207b095f523b6b18233e82;p=Rabbit%2F.git counter kmod --- diff --git a/developer/cc/Rabbit_module_no-op.kmod.c b/developer/cc/Rabbit_module_no-op.kmod.c deleted file mode 100644 index f6c5586..0000000 --- a/developer/cc/Rabbit_module_no-op.kmod.c +++ /dev/null @@ -1,69 +0,0 @@ -// rabit_noop.c — Rabit no-op netfilter interposer (Debian 12/Bookworm) -// Build: out-of-tree module. Load/unload to verify hook coverage. -// Behavior: increments counters, returns NF_ACCEPT. No packet mutation. - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static atomic64_t cnt_v4_local_out = ATOMIC_LONG_INIT(0); -static atomic64_t cnt_v4_postroute = ATOMIC_LONG_INIT(0); -static atomic64_t cnt_v6_local_out = ATOMIC_LONG_INIT(0); -static atomic64_t cnt_v6_postroute = ATOMIC_LONG_INIT(0); - -static unsigned int rabit_v4_hook(void *priv, struct sk_buff *skb, const struct nf_hook_state *st) { - if (st->hook == NF_INET_LOCAL_OUT) atomic64_inc(&cnt_v4_local_out); - else if (st->hook == NF_INET_POST_ROUTING) atomic64_inc(&cnt_v4_postroute); - return NF_ACCEPT; -} - -static unsigned int rabit_v6_hook(void *priv, struct sk_buff *skb, const struct nf_hook_state *st) { - if (st->hook == NF_INET_LOCAL_OUT) atomic64_inc(&cnt_v6_local_out); - else if (st->hook == NF_INET_POST_ROUTING) atomic64_inc(&cnt_v6_postroute); - return NF_ACCEPT; -} - -static struct nf_hook_ops rabit_ops[] = { - { .hook = rabit_v4_hook, .pf = NFPROTO_IPV4, .hooknum = NF_INET_LOCAL_OUT, .priority = NF_IP_PRI_FIRST }, - { .hook = rabit_v4_hook, .pf = NFPROTO_IPV4, .hooknum = NF_INET_POST_ROUTING,.priority = NF_IP_PRI_FIRST }, - { .hook = rabit_v6_hook, .pf = NFPROTO_IPV6, .hooknum = NF_INET_LOCAL_OUT, .priority = NF_IP6_PRI_FIRST }, - { .hook = rabit_v6_hook, .pf = NFPROTO_IPV6, .hooknum = NF_INET_POST_ROUTING,.priority = NF_IP6_PRI_FIRST }, -}; - -static int __init rabit_init(void) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,3,0) - int ret = nf_register_net_hooks(&init_net, rabit_ops, ARRAY_SIZE(rabit_ops)); -#else - int ret = nf_register_hooks(rabit_ops, ARRAY_SIZE(rabit_ops)); -#endif - if (ret) - pr_err("rabit_noop: nf_register_* failed: %d\n", ret); - else - pr_info("rabit_noop: loaded (no-op)\n"); - return ret; -} - -static void __exit rabit_exit(void) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,3,0) - nf_unregister_net_hooks(&init_net, rabit_ops, ARRAY_SIZE(rabit_ops)); -#else - nf_unregister_hooks(rabit_ops, ARRAY_SIZE(rabit_ops)); -#endif - pr_info("rabit_noop: unload stats v4(lo=%lld,po=%lld) v6(lo=%lld,po=%lld)\n", - (long long)atomic64_read(&cnt_v4_local_out), - (long long)atomic64_read(&cnt_v4_postroute), - (long long)atomic64_read(&cnt_v6_local_out), - (long long)atomic64_read(&cnt_v6_postroute)); -} - -module_init(rabit_init); -module_exit(rabit_exit); -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Rabit"); -MODULE_DESCRIPTION("Rabit no-op netfilter interposer"); diff --git a/developer/tool/release b/developer/tool/release index 73690a3..0eba83f 100755 --- a/developer/tool/release +++ b/developer/tool/release @@ -18,10 +18,42 @@ script_afp=$(realpath "${BASH_SOURCE[0]}") #set -e #set -x -release_dir="$REPO_HOME/release" - -mkdir -p ${release_dir}/kmod && install -m 0600 scratchpad/*.ko "${release_dir}/kmod/" -install -m 0700 scratchpad/hello "${release_dir}/machine/" - -echo "$(script_fn) done." +cd "$REPO_HOME/developer" +release_dir="$REPO_HOME/release" +ko_dir="scratchpad/kmod" +machine_executable_list="scratchpad/hello" + +# Enable nullglob so an empty match yields an empty list (not the literal pattern) +shopt -s nullglob + +# zero or more machine executables +for fglob in $machine_executable_list; do + # nesting the loop allows that $fglob is a file glob, and expands it + for f in $fglob; do + if [[ -x "$f" ]]; then + echo "+ install -m 0500 '$f' '$release_dir/machine/'" + install -m 0550 "$f" "$release_dir/machine/" + else + echo "(info) did not find '$f'" + fi + done +done + +# zero or more Kernel modules +# release/kmod created 750 so developer can write to it, group can read it +ko_list=("$ko_dir"/*.ko) +if (( ${#ko_list[@]} )); then + if [[ ! -d "$release_dir/kmod" ]]; then + echo "+ install -d '$release_dir/kmod'" + install -m 750 -d "$release_dir/kmod" + fi + for f in "${ko_list[@]}"; do + echo "+ install -m 0440 '$f' '$release_dir/kmod/'" + install -m 440 "$f" "$release_dir/kmod/" + done +else + echo "(info) no kmod artifacts found in $ko_dir; skipping kmod release" +fi + +echo "$script_fn done." diff --git a/release/kmod/Rabbit_no-op.ko b/release/kmod/Rabbit_no-op.ko new file mode 100644 index 0000000..625d157 Binary files /dev/null and b/release/kmod/Rabbit_no-op.ko differ diff --git a/tool_shared/bespoke/env b/tool_shared/bespoke/env index 0d47fca..37ba2dc 100644 --- a/tool_shared/bespoke/env +++ b/tool_shared/bespoke/env @@ -9,7 +9,7 @@ fi shopt -s nullglob # does not presume sharing or world permissions -umask 0077 +umask 0027 # -------------------------------------------------------------------------------- # project definition