From 6b7b90ca571c8605234006f6819b5aaae9c8ce2f Mon Sep 17 00:00:00 2001 From: Dream95 Date: Sun, 29 Mar 2026 13:46:32 +0000 Subject: [PATCH 1/2] feat: add pgid filter Signed-off-by: Dream95 --- cmd/loadBpf.go | 1 + cmd/proxy.c | 23 ++++++++++++++++++++--- cmd/proxy_arm64_bpfel.go | 2 ++ cmd/proxy_x86_bpfel.go | 2 ++ 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/cmd/loadBpf.go b/cmd/loadBpf.go index 57c6af1..29a505a 100644 --- a/cmd/loadBpf.go +++ b/cmd/loadBpf.go @@ -112,6 +112,7 @@ func LoadBpf(options *Options) { ProxyPort: options.ProxyPort, ProxyPid: pid, FilterByPid: len(options.Pids) > 0, + FilterByPgid: len(options.Pids) > 0, FilterIp: options.Ip4, FilterIpMask: options.Ip4Mask, EnableTcp: options.EnableTCP, diff --git a/cmd/proxy.c b/cmd/proxy.c index 07bf6ba..45eef4b 100644 --- a/cmd/proxy.c +++ b/cmd/proxy.c @@ -24,6 +24,7 @@ struct Config { __u32 filter_ip; __u8 filter_ip_mask; bool filter_by_pid; + bool filter_by_pgid; bool enable_tcp; bool enable_udp; char command[TASK_COMM_LEN]; @@ -96,6 +97,22 @@ struct { #define SO_ORIGINAL_DST 80 #define AF_INET 2 + +static __always_inline __u32 +get_current_pgid(void) +{ + struct task_struct *task = (struct task_struct *)bpf_get_current_task_btf(); + if (!task) + return 0; + + /* PIDTYPE_PGID is 2 in kernel enum pid_type. */ + struct pid *pgid_pid = BPF_CORE_READ(task, signal, pids[2]); + if (!pgid_pid) + return 0; + + return BPF_CORE_READ(pgid_pid, numbers[0].nr); +} + static __always_inline bool match_process(struct Config *conf) { @@ -109,9 +126,9 @@ match_process(struct Config *conf) if (__builtin_memcmp(comm, conf->command, TASK_COMM_LEN) == 0) return true; } - if(conf->filter_by_pid){ - __u32 current_pid = bpf_get_current_pid_tgid() >> 32; - if (bpf_map_lookup_elem(&filter_pid_map, ¤t_pid)) return true; + if(conf->filter_by_pgid){ + __u32 current_pgid = get_current_pgid(); + if (current_pgid && bpf_map_lookup_elem(&filter_pid_map, ¤t_pgid)) return true; } return false; diff --git a/cmd/proxy_arm64_bpfel.go b/cmd/proxy_arm64_bpfel.go index c13eeb2..2590c0c 100644 --- a/cmd/proxy_arm64_bpfel.go +++ b/cmd/proxy_arm64_bpfel.go @@ -21,9 +21,11 @@ type proxyConfig struct { FilterIp uint32 FilterIpMask uint8 FilterByPid bool + FilterByPgid bool EnableTcp bool EnableUdp bool Command [16]int8 + _ [7]byte } type proxySocket struct { diff --git a/cmd/proxy_x86_bpfel.go b/cmd/proxy_x86_bpfel.go index 776dad8..9fdfe9d 100644 --- a/cmd/proxy_x86_bpfel.go +++ b/cmd/proxy_x86_bpfel.go @@ -21,9 +21,11 @@ type proxyConfig struct { FilterIp uint32 FilterIpMask uint8 FilterByPid bool + FilterByPgid bool EnableTcp bool EnableUdp bool Command [16]int8 + _ [7]byte } type proxySocket struct { From c2c18a8f98f54a006194bffa2c035dcfdf76901b Mon Sep 17 00:00:00 2001 From: Dream95 Date: Tue, 31 Mar 2026 11:55:01 +0000 Subject: [PATCH 2/2] fix: check both pid and pgid in process filter Signed-off-by: Dream95 --- cmd/proxy.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cmd/proxy.c b/cmd/proxy.c index 45eef4b..b104d7c 100644 --- a/cmd/proxy.c +++ b/cmd/proxy.c @@ -116,7 +116,7 @@ get_current_pgid(void) static __always_inline bool match_process(struct Config *conf) { - if (conf->command[0] == '\0' && !conf->filter_by_pid){ + if (conf->command[0] == '\0' && !conf->filter_by_pid && !conf->filter_by_pgid){ return true; } @@ -126,6 +126,11 @@ match_process(struct Config *conf) if (__builtin_memcmp(comm, conf->command, TASK_COMM_LEN) == 0) return true; } + if(conf->filter_by_pid){ + __u32 current_pid = bpf_get_current_pid_tgid() >> 32; + if (bpf_map_lookup_elem(&filter_pid_map, ¤t_pid)) return true; + } + if(conf->filter_by_pgid){ __u32 current_pgid = get_current_pgid(); if (current_pgid && bpf_map_lookup_elem(&filter_pid_map, ¤t_pgid)) return true;