Update ssh_kprobe.c #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

maheshbhatiya73 merged 1 commit into main from dev

Nov 6, 2025

Merged

secrds-programs/ssh_kprobe.c

-Original file line number
+Diff line change
@@ Expand Up / @@ -16,6 +16,16 @@ struct { @@
         __uint(value_size, sizeof(__u64));
     } ssh_attempts SEC(".maps");
+    // sockaddr_in structure (simplified for IPv4)
+    struct sockaddr_in {
+        __u16 sin_family;      // AF_INET = 2
+        __be16 sin_port;       // Port in network byte order
+        struct in_addr {
+            __be32 s_addr;      // IP address in network byte order
+        } sin_addr;
+        __u8 sin_zero[8];      // Padding
+    };
     // Hook into inet_csk_accept to detect incoming SSH connections on the server side
     // This is called when the server accepts a new connection
     SEC("kprobe/inet_csk_accept")
@@ Expand All / @@ -42,7 +52,6 @@ int ssh_kprobe_accept(struct pt_regs *ctx) @@
         __u32 src_ip = 0;
         __u32 dst_ip = 0;
-        __u16 src_port = 0;
         __u16 dst_port = 0;
         // Try to read destination port (offset varies by kernel, try common ones)
@@ Expand Down @@

Provide feedback