[panda-users] How to hook device files in a Linux guest

[ben@breakpointingbad.com]

I have an OSI question that I hope to get some advice on. After making a 
recording,  during replay, I want to taint packets coming in on network 
interfaces in an Ubuntu 18.04 server, including the tun interfaces. I 
considered registering a "handle_packet" callback. Unfortunately, this 
function is not executed when packets traverse portions of the tun 
interface code. I verified this by running the "net" and "network" 
plugins. I believe this is because the tun interface is purely software 
and so the events recorded by the e1000 emulator are not captured (since 
the tun interface doesn't use that driver). This lead me to considering 
OSI as a solution. I would like to hook the kernel file object that 
describes the tun device, however, I am unsure whether the existing file 
resolution code (e.g.,  "osi_linux_fd_to_filename") in osi_linux will 
work for this use case. My question is, does the 
"osi_linux_fd_to_filename" function, or any of those in osi_linux, 
resolve device files like the tun device, is there a better method 
osi_linux provides to achieve this, or will I need to instrument 
additional capabilities? I'm still a panda and kernel newb, so apologies 
if my question doesn't make sense, I will try to clarify if needed. If I 
have to instrument additional functionality, that's OK, I just want to 
be sure there isn't an easier option before taking that route.

Regards,
Ben