diff --git a/tap/tlstapper/bpf-builder/build.sh b/tap/tlstapper/bpf-builder/build.sh index 713931477..a2c7c2afb 100755 --- a/tap/tlstapper/bpf-builder/build.sh +++ b/tap/tlstapper/bpf-builder/build.sh @@ -6,11 +6,13 @@ MIZU_HOME=$(realpath ../../../) docker build -t mizu-ebpf-builder . || exit 1 -BPF_TARGET=amd64 +BPF_TARGET_EL=amd64 +BPF_TARGET_EB=amd64 BPF_CFLAGS="-O2 -g -D__TARGET_ARCH_x86" ARCH=$(uname -m) if [[ $ARCH == "aarch64" ]]; then - BPF_TARGET=arm64 + BPF_TARGET_EL=arm64 + BPF_TARGET_EB=arm64be BPF_CFLAGS="-O2 -g -D__TARGET_ARCH_arm64" fi @@ -20,7 +22,8 @@ docker run --rm \ -v $(go env GOPATH):/root/go \ -it mizu-ebpf-builder \ sh -c " - BPF_TARGET=\"$BPF_TARGET\" BPF_CFLAGS=\"$BPF_CFLAGS\" go generate tap/tlstapper/tls_tapper.go + BPF_TARGET=\"$BPF_TARGET_EL\" BPF_CFLAGS=\"$BPF_CFLAGS\" go generate tap/tlstapper/tls_tapper.go + BPF_TARGET=\"$BPF_TARGET_EB\" BPF_CFLAGS=\"$BPF_CFLAGS\" go generate tap/tlstapper/tls_tapper.go chown $(id -u):$(id -g) tap/tlstapper/tlstapper_bpf* " || exit 1 diff --git a/tap/tlstapper/tlstapper_bpfeb_arm64.go b/tap/tlstapper/tlstapper_bpfeb_arm64.go new file mode 100644 index 000000000..1d0eb9fbb --- /dev/null +++ b/tap/tlstapper/tlstapper_bpfeb_arm64.go @@ -0,0 +1,212 @@ +// Code generated by bpf2go; DO NOT EDIT. +//go:build arm64be +// +build arm64be + +package tlstapper + +import ( + "bytes" + _ "embed" + "fmt" + "io" + + "github.com/cilium/ebpf" +) + +type tlsTapperTlsChunk struct { + Pid uint32 + Tgid uint32 + Len uint32 + Start uint32 + Recorded uint32 + Fd uint32 + Flags uint32 + Address [16]uint8 + Data [4096]uint8 +} + +// loadTlsTapper returns the embedded CollectionSpec for tlsTapper. +func loadTlsTapper() (*ebpf.CollectionSpec, error) { + reader := bytes.NewReader(_TlsTapperBytes) + spec, err := ebpf.LoadCollectionSpecFromReader(reader) + if err != nil { + return nil, fmt.Errorf("can't load tlsTapper: %w", err) + } + + return spec, err +} + +// loadTlsTapperObjects loads tlsTapper and converts it into a struct. +// +// The following types are suitable as obj argument: +// +// *tlsTapperObjects +// *tlsTapperPrograms +// *tlsTapperMaps +// +// See ebpf.CollectionSpec.LoadAndAssign documentation for details. +func loadTlsTapperObjects(obj interface{}, opts *ebpf.CollectionOptions) error { + spec, err := loadTlsTapper() + if err != nil { + return err + } + + return spec.LoadAndAssign(obj, opts) +} + +// tlsTapperSpecs contains maps and programs before they are loaded into the kernel. +// +// It can be passed ebpf.CollectionSpec.Assign. +type tlsTapperSpecs struct { + tlsTapperProgramSpecs + tlsTapperMapSpecs +} + +// tlsTapperSpecs contains programs before they are loaded into the kernel. +// +// It can be passed ebpf.CollectionSpec.Assign. +type tlsTapperProgramSpecs struct { + GoCryptoTlsRead *ebpf.ProgramSpec `ebpf:"go_crypto_tls_read"` + GoCryptoTlsReadEx *ebpf.ProgramSpec `ebpf:"go_crypto_tls_read_ex"` + GoCryptoTlsWrite *ebpf.ProgramSpec `ebpf:"go_crypto_tls_write"` + GoCryptoTlsWriteEx *ebpf.ProgramSpec `ebpf:"go_crypto_tls_write_ex"` + SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"` + SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"` + SslRetRead *ebpf.ProgramSpec `ebpf:"ssl_ret_read"` + SslRetReadEx *ebpf.ProgramSpec `ebpf:"ssl_ret_read_ex"` + SslRetWrite *ebpf.ProgramSpec `ebpf:"ssl_ret_write"` + SslRetWriteEx *ebpf.ProgramSpec `ebpf:"ssl_ret_write_ex"` + SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"` + SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"` + SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"` + SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"` + SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"` + SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"` + SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"` + SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"` +} + +// tlsTapperMapSpecs contains maps before they are loaded into the kernel. +// +// It can be passed ebpf.CollectionSpec.Assign. +type tlsTapperMapSpecs struct { + AcceptSyscallContext *ebpf.MapSpec `ebpf:"accept_syscall_context"` + ChunksBuffer *ebpf.MapSpec `ebpf:"chunks_buffer"` + ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"` + FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"` + GoReadContext *ebpf.MapSpec `ebpf:"go_read_context"` + GoWriteContext *ebpf.MapSpec `ebpf:"go_write_context"` + Heap *ebpf.MapSpec `ebpf:"heap"` + LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"` + OpensslReadContext *ebpf.MapSpec `ebpf:"openssl_read_context"` + OpensslWriteContext *ebpf.MapSpec `ebpf:"openssl_write_context"` + PidsMap *ebpf.MapSpec `ebpf:"pids_map"` +} + +// tlsTapperObjects contains all objects after they have been loaded into the kernel. +// +// It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign. +type tlsTapperObjects struct { + tlsTapperPrograms + tlsTapperMaps +} + +func (o *tlsTapperObjects) Close() error { + return _TlsTapperClose( + &o.tlsTapperPrograms, + &o.tlsTapperMaps, + ) +} + +// tlsTapperMaps contains all maps after they have been loaded into the kernel. +// +// It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign. +type tlsTapperMaps struct { + AcceptSyscallContext *ebpf.Map `ebpf:"accept_syscall_context"` + ChunksBuffer *ebpf.Map `ebpf:"chunks_buffer"` + ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"` + FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"` + GoReadContext *ebpf.Map `ebpf:"go_read_context"` + GoWriteContext *ebpf.Map `ebpf:"go_write_context"` + Heap *ebpf.Map `ebpf:"heap"` + LogBuffer *ebpf.Map `ebpf:"log_buffer"` + OpensslReadContext *ebpf.Map `ebpf:"openssl_read_context"` + OpensslWriteContext *ebpf.Map `ebpf:"openssl_write_context"` + PidsMap *ebpf.Map `ebpf:"pids_map"` +} + +func (m *tlsTapperMaps) Close() error { + return _TlsTapperClose( + m.AcceptSyscallContext, + m.ChunksBuffer, + m.ConnectSyscallInfo, + m.FileDescriptorToIpv4, + m.GoReadContext, + m.GoWriteContext, + m.Heap, + m.LogBuffer, + m.OpensslReadContext, + m.OpensslWriteContext, + m.PidsMap, + ) +} + +// tlsTapperPrograms contains all programs after they have been loaded into the kernel. +// +// It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign. +type tlsTapperPrograms struct { + GoCryptoTlsRead *ebpf.Program `ebpf:"go_crypto_tls_read"` + GoCryptoTlsReadEx *ebpf.Program `ebpf:"go_crypto_tls_read_ex"` + GoCryptoTlsWrite *ebpf.Program `ebpf:"go_crypto_tls_write"` + GoCryptoTlsWriteEx *ebpf.Program `ebpf:"go_crypto_tls_write_ex"` + SslRead *ebpf.Program `ebpf:"ssl_read"` + SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"` + SslRetRead *ebpf.Program `ebpf:"ssl_ret_read"` + SslRetReadEx *ebpf.Program `ebpf:"ssl_ret_read_ex"` + SslRetWrite *ebpf.Program `ebpf:"ssl_ret_write"` + SslRetWriteEx *ebpf.Program `ebpf:"ssl_ret_write_ex"` + SslWrite *ebpf.Program `ebpf:"ssl_write"` + SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"` + SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"` + SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"` + SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"` + SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"` + SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"` + SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"` +} + +func (p *tlsTapperPrograms) Close() error { + return _TlsTapperClose( + p.GoCryptoTlsRead, + p.GoCryptoTlsReadEx, + p.GoCryptoTlsWrite, + p.GoCryptoTlsWriteEx, + p.SslRead, + p.SslReadEx, + p.SslRetRead, + p.SslRetReadEx, + p.SslRetWrite, + p.SslRetWriteEx, + p.SslWrite, + p.SslWriteEx, + p.SysEnterAccept4, + p.SysEnterConnect, + p.SysEnterRead, + p.SysEnterWrite, + p.SysExitAccept4, + p.SysExitConnect, + ) +} + +func _TlsTapperClose(closers ...io.Closer) error { + for _, closer := range closers { + if err := closer.Close(); err != nil { + return err + } + } + return nil +} + +// Do not access this directly. +//go:embed tlstapper_bpfeb_arm64.o +var _TlsTapperBytes []byte diff --git a/tap/tlstapper/tlstapper_bpfeb_arm64.o b/tap/tlstapper/tlstapper_bpfeb_arm64.o new file mode 100644 index 000000000..c3aad9bbe Binary files /dev/null and b/tap/tlstapper/tlstapper_bpfeb_arm64.o differ diff --git a/tap/tlstapper/tlstapper_bpfel_arm64.go b/tap/tlstapper/tlstapper_bpfel_arm64.go new file mode 100644 index 000000000..871ee8242 --- /dev/null +++ b/tap/tlstapper/tlstapper_bpfel_arm64.go @@ -0,0 +1,212 @@ +// Code generated by bpf2go; DO NOT EDIT. +//go:build arm64 +// +build arm64 + +package tlstapper + +import ( + "bytes" + _ "embed" + "fmt" + "io" + + "github.com/cilium/ebpf" +) + +type tlsTapperTlsChunk struct { + Pid uint32 + Tgid uint32 + Len uint32 + Start uint32 + Recorded uint32 + Fd uint32 + Flags uint32 + Address [16]uint8 + Data [4096]uint8 +} + +// loadTlsTapper returns the embedded CollectionSpec for tlsTapper. +func loadTlsTapper() (*ebpf.CollectionSpec, error) { + reader := bytes.NewReader(_TlsTapperBytes) + spec, err := ebpf.LoadCollectionSpecFromReader(reader) + if err != nil { + return nil, fmt.Errorf("can't load tlsTapper: %w", err) + } + + return spec, err +} + +// loadTlsTapperObjects loads tlsTapper and converts it into a struct. +// +// The following types are suitable as obj argument: +// +// *tlsTapperObjects +// *tlsTapperPrograms +// *tlsTapperMaps +// +// See ebpf.CollectionSpec.LoadAndAssign documentation for details. +func loadTlsTapperObjects(obj interface{}, opts *ebpf.CollectionOptions) error { + spec, err := loadTlsTapper() + if err != nil { + return err + } + + return spec.LoadAndAssign(obj, opts) +} + +// tlsTapperSpecs contains maps and programs before they are loaded into the kernel. +// +// It can be passed ebpf.CollectionSpec.Assign. +type tlsTapperSpecs struct { + tlsTapperProgramSpecs + tlsTapperMapSpecs +} + +// tlsTapperSpecs contains programs before they are loaded into the kernel. +// +// It can be passed ebpf.CollectionSpec.Assign. +type tlsTapperProgramSpecs struct { + GoCryptoTlsRead *ebpf.ProgramSpec `ebpf:"go_crypto_tls_read"` + GoCryptoTlsReadEx *ebpf.ProgramSpec `ebpf:"go_crypto_tls_read_ex"` + GoCryptoTlsWrite *ebpf.ProgramSpec `ebpf:"go_crypto_tls_write"` + GoCryptoTlsWriteEx *ebpf.ProgramSpec `ebpf:"go_crypto_tls_write_ex"` + SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"` + SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"` + SslRetRead *ebpf.ProgramSpec `ebpf:"ssl_ret_read"` + SslRetReadEx *ebpf.ProgramSpec `ebpf:"ssl_ret_read_ex"` + SslRetWrite *ebpf.ProgramSpec `ebpf:"ssl_ret_write"` + SslRetWriteEx *ebpf.ProgramSpec `ebpf:"ssl_ret_write_ex"` + SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"` + SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"` + SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"` + SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"` + SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"` + SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"` + SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"` + SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"` +} + +// tlsTapperMapSpecs contains maps before they are loaded into the kernel. +// +// It can be passed ebpf.CollectionSpec.Assign. +type tlsTapperMapSpecs struct { + AcceptSyscallContext *ebpf.MapSpec `ebpf:"accept_syscall_context"` + ChunksBuffer *ebpf.MapSpec `ebpf:"chunks_buffer"` + ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"` + FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"` + GoReadContext *ebpf.MapSpec `ebpf:"go_read_context"` + GoWriteContext *ebpf.MapSpec `ebpf:"go_write_context"` + Heap *ebpf.MapSpec `ebpf:"heap"` + LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"` + OpensslReadContext *ebpf.MapSpec `ebpf:"openssl_read_context"` + OpensslWriteContext *ebpf.MapSpec `ebpf:"openssl_write_context"` + PidsMap *ebpf.MapSpec `ebpf:"pids_map"` +} + +// tlsTapperObjects contains all objects after they have been loaded into the kernel. +// +// It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign. +type tlsTapperObjects struct { + tlsTapperPrograms + tlsTapperMaps +} + +func (o *tlsTapperObjects) Close() error { + return _TlsTapperClose( + &o.tlsTapperPrograms, + &o.tlsTapperMaps, + ) +} + +// tlsTapperMaps contains all maps after they have been loaded into the kernel. +// +// It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign. +type tlsTapperMaps struct { + AcceptSyscallContext *ebpf.Map `ebpf:"accept_syscall_context"` + ChunksBuffer *ebpf.Map `ebpf:"chunks_buffer"` + ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"` + FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"` + GoReadContext *ebpf.Map `ebpf:"go_read_context"` + GoWriteContext *ebpf.Map `ebpf:"go_write_context"` + Heap *ebpf.Map `ebpf:"heap"` + LogBuffer *ebpf.Map `ebpf:"log_buffer"` + OpensslReadContext *ebpf.Map `ebpf:"openssl_read_context"` + OpensslWriteContext *ebpf.Map `ebpf:"openssl_write_context"` + PidsMap *ebpf.Map `ebpf:"pids_map"` +} + +func (m *tlsTapperMaps) Close() error { + return _TlsTapperClose( + m.AcceptSyscallContext, + m.ChunksBuffer, + m.ConnectSyscallInfo, + m.FileDescriptorToIpv4, + m.GoReadContext, + m.GoWriteContext, + m.Heap, + m.LogBuffer, + m.OpensslReadContext, + m.OpensslWriteContext, + m.PidsMap, + ) +} + +// tlsTapperPrograms contains all programs after they have been loaded into the kernel. +// +// It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign. +type tlsTapperPrograms struct { + GoCryptoTlsRead *ebpf.Program `ebpf:"go_crypto_tls_read"` + GoCryptoTlsReadEx *ebpf.Program `ebpf:"go_crypto_tls_read_ex"` + GoCryptoTlsWrite *ebpf.Program `ebpf:"go_crypto_tls_write"` + GoCryptoTlsWriteEx *ebpf.Program `ebpf:"go_crypto_tls_write_ex"` + SslRead *ebpf.Program `ebpf:"ssl_read"` + SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"` + SslRetRead *ebpf.Program `ebpf:"ssl_ret_read"` + SslRetReadEx *ebpf.Program `ebpf:"ssl_ret_read_ex"` + SslRetWrite *ebpf.Program `ebpf:"ssl_ret_write"` + SslRetWriteEx *ebpf.Program `ebpf:"ssl_ret_write_ex"` + SslWrite *ebpf.Program `ebpf:"ssl_write"` + SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"` + SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"` + SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"` + SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"` + SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"` + SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"` + SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"` +} + +func (p *tlsTapperPrograms) Close() error { + return _TlsTapperClose( + p.GoCryptoTlsRead, + p.GoCryptoTlsReadEx, + p.GoCryptoTlsWrite, + p.GoCryptoTlsWriteEx, + p.SslRead, + p.SslReadEx, + p.SslRetRead, + p.SslRetReadEx, + p.SslRetWrite, + p.SslRetWriteEx, + p.SslWrite, + p.SslWriteEx, + p.SysEnterAccept4, + p.SysEnterConnect, + p.SysEnterRead, + p.SysEnterWrite, + p.SysExitAccept4, + p.SysExitConnect, + ) +} + +func _TlsTapperClose(closers ...io.Closer) error { + for _, closer := range closers { + if err := closer.Close(); err != nil { + return err + } + } + return nil +} + +// Do not access this directly. +//go:embed tlstapper_bpfel_arm64.o +var _TlsTapperBytes []byte diff --git a/tap/tlstapper/tlstapper_bpfel_x86.o b/tap/tlstapper/tlstapper_bpfel_arm64.o similarity index 63% rename from tap/tlstapper/tlstapper_bpfel_x86.o rename to tap/tlstapper/tlstapper_bpfel_arm64.o index c65c4516d..78016c738 100644 Binary files a/tap/tlstapper/tlstapper_bpfel_x86.o and b/tap/tlstapper/tlstapper_bpfel_arm64.o differ