diff --git a/agent/go.mod b/agent/go.mod index 3f59df01f..061bd3502 100644 --- a/agent/go.mod +++ b/agent/go.mod @@ -117,7 +117,6 @@ require ( github.com/tklauser/numcpus v0.4.0 // indirect github.com/ugorji/go/codec v1.2.6 // indirect github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect - github.com/wk8/go-ordered-map v1.0.0 // indirect github.com/xlab/treeprint v1.1.0 // indirect github.com/yusufpapurcu/wmi v1.2.2 // indirect go.starlark.net v0.0.0-20220203230714-bb14e151c28f // indirect diff --git a/agent/go.sum b/agent/go.sum index 6c0cd1018..aaeb2dffd 100644 --- a/agent/go.sum +++ b/agent/go.sum @@ -702,8 +702,6 @@ github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695AP github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/wI2L/jsondiff v0.1.1 h1:r2TkoEet7E4JMO5+s1RCY2R0LrNPNHY6hbDeow2hRHw= github.com/wI2L/jsondiff v0.1.1/go.mod h1:bAbJSAJXZtfOCZ5y3v7Mfb6UQa3DGdGFjQj1cNv8EcM= -github.com/wk8/go-ordered-map v1.0.0 h1:BV7z+2PaK8LTSd/mWgY12HyMAo5CEgkHqbkVq2thqr8= -github.com/wk8/go-ordered-map v1.0.0/go.mod h1:9ZIbRunKbuvfPKyBP1SIKLcXNlv74YCOZ3t3VTS6gRk= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= diff --git a/tap/go.mod b/tap/go.mod index 810c4073b..519c4b8bf 100644 --- a/tap/go.mod +++ b/tap/go.mod @@ -14,7 +14,6 @@ require ( github.com/up9inc/mizu/tap/api v0.0.0 github.com/up9inc/mizu/tap/dbgctl v0.0.0 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 - github.com/wk8/go-ordered-map v1.0.0 k8s.io/api v0.23.3 ) diff --git a/tap/go.sum b/tap/go.sum index de38968c2..b73141db4 100644 --- a/tap/go.sum +++ b/tap/go.sum @@ -130,7 +130,6 @@ github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/struCoder/pidusage v0.2.1 h1:dFiEgUDkubeIj0XA1NpQ6+8LQmKrLi7NiIQl86E6BoY= @@ -141,8 +140,6 @@ github.com/tklauser/numcpus v0.4.0 h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq// github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/wk8/go-ordered-map v1.0.0 h1:BV7z+2PaK8LTSd/mWgY12HyMAo5CEgkHqbkVq2thqr8= -github.com/wk8/go-ordered-map v1.0.0/go.mod h1:9ZIbRunKbuvfPKyBP1SIKLcXNlv74YCOZ3t3VTS6gRk= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= diff --git a/tap/tlstapper/bpf/fd_tracepoints.c b/tap/tlstapper/bpf/fd_tracepoints.c index 4f8c2871e..88add7f44 100644 --- a/tap/tlstapper/bpf/fd_tracepoints.c +++ b/tap/tlstapper/bpf/fd_tracepoints.c @@ -90,23 +90,3 @@ void sys_enter_write(struct sys_enter_write_ctx *ctx) { log_error(ctx, LOG_ERROR_PUTTING_FILE_DESCRIPTOR, id, err, ORIGIN_SYS_ENTER_WRITE_CODE); } } - -struct sys_enter_close_ctx { - __u64 __unused_syscall_header; - __u32 __unused_syscall_nr; - - __u64 fd; -}; - -SEC("tracepoint/syscalls/sys_enter_close") -void sys_enter_close(struct sys_enter_close_ctx *ctx) { - __u64 id = bpf_get_current_pid_tgid(); - - if (!should_tap(id >> 32)) { - return; - } - - struct sys_close event; - event.fd = ctx->fd; - bpf_perf_event_output(ctx, &sys_closes, BPF_F_CURRENT_CPU, &event, sizeof(event)); -} diff --git a/tap/tlstapper/bpf/golang_uprobes.c b/tap/tlstapper/bpf/golang_uprobes.c index 05377f729..d5d481437 100644 --- a/tap/tlstapper/bpf/golang_uprobes.c +++ b/tap/tlstapper/bpf/golang_uprobes.c @@ -119,7 +119,6 @@ static __always_inline void golang_output_ssl_chunk(struct pt_regs *ctx, struct return; } - chunk->type = openssl_type; chunk->flags = flags; chunk->pid = id >> 32; chunk->tgid = id; diff --git a/tap/tlstapper/bpf/include/headers.h b/tap/tlstapper/bpf/include/headers.h index cea3dad96..8078051af 100644 --- a/tap/tlstapper/bpf/include/headers.h +++ b/tap/tlstapper/bpf/include/headers.h @@ -8,7 +8,6 @@ Copyright (C) UP9 Inc. #define __HEADERS__ #include -#include #include #include #include diff --git a/tap/tlstapper/bpf/include/logger_messages.h b/tap/tlstapper/bpf/include/logger_messages.h index ccb11c0a8..d581c25f7 100644 --- a/tap/tlstapper/bpf/include/logger_messages.h +++ b/tap/tlstapper/bpf/include/logger_messages.h @@ -26,16 +26,7 @@ Copyright (C) UP9 Inc. #define LOG_ERROR_PUTTING_CONNECT_INFO (14) #define LOG_ERROR_GETTING_CONNECT_INFO (15) #define LOG_ERROR_READING_CONNECT_INFO (16) -#define LOG_ERROR_GOLANG_WRITE_READING_KEY_DIAL (17) -#define LOG_ERROR_GOLANG_WRITE_GETTING_SOCKET (18) -#define LOG_ERROR_GOLANG_WRITE_READING_DATA (19) -#define LOG_ERROR_GOLANG_READ_READING_DATA_POINTER (20) -#define LOG_ERROR_GOLANG_READ_READING_DATA (21) -#define LOG_ERROR_GOLANG_SOCKET_GETTING_SOCKET (22) -#define LOG_ERROR_GOLANG_SOCKET_PUTTING_FILE_DESCRIPTOR (23) -#define LOG_ERROR_GOLANG_DIAL_READING_KEY_DIAL (24) -#define LOG_ERROR_GOLANG_DIAL_PUTTING_SOCKET (25) -#define LOG_ERROR_GOLANG_ALLOCATING_EVENT (26) +#define LOG_ERROR_GOLANG_READ_READING_DATA_POINTER (17) // Sometimes we have the same error, happening from different locations. // in order to be able to distinct between them in the log, we add an diff --git a/tap/tlstapper/bpf/include/maps.h b/tap/tlstapper/bpf/include/maps.h index 351343bd4..b9fe5966b 100644 --- a/tap/tlstapper/bpf/include/maps.h +++ b/tap/tlstapper/bpf/include/maps.h @@ -19,12 +19,6 @@ Copyright (C) UP9 Inc. #define MAX_ENTRIES_HASH (1 << 12) // 4096 #define MAX_ENTRIES_PERF_OUTPUT (1 << 10) // 1024 #define MAX_ENTRIES_LRU_HASH (1 << 14) // 16384 -#define MAX_ENTRIES_RINGBUFF (1 << 24) // 16777216 - -enum chunk_type { - openssl_type=1, - golang_type=2, -}; // The same struct can be found in chunk.go // @@ -38,8 +32,6 @@ struct tls_chunk { __u32 recorded; __u32 fd; __u32 flags; - enum chunk_type type; - bool is_request; __u8 address[16]; __u8 data[CHUNK_SIZE]; // Must be N^2 }; @@ -61,21 +53,6 @@ struct fd_info { __u8 flags; }; -struct sys_close { - __u32 fd; -}; - -struct golang_socket { - __u32 pid; - __u32 fd; - __u64 key_dial; - __u64 conn_addr; -}; - -const struct golang_event *unused1 __attribute__((unused)); -const struct sys_close *unused2 __attribute__((unused)); - - // Heap-like area for eBPF programs - stack size limited to 512 bytes, we must use maps for bigger (chunk) objects. // struct { @@ -103,19 +80,11 @@ struct { #define BPF_LRU_HASH(_name, _key_type, _value_type) \ BPF_MAP(_name, BPF_MAP_TYPE_LRU_HASH, _key_type, _value_type, MAX_ENTRIES_LRU_HASH) -// Generic BPF_HASH(pids_map, __u32, __u32); -BPF_PERF_OUTPUT(log_buffer); -BPF_PERF_OUTPUT(sys_closes); -BPF_PERF_OUTPUT(chunks_buffer); - -// OpenSSL specific BPF_LRU_HASH(ssl_write_context, __u64, struct ssl_info); BPF_LRU_HASH(ssl_read_context, __u64, struct ssl_info); BPF_LRU_HASH(file_descriptor_to_ipv4, __u64, struct fd_info); - -// Golang specific -BPF_LRU_HASH(golang_dial_to_socket, __u64, struct golang_socket); -BPF_LRU_HASH(golang_socket_to_write, __u64, struct golang_socket); +BPF_PERF_OUTPUT(chunks_buffer); +BPF_PERF_OUTPUT(log_buffer); #endif /* __MAPS__ */ diff --git a/tap/tlstapper/bpf/openssl_uprobes.c b/tap/tlstapper/bpf/openssl_uprobes.c index 0fe820792..8a8dac88b 100644 --- a/tap/tlstapper/bpf/openssl_uprobes.c +++ b/tap/tlstapper/bpf/openssl_uprobes.c @@ -132,7 +132,6 @@ static __always_inline void output_ssl_chunk(struct pt_regs *ctx, struct ssl_inf return; } - chunk->type = openssl_type; chunk->flags = flags; chunk->pid = id >> 32; chunk->tgid = id; diff --git a/tap/tlstapper/bpf_logger_messages.go b/tap/tlstapper/bpf_logger_messages.go index 6bbc17688..6ab5ea509 100644 --- a/tap/tlstapper/bpf_logger_messages.go +++ b/tap/tlstapper/bpf_logger_messages.go @@ -20,14 +20,5 @@ var bpfLogMessages = []string{ /*0014*/ "[%d] Unable to put connect info [err: %d]", /*0015*/ "[%d] Unable to get connect info", /*0016*/ "[%d] Unable to read connect info [err: %d]", - /*0017*/ "[%d] Golang write unable to read key_dial [err: %d]", - /*0018*/ "[%d] Golang write unable to get socket [err: %d]", - /*0019*/ "[%d] Golang write unable to read data [err: %d]", - /*0020*/ "[%d] Golang read unable to read data pointer [err: %d]", - /*0021*/ "[%d] Golang read unable to read data [err: %d]", - /*0022*/ "[%d] Golang socket unable to get socket [err: %d]", - /*0023*/ "[%d] Golang socket unable to put file descriptor [err: %d]", - /*0024*/ "[%d] Golang dial unable to read key_dial [err: %d]", - /*0025*/ "[%d] Golang dial unable to put socket [err: %d]", - /*0026*/ "[%d] Unable to allocate Golang event in bpf heap", + /*0017*/ "[%d] Golang read unable to read data pointer [err: %d]", } diff --git a/tap/tlstapper/golang_connection.go b/tap/tlstapper/golang_connection.go deleted file mode 100644 index 86f6790c8..000000000 --- a/tap/tlstapper/golang_connection.go +++ /dev/null @@ -1,53 +0,0 @@ -package tlstapper - -import "github.com/up9inc/mizu/tap/api" - -type golangConnection struct { - pid uint32 - fd uint32 - connAddr uint32 - addressPair addressPair - addressIsSet bool - stream *tlsStream - clientReader *golangReader - serverReader *golangReader -} - -func NewGolangConnection(pid uint32, connAddr uint32, extension *api.Extension, emitter api.Emitter) *golangConnection { - stream := &tlsStream{} - counterPair := &api.CounterPair{} - reqResMatcher := extension.Dissector.NewResponseRequestMatcher() - clientReader := NewGolangReader(extension, true, emitter, counterPair, stream, reqResMatcher) - serverReader := NewGolangReader(extension, false, emitter, counterPair, stream, reqResMatcher) - stream.reader = clientReader - return &golangConnection{ - pid: pid, - connAddr: connAddr, - stream: stream, - clientReader: clientReader, - serverReader: serverReader, - } -} - -func (c *golangConnection) setAddressBySockfd(procfs string, pid uint32, fd uint32) error { - if c.addressIsSet { - return nil - } - - addrPair, err := getAddressBySockfd(procfs, pid, fd) - if err != nil { - return err - } - c.addressPair = addrPair - c.addressIsSet = true - return nil -} - -func (c *golangConnection) close() { - if c.clientReader != nil { - c.clientReader.close() - } - if c.serverReader != nil { - c.serverReader.close() - } -} diff --git a/tap/tlstapper/golang_reader.go b/tap/tlstapper/golang_reader.go deleted file mode 100644 index 2f749065e..000000000 --- a/tap/tlstapper/golang_reader.go +++ /dev/null @@ -1,118 +0,0 @@ -package tlstapper - -import ( - "io" - "sync" - "time" - - "github.com/up9inc/mizu/tap/api" -) - -type golangReader struct { - msgQueue chan []byte - data []byte - progress *api.ReadProgress - tcpID *api.TcpID - isClosed bool - isClient bool - captureTime time.Time - extension *api.Extension - emitter api.Emitter - counterPair *api.CounterPair - parent *tlsStream - reqResMatcher api.RequestResponseMatcher - sync.Mutex -} - -func NewGolangReader(extension *api.Extension, isClient bool, emitter api.Emitter, counterPair *api.CounterPair, stream *tlsStream, reqResMatcher api.RequestResponseMatcher) *golangReader { - return &golangReader{ - msgQueue: make(chan []byte, 1), - progress: &api.ReadProgress{}, - tcpID: &api.TcpID{}, - isClient: isClient, - captureTime: time.Now(), - extension: extension, - emitter: emitter, - counterPair: counterPair, - parent: stream, - reqResMatcher: reqResMatcher, - } -} - -func (r *golangReader) send(b []byte) { - r.Lock() - if !r.isClosed { - r.captureTime = time.Now() - r.msgQueue <- b - } - r.Unlock() -} - -func (r *golangReader) close() { - r.Lock() - if !r.isClosed { - r.isClosed = true - close(r.msgQueue) - } - r.Unlock() -} - -func (r *golangReader) Read(p []byte) (int, error) { - var b []byte - - for len(r.data) == 0 { - var ok bool - b, ok = <-r.msgQueue - if !ok { - return 0, io.EOF - } - - r.data = b - - if len(r.data) > 0 { - break - } - } - - l := copy(p, r.data) - r.data = r.data[l:] - r.progress.Feed(l) - - return l, nil -} - -func (r *golangReader) GetReqResMatcher() api.RequestResponseMatcher { - return r.reqResMatcher -} - -func (r *golangReader) GetIsClient() bool { - return r.isClient -} - -func (r *golangReader) GetReadProgress() *api.ReadProgress { - return r.progress -} - -func (r *golangReader) GetParent() api.TcpStream { - return r.parent -} - -func (r *golangReader) GetTcpID() *api.TcpID { - return r.tcpID -} - -func (r *golangReader) GetCounterPair() *api.CounterPair { - return r.counterPair -} - -func (r *golangReader) GetCaptureTime() time.Time { - return r.captureTime -} - -func (r *golangReader) GetEmitter() api.Emitter { - return r.emitter -} - -func (r *golangReader) GetIsClosed() bool { - return false -} diff --git a/tap/tlstapper/syscall_hooks.go b/tap/tlstapper/syscall_hooks.go index 294ef7ab1..0fa621496 100644 --- a/tap/tlstapper/syscall_hooks.go +++ b/tap/tlstapper/syscall_hooks.go @@ -8,7 +8,6 @@ import ( type syscallHooks struct { sysEnterRead link.Link sysEnterWrite link.Link - sysEnterClose link.Link sysEnterAccept4 link.Link sysExitAccept4 link.Link sysEnterConnect link.Link @@ -30,12 +29,6 @@ func (s *syscallHooks) installSyscallHooks(bpfObjects *tlsTapperObjects) error { return errors.Wrap(err, 0) } - s.sysEnterClose, err = link.Tracepoint("syscalls", "sys_enter_close", bpfObjects.SysEnterClose) - - if err != nil { - return errors.Wrap(err, 0) - } - s.sysEnterAccept4, err = link.Tracepoint("syscalls", "sys_enter_accept4", bpfObjects.SysEnterAccept4) if err != nil { @@ -74,10 +67,6 @@ func (s *syscallHooks) close() []error { errors = append(errors, err) } - if err := s.sysEnterClose.Close(); err != nil { - errors = append(errors, err) - } - if err := s.sysEnterAccept4.Close(); err != nil { errors = append(errors, err) } diff --git a/tap/tlstapper/tls_poller.go b/tap/tlstapper/tls_poller.go index 544e71613..79eb31d71 100644 --- a/tap/tlstapper/tls_poller.go +++ b/tap/tlstapper/tls_poller.go @@ -6,7 +6,6 @@ import ( "fmt" "sync" "time" - "unsafe" "encoding/binary" "encoding/hex" @@ -19,7 +18,6 @@ import ( "github.com/hashicorp/golang-lru/simplelru" "github.com/up9inc/mizu/logger" "github.com/up9inc/mizu/tap/api" - orderedmap "github.com/wk8/go-ordered-map" ) const ( @@ -29,18 +27,16 @@ const ( ) type tlsPoller struct { - tls *TlsTapper - readers map[string]*tlsReader - closedReaders chan string - reqResMatcher api.RequestResponseMatcher - chunksReader *perf.Reader - golangConnectionMap *orderedmap.OrderedMap - sysCloses *perf.Reader - extension *api.Extension - procfs string - pidToNamespace sync.Map - fdCache *simplelru.LRU // Actual typs is map[string]addressPair - evictedCounter int + tls *TlsTapper + readers map[string]*tlsReader + closedReaders chan string + reqResMatcher api.RequestResponseMatcher + chunksReader *perf.Reader + extension *api.Extension + procfs string + pidToNamespace sync.Map + fdCache *simplelru.LRU // Actual typs is map[string]addressPair + evictedCounter int } func newTlsPoller(tls *TlsTapper, extension *api.Extension, procfs string) (*tlsPoller, error) { @@ -73,14 +69,6 @@ func (p *tlsPoller) init(bpfObjects *tlsTapperObjects, bufferSize int) error { return errors.Wrap(err, 0) } - p.sysCloses, err = perf.NewReader(bpfObjects.SysCloses, os.Getpagesize()) - - if err != nil { - return errors.Wrap(err, 0) - } - - p.golangConnectionMap = orderedmap.New() - return nil } @@ -88,12 +76,11 @@ func (p *tlsPoller) close() error { return p.chunksReader.Close() } -func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { +func (p *tlsPoller) poll(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { // tlsTapperTlsChunk is generated by bpf2go. chunks := make(chan *tlsTapperTlsChunk) go p.pollChunksPerfBuffer(chunks) - go p.pollSysClosesPerfBuffer(p.sysCloses) for { select { @@ -102,15 +89,8 @@ func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilterin return } - switch chunk.Type { - case tlsTapperChunkTypeOpensslType: - if err := p.handleOpensslTlsChunk(chunk, p.extension, emitter, options, streamsMap); err != nil { - LogError(err) - } - case tlsTapperChunkTypeGolangType: - if err := p.handleGolangTlsChunk(chunk, emitter, options, streamsMap); err != nil { - LogError(err) - } + if err := p.handleTlsChunk(chunk, p.extension, emitter, options, streamsMap); err != nil { + LogError(err) } case key := <-p.closedReaders: delete(p.readers, key) @@ -118,100 +98,6 @@ func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilterin } } -func (p *tlsPoller) handleGolangTlsChunk(chunk *tlsTapperTlsChunk, emitter api.Emitter, options *api.TrafficFilteringOptions, - streamsMap api.TcpStreamMap) error { - if p.golangConnectionMap.Len()+1 > golangMapLimit { - pair := p.golangConnectionMap.Oldest() - pair.Value.(*golangConnection).close() - p.golangConnectionMap.Delete(pair.Key) - } - - pid := uint64(chunk.Pid) - identifier := pid<<32 + uint64(chunk.Flags) - - var connection *golangConnection - var _connection interface{} - var ok bool - if _connection, ok = p.golangConnectionMap.Get(identifier); !ok { - tlsEmitter := &tlsEmitter{ - delegate: emitter, - namespace: p.getNamespace(chunk.Pid), - } - - connection = NewGolangConnection(chunk.Pid, chunk.Flags, p.extension, tlsEmitter) - p.golangConnectionMap.Set(identifier, connection) - streamsMap.Store(streamsMap.NextId(), connection.stream) - } else { - connection = _connection.(*golangConnection) - } - - if chunk.IsRequest { - connection.fd = chunk.Fd - - err := connection.setAddressBySockfd(p.procfs, chunk.Pid, chunk.Fd) - if err != nil { - return fmt.Errorf("Error resolving address pair from fd: %s", err) - } - - tcpid := p.buildTcpId(&connection.addressPair) - connection.clientReader.tcpID = &tcpid - connection.serverReader.tcpID = &api.TcpID{ - SrcIP: tcpid.DstIP, - DstIP: tcpid.SrcIP, - SrcPort: tcpid.DstPort, - DstPort: tcpid.SrcPort, - } - - go dissect(p.extension, connection.clientReader, options) - go dissect(p.extension, connection.serverReader, options) - - request := make([]byte, len(chunk.Data[:chunk.Len])) - copy(request, chunk.Data[:chunk.Len]) - connection.clientReader.send(request) - } else { - response := make([]byte, len(chunk.Data[:chunk.Len])) - copy(response, chunk.Data[:chunk.Len]) - connection.serverReader.send(response) - } - - return nil -} - -func (p *tlsPoller) pollSysClosesPerfBuffer(rd *perf.Reader) { - nativeEndian := p.getByteOrder() - // tlsTapperSysClose is generated by bpf2go. - var b tlsTapperSysClose - for { - record, err := rd.Read() - if err != nil { - if errors.Is(err, perf.ErrClosed) { - return - } - logger.Log.Errorf("reading from sys_close tls reader: %s", err) - continue - } - - if record.LostSamples != 0 { - logger.Log.Info("sys_close perf event ring buffer full, dropped %d samples", record.LostSamples) - continue - } - - if err := binary.Read(bytes.NewBuffer(record.RawSample), nativeEndian, &b); err != nil { - logger.Log.Errorf("parsing sys_close perf event: %s", err) - continue - } - - // Close and remove the connection from map if its socket file descriptor is closed. - for pair := p.golangConnectionMap.Oldest(); pair != nil; pair = pair.Next() { - connection := pair.Value.(*golangConnection) - if connection.fd == b.Fd { - connection.close() - p.golangConnectionMap.Delete(pair.Key) - } - } - } -} - func (p *tlsPoller) pollChunksPerfBuffer(chunks chan<- *tlsTapperTlsChunk) { logger.Log.Infof("Start polling for tls events") @@ -247,7 +133,7 @@ func (p *tlsPoller) pollChunksPerfBuffer(chunks chan<- *tlsTapperTlsChunk) { } } -func (p *tlsPoller) handleOpensslTlsChunk(chunk *tlsTapperTlsChunk, extension *api.Extension, emitter api.Emitter, +func (p *tlsPoller) handleTlsChunk(chunk *tlsTapperTlsChunk, extension *api.Extension, emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) error { address, err := p.getSockfdAddressPair(chunk) @@ -437,19 +323,3 @@ func (p *tlsPoller) fdCacheEvictCallback(key interface{}, value interface{}) { logger.Log.Infof("Tls fdCache evicted %d items", p.evictedCounter) } } - -func (p *tlsPoller) getByteOrder() (byteOrder binary.ByteOrder) { - buf := [2]byte{} - *(*uint16)(unsafe.Pointer(&buf[0])) = uint16(0xABCD) - - switch buf { - case [2]byte{0xCD, 0xAB}: - byteOrder = binary.LittleEndian - case [2]byte{0xAB, 0xCD}: - byteOrder = binary.BigEndian - default: - panic("Could not determine native endianness.") - } - - return -} diff --git a/tap/tlstapper/tls_stream.go b/tap/tlstapper/tls_stream.go index ff966f763..d0077ba59 100644 --- a/tap/tlstapper/tls_stream.go +++ b/tap/tlstapper/tls_stream.go @@ -3,7 +3,7 @@ package tlstapper import "github.com/up9inc/mizu/tap/api" type tlsStream struct { - reader api.TcpReader + reader *tlsReader protocol *api.Protocol } @@ -16,7 +16,7 @@ func (t *tlsStream) SetProtocol(protocol *api.Protocol) { } func (t *tlsStream) GetReqResMatchers() []api.RequestResponseMatcher { - return []api.RequestResponseMatcher{t.reader.GetReqResMatcher()} + return []api.RequestResponseMatcher{t.reader.reqResMatcher} } func (t *tlsStream) GetIsTapTarget() bool { diff --git a/tap/tlstapper/tls_tapper.go b/tap/tlstapper/tls_tapper.go index a4c89ada5..7d984ea6b 100644 --- a/tap/tlstapper/tls_tapper.go +++ b/tap/tlstapper/tls_tapper.go @@ -12,7 +12,7 @@ import ( const GLOABL_TAP_PID = 0 -//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type chunk_type -type tls_chunk -type sys_close tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86 +//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type tls_chunk tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86 type TlsTapper struct { bpfObjects tlsTapperObjects @@ -59,7 +59,7 @@ func (t *TlsTapper) Init(chunksBufferSize int, logBufferSize int, procfs string, } func (t *TlsTapper) Poll(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { - t.poller.pollSsllib(emitter, options, streamsMap) + t.poller.poll(emitter, options, streamsMap) } func (t *TlsTapper) PollForLogging() { diff --git a/tap/tlstapper/tlstapper_bpfeb.go b/tap/tlstapper/tlstapper_bpfeb.go index 5e3da3ccf..4abbc728f 100644 --- a/tap/tlstapper/tlstapper_bpfeb.go +++ b/tap/tlstapper/tlstapper_bpfeb.go @@ -13,28 +13,16 @@ import ( "github.com/cilium/ebpf" ) -type tlsTapperChunkType int32 - -const ( - tlsTapperChunkTypeOpensslType tlsTapperChunkType = 1 - tlsTapperChunkTypeGolangType tlsTapperChunkType = 2 -) - -type tlsTapperSysClose struct{ Fd uint32 } - type tlsTapperTlsChunk struct { - Pid uint32 - Tgid uint32 - Len uint32 - Start uint32 - Recorded uint32 - Fd uint32 - Flags uint32 - Type tlsTapperChunkType - IsRequest bool - Address [16]uint8 - Data [4096]uint8 - _ [3]byte + Pid uint32 + Tgid uint32 + Len uint32 + Start uint32 + Recorded uint32 + Fd uint32 + Flags uint32 + Address [16]uint8 + Data [4096]uint8 } // loadTlsTapper returns the embedded CollectionSpec for tlsTapper. @@ -89,7 +77,6 @@ type tlsTapperProgramSpecs struct { SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"` SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"` SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"` - SysEnterClose *ebpf.ProgramSpec `ebpf:"sys_enter_close"` SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"` SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"` SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"` @@ -105,14 +92,11 @@ type tlsTapperMapSpecs struct { ChunksBuffer *ebpf.MapSpec `ebpf:"chunks_buffer"` ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"` - GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"` - GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"` Heap *ebpf.MapSpec `ebpf:"heap"` LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"` PidsMap *ebpf.MapSpec `ebpf:"pids_map"` SslReadContext *ebpf.MapSpec `ebpf:"ssl_read_context"` SslWriteContext *ebpf.MapSpec `ebpf:"ssl_write_context"` - SysCloses *ebpf.MapSpec `ebpf:"sys_closes"` } // tlsTapperObjects contains all objects after they have been loaded into the kernel. @@ -138,14 +122,11 @@ type tlsTapperMaps struct { ChunksBuffer *ebpf.Map `ebpf:"chunks_buffer"` ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"` - GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"` - GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"` Heap *ebpf.Map `ebpf:"heap"` LogBuffer *ebpf.Map `ebpf:"log_buffer"` PidsMap *ebpf.Map `ebpf:"pids_map"` SslReadContext *ebpf.Map `ebpf:"ssl_read_context"` SslWriteContext *ebpf.Map `ebpf:"ssl_write_context"` - SysCloses *ebpf.Map `ebpf:"sys_closes"` } func (m *tlsTapperMaps) Close() error { @@ -154,14 +135,11 @@ func (m *tlsTapperMaps) Close() error { m.ChunksBuffer, m.ConnectSyscallInfo, m.FileDescriptorToIpv4, - m.GolangDialToSocket, - m.GolangSocketToWrite, m.Heap, m.LogBuffer, m.PidsMap, m.SslReadContext, m.SslWriteContext, - m.SysCloses, ) } @@ -180,7 +158,6 @@ type tlsTapperPrograms struct { SslWrite *ebpf.Program `ebpf:"ssl_write"` SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"` SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"` - SysEnterClose *ebpf.Program `ebpf:"sys_enter_close"` SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"` SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"` SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"` @@ -201,7 +178,6 @@ func (p *tlsTapperPrograms) Close() error { p.SslWrite, p.SslWriteEx, p.SysEnterAccept4, - p.SysEnterClose, p.SysEnterConnect, p.SysEnterRead, p.SysEnterWrite, diff --git a/tap/tlstapper/tlstapper_bpfeb.o b/tap/tlstapper/tlstapper_bpfeb.o index 1a632d837..115858fde 100644 Binary files a/tap/tlstapper/tlstapper_bpfeb.o and b/tap/tlstapper/tlstapper_bpfeb.o differ diff --git a/tap/tlstapper/tlstapper_bpfel.go b/tap/tlstapper/tlstapper_bpfel.go index d53a0fb40..6a6a2f836 100644 --- a/tap/tlstapper/tlstapper_bpfel.go +++ b/tap/tlstapper/tlstapper_bpfel.go @@ -13,28 +13,16 @@ import ( "github.com/cilium/ebpf" ) -type tlsTapperChunkType int32 - -const ( - tlsTapperChunkTypeOpensslType tlsTapperChunkType = 1 - tlsTapperChunkTypeGolangType tlsTapperChunkType = 2 -) - -type tlsTapperSysClose struct{ Fd uint32 } - type tlsTapperTlsChunk struct { - Pid uint32 - Tgid uint32 - Len uint32 - Start uint32 - Recorded uint32 - Fd uint32 - Flags uint32 - Type tlsTapperChunkType - IsRequest bool - Address [16]uint8 - Data [4096]uint8 - _ [3]byte + Pid uint32 + Tgid uint32 + Len uint32 + Start uint32 + Recorded uint32 + Fd uint32 + Flags uint32 + Address [16]uint8 + Data [4096]uint8 } // loadTlsTapper returns the embedded CollectionSpec for tlsTapper. @@ -89,7 +77,6 @@ type tlsTapperProgramSpecs struct { SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"` SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"` SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"` - SysEnterClose *ebpf.ProgramSpec `ebpf:"sys_enter_close"` SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"` SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"` SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"` @@ -105,14 +92,11 @@ type tlsTapperMapSpecs struct { ChunksBuffer *ebpf.MapSpec `ebpf:"chunks_buffer"` ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"` - GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"` - GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"` Heap *ebpf.MapSpec `ebpf:"heap"` LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"` PidsMap *ebpf.MapSpec `ebpf:"pids_map"` SslReadContext *ebpf.MapSpec `ebpf:"ssl_read_context"` SslWriteContext *ebpf.MapSpec `ebpf:"ssl_write_context"` - SysCloses *ebpf.MapSpec `ebpf:"sys_closes"` } // tlsTapperObjects contains all objects after they have been loaded into the kernel. @@ -138,14 +122,11 @@ type tlsTapperMaps struct { ChunksBuffer *ebpf.Map `ebpf:"chunks_buffer"` ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"` - GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"` - GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"` Heap *ebpf.Map `ebpf:"heap"` LogBuffer *ebpf.Map `ebpf:"log_buffer"` PidsMap *ebpf.Map `ebpf:"pids_map"` SslReadContext *ebpf.Map `ebpf:"ssl_read_context"` SslWriteContext *ebpf.Map `ebpf:"ssl_write_context"` - SysCloses *ebpf.Map `ebpf:"sys_closes"` } func (m *tlsTapperMaps) Close() error { @@ -154,14 +135,11 @@ func (m *tlsTapperMaps) Close() error { m.ChunksBuffer, m.ConnectSyscallInfo, m.FileDescriptorToIpv4, - m.GolangDialToSocket, - m.GolangSocketToWrite, m.Heap, m.LogBuffer, m.PidsMap, m.SslReadContext, m.SslWriteContext, - m.SysCloses, ) } @@ -180,7 +158,6 @@ type tlsTapperPrograms struct { SslWrite *ebpf.Program `ebpf:"ssl_write"` SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"` SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"` - SysEnterClose *ebpf.Program `ebpf:"sys_enter_close"` SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"` SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"` SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"` @@ -201,7 +178,6 @@ func (p *tlsTapperPrograms) Close() error { p.SslWrite, p.SslWriteEx, p.SysEnterAccept4, - p.SysEnterClose, p.SysEnterConnect, p.SysEnterRead, p.SysEnterWrite, diff --git a/tap/tlstapper/tlstapper_bpfel.o b/tap/tlstapper/tlstapper_bpfel.o index 0f34952ab..336f885ce 100644 Binary files a/tap/tlstapper/tlstapper_bpfel.o and b/tap/tlstapper/tlstapper_bpfel.o differ