Remove the unnecessary changes

agent/go.mod

@@ -117,7 +117,6 @@ require (
 	github.com/tklauser/numcpus v0.4.0 // indirect
 	github.com/ugorji/go/codec v1.2.6 // indirect
 	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
-	github.com/wk8/go-ordered-map v1.0.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	go.starlark.net v0.0.0-20220203230714-bb14e151c28f // indirect

agent/go.sum

@@ -702,8 +702,6 @@ github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695AP
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/wI2L/jsondiff v0.1.1 h1:r2TkoEet7E4JMO5+s1RCY2R0LrNPNHY6hbDeow2hRHw=
 github.com/wI2L/jsondiff v0.1.1/go.mod h1:bAbJSAJXZtfOCZ5y3v7Mfb6UQa3DGdGFjQj1cNv8EcM=
-github.com/wk8/go-ordered-map v1.0.0 h1:BV7z+2PaK8LTSd/mWgY12HyMAo5CEgkHqbkVq2thqr8=
-github.com/wk8/go-ordered-map v1.0.0/go.mod h1:9ZIbRunKbuvfPKyBP1SIKLcXNlv74YCOZ3t3VTS6gRk=
 github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
 github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=

tap/go.mod

@@ -14,7 +14,6 @@ require (
 	github.com/up9inc/mizu/tap/api v0.0.0
 	github.com/up9inc/mizu/tap/dbgctl v0.0.0
 	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74
-	github.com/wk8/go-ordered-map v1.0.0
 	k8s.io/api v0.23.3
 )
 

tap/go.sum

@@ -130,7 +130,6 @@ github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/struCoder/pidusage v0.2.1 h1:dFiEgUDkubeIj0XA1NpQ6+8LQmKrLi7NiIQl86E6BoY=
@@ -141,8 +140,6 @@ github.com/tklauser/numcpus v0.4.0 h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq//
 github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/wk8/go-ordered-map v1.0.0 h1:BV7z+2PaK8LTSd/mWgY12HyMAo5CEgkHqbkVq2thqr8=
-github.com/wk8/go-ordered-map v1.0.0/go.mod h1:9ZIbRunKbuvfPKyBP1SIKLcXNlv74YCOZ3t3VTS6gRk=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=

tap/tlstapper/bpf/fd_tracepoints.c

@@ -90,23 +90,3 @@ void sys_enter_write(struct sys_enter_write_ctx *ctx) {
 		log_error(ctx, LOG_ERROR_PUTTING_FILE_DESCRIPTOR, id, err, ORIGIN_SYS_ENTER_WRITE_CODE);
 	}
 }
-
-struct sys_enter_close_ctx {
-	__u64 __unused_syscall_header;
-	__u32 __unused_syscall_nr;
-
-	__u64 fd;
-};
-
-SEC("tracepoint/syscalls/sys_enter_close")
-void sys_enter_close(struct sys_enter_close_ctx *ctx) {
-	__u64 id = bpf_get_current_pid_tgid();
-
-	if (!should_tap(id >> 32)) {
-		return;
-	}
-
-	struct sys_close event;
-    event.fd = ctx->fd;
-    bpf_perf_event_output(ctx, &sys_closes, BPF_F_CURRENT_CPU, &event, sizeof(event));
-}

tap/tlstapper/bpf/golang_uprobes.c

@@ -119,7 +119,6 @@ static __always_inline void golang_output_ssl_chunk(struct pt_regs *ctx, struct
 		return;
 	}
 	
-    chunk->type = openssl_type;
 	chunk->flags = flags;
 	chunk->pid = id >> 32;
 	chunk->tgid = id;

tap/tlstapper/bpf/include/headers.h

@@ -8,7 +8,6 @@ Copyright (C) UP9 Inc.
 #define __HEADERS__
 
 #include <stddef.h>
-#include <stdbool.h>
 #include <linux/bpf.h>
 #include <linux/ptrace.h>
 #include <bpf/bpf_helpers.h>

tap/tlstapper/bpf/include/logger_messages.h

@@ -26,16 +26,7 @@ Copyright (C) UP9 Inc.
 #define LOG_ERROR_PUTTING_CONNECT_INFO (14)
 #define LOG_ERROR_GETTING_CONNECT_INFO (15)
 #define LOG_ERROR_READING_CONNECT_INFO (16)
-#define LOG_ERROR_GOLANG_WRITE_READING_KEY_DIAL (17)
+#define LOG_ERROR_GOLANG_READ_READING_DATA_POINTER (17)
-#define LOG_ERROR_GOLANG_WRITE_GETTING_SOCKET (18)
-#define LOG_ERROR_GOLANG_WRITE_READING_DATA (19)
-#define LOG_ERROR_GOLANG_READ_READING_DATA_POINTER (20)
-#define LOG_ERROR_GOLANG_READ_READING_DATA (21)
-#define LOG_ERROR_GOLANG_SOCKET_GETTING_SOCKET (22)
-#define LOG_ERROR_GOLANG_SOCKET_PUTTING_FILE_DESCRIPTOR (23)
-#define LOG_ERROR_GOLANG_DIAL_READING_KEY_DIAL (24)
-#define LOG_ERROR_GOLANG_DIAL_PUTTING_SOCKET (25)
-#define LOG_ERROR_GOLANG_ALLOCATING_EVENT (26)
 
 // Sometimes we have the same error, happening from different locations.
 // 	in order to be able to distinct between them in the log, we add an 

tap/tlstapper/bpf/include/maps.h

@@ -19,12 +19,6 @@ Copyright (C) UP9 Inc.
 #define MAX_ENTRIES_HASH        (1 << 12)  // 4096
 #define MAX_ENTRIES_PERF_OUTPUT	(1 << 10)  // 1024
 #define MAX_ENTRIES_LRU_HASH	(1 << 14)  // 16384
-#define MAX_ENTRIES_RINGBUFF	(1 << 24)  // 16777216
-
-enum chunk_type {
-    openssl_type=1,
-    golang_type=2,
-};
 
 // The same struct can be found in chunk.go
 //  
@@ -38,8 +32,6 @@ struct tls_chunk {
     __u32 recorded;
     __u32 fd;
     __u32 flags;
-    enum chunk_type type;
-    bool is_request;
     __u8 address[16];
     __u8 data[CHUNK_SIZE]; // Must be N^2
 };
@@ -61,21 +53,6 @@ struct fd_info {
     __u8 flags;
 };
 
-struct sys_close {
-    __u32 fd;
-};
-
-struct golang_socket {
-    __u32 pid;
-    __u32 fd;
-    __u64 key_dial;
-    __u64 conn_addr;
-};
-
-const struct golang_event *unused1 __attribute__((unused));
-const struct sys_close *unused2 __attribute__((unused));
-
-
 // Heap-like area for eBPF programs - stack size limited to 512 bytes, we must use maps for bigger (chunk) objects.
 //
 struct {
@@ -103,19 +80,11 @@ struct {
 #define BPF_LRU_HASH(_name, _key_type, _value_type) \
     BPF_MAP(_name, BPF_MAP_TYPE_LRU_HASH, _key_type, _value_type, MAX_ENTRIES_LRU_HASH)
 
-// Generic
 BPF_HASH(pids_map, __u32, __u32);
-BPF_PERF_OUTPUT(log_buffer);
-BPF_PERF_OUTPUT(sys_closes);
-BPF_PERF_OUTPUT(chunks_buffer);
-
-// OpenSSL specific
 BPF_LRU_HASH(ssl_write_context, __u64, struct ssl_info);
 BPF_LRU_HASH(ssl_read_context, __u64, struct ssl_info);
 BPF_LRU_HASH(file_descriptor_to_ipv4, __u64, struct fd_info);
-
+BPF_PERF_OUTPUT(chunks_buffer);
-// Golang specific
+BPF_PERF_OUTPUT(log_buffer);
-BPF_LRU_HASH(golang_dial_to_socket, __u64, struct golang_socket);
-BPF_LRU_HASH(golang_socket_to_write, __u64, struct golang_socket);
 
 #endif /* __MAPS__ */

tap/tlstapper/bpf/openssl_uprobes.c

@@ -132,7 +132,6 @@ static __always_inline void output_ssl_chunk(struct pt_regs *ctx, struct ssl_inf
 		return;
 	}
 	
-    chunk->type = openssl_type;
 	chunk->flags = flags;
 	chunk->pid = id >> 32;
 	chunk->tgid = id;

tap/tlstapper/bpf_logger_messages.go

@@ -20,14 +20,5 @@ var bpfLogMessages = []string{
 	/*0014*/ "[%d] Unable to put connect info [err: %d]",
 	/*0015*/ "[%d] Unable to get connect info",
 	/*0016*/ "[%d] Unable to read connect info [err: %d]",
-	/*0017*/ "[%d] Golang write unable to read key_dial [err: %d]",
+	/*0017*/ "[%d] Golang read unable to read data pointer [err: %d]",
-	/*0018*/ "[%d] Golang write unable to get socket [err: %d]",
-	/*0019*/ "[%d] Golang write unable to read data [err: %d]",
-	/*0020*/ "[%d] Golang read unable to read data pointer [err: %d]",
-	/*0021*/ "[%d] Golang read unable to read data [err: %d]",
-	/*0022*/ "[%d] Golang socket unable to get socket [err: %d]",
-	/*0023*/ "[%d] Golang socket unable to put file descriptor [err: %d]",
-	/*0024*/ "[%d] Golang dial unable to read key_dial [err: %d]",
-	/*0025*/ "[%d] Golang dial unable to put socket [err: %d]",
-	/*0026*/ "[%d] Unable to allocate Golang event in bpf heap",
 }

tap/tlstapper/golang_connection.go

@@ -1,53 +0,0 @@
-package tlstapper
-
-import "github.com/up9inc/mizu/tap/api"
-
-type golangConnection struct {
-	pid          uint32
-	fd           uint32
-	connAddr     uint32
-	addressPair  addressPair
-	addressIsSet bool
-	stream       *tlsStream
-	clientReader *golangReader
-	serverReader *golangReader
-}
-
-func NewGolangConnection(pid uint32, connAddr uint32, extension *api.Extension, emitter api.Emitter) *golangConnection {
-	stream := &tlsStream{}
-	counterPair := &api.CounterPair{}
-	reqResMatcher := extension.Dissector.NewResponseRequestMatcher()
-	clientReader := NewGolangReader(extension, true, emitter, counterPair, stream, reqResMatcher)
-	serverReader := NewGolangReader(extension, false, emitter, counterPair, stream, reqResMatcher)
-	stream.reader = clientReader
-	return &golangConnection{
-		pid:          pid,
-		connAddr:     connAddr,
-		stream:       stream,
-		clientReader: clientReader,
-		serverReader: serverReader,
-	}
-}
-
-func (c *golangConnection) setAddressBySockfd(procfs string, pid uint32, fd uint32) error {
-	if c.addressIsSet {
-		return nil
-	}
-
-	addrPair, err := getAddressBySockfd(procfs, pid, fd)
-	if err != nil {
-		return err
-	}
-	c.addressPair = addrPair
-	c.addressIsSet = true
-	return nil
-}
-
-func (c *golangConnection) close() {
-	if c.clientReader != nil {
-		c.clientReader.close()
-	}
-	if c.serverReader != nil {
-		c.serverReader.close()
-	}
-}

tap/tlstapper/golang_reader.go

@@ -1,118 +0,0 @@
-package tlstapper
-
-import (
-	"io"
-	"sync"
-	"time"
-
-	"github.com/up9inc/mizu/tap/api"
-)
-
-type golangReader struct {
-	msgQueue      chan []byte
-	data          []byte
-	progress      *api.ReadProgress
-	tcpID         *api.TcpID
-	isClosed      bool
-	isClient      bool
-	captureTime   time.Time
-	extension     *api.Extension
-	emitter       api.Emitter
-	counterPair   *api.CounterPair
-	parent        *tlsStream
-	reqResMatcher api.RequestResponseMatcher
-	sync.Mutex
-}
-
-func NewGolangReader(extension *api.Extension, isClient bool, emitter api.Emitter, counterPair *api.CounterPair, stream *tlsStream, reqResMatcher api.RequestResponseMatcher) *golangReader {
-	return &golangReader{
-		msgQueue:      make(chan []byte, 1),
-		progress:      &api.ReadProgress{},
-		tcpID:         &api.TcpID{},
-		isClient:      isClient,
-		captureTime:   time.Now(),
-		extension:     extension,
-		emitter:       emitter,
-		counterPair:   counterPair,
-		parent:        stream,
-		reqResMatcher: reqResMatcher,
-	}
-}
-
-func (r *golangReader) send(b []byte) {
-	r.Lock()
-	if !r.isClosed {
-		r.captureTime = time.Now()
-		r.msgQueue <- b
-	}
-	r.Unlock()
-}
-
-func (r *golangReader) close() {
-	r.Lock()
-	if !r.isClosed {
-		r.isClosed = true
-		close(r.msgQueue)
-	}
-	r.Unlock()
-}
-
-func (r *golangReader) Read(p []byte) (int, error) {
-	var b []byte
-
-	for len(r.data) == 0 {
-		var ok bool
-		b, ok = <-r.msgQueue
-		if !ok {
-			return 0, io.EOF
-		}
-
-		r.data = b
-
-		if len(r.data) > 0 {
-			break
-		}
-	}
-
-	l := copy(p, r.data)
-	r.data = r.data[l:]
-	r.progress.Feed(l)
-
-	return l, nil
-}
-
-func (r *golangReader) GetReqResMatcher() api.RequestResponseMatcher {
-	return r.reqResMatcher
-}
-
-func (r *golangReader) GetIsClient() bool {
-	return r.isClient
-}
-
-func (r *golangReader) GetReadProgress() *api.ReadProgress {
-	return r.progress
-}
-
-func (r *golangReader) GetParent() api.TcpStream {
-	return r.parent
-}
-
-func (r *golangReader) GetTcpID() *api.TcpID {
-	return r.tcpID
-}
-
-func (r *golangReader) GetCounterPair() *api.CounterPair {
-	return r.counterPair
-}
-
-func (r *golangReader) GetCaptureTime() time.Time {
-	return r.captureTime
-}
-
-func (r *golangReader) GetEmitter() api.Emitter {
-	return r.emitter
-}
-
-func (r *golangReader) GetIsClosed() bool {
-	return false
-}

tap/tlstapper/syscall_hooks.go

@@ -8,7 +8,6 @@ import (
 type syscallHooks struct {
 	sysEnterRead    link.Link
 	sysEnterWrite   link.Link
-	sysEnterClose   link.Link
 	sysEnterAccept4 link.Link
 	sysExitAccept4  link.Link
 	sysEnterConnect link.Link
@@ -30,12 +29,6 @@ func (s *syscallHooks) installSyscallHooks(bpfObjects *tlsTapperObjects) error {
 		return errors.Wrap(err, 0)
 	}
 
-	s.sysEnterClose, err = link.Tracepoint("syscalls", "sys_enter_close", bpfObjects.SysEnterClose)
-
-	if err != nil {
-		return errors.Wrap(err, 0)
-	}
-
 	s.sysEnterAccept4, err = link.Tracepoint("syscalls", "sys_enter_accept4", bpfObjects.SysEnterAccept4)
 
 	if err != nil {
@@ -74,10 +67,6 @@ func (s *syscallHooks) close() []error {
 		errors = append(errors, err)
 	}
 
-	if err := s.sysEnterClose.Close(); err != nil {
-		errors = append(errors, err)
-	}
-
 	if err := s.sysEnterAccept4.Close(); err != nil {
 		errors = append(errors, err)
 	}

tap/tlstapper/tls_poller.go

@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"sync"
 	"time"
-	"unsafe"
 
 	"encoding/binary"
 	"encoding/hex"
@@ -19,7 +18,6 @@ import (
 	"github.com/hashicorp/golang-lru/simplelru"
 	"github.com/up9inc/mizu/logger"
 	"github.com/up9inc/mizu/tap/api"
-	orderedmap "github.com/wk8/go-ordered-map"
 )
 
 const (
@@ -29,18 +27,16 @@ const (
 )
 
 type tlsPoller struct {
-	tls                 *TlsTapper
+	tls            *TlsTapper
-	readers             map[string]*tlsReader
+	readers        map[string]*tlsReader
-	closedReaders       chan string
+	closedReaders  chan string
-	reqResMatcher       api.RequestResponseMatcher
+	reqResMatcher  api.RequestResponseMatcher
-	chunksReader        *perf.Reader
+	chunksReader   *perf.Reader
-	golangConnectionMap *orderedmap.OrderedMap
+	extension      *api.Extension
-	sysCloses           *perf.Reader
+	procfs         string
-	extension           *api.Extension
+	pidToNamespace sync.Map
-	procfs              string
+	fdCache        *simplelru.LRU // Actual typs is map[string]addressPair
-	pidToNamespace      sync.Map
+	evictedCounter int
-	fdCache             *simplelru.LRU // Actual typs is map[string]addressPair
-	evictedCounter      int
 }
 
 func newTlsPoller(tls *TlsTapper, extension *api.Extension, procfs string) (*tlsPoller, error) {
@@ -73,14 +69,6 @@ func (p *tlsPoller) init(bpfObjects *tlsTapperObjects, bufferSize int) error {
 		return errors.Wrap(err, 0)
 	}
 
-	p.sysCloses, err = perf.NewReader(bpfObjects.SysCloses, os.Getpagesize())
-
-	if err != nil {
-		return errors.Wrap(err, 0)
-	}
-
-	p.golangConnectionMap = orderedmap.New()
-
 	return nil
 }
 
@@ -88,12 +76,11 @@ func (p *tlsPoller) close() error {
 	return p.chunksReader.Close()
 }
 
-func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) {
+func (p *tlsPoller) poll(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) {
 	// tlsTapperTlsChunk is generated by bpf2go.
 	chunks := make(chan *tlsTapperTlsChunk)
 
 	go p.pollChunksPerfBuffer(chunks)
-	go p.pollSysClosesPerfBuffer(p.sysCloses)
 
 	for {
 		select {
@@ -102,15 +89,8 @@ func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilterin
 				return
 			}
 
-			switch chunk.Type {
+			if err := p.handleTlsChunk(chunk, p.extension, emitter, options, streamsMap); err != nil {
-			case tlsTapperChunkTypeOpensslType:
+				LogError(err)
-				if err := p.handleOpensslTlsChunk(chunk, p.extension, emitter, options, streamsMap); err != nil {
-					LogError(err)
-				}
-			case tlsTapperChunkTypeGolangType:
-				if err := p.handleGolangTlsChunk(chunk, emitter, options, streamsMap); err != nil {
-					LogError(err)
-				}
 			}
 		case key := <-p.closedReaders:
 			delete(p.readers, key)
@@ -118,100 +98,6 @@ func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilterin
 	}
 }
 
-func (p *tlsPoller) handleGolangTlsChunk(chunk *tlsTapperTlsChunk, emitter api.Emitter, options *api.TrafficFilteringOptions,
-	streamsMap api.TcpStreamMap) error {
-	if p.golangConnectionMap.Len()+1 > golangMapLimit {
-		pair := p.golangConnectionMap.Oldest()
-		pair.Value.(*golangConnection).close()
-		p.golangConnectionMap.Delete(pair.Key)
-	}
-
-	pid := uint64(chunk.Pid)
-	identifier := pid<<32 + uint64(chunk.Flags)
-
-	var connection *golangConnection
-	var _connection interface{}
-	var ok bool
-	if _connection, ok = p.golangConnectionMap.Get(identifier); !ok {
-		tlsEmitter := &tlsEmitter{
-			delegate:  emitter,
-			namespace: p.getNamespace(chunk.Pid),
-		}
-
-		connection = NewGolangConnection(chunk.Pid, chunk.Flags, p.extension, tlsEmitter)
-		p.golangConnectionMap.Set(identifier, connection)
-		streamsMap.Store(streamsMap.NextId(), connection.stream)
-	} else {
-		connection = _connection.(*golangConnection)
-	}
-
-	if chunk.IsRequest {
-		connection.fd = chunk.Fd
-
-		err := connection.setAddressBySockfd(p.procfs, chunk.Pid, chunk.Fd)
-		if err != nil {
-			return fmt.Errorf("Error resolving address pair from fd: %s", err)
-		}
-
-		tcpid := p.buildTcpId(&connection.addressPair)
-		connection.clientReader.tcpID = &tcpid
-		connection.serverReader.tcpID = &api.TcpID{
-			SrcIP:   tcpid.DstIP,
-			DstIP:   tcpid.SrcIP,
-			SrcPort: tcpid.DstPort,
-			DstPort: tcpid.SrcPort,
-		}
-
-		go dissect(p.extension, connection.clientReader, options)
-		go dissect(p.extension, connection.serverReader, options)
-
-		request := make([]byte, len(chunk.Data[:chunk.Len]))
-		copy(request, chunk.Data[:chunk.Len])
-		connection.clientReader.send(request)
-	} else {
-		response := make([]byte, len(chunk.Data[:chunk.Len]))
-		copy(response, chunk.Data[:chunk.Len])
-		connection.serverReader.send(response)
-	}
-
-	return nil
-}
-
-func (p *tlsPoller) pollSysClosesPerfBuffer(rd *perf.Reader) {
-	nativeEndian := p.getByteOrder()
-	// tlsTapperSysClose is generated by bpf2go.
-	var b tlsTapperSysClose
-	for {
-		record, err := rd.Read()
-		if err != nil {
-			if errors.Is(err, perf.ErrClosed) {
-				return
-			}
-			logger.Log.Errorf("reading from sys_close tls reader: %s", err)
-			continue
-		}
-
-		if record.LostSamples != 0 {
-			logger.Log.Info("sys_close perf event ring buffer full, dropped %d samples", record.LostSamples)
-			continue
-		}
-
-		if err := binary.Read(bytes.NewBuffer(record.RawSample), nativeEndian, &b); err != nil {
-			logger.Log.Errorf("parsing sys_close perf event: %s", err)
-			continue
-		}
-
-		// Close and remove the connection from map if its socket file descriptor is closed.
-		for pair := p.golangConnectionMap.Oldest(); pair != nil; pair = pair.Next() {
-			connection := pair.Value.(*golangConnection)
-			if connection.fd == b.Fd {
-				connection.close()
-				p.golangConnectionMap.Delete(pair.Key)
-			}
-		}
-	}
-}
-
 func (p *tlsPoller) pollChunksPerfBuffer(chunks chan<- *tlsTapperTlsChunk) {
 	logger.Log.Infof("Start polling for tls events")
 
@@ -247,7 +133,7 @@ func (p *tlsPoller) pollChunksPerfBuffer(chunks chan<- *tlsTapperTlsChunk) {
 	}
 }
 
-func (p *tlsPoller) handleOpensslTlsChunk(chunk *tlsTapperTlsChunk, extension *api.Extension, emitter api.Emitter,
+func (p *tlsPoller) handleTlsChunk(chunk *tlsTapperTlsChunk, extension *api.Extension, emitter api.Emitter,
 	options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) error {
 	address, err := p.getSockfdAddressPair(chunk)
 
@@ -437,19 +323,3 @@ func (p *tlsPoller) fdCacheEvictCallback(key interface{}, value interface{}) {
 		logger.Log.Infof("Tls fdCache evicted %d items", p.evictedCounter)
 	}
 }
-
-func (p *tlsPoller) getByteOrder() (byteOrder binary.ByteOrder) {
-	buf := [2]byte{}
-	*(*uint16)(unsafe.Pointer(&buf[0])) = uint16(0xABCD)
-
-	switch buf {
-	case [2]byte{0xCD, 0xAB}:
-		byteOrder = binary.LittleEndian
-	case [2]byte{0xAB, 0xCD}:
-		byteOrder = binary.BigEndian
-	default:
-		panic("Could not determine native endianness.")
-	}
-
-	return
-}

tap/tlstapper/tls_stream.go

@@ -3,7 +3,7 @@ package tlstapper
 import "github.com/up9inc/mizu/tap/api"
 
 type tlsStream struct {
-	reader   api.TcpReader
+	reader   *tlsReader
 	protocol *api.Protocol
 }
 
@@ -16,7 +16,7 @@ func (t *tlsStream) SetProtocol(protocol *api.Protocol) {
 }
 
 func (t *tlsStream) GetReqResMatchers() []api.RequestResponseMatcher {
-	return []api.RequestResponseMatcher{t.reader.GetReqResMatcher()}
+	return []api.RequestResponseMatcher{t.reader.reqResMatcher}
 }
 
 func (t *tlsStream) GetIsTapTarget() bool {

tap/tlstapper/tls_tapper.go

@@ -12,7 +12,7 @@ import (
 
 const GLOABL_TAP_PID = 0
 
-//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type chunk_type -type tls_chunk -type sys_close tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86
+//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type tls_chunk tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86
 
 type TlsTapper struct {
 	bpfObjects         tlsTapperObjects
@@ -59,7 +59,7 @@ func (t *TlsTapper) Init(chunksBufferSize int, logBufferSize int, procfs string,
 }
 
 func (t *TlsTapper) Poll(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) {
-	t.poller.pollSsllib(emitter, options, streamsMap)
+	t.poller.poll(emitter, options, streamsMap)
 }
 
 func (t *TlsTapper) PollForLogging() {

tap/tlstapper/tlstapper_bpfeb.go

@@ -13,28 +13,16 @@ import (
 	"github.com/cilium/ebpf"
 )
 
-type tlsTapperChunkType int32
-
-const (
-	tlsTapperChunkTypeOpensslType tlsTapperChunkType = 1
-	tlsTapperChunkTypeGolangType  tlsTapperChunkType = 2
-)
-
-type tlsTapperSysClose struct{ Fd uint32 }
-
 type tlsTapperTlsChunk struct {
-	Pid       uint32
+	Pid      uint32
-	Tgid      uint32
+	Tgid     uint32
-	Len       uint32
+	Len      uint32
-	Start     uint32
+	Start    uint32
-	Recorded  uint32
+	Recorded uint32
-	Fd        uint32
+	Fd       uint32
-	Flags     uint32
+	Flags    uint32
-	Type      tlsTapperChunkType
+	Address  [16]uint8
-	IsRequest bool
+	Data     [4096]uint8
-	Address   [16]uint8
-	Data      [4096]uint8
-	_         [3]byte
 }
 
 // loadTlsTapper returns the embedded CollectionSpec for tlsTapper.
@@ -89,7 +77,6 @@ type tlsTapperProgramSpecs struct {
 	SslWrite                   *ebpf.ProgramSpec `ebpf:"ssl_write"`
 	SslWriteEx                 *ebpf.ProgramSpec `ebpf:"ssl_write_ex"`
 	SysEnterAccept4            *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"`
-	SysEnterClose              *ebpf.ProgramSpec `ebpf:"sys_enter_close"`
 	SysEnterConnect            *ebpf.ProgramSpec `ebpf:"sys_enter_connect"`
 	SysEnterRead               *ebpf.ProgramSpec `ebpf:"sys_enter_read"`
 	SysEnterWrite              *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
@@ -105,14 +92,11 @@ type tlsTapperMapSpecs struct {
 	ChunksBuffer         *ebpf.MapSpec `ebpf:"chunks_buffer"`
 	ConnectSyscallInfo   *ebpf.MapSpec `ebpf:"connect_syscall_info"`
 	FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"`
-	GolangDialToSocket   *ebpf.MapSpec `ebpf:"golang_dial_to_socket"`
-	GolangSocketToWrite  *ebpf.MapSpec `ebpf:"golang_socket_to_write"`
 	Heap                 *ebpf.MapSpec `ebpf:"heap"`
 	LogBuffer            *ebpf.MapSpec `ebpf:"log_buffer"`
 	PidsMap              *ebpf.MapSpec `ebpf:"pids_map"`
 	SslReadContext       *ebpf.MapSpec `ebpf:"ssl_read_context"`
 	SslWriteContext      *ebpf.MapSpec `ebpf:"ssl_write_context"`
-	SysCloses            *ebpf.MapSpec `ebpf:"sys_closes"`
 }
 
 // tlsTapperObjects contains all objects after they have been loaded into the kernel.
@@ -138,14 +122,11 @@ type tlsTapperMaps struct {
 	ChunksBuffer         *ebpf.Map `ebpf:"chunks_buffer"`
 	ConnectSyscallInfo   *ebpf.Map `ebpf:"connect_syscall_info"`
 	FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"`
-	GolangDialToSocket   *ebpf.Map `ebpf:"golang_dial_to_socket"`
-	GolangSocketToWrite  *ebpf.Map `ebpf:"golang_socket_to_write"`
 	Heap                 *ebpf.Map `ebpf:"heap"`
 	LogBuffer            *ebpf.Map `ebpf:"log_buffer"`
 	PidsMap              *ebpf.Map `ebpf:"pids_map"`
 	SslReadContext       *ebpf.Map `ebpf:"ssl_read_context"`
 	SslWriteContext      *ebpf.Map `ebpf:"ssl_write_context"`
-	SysCloses            *ebpf.Map `ebpf:"sys_closes"`
 }
 
 func (m *tlsTapperMaps) Close() error {
@@ -154,14 +135,11 @@ func (m *tlsTapperMaps) Close() error {
 		m.ChunksBuffer,
 		m.ConnectSyscallInfo,
 		m.FileDescriptorToIpv4,
-		m.GolangDialToSocket,
-		m.GolangSocketToWrite,
 		m.Heap,
 		m.LogBuffer,
 		m.PidsMap,
 		m.SslReadContext,
 		m.SslWriteContext,
-		m.SysCloses,
 	)
 }
 
@@ -180,7 +158,6 @@ type tlsTapperPrograms struct {
 	SslWrite                   *ebpf.Program `ebpf:"ssl_write"`
 	SslWriteEx                 *ebpf.Program `ebpf:"ssl_write_ex"`
 	SysEnterAccept4            *ebpf.Program `ebpf:"sys_enter_accept4"`
-	SysEnterClose              *ebpf.Program `ebpf:"sys_enter_close"`
 	SysEnterConnect            *ebpf.Program `ebpf:"sys_enter_connect"`
 	SysEnterRead               *ebpf.Program `ebpf:"sys_enter_read"`
 	SysEnterWrite              *ebpf.Program `ebpf:"sys_enter_write"`
@@ -201,7 +178,6 @@ func (p *tlsTapperPrograms) Close() error {
 		p.SslWrite,
 		p.SslWriteEx,
 		p.SysEnterAccept4,
-		p.SysEnterClose,
 		p.SysEnterConnect,
 		p.SysEnterRead,
 		p.SysEnterWrite,

tap/tlstapper/tlstapper_bpfel.go

@@ -13,28 +13,16 @@ import (
 	"github.com/cilium/ebpf"
 )
 
-type tlsTapperChunkType int32
-
-const (
-	tlsTapperChunkTypeOpensslType tlsTapperChunkType = 1
-	tlsTapperChunkTypeGolangType  tlsTapperChunkType = 2
-)
-
-type tlsTapperSysClose struct{ Fd uint32 }
-
 type tlsTapperTlsChunk struct {
-	Pid       uint32
+	Pid      uint32
-	Tgid      uint32
+	Tgid     uint32
-	Len       uint32
+	Len      uint32
-	Start     uint32
+	Start    uint32
-	Recorded  uint32
+	Recorded uint32
-	Fd        uint32
+	Fd       uint32
-	Flags     uint32
+	Flags    uint32
-	Type      tlsTapperChunkType
+	Address  [16]uint8
-	IsRequest bool
+	Data     [4096]uint8
-	Address   [16]uint8
-	Data      [4096]uint8
-	_         [3]byte
 }
 
 // loadTlsTapper returns the embedded CollectionSpec for tlsTapper.
@@ -89,7 +77,6 @@ type tlsTapperProgramSpecs struct {
 	SslWrite                   *ebpf.ProgramSpec `ebpf:"ssl_write"`
 	SslWriteEx                 *ebpf.ProgramSpec `ebpf:"ssl_write_ex"`
 	SysEnterAccept4            *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"`
-	SysEnterClose              *ebpf.ProgramSpec `ebpf:"sys_enter_close"`
 	SysEnterConnect            *ebpf.ProgramSpec `ebpf:"sys_enter_connect"`
 	SysEnterRead               *ebpf.ProgramSpec `ebpf:"sys_enter_read"`
 	SysEnterWrite              *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
@@ -105,14 +92,11 @@ type tlsTapperMapSpecs struct {
 	ChunksBuffer         *ebpf.MapSpec `ebpf:"chunks_buffer"`
 	ConnectSyscallInfo   *ebpf.MapSpec `ebpf:"connect_syscall_info"`
 	FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"`
-	GolangDialToSocket   *ebpf.MapSpec `ebpf:"golang_dial_to_socket"`
-	GolangSocketToWrite  *ebpf.MapSpec `ebpf:"golang_socket_to_write"`
 	Heap                 *ebpf.MapSpec `ebpf:"heap"`
 	LogBuffer            *ebpf.MapSpec `ebpf:"log_buffer"`
 	PidsMap              *ebpf.MapSpec `ebpf:"pids_map"`
 	SslReadContext       *ebpf.MapSpec `ebpf:"ssl_read_context"`
 	SslWriteContext      *ebpf.MapSpec `ebpf:"ssl_write_context"`
-	SysCloses            *ebpf.MapSpec `ebpf:"sys_closes"`
 }
 
 // tlsTapperObjects contains all objects after they have been loaded into the kernel.
@@ -138,14 +122,11 @@ type tlsTapperMaps struct {
 	ChunksBuffer         *ebpf.Map `ebpf:"chunks_buffer"`
 	ConnectSyscallInfo   *ebpf.Map `ebpf:"connect_syscall_info"`
 	FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"`
-	GolangDialToSocket   *ebpf.Map `ebpf:"golang_dial_to_socket"`
-	GolangSocketToWrite  *ebpf.Map `ebpf:"golang_socket_to_write"`
 	Heap                 *ebpf.Map `ebpf:"heap"`
 	LogBuffer            *ebpf.Map `ebpf:"log_buffer"`
 	PidsMap              *ebpf.Map `ebpf:"pids_map"`
 	SslReadContext       *ebpf.Map `ebpf:"ssl_read_context"`
 	SslWriteContext      *ebpf.Map `ebpf:"ssl_write_context"`
-	SysCloses            *ebpf.Map `ebpf:"sys_closes"`
 }
 
 func (m *tlsTapperMaps) Close() error {
@@ -154,14 +135,11 @@ func (m *tlsTapperMaps) Close() error {
 		m.ChunksBuffer,
 		m.ConnectSyscallInfo,
 		m.FileDescriptorToIpv4,
-		m.GolangDialToSocket,
-		m.GolangSocketToWrite,
 		m.Heap,
 		m.LogBuffer,
 		m.PidsMap,
 		m.SslReadContext,
 		m.SslWriteContext,
-		m.SysCloses,
 	)
 }
 
@@ -180,7 +158,6 @@ type tlsTapperPrograms struct {
 	SslWrite                   *ebpf.Program `ebpf:"ssl_write"`
 	SslWriteEx                 *ebpf.Program `ebpf:"ssl_write_ex"`
 	SysEnterAccept4            *ebpf.Program `ebpf:"sys_enter_accept4"`
-	SysEnterClose              *ebpf.Program `ebpf:"sys_enter_close"`
 	SysEnterConnect            *ebpf.Program `ebpf:"sys_enter_connect"`
 	SysEnterRead               *ebpf.Program `ebpf:"sys_enter_read"`
 	SysEnterWrite              *ebpf.Program `ebpf:"sys_enter_write"`
@@ -201,7 +178,6 @@ func (p *tlsTapperPrograms) Close() error {
 		p.SslWrite,
 		p.SslWriteEx,
 		p.SysEnterAccept4,
-		p.SysEnterClose,
 		p.SysEnterConnect,
 		p.SysEnterRead,
 		p.SysEnterWrite,