mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-07-08 13:54:28 +00:00
Remove the unnecessary changes
This commit is contained in:
M. Mert Yildiran
parent
057709c49d
commit
21a560d56b
@ -117,7 +117,6 @@ require (
|
||||
github.com/tklauser/numcpus v0.4.0 // indirect
|
||||
github.com/ugorji/go/codec v1.2.6 // indirect
|
||||
github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
|
||||
github.com/wk8/go-ordered-map v1.0.0 // indirect
|
||||
github.com/xlab/treeprint v1.1.0 // indirect
|
||||
github.com/yusufpapurcu/wmi v1.2.2 // indirect
|
||||
go.starlark.net v0.0.0-20220203230714-bb14e151c28f // indirect
|
||||
|
||||
@ -702,8 +702,6 @@ github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695AP
|
||||
github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
|
||||
github.com/wI2L/jsondiff v0.1.1 h1:r2TkoEet7E4JMO5+s1RCY2R0LrNPNHY6hbDeow2hRHw=
|
||||
github.com/wI2L/jsondiff v0.1.1/go.mod h1:bAbJSAJXZtfOCZ5y3v7Mfb6UQa3DGdGFjQj1cNv8EcM=
|
||||
github.com/wk8/go-ordered-map v1.0.0 h1:BV7z+2PaK8LTSd/mWgY12HyMAo5CEgkHqbkVq2thqr8=
|
||||
github.com/wk8/go-ordered-map v1.0.0/go.mod h1:9ZIbRunKbuvfPKyBP1SIKLcXNlv74YCOZ3t3VTS6gRk=
|
||||
github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
|
||||
github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
|
||||
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
|
||||
|
||||
@ -14,7 +14,6 @@ require (
|
||||
github.com/up9inc/mizu/tap/api v0.0.0
|
||||
github.com/up9inc/mizu/tap/dbgctl v0.0.0
|
||||
github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74
|
||||
github.com/wk8/go-ordered-map v1.0.0
|
||||
k8s.io/api v0.23.3
|
||||
)
|
||||
|
||||
|
||||
@ -130,7 +130,6 @@ github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
|
||||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/struCoder/pidusage v0.2.1 h1:dFiEgUDkubeIj0XA1NpQ6+8LQmKrLi7NiIQl86E6BoY=
|
||||
@ -141,8 +140,6 @@ github.com/tklauser/numcpus v0.4.0 h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq//
|
||||
github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ=
|
||||
github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
|
||||
github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
|
||||
github.com/wk8/go-ordered-map v1.0.0 h1:BV7z+2PaK8LTSd/mWgY12HyMAo5CEgkHqbkVq2thqr8=
|
||||
github.com/wk8/go-ordered-map v1.0.0/go.mod h1:9ZIbRunKbuvfPKyBP1SIKLcXNlv74YCOZ3t3VTS6gRk=
|
||||
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
|
||||
|
||||
@ -90,23 +90,3 @@ void sys_enter_write(struct sys_enter_write_ctx *ctx) {
|
||||
log_error(ctx, LOG_ERROR_PUTTING_FILE_DESCRIPTOR, id, err, ORIGIN_SYS_ENTER_WRITE_CODE);
|
||||
}
|
||||
}
|
||||
|
||||
struct sys_enter_close_ctx {
|
||||
__u64 __unused_syscall_header;
|
||||
__u32 __unused_syscall_nr;
|
||||
|
||||
__u64 fd;
|
||||
};
|
||||
|
||||
SEC("tracepoint/syscalls/sys_enter_close")
|
||||
void sys_enter_close(struct sys_enter_close_ctx *ctx) {
|
||||
__u64 id = bpf_get_current_pid_tgid();
|
||||
|
||||
if (!should_tap(id >> 32)) {
|
||||
return;
|
||||
}
|
||||
|
||||
struct sys_close event;
|
||||
event.fd = ctx->fd;
|
||||
bpf_perf_event_output(ctx, &sys_closes, BPF_F_CURRENT_CPU, &event, sizeof(event));
|
||||
}
|
||||
|
||||
@ -119,7 +119,6 @@ static __always_inline void golang_output_ssl_chunk(struct pt_regs *ctx, struct
|
||||
return;
|
||||
}
|
||||
|
||||
chunk->type = openssl_type;
|
||||
chunk->flags = flags;
|
||||
chunk->pid = id >> 32;
|
||||
chunk->tgid = id;
|
||||
|
||||
@ -8,7 +8,6 @@ Copyright (C) UP9 Inc.
|
||||
#define __HEADERS__
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdbool.h>
|
||||
#include <linux/bpf.h>
|
||||
#include <linux/ptrace.h>
|
||||
#include <bpf/bpf_helpers.h>
|
||||
|
||||
@ -26,16 +26,7 @@ Copyright (C) UP9 Inc.
|
||||
#define LOG_ERROR_PUTTING_CONNECT_INFO (14)
|
||||
#define LOG_ERROR_GETTING_CONNECT_INFO (15)
|
||||
#define LOG_ERROR_READING_CONNECT_INFO (16)
|
||||
#define LOG_ERROR_GOLANG_WRITE_READING_KEY_DIAL (17)
|
||||
#define LOG_ERROR_GOLANG_WRITE_GETTING_SOCKET (18)
|
||||
#define LOG_ERROR_GOLANG_WRITE_READING_DATA (19)
|
||||
#define LOG_ERROR_GOLANG_READ_READING_DATA_POINTER (20)
|
||||
#define LOG_ERROR_GOLANG_READ_READING_DATA (21)
|
||||
#define LOG_ERROR_GOLANG_SOCKET_GETTING_SOCKET (22)
|
||||
#define LOG_ERROR_GOLANG_SOCKET_PUTTING_FILE_DESCRIPTOR (23)
|
||||
#define LOG_ERROR_GOLANG_DIAL_READING_KEY_DIAL (24)
|
||||
#define LOG_ERROR_GOLANG_DIAL_PUTTING_SOCKET (25)
|
||||
#define LOG_ERROR_GOLANG_ALLOCATING_EVENT (26)
|
||||
#define LOG_ERROR_GOLANG_READ_READING_DATA_POINTER (17)
|
||||
|
||||
// Sometimes we have the same error, happening from different locations.
|
||||
// in order to be able to distinct between them in the log, we add an
|
||||
|
||||
@ -19,12 +19,6 @@ Copyright (C) UP9 Inc.
|
||||
#define MAX_ENTRIES_HASH (1 << 12) // 4096
|
||||
#define MAX_ENTRIES_PERF_OUTPUT (1 << 10) // 1024
|
||||
#define MAX_ENTRIES_LRU_HASH (1 << 14) // 16384
|
||||
#define MAX_ENTRIES_RINGBUFF (1 << 24) // 16777216
|
||||
|
||||
enum chunk_type {
|
||||
openssl_type=1,
|
||||
golang_type=2,
|
||||
};
|
||||
|
||||
// The same struct can be found in chunk.go
|
||||
//
|
||||
@ -38,8 +32,6 @@ struct tls_chunk {
|
||||
__u32 recorded;
|
||||
__u32 fd;
|
||||
__u32 flags;
|
||||
enum chunk_type type;
|
||||
bool is_request;
|
||||
__u8 address[16];
|
||||
__u8 data[CHUNK_SIZE]; // Must be N^2
|
||||
};
|
||||
@ -61,21 +53,6 @@ struct fd_info {
|
||||
__u8 flags;
|
||||
};
|
||||
|
||||
struct sys_close {
|
||||
__u32 fd;
|
||||
};
|
||||
|
||||
struct golang_socket {
|
||||
__u32 pid;
|
||||
__u32 fd;
|
||||
__u64 key_dial;
|
||||
__u64 conn_addr;
|
||||
};
|
||||
|
||||
const struct golang_event *unused1 __attribute__((unused));
|
||||
const struct sys_close *unused2 __attribute__((unused));
|
||||
|
||||
|
||||
// Heap-like area for eBPF programs - stack size limited to 512 bytes, we must use maps for bigger (chunk) objects.
|
||||
//
|
||||
struct {
|
||||
@ -103,19 +80,11 @@ struct {
|
||||
#define BPF_LRU_HASH(_name, _key_type, _value_type) \
|
||||
BPF_MAP(_name, BPF_MAP_TYPE_LRU_HASH, _key_type, _value_type, MAX_ENTRIES_LRU_HASH)
|
||||
|
||||
// Generic
|
||||
BPF_HASH(pids_map, __u32, __u32);
|
||||
BPF_PERF_OUTPUT(log_buffer);
|
||||
BPF_PERF_OUTPUT(sys_closes);
|
||||
BPF_PERF_OUTPUT(chunks_buffer);
|
||||
|
||||
// OpenSSL specific
|
||||
BPF_LRU_HASH(ssl_write_context, __u64, struct ssl_info);
|
||||
BPF_LRU_HASH(ssl_read_context, __u64, struct ssl_info);
|
||||
BPF_LRU_HASH(file_descriptor_to_ipv4, __u64, struct fd_info);
|
||||
|
||||
// Golang specific
|
||||
BPF_LRU_HASH(golang_dial_to_socket, __u64, struct golang_socket);
|
||||
BPF_LRU_HASH(golang_socket_to_write, __u64, struct golang_socket);
|
||||
BPF_PERF_OUTPUT(chunks_buffer);
|
||||
BPF_PERF_OUTPUT(log_buffer);
|
||||
|
||||
#endif /* __MAPS__ */
|
||||
|
||||
@ -132,7 +132,6 @@ static __always_inline void output_ssl_chunk(struct pt_regs *ctx, struct ssl_inf
|
||||
return;
|
||||
}
|
||||
|
||||
chunk->type = openssl_type;
|
||||
chunk->flags = flags;
|
||||
chunk->pid = id >> 32;
|
||||
chunk->tgid = id;
|
||||
|
||||
@ -20,14 +20,5 @@ var bpfLogMessages = []string{
|
||||
/*0014*/ "[%d] Unable to put connect info [err: %d]",
|
||||
/*0015*/ "[%d] Unable to get connect info",
|
||||
/*0016*/ "[%d] Unable to read connect info [err: %d]",
|
||||
/*0017*/ "[%d] Golang write unable to read key_dial [err: %d]",
|
||||
/*0018*/ "[%d] Golang write unable to get socket [err: %d]",
|
||||
/*0019*/ "[%d] Golang write unable to read data [err: %d]",
|
||||
/*0020*/ "[%d] Golang read unable to read data pointer [err: %d]",
|
||||
/*0021*/ "[%d] Golang read unable to read data [err: %d]",
|
||||
/*0022*/ "[%d] Golang socket unable to get socket [err: %d]",
|
||||
/*0023*/ "[%d] Golang socket unable to put file descriptor [err: %d]",
|
||||
/*0024*/ "[%d] Golang dial unable to read key_dial [err: %d]",
|
||||
/*0025*/ "[%d] Golang dial unable to put socket [err: %d]",
|
||||
/*0026*/ "[%d] Unable to allocate Golang event in bpf heap",
|
||||
/*0017*/ "[%d] Golang read unable to read data pointer [err: %d]",
|
||||
}
|
||||
|
||||
@ -1,53 +0,0 @@
|
||||
package tlstapper
|
||||
|
||||
import "github.com/up9inc/mizu/tap/api"
|
||||
|
||||
type golangConnection struct {
|
||||
pid uint32
|
||||
fd uint32
|
||||
connAddr uint32
|
||||
addressPair addressPair
|
||||
addressIsSet bool
|
||||
stream *tlsStream
|
||||
clientReader *golangReader
|
||||
serverReader *golangReader
|
||||
}
|
||||
|
||||
func NewGolangConnection(pid uint32, connAddr uint32, extension *api.Extension, emitter api.Emitter) *golangConnection {
|
||||
stream := &tlsStream{}
|
||||
counterPair := &api.CounterPair{}
|
||||
reqResMatcher := extension.Dissector.NewResponseRequestMatcher()
|
||||
clientReader := NewGolangReader(extension, true, emitter, counterPair, stream, reqResMatcher)
|
||||
serverReader := NewGolangReader(extension, false, emitter, counterPair, stream, reqResMatcher)
|
||||
stream.reader = clientReader
|
||||
return &golangConnection{
|
||||
pid: pid,
|
||||
connAddr: connAddr,
|
||||
stream: stream,
|
||||
clientReader: clientReader,
|
||||
serverReader: serverReader,
|
||||
}
|
||||
}
|
||||
|
||||
func (c *golangConnection) setAddressBySockfd(procfs string, pid uint32, fd uint32) error {
|
||||
if c.addressIsSet {
|
||||
return nil
|
||||
}
|
||||
|
||||
addrPair, err := getAddressBySockfd(procfs, pid, fd)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
c.addressPair = addrPair
|
||||
c.addressIsSet = true
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *golangConnection) close() {
|
||||
if c.clientReader != nil {
|
||||
c.clientReader.close()
|
||||
}
|
||||
if c.serverReader != nil {
|
||||
c.serverReader.close()
|
||||
}
|
||||
}
|
||||
@ -1,118 +0,0 @@
|
||||
package tlstapper
|
||||
|
||||
import (
|
||||
"io"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/up9inc/mizu/tap/api"
|
||||
)
|
||||
|
||||
type golangReader struct {
|
||||
msgQueue chan []byte
|
||||
data []byte
|
||||
progress *api.ReadProgress
|
||||
tcpID *api.TcpID
|
||||
isClosed bool
|
||||
isClient bool
|
||||
captureTime time.Time
|
||||
extension *api.Extension
|
||||
emitter api.Emitter
|
||||
counterPair *api.CounterPair
|
||||
parent *tlsStream
|
||||
reqResMatcher api.RequestResponseMatcher
|
||||
sync.Mutex
|
||||
}
|
||||
|
||||
func NewGolangReader(extension *api.Extension, isClient bool, emitter api.Emitter, counterPair *api.CounterPair, stream *tlsStream, reqResMatcher api.RequestResponseMatcher) *golangReader {
|
||||
return &golangReader{
|
||||
msgQueue: make(chan []byte, 1),
|
||||
progress: &api.ReadProgress{},
|
||||
tcpID: &api.TcpID{},
|
||||
isClient: isClient,
|
||||
captureTime: time.Now(),
|
||||
extension: extension,
|
||||
emitter: emitter,
|
||||
counterPair: counterPair,
|
||||
parent: stream,
|
||||
reqResMatcher: reqResMatcher,
|
||||
}
|
||||
}
|
||||
|
||||
func (r *golangReader) send(b []byte) {
|
||||
r.Lock()
|
||||
if !r.isClosed {
|
||||
r.captureTime = time.Now()
|
||||
r.msgQueue <- b
|
||||
}
|
||||
r.Unlock()
|
||||
}
|
||||
|
||||
func (r *golangReader) close() {
|
||||
r.Lock()
|
||||
if !r.isClosed {
|
||||
r.isClosed = true
|
||||
close(r.msgQueue)
|
||||
}
|
||||
r.Unlock()
|
||||
}
|
||||
|
||||
func (r *golangReader) Read(p []byte) (int, error) {
|
||||
var b []byte
|
||||
|
||||
for len(r.data) == 0 {
|
||||
var ok bool
|
||||
b, ok = <-r.msgQueue
|
||||
if !ok {
|
||||
return 0, io.EOF
|
||||
}
|
||||
|
||||
r.data = b
|
||||
|
||||
if len(r.data) > 0 {
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
l := copy(p, r.data)
|
||||
r.data = r.data[l:]
|
||||
r.progress.Feed(l)
|
||||
|
||||
return l, nil
|
||||
}
|
||||
|
||||
func (r *golangReader) GetReqResMatcher() api.RequestResponseMatcher {
|
||||
return r.reqResMatcher
|
||||
}
|
||||
|
||||
func (r *golangReader) GetIsClient() bool {
|
||||
return r.isClient
|
||||
}
|
||||
|
||||
func (r *golangReader) GetReadProgress() *api.ReadProgress {
|
||||
return r.progress
|
||||
}
|
||||
|
||||
func (r *golangReader) GetParent() api.TcpStream {
|
||||
return r.parent
|
||||
}
|
||||
|
||||
func (r *golangReader) GetTcpID() *api.TcpID {
|
||||
return r.tcpID
|
||||
}
|
||||
|
||||
func (r *golangReader) GetCounterPair() *api.CounterPair {
|
||||
return r.counterPair
|
||||
}
|
||||
|
||||
func (r *golangReader) GetCaptureTime() time.Time {
|
||||
return r.captureTime
|
||||
}
|
||||
|
||||
func (r *golangReader) GetEmitter() api.Emitter {
|
||||
return r.emitter
|
||||
}
|
||||
|
||||
func (r *golangReader) GetIsClosed() bool {
|
||||
return false
|
||||
}
|
||||
@ -8,7 +8,6 @@ import (
|
||||
type syscallHooks struct {
|
||||
sysEnterRead link.Link
|
||||
sysEnterWrite link.Link
|
||||
sysEnterClose link.Link
|
||||
sysEnterAccept4 link.Link
|
||||
sysExitAccept4 link.Link
|
||||
sysEnterConnect link.Link
|
||||
@ -30,12 +29,6 @@ func (s *syscallHooks) installSyscallHooks(bpfObjects *tlsTapperObjects) error {
|
||||
return errors.Wrap(err, 0)
|
||||
}
|
||||
|
||||
s.sysEnterClose, err = link.Tracepoint("syscalls", "sys_enter_close", bpfObjects.SysEnterClose)
|
||||
|
||||
if err != nil {
|
||||
return errors.Wrap(err, 0)
|
||||
}
|
||||
|
||||
s.sysEnterAccept4, err = link.Tracepoint("syscalls", "sys_enter_accept4", bpfObjects.SysEnterAccept4)
|
||||
|
||||
if err != nil {
|
||||
@ -74,10 +67,6 @@ func (s *syscallHooks) close() []error {
|
||||
errors = append(errors, err)
|
||||
}
|
||||
|
||||
if err := s.sysEnterClose.Close(); err != nil {
|
||||
errors = append(errors, err)
|
||||
}
|
||||
|
||||
if err := s.sysEnterAccept4.Close(); err != nil {
|
||||
errors = append(errors, err)
|
||||
}
|
||||
|
||||
@ -6,7 +6,6 @@ import (
|
||||
"fmt"
|
||||
"sync"
|
||||
"time"
|
||||
"unsafe"
|
||||
|
||||
"encoding/binary"
|
||||
"encoding/hex"
|
||||
@ -19,7 +18,6 @@ import (
|
||||
"github.com/hashicorp/golang-lru/simplelru"
|
||||
"github.com/up9inc/mizu/logger"
|
||||
"github.com/up9inc/mizu/tap/api"
|
||||
orderedmap "github.com/wk8/go-ordered-map"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -34,8 +32,6 @@ type tlsPoller struct {
|
||||
closedReaders chan string
|
||||
reqResMatcher api.RequestResponseMatcher
|
||||
chunksReader *perf.Reader
|
||||
golangConnectionMap *orderedmap.OrderedMap
|
||||
sysCloses *perf.Reader
|
||||
extension *api.Extension
|
||||
procfs string
|
||||
pidToNamespace sync.Map
|
||||
@ -73,14 +69,6 @@ func (p *tlsPoller) init(bpfObjects *tlsTapperObjects, bufferSize int) error {
|
||||
return errors.Wrap(err, 0)
|
||||
}
|
||||
|
||||
p.sysCloses, err = perf.NewReader(bpfObjects.SysCloses, os.Getpagesize())
|
||||
|
||||
if err != nil {
|
||||
return errors.Wrap(err, 0)
|
||||
}
|
||||
|
||||
p.golangConnectionMap = orderedmap.New()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -88,12 +76,11 @@ func (p *tlsPoller) close() error {
|
||||
return p.chunksReader.Close()
|
||||
}
|
||||
|
||||
func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) {
|
||||
func (p *tlsPoller) poll(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) {
|
||||
// tlsTapperTlsChunk is generated by bpf2go.
|
||||
chunks := make(chan *tlsTapperTlsChunk)
|
||||
|
||||
go p.pollChunksPerfBuffer(chunks)
|
||||
go p.pollSysClosesPerfBuffer(p.sysCloses)
|
||||
|
||||
for {
|
||||
select {
|
||||
@ -102,116 +89,15 @@ func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilterin
|
||||
return
|
||||
}
|
||||
|
||||
switch chunk.Type {
|
||||
case tlsTapperChunkTypeOpensslType:
|
||||
if err := p.handleOpensslTlsChunk(chunk, p.extension, emitter, options, streamsMap); err != nil {
|
||||
if err := p.handleTlsChunk(chunk, p.extension, emitter, options, streamsMap); err != nil {
|
||||
LogError(err)
|
||||
}
|
||||
case tlsTapperChunkTypeGolangType:
|
||||
if err := p.handleGolangTlsChunk(chunk, emitter, options, streamsMap); err != nil {
|
||||
LogError(err)
|
||||
}
|
||||
}
|
||||
case key := <-p.closedReaders:
|
||||
delete(p.readers, key)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (p *tlsPoller) handleGolangTlsChunk(chunk *tlsTapperTlsChunk, emitter api.Emitter, options *api.TrafficFilteringOptions,
|
||||
streamsMap api.TcpStreamMap) error {
|
||||
if p.golangConnectionMap.Len()+1 > golangMapLimit {
|
||||
pair := p.golangConnectionMap.Oldest()
|
||||
pair.Value.(*golangConnection).close()
|
||||
p.golangConnectionMap.Delete(pair.Key)
|
||||
}
|
||||
|
||||
pid := uint64(chunk.Pid)
|
||||
identifier := pid<<32 + uint64(chunk.Flags)
|
||||
|
||||
var connection *golangConnection
|
||||
var _connection interface{}
|
||||
var ok bool
|
||||
if _connection, ok = p.golangConnectionMap.Get(identifier); !ok {
|
||||
tlsEmitter := &tlsEmitter{
|
||||
delegate: emitter,
|
||||
namespace: p.getNamespace(chunk.Pid),
|
||||
}
|
||||
|
||||
connection = NewGolangConnection(chunk.Pid, chunk.Flags, p.extension, tlsEmitter)
|
||||
p.golangConnectionMap.Set(identifier, connection)
|
||||
streamsMap.Store(streamsMap.NextId(), connection.stream)
|
||||
} else {
|
||||
connection = _connection.(*golangConnection)
|
||||
}
|
||||
|
||||
if chunk.IsRequest {
|
||||
connection.fd = chunk.Fd
|
||||
|
||||
err := connection.setAddressBySockfd(p.procfs, chunk.Pid, chunk.Fd)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error resolving address pair from fd: %s", err)
|
||||
}
|
||||
|
||||
tcpid := p.buildTcpId(&connection.addressPair)
|
||||
connection.clientReader.tcpID = &tcpid
|
||||
connection.serverReader.tcpID = &api.TcpID{
|
||||
SrcIP: tcpid.DstIP,
|
||||
DstIP: tcpid.SrcIP,
|
||||
SrcPort: tcpid.DstPort,
|
||||
DstPort: tcpid.SrcPort,
|
||||
}
|
||||
|
||||
go dissect(p.extension, connection.clientReader, options)
|
||||
go dissect(p.extension, connection.serverReader, options)
|
||||
|
||||
request := make([]byte, len(chunk.Data[:chunk.Len]))
|
||||
copy(request, chunk.Data[:chunk.Len])
|
||||
connection.clientReader.send(request)
|
||||
} else {
|
||||
response := make([]byte, len(chunk.Data[:chunk.Len]))
|
||||
copy(response, chunk.Data[:chunk.Len])
|
||||
connection.serverReader.send(response)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *tlsPoller) pollSysClosesPerfBuffer(rd *perf.Reader) {
|
||||
nativeEndian := p.getByteOrder()
|
||||
// tlsTapperSysClose is generated by bpf2go.
|
||||
var b tlsTapperSysClose
|
||||
for {
|
||||
record, err := rd.Read()
|
||||
if err != nil {
|
||||
if errors.Is(err, perf.ErrClosed) {
|
||||
return
|
||||
}
|
||||
logger.Log.Errorf("reading from sys_close tls reader: %s", err)
|
||||
continue
|
||||
}
|
||||
|
||||
if record.LostSamples != 0 {
|
||||
logger.Log.Info("sys_close perf event ring buffer full, dropped %d samples", record.LostSamples)
|
||||
continue
|
||||
}
|
||||
|
||||
if err := binary.Read(bytes.NewBuffer(record.RawSample), nativeEndian, &b); err != nil {
|
||||
logger.Log.Errorf("parsing sys_close perf event: %s", err)
|
||||
continue
|
||||
}
|
||||
|
||||
// Close and remove the connection from map if its socket file descriptor is closed.
|
||||
for pair := p.golangConnectionMap.Oldest(); pair != nil; pair = pair.Next() {
|
||||
connection := pair.Value.(*golangConnection)
|
||||
if connection.fd == b.Fd {
|
||||
connection.close()
|
||||
p.golangConnectionMap.Delete(pair.Key)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (p *tlsPoller) pollChunksPerfBuffer(chunks chan<- *tlsTapperTlsChunk) {
|
||||
logger.Log.Infof("Start polling for tls events")
|
||||
|
||||
@ -247,7 +133,7 @@ func (p *tlsPoller) pollChunksPerfBuffer(chunks chan<- *tlsTapperTlsChunk) {
|
||||
}
|
||||
}
|
||||
|
||||
func (p *tlsPoller) handleOpensslTlsChunk(chunk *tlsTapperTlsChunk, extension *api.Extension, emitter api.Emitter,
|
||||
func (p *tlsPoller) handleTlsChunk(chunk *tlsTapperTlsChunk, extension *api.Extension, emitter api.Emitter,
|
||||
options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) error {
|
||||
address, err := p.getSockfdAddressPair(chunk)
|
||||
|
||||
@ -437,19 +323,3 @@ func (p *tlsPoller) fdCacheEvictCallback(key interface{}, value interface{}) {
|
||||
logger.Log.Infof("Tls fdCache evicted %d items", p.evictedCounter)
|
||||
}
|
||||
}
|
||||
|
||||
func (p *tlsPoller) getByteOrder() (byteOrder binary.ByteOrder) {
|
||||
buf := [2]byte{}
|
||||
*(*uint16)(unsafe.Pointer(&buf[0])) = uint16(0xABCD)
|
||||
|
||||
switch buf {
|
||||
case [2]byte{0xCD, 0xAB}:
|
||||
byteOrder = binary.LittleEndian
|
||||
case [2]byte{0xAB, 0xCD}:
|
||||
byteOrder = binary.BigEndian
|
||||
default:
|
||||
panic("Could not determine native endianness.")
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
@ -3,7 +3,7 @@ package tlstapper
|
||||
import "github.com/up9inc/mizu/tap/api"
|
||||
|
||||
type tlsStream struct {
|
||||
reader api.TcpReader
|
||||
reader *tlsReader
|
||||
protocol *api.Protocol
|
||||
}
|
||||
|
||||
@ -16,7 +16,7 @@ func (t *tlsStream) SetProtocol(protocol *api.Protocol) {
|
||||
}
|
||||
|
||||
func (t *tlsStream) GetReqResMatchers() []api.RequestResponseMatcher {
|
||||
return []api.RequestResponseMatcher{t.reader.GetReqResMatcher()}
|
||||
return []api.RequestResponseMatcher{t.reader.reqResMatcher}
|
||||
}
|
||||
|
||||
func (t *tlsStream) GetIsTapTarget() bool {
|
||||
|
||||
@ -12,7 +12,7 @@ import (
|
||||
|
||||
const GLOABL_TAP_PID = 0
|
||||
|
||||
//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type chunk_type -type tls_chunk -type sys_close tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86
|
||||
//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type tls_chunk tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86
|
||||
|
||||
type TlsTapper struct {
|
||||
bpfObjects tlsTapperObjects
|
||||
@ -59,7 +59,7 @@ func (t *TlsTapper) Init(chunksBufferSize int, logBufferSize int, procfs string,
|
||||
}
|
||||
|
||||
func (t *TlsTapper) Poll(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) {
|
||||
t.poller.pollSsllib(emitter, options, streamsMap)
|
||||
t.poller.poll(emitter, options, streamsMap)
|
||||
}
|
||||
|
||||
func (t *TlsTapper) PollForLogging() {
|
||||
|
||||
@ -13,15 +13,6 @@ import (
|
||||
"github.com/cilium/ebpf"
|
||||
)
|
||||
|
||||
type tlsTapperChunkType int32
|
||||
|
||||
const (
|
||||
tlsTapperChunkTypeOpensslType tlsTapperChunkType = 1
|
||||
tlsTapperChunkTypeGolangType tlsTapperChunkType = 2
|
||||
)
|
||||
|
||||
type tlsTapperSysClose struct{ Fd uint32 }
|
||||
|
||||
type tlsTapperTlsChunk struct {
|
||||
Pid uint32
|
||||
Tgid uint32
|
||||
@ -30,11 +21,8 @@ type tlsTapperTlsChunk struct {
|
||||
Recorded uint32
|
||||
Fd uint32
|
||||
Flags uint32
|
||||
Type tlsTapperChunkType
|
||||
IsRequest bool
|
||||
Address [16]uint8
|
||||
Data [4096]uint8
|
||||
_ [3]byte
|
||||
}
|
||||
|
||||
// loadTlsTapper returns the embedded CollectionSpec for tlsTapper.
|
||||
@ -89,7 +77,6 @@ type tlsTapperProgramSpecs struct {
|
||||
SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"`
|
||||
SysEnterClose *ebpf.ProgramSpec `ebpf:"sys_enter_close"`
|
||||
SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
|
||||
@ -105,14 +92,11 @@ type tlsTapperMapSpecs struct {
|
||||
ChunksBuffer *ebpf.MapSpec `ebpf:"chunks_buffer"`
|
||||
ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"`
|
||||
FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"`
|
||||
GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"`
|
||||
GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"`
|
||||
Heap *ebpf.MapSpec `ebpf:"heap"`
|
||||
LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"`
|
||||
PidsMap *ebpf.MapSpec `ebpf:"pids_map"`
|
||||
SslReadContext *ebpf.MapSpec `ebpf:"ssl_read_context"`
|
||||
SslWriteContext *ebpf.MapSpec `ebpf:"ssl_write_context"`
|
||||
SysCloses *ebpf.MapSpec `ebpf:"sys_closes"`
|
||||
}
|
||||
|
||||
// tlsTapperObjects contains all objects after they have been loaded into the kernel.
|
||||
@ -138,14 +122,11 @@ type tlsTapperMaps struct {
|
||||
ChunksBuffer *ebpf.Map `ebpf:"chunks_buffer"`
|
||||
ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"`
|
||||
FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"`
|
||||
GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"`
|
||||
GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"`
|
||||
Heap *ebpf.Map `ebpf:"heap"`
|
||||
LogBuffer *ebpf.Map `ebpf:"log_buffer"`
|
||||
PidsMap *ebpf.Map `ebpf:"pids_map"`
|
||||
SslReadContext *ebpf.Map `ebpf:"ssl_read_context"`
|
||||
SslWriteContext *ebpf.Map `ebpf:"ssl_write_context"`
|
||||
SysCloses *ebpf.Map `ebpf:"sys_closes"`
|
||||
}
|
||||
|
||||
func (m *tlsTapperMaps) Close() error {
|
||||
@ -154,14 +135,11 @@ func (m *tlsTapperMaps) Close() error {
|
||||
m.ChunksBuffer,
|
||||
m.ConnectSyscallInfo,
|
||||
m.FileDescriptorToIpv4,
|
||||
m.GolangDialToSocket,
|
||||
m.GolangSocketToWrite,
|
||||
m.Heap,
|
||||
m.LogBuffer,
|
||||
m.PidsMap,
|
||||
m.SslReadContext,
|
||||
m.SslWriteContext,
|
||||
m.SysCloses,
|
||||
)
|
||||
}
|
||||
|
||||
@ -180,7 +158,6 @@ type tlsTapperPrograms struct {
|
||||
SslWrite *ebpf.Program `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"`
|
||||
SysEnterClose *ebpf.Program `ebpf:"sys_enter_close"`
|
||||
SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"`
|
||||
@ -201,7 +178,6 @@ func (p *tlsTapperPrograms) Close() error {
|
||||
p.SslWrite,
|
||||
p.SslWriteEx,
|
||||
p.SysEnterAccept4,
|
||||
p.SysEnterClose,
|
||||
p.SysEnterConnect,
|
||||
p.SysEnterRead,
|
||||
p.SysEnterWrite,
|
||||
|
||||
Binary file not shown.
@ -13,15 +13,6 @@ import (
|
||||
"github.com/cilium/ebpf"
|
||||
)
|
||||
|
||||
type tlsTapperChunkType int32
|
||||
|
||||
const (
|
||||
tlsTapperChunkTypeOpensslType tlsTapperChunkType = 1
|
||||
tlsTapperChunkTypeGolangType tlsTapperChunkType = 2
|
||||
)
|
||||
|
||||
type tlsTapperSysClose struct{ Fd uint32 }
|
||||
|
||||
type tlsTapperTlsChunk struct {
|
||||
Pid uint32
|
||||
Tgid uint32
|
||||
@ -30,11 +21,8 @@ type tlsTapperTlsChunk struct {
|
||||
Recorded uint32
|
||||
Fd uint32
|
||||
Flags uint32
|
||||
Type tlsTapperChunkType
|
||||
IsRequest bool
|
||||
Address [16]uint8
|
||||
Data [4096]uint8
|
||||
_ [3]byte
|
||||
}
|
||||
|
||||
// loadTlsTapper returns the embedded CollectionSpec for tlsTapper.
|
||||
@ -89,7 +77,6 @@ type tlsTapperProgramSpecs struct {
|
||||
SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"`
|
||||
SysEnterClose *ebpf.ProgramSpec `ebpf:"sys_enter_close"`
|
||||
SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
|
||||
@ -105,14 +92,11 @@ type tlsTapperMapSpecs struct {
|
||||
ChunksBuffer *ebpf.MapSpec `ebpf:"chunks_buffer"`
|
||||
ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"`
|
||||
FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"`
|
||||
GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"`
|
||||
GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"`
|
||||
Heap *ebpf.MapSpec `ebpf:"heap"`
|
||||
LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"`
|
||||
PidsMap *ebpf.MapSpec `ebpf:"pids_map"`
|
||||
SslReadContext *ebpf.MapSpec `ebpf:"ssl_read_context"`
|
||||
SslWriteContext *ebpf.MapSpec `ebpf:"ssl_write_context"`
|
||||
SysCloses *ebpf.MapSpec `ebpf:"sys_closes"`
|
||||
}
|
||||
|
||||
// tlsTapperObjects contains all objects after they have been loaded into the kernel.
|
||||
@ -138,14 +122,11 @@ type tlsTapperMaps struct {
|
||||
ChunksBuffer *ebpf.Map `ebpf:"chunks_buffer"`
|
||||
ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"`
|
||||
FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"`
|
||||
GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"`
|
||||
GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"`
|
||||
Heap *ebpf.Map `ebpf:"heap"`
|
||||
LogBuffer *ebpf.Map `ebpf:"log_buffer"`
|
||||
PidsMap *ebpf.Map `ebpf:"pids_map"`
|
||||
SslReadContext *ebpf.Map `ebpf:"ssl_read_context"`
|
||||
SslWriteContext *ebpf.Map `ebpf:"ssl_write_context"`
|
||||
SysCloses *ebpf.Map `ebpf:"sys_closes"`
|
||||
}
|
||||
|
||||
func (m *tlsTapperMaps) Close() error {
|
||||
@ -154,14 +135,11 @@ func (m *tlsTapperMaps) Close() error {
|
||||
m.ChunksBuffer,
|
||||
m.ConnectSyscallInfo,
|
||||
m.FileDescriptorToIpv4,
|
||||
m.GolangDialToSocket,
|
||||
m.GolangSocketToWrite,
|
||||
m.Heap,
|
||||
m.LogBuffer,
|
||||
m.PidsMap,
|
||||
m.SslReadContext,
|
||||
m.SslWriteContext,
|
||||
m.SysCloses,
|
||||
)
|
||||
}
|
||||
|
||||
@ -180,7 +158,6 @@ type tlsTapperPrograms struct {
|
||||
SslWrite *ebpf.Program `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"`
|
||||
SysEnterClose *ebpf.Program `ebpf:"sys_enter_close"`
|
||||
SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"`
|
||||
@ -201,7 +178,6 @@ func (p *tlsTapperPrograms) Close() error {
|
||||
p.SslWrite,
|
||||
p.SslWriteEx,
|
||||
p.SysEnterAccept4,
|
||||
p.SysEnterClose,
|
||||
p.SysEnterConnect,
|
||||
p.SysEnterRead,
|
||||
p.SysEnterWrite,
|
||||
|
||||
Binary file not shown.
Loading…
Reference in New Issue
Block a user