github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-07-15 17:12:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rename golang_read_write to golang_event

Browse Source
This commit is contained in:
M. Mert Yildiran 2022-06-02 22:43:51 +03:00
parent 32c566705a
commit 2492ae1c3b
No known key found for this signature in database
GPG Key ID: D42ADB236521BF7A
8 changed files with 58 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
tap/tlstapper/bpf/golang_uprobes.c
View File

@ -15,7 +15,7 @@ struct {
__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
__uint(max_entries, 1);
__type(key, int);
__type(value, struct golang_read_write);
__type(value, struct golang_event);
} golang_heap SEC(".maps");
SEC("uprobe/golang_crypto_tls_write")
@ -42,31 +42,31 @@ static __always_inline int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) {
return 0;
}
struct golang_read_write *b = NULL;
struct golang_event *event = NULL;
int zero = 0;
b = bpf_map_lookup_elem(&golang_heap, &zero);
event = bpf_map_lookup_elem(&golang_heap, &zero);
if (!b) {
if (!event) {
log_error(ctx, LOG_ERROR_ALLOCATING_CHUNK, pid, 0l, 0l);
return 0;
}
b->pid = pid;
b->fd = s->fd;
event->pid = pid;
event->fd = s->fd;
// ctx->rsi is common between golang_crypto_tls_write_uprobe and golang_crypto_tls_read_uprobe
b->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address
b->is_request = true;
b->len = ctx->rcx;
b->cap = ctx->rdi;
event->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address
event->is_request = true;
event->len = ctx->rcx;
event->cap = ctx->rdi;
status = bpf_probe_read(&b->data, CHUNK_SIZE, (void*)ctx->rbx);
status = bpf_probe_read(&event->data, CHUNK_SIZE, (void*)ctx->rbx);
if (status < 0) {
log_error(ctx, LOG_ERROR_GOLANG_WRITE_READING_DATA, pid_tgid, status, 0l);
return 0;
}
bpf_perf_event_output(ctx, &golang_read_writes, BPF_F_CURRENT_CPU, b, sizeof(struct golang_read_write));
bpf_perf_event_output(ctx, &golang_events, BPF_F_CURRENT_CPU, event, sizeof(struct golang_event));
return 0;
}
@ -88,30 +88,30 @@ static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
return 0;
}
struct golang_read_write *b = NULL;
struct golang_event *event = NULL;
int zero = 0;
b = bpf_map_lookup_elem(&golang_heap, &zero);
event = bpf_map_lookup_elem(&golang_heap, &zero);
if (!b) {
if (!event) {
log_error(ctx, LOG_ERROR_ALLOCATING_CHUNK, pid, 0l, 0l);
return 0;
}
b->pid = pid;
event->pid = pid;
// ctx->rsi is common between golang_crypto_tls_write_uprobe and golang_crypto_tls_read_uprobe
b->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address
b->is_request = false;
b->len = ctx->rcx;
b->cap = ctx->rcx; // no cap info
event->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address
event->is_request = false;
event->len = ctx->rcx;
event->cap = ctx->rcx; // no cap info
status = bpf_probe_read(&b->data, CHUNK_SIZE, (void*)(data_p));
status = bpf_probe_read(&event->data, CHUNK_SIZE, (void*)(data_p));
if (status < 0) {
log_error(ctx, LOG_ERROR_GOLANG_READ_READING_DATA, pid_tgid, status, 0l);
return 0;
}
bpf_perf_event_output(ctx, &golang_read_writes, BPF_F_CURRENT_CPU, b, sizeof(struct golang_read_write));
bpf_perf_event_output(ctx, &golang_events, BPF_F_CURRENT_CPU, event, sizeof(struct golang_event));
return 0;
}

6
tap/tlstapper/bpf/include/maps.h
View File

@ -64,7 +64,7 @@ struct golang_socket {
__u64 conn_addr;
};
struct golang_read_write {
struct golang_event {
__u32 pid;
__u32 fd;
__u32 conn_addr;
@ -74,7 +74,7 @@ struct golang_read_write {
__u8 data[CHUNK_SIZE];
};
const struct golang_read_write *unused1 __attribute__((unused));
const struct golang_event *unused1 __attribute__((unused));
const struct sys_close *unused2 __attribute__((unused));
@ -104,7 +104,7 @@ BPF_PERF_OUTPUT(log_buffer);
BPF_LRU_HASH(golang_dial_to_socket, __u64, struct golang_socket);
BPF_LRU_HASH(golang_socket_to_write, __u64, struct golang_socket);
BPF_PERF_OUTPUT(golang_read_writes);
BPF_PERF_OUTPUT(golang_events);
BPF_PERF_OUTPUT(sys_closes);
#endif /* __MAPS__ */

49
tap/tlstapper/tls_poller.go
View File

@ -30,19 +30,19 @@ const (
)
type tlsPoller struct {
tls *TlsTapper
readers map[string]*tlsReader
closedReaders chan string
reqResMatcher api.RequestResponseMatcher
chunksReader *perf.Reader
golangReader *perf.Reader
golangReadWriteMap *orderedmap.OrderedMap
sysCloses *perf.Reader
extension *api.Extension
procfs string
pidToNamespace sync.Map
fdCache *simplelru.LRU // Actual typs is map[string]addressPair
evictedCounter int
tls *TlsTapper
readers map[string]*tlsReader
closedReaders chan string
reqResMatcher api.RequestResponseMatcher
chunksReader *perf.Reader
golangReader *perf.Reader
golangConnectionMap *orderedmap.OrderedMap
sysCloses *perf.Reader
extension *api.Extension
procfs string
pidToNamespace sync.Map
fdCache *simplelru.LRU // Actual typs is map[string]addressPair
evictedCounter int
}
func newTlsPoller(tls *TlsTapper, extension *api.Extension, procfs string) (*tlsPoller, error) {
@ -75,7 +75,7 @@ func (p *tlsPoller) init(bpfObjects *tlsTapperObjects, bufferSize int) error {
return errors.Wrap(err, 0)
}
p.golangReader, err = perf.NewReader(bpfObjects.GolangReadWrites, bufferSize)
p.golangReader, err = perf.NewReader(bpfObjects.GolangEvents, bufferSize)
if err != nil {
return errors.Wrap(err, 0)
@ -87,7 +87,7 @@ func (p *tlsPoller) init(bpfObjects *tlsTapperObjects, bufferSize int) error {
return errors.Wrap(err, 0)
}
p.golangReadWriteMap = orderedmap.New()
p.golangConnectionMap = orderedmap.New()
return nil
}
@ -119,14 +119,13 @@ func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilterin
func (p *tlsPoller) pollGolang(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) {
go p.pollGolangReadWrite(p.golangReader, emitter, options, streamsMap)
go p.pollSysClose(p.sysCloses)
}
func (p *tlsPoller) pollGolangReadWrite(rd *perf.Reader, emitter api.Emitter, options *api.TrafficFilteringOptions,
streamsMap api.TcpStreamMap) {
nativeEndian := p.getByteOrder()
// tlsTapperGolangReadWrite is generated by bpf2go.
var b tlsTapperGolangReadWrite
// tlsTapperGolangEvent is generated by bpf2go.
var b tlsTapperGolangEvent
for {
record, err := rd.Read()
if err != nil {
@ -147,10 +146,10 @@ func (p *tlsPoller) pollGolangReadWrite(rd *perf.Reader, emitter api.Emitter, op
continue
}
if p.golangReadWriteMap.Len()+1 > golangMapLimit {
pair := p.golangReadWriteMap.Oldest()
if p.golangConnectionMap.Len()+1 > golangMapLimit {
pair := p.golangConnectionMap.Oldest()
pair.Value.(*golangConnection).close()
p.golangReadWriteMap.Delete(pair.Key)
p.golangConnectionMap.Delete(pair.Key)
}
pid := uint64(b.Pid)
@ -159,14 +158,14 @@ func (p *tlsPoller) pollGolangReadWrite(rd *perf.Reader, emitter api.Emitter, op
var connection *golangConnection
var _connection interface{}
var ok bool
if _connection, ok = p.golangReadWriteMap.Get(identifier); !ok {
if _connection, ok = p.golangConnectionMap.Get(identifier); !ok {
tlsEmitter := &tlsEmitter{
delegate: emitter,
namespace: p.getNamespace(b.Pid),
}
connection = NewGolangConnection(b.Pid, b.ConnAddr, p.extension, tlsEmitter)
p.golangReadWriteMap.Set(identifier, connection)
p.golangConnectionMap.Set(identifier, connection)
streamsMap.Store(streamsMap.NextId(), connection.stream)
} else {
connection = _connection.(*golangConnection)
@ -229,11 +228,11 @@ func (p *tlsPoller) pollSysClose(rd *perf.Reader) {
}
// Close and remove the connection from map if its socket file descriptor is closed.
for pair := p.golangReadWriteMap.Oldest(); pair != nil; pair = pair.Next() {
for pair := p.golangConnectionMap.Oldest(); pair != nil; pair = pair.Next() {
connection := pair.Value.(*golangConnection)
if connection.fd == b.Fd {
connection.close()
p.golangReadWriteMap.Delete(pair.Key)
p.golangConnectionMap.Delete(pair.Key)
}
}
}

2
tap/tlstapper/tls_tapper.go
View File

@ -14,7 +14,7 @@ import (
const GLOABL_TAP_PID = 0
//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type golang_read_write -type sys_close tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86
//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type golang_event -type sys_close tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86
type TlsTapper struct {
bpfObjects tlsTapperObjects

8
tap/tlstapper/tlstapper_bpfeb.go
View File

@ -13,7 +13,7 @@ import (
"github.com/cilium/ebpf"
)
type tlsTapperGolangReadWrite struct {
type tlsTapperGolangEvent struct {
Pid uint32
Fd uint32
ConnAddr uint32
@ -109,8 +109,8 @@ type tlsTapperMapSpecs struct {
ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"`
FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"`
GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"`
GolangEvents *ebpf.MapSpec `ebpf:"golang_events"`
GolangHeap *ebpf.MapSpec `ebpf:"golang_heap"`
GolangReadWrites *ebpf.MapSpec `ebpf:"golang_read_writes"`
GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"`
Heap *ebpf.MapSpec `ebpf:"heap"`
LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"`
@ -144,8 +144,8 @@ type tlsTapperMaps struct {
ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"`
FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"`
GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"`
GolangEvents *ebpf.Map `ebpf:"golang_events"`
GolangHeap *ebpf.Map `ebpf:"golang_heap"`
GolangReadWrites *ebpf.Map `ebpf:"golang_read_writes"`
GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"`
Heap *ebpf.Map `ebpf:"heap"`
LogBuffer *ebpf.Map `ebpf:"log_buffer"`
@ -162,8 +162,8 @@ func (m *tlsTapperMaps) Close() error {
m.ConnectSyscallInfo,
m.FileDescriptorToIpv4,
m.GolangDialToSocket,
m.GolangEvents,
m.GolangHeap,
m.GolangReadWrites,
m.GolangSocketToWrite,
m.Heap,
m.LogBuffer,

BIN
tap/tlstapper/tlstapper_bpfeb.o
View File

Binary file not shown.

8
tap/tlstapper/tlstapper_bpfel.go
View File

@ -13,7 +13,7 @@ import (
"github.com/cilium/ebpf"
)
type tlsTapperGolangReadWrite struct {
type tlsTapperGolangEvent struct {
Pid uint32
Fd uint32
ConnAddr uint32
@ -109,8 +109,8 @@ type tlsTapperMapSpecs struct {
ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"`
FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"`
GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"`
GolangEvents *ebpf.MapSpec `ebpf:"golang_events"`
GolangHeap *ebpf.MapSpec `ebpf:"golang_heap"`
GolangReadWrites *ebpf.MapSpec `ebpf:"golang_read_writes"`
GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"`
Heap *ebpf.MapSpec `ebpf:"heap"`
LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"`
@ -144,8 +144,8 @@ type tlsTapperMaps struct {
ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"`
FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"`
GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"`
GolangEvents *ebpf.Map `ebpf:"golang_events"`
GolangHeap *ebpf.Map `ebpf:"golang_heap"`
GolangReadWrites *ebpf.Map `ebpf:"golang_read_writes"`
GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"`
Heap *ebpf.Map `ebpf:"heap"`
LogBuffer *ebpf.Map `ebpf:"log_buffer"`
@ -162,8 +162,8 @@ func (m *tlsTapperMaps) Close() error {
m.ConnectSyscallInfo,
m.FileDescriptorToIpv4,
m.GolangDialToSocket,
m.GolangEvents,
m.GolangHeap,
m.GolangReadWrites,
m.GolangSocketToWrite,
m.Heap,
m.LogBuffer,

BIN
tap/tlstapper/tlstapper_bpfel.o
View File

Binary file not shown.