diff --git a/tap/tlstapper/bpf/golang_uprobes.c b/tap/tlstapper/bpf/golang_uprobes.c index 7bc6f0cba..ca29f3e7d 100644 --- a/tap/tlstapper/bpf/golang_uprobes.c +++ b/tap/tlstapper/bpf/golang_uprobes.c @@ -15,7 +15,7 @@ struct { __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY); __uint(max_entries, 1); __type(key, int); - __type(value, struct golang_read_write); + __type(value, struct golang_event); } golang_heap SEC(".maps"); SEC("uprobe/golang_crypto_tls_write") @@ -42,31 +42,31 @@ static __always_inline int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) { return 0; } - struct golang_read_write *b = NULL; + struct golang_event *event = NULL; int zero = 0; - b = bpf_map_lookup_elem(&golang_heap, &zero); + event = bpf_map_lookup_elem(&golang_heap, &zero); - if (!b) { + if (!event) { log_error(ctx, LOG_ERROR_ALLOCATING_CHUNK, pid, 0l, 0l); return 0; } - b->pid = pid; - b->fd = s->fd; + event->pid = pid; + event->fd = s->fd; // ctx->rsi is common between golang_crypto_tls_write_uprobe and golang_crypto_tls_read_uprobe - b->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address - b->is_request = true; - b->len = ctx->rcx; - b->cap = ctx->rdi; + event->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address + event->is_request = true; + event->len = ctx->rcx; + event->cap = ctx->rdi; - status = bpf_probe_read(&b->data, CHUNK_SIZE, (void*)ctx->rbx); + status = bpf_probe_read(&event->data, CHUNK_SIZE, (void*)ctx->rbx); if (status < 0) { log_error(ctx, LOG_ERROR_GOLANG_WRITE_READING_DATA, pid_tgid, status, 0l); return 0; } - bpf_perf_event_output(ctx, &golang_read_writes, BPF_F_CURRENT_CPU, b, sizeof(struct golang_read_write)); + bpf_perf_event_output(ctx, &golang_events, BPF_F_CURRENT_CPU, event, sizeof(struct golang_event)); return 0; } @@ -88,30 +88,30 @@ static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) { return 0; } - struct golang_read_write *b = NULL; + struct golang_event *event = NULL; int zero = 0; - b = bpf_map_lookup_elem(&golang_heap, &zero); + event = bpf_map_lookup_elem(&golang_heap, &zero); - if (!b) { + if (!event) { log_error(ctx, LOG_ERROR_ALLOCATING_CHUNK, pid, 0l, 0l); return 0; } - b->pid = pid; + event->pid = pid; // ctx->rsi is common between golang_crypto_tls_write_uprobe and golang_crypto_tls_read_uprobe - b->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address - b->is_request = false; - b->len = ctx->rcx; - b->cap = ctx->rcx; // no cap info + event->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address + event->is_request = false; + event->len = ctx->rcx; + event->cap = ctx->rcx; // no cap info - status = bpf_probe_read(&b->data, CHUNK_SIZE, (void*)(data_p)); + status = bpf_probe_read(&event->data, CHUNK_SIZE, (void*)(data_p)); if (status < 0) { log_error(ctx, LOG_ERROR_GOLANG_READ_READING_DATA, pid_tgid, status, 0l); return 0; } - bpf_perf_event_output(ctx, &golang_read_writes, BPF_F_CURRENT_CPU, b, sizeof(struct golang_read_write)); + bpf_perf_event_output(ctx, &golang_events, BPF_F_CURRENT_CPU, event, sizeof(struct golang_event)); return 0; } diff --git a/tap/tlstapper/bpf/include/maps.h b/tap/tlstapper/bpf/include/maps.h index 7968d4817..231432dde 100644 --- a/tap/tlstapper/bpf/include/maps.h +++ b/tap/tlstapper/bpf/include/maps.h @@ -64,7 +64,7 @@ struct golang_socket { __u64 conn_addr; }; -struct golang_read_write { +struct golang_event { __u32 pid; __u32 fd; __u32 conn_addr; @@ -74,7 +74,7 @@ struct golang_read_write { __u8 data[CHUNK_SIZE]; }; -const struct golang_read_write *unused1 __attribute__((unused)); +const struct golang_event *unused1 __attribute__((unused)); const struct sys_close *unused2 __attribute__((unused)); @@ -104,7 +104,7 @@ BPF_PERF_OUTPUT(log_buffer); BPF_LRU_HASH(golang_dial_to_socket, __u64, struct golang_socket); BPF_LRU_HASH(golang_socket_to_write, __u64, struct golang_socket); -BPF_PERF_OUTPUT(golang_read_writes); +BPF_PERF_OUTPUT(golang_events); BPF_PERF_OUTPUT(sys_closes); #endif /* __MAPS__ */ diff --git a/tap/tlstapper/tls_poller.go b/tap/tlstapper/tls_poller.go index 5149df5c1..8b5c01dd3 100644 --- a/tap/tlstapper/tls_poller.go +++ b/tap/tlstapper/tls_poller.go @@ -30,19 +30,19 @@ const ( ) type tlsPoller struct { - tls *TlsTapper - readers map[string]*tlsReader - closedReaders chan string - reqResMatcher api.RequestResponseMatcher - chunksReader *perf.Reader - golangReader *perf.Reader - golangReadWriteMap *orderedmap.OrderedMap - sysCloses *perf.Reader - extension *api.Extension - procfs string - pidToNamespace sync.Map - fdCache *simplelru.LRU // Actual typs is map[string]addressPair - evictedCounter int + tls *TlsTapper + readers map[string]*tlsReader + closedReaders chan string + reqResMatcher api.RequestResponseMatcher + chunksReader *perf.Reader + golangReader *perf.Reader + golangConnectionMap *orderedmap.OrderedMap + sysCloses *perf.Reader + extension *api.Extension + procfs string + pidToNamespace sync.Map + fdCache *simplelru.LRU // Actual typs is map[string]addressPair + evictedCounter int } func newTlsPoller(tls *TlsTapper, extension *api.Extension, procfs string) (*tlsPoller, error) { @@ -75,7 +75,7 @@ func (p *tlsPoller) init(bpfObjects *tlsTapperObjects, bufferSize int) error { return errors.Wrap(err, 0) } - p.golangReader, err = perf.NewReader(bpfObjects.GolangReadWrites, bufferSize) + p.golangReader, err = perf.NewReader(bpfObjects.GolangEvents, bufferSize) if err != nil { return errors.Wrap(err, 0) @@ -87,7 +87,7 @@ func (p *tlsPoller) init(bpfObjects *tlsTapperObjects, bufferSize int) error { return errors.Wrap(err, 0) } - p.golangReadWriteMap = orderedmap.New() + p.golangConnectionMap = orderedmap.New() return nil } @@ -119,14 +119,13 @@ func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilterin func (p *tlsPoller) pollGolang(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { go p.pollGolangReadWrite(p.golangReader, emitter, options, streamsMap) - go p.pollSysClose(p.sysCloses) } func (p *tlsPoller) pollGolangReadWrite(rd *perf.Reader, emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { nativeEndian := p.getByteOrder() - // tlsTapperGolangReadWrite is generated by bpf2go. - var b tlsTapperGolangReadWrite + // tlsTapperGolangEvent is generated by bpf2go. + var b tlsTapperGolangEvent for { record, err := rd.Read() if err != nil { @@ -147,10 +146,10 @@ func (p *tlsPoller) pollGolangReadWrite(rd *perf.Reader, emitter api.Emitter, op continue } - if p.golangReadWriteMap.Len()+1 > golangMapLimit { - pair := p.golangReadWriteMap.Oldest() + if p.golangConnectionMap.Len()+1 > golangMapLimit { + pair := p.golangConnectionMap.Oldest() pair.Value.(*golangConnection).close() - p.golangReadWriteMap.Delete(pair.Key) + p.golangConnectionMap.Delete(pair.Key) } pid := uint64(b.Pid) @@ -159,14 +158,14 @@ func (p *tlsPoller) pollGolangReadWrite(rd *perf.Reader, emitter api.Emitter, op var connection *golangConnection var _connection interface{} var ok bool - if _connection, ok = p.golangReadWriteMap.Get(identifier); !ok { + if _connection, ok = p.golangConnectionMap.Get(identifier); !ok { tlsEmitter := &tlsEmitter{ delegate: emitter, namespace: p.getNamespace(b.Pid), } connection = NewGolangConnection(b.Pid, b.ConnAddr, p.extension, tlsEmitter) - p.golangReadWriteMap.Set(identifier, connection) + p.golangConnectionMap.Set(identifier, connection) streamsMap.Store(streamsMap.NextId(), connection.stream) } else { connection = _connection.(*golangConnection) @@ -229,11 +228,11 @@ func (p *tlsPoller) pollSysClose(rd *perf.Reader) { } // Close and remove the connection from map if its socket file descriptor is closed. - for pair := p.golangReadWriteMap.Oldest(); pair != nil; pair = pair.Next() { + for pair := p.golangConnectionMap.Oldest(); pair != nil; pair = pair.Next() { connection := pair.Value.(*golangConnection) if connection.fd == b.Fd { connection.close() - p.golangReadWriteMap.Delete(pair.Key) + p.golangConnectionMap.Delete(pair.Key) } } } diff --git a/tap/tlstapper/tls_tapper.go b/tap/tlstapper/tls_tapper.go index 65e442de7..a3a9587bd 100644 --- a/tap/tlstapper/tls_tapper.go +++ b/tap/tlstapper/tls_tapper.go @@ -14,7 +14,7 @@ import ( const GLOABL_TAP_PID = 0 -//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type golang_read_write -type sys_close tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86 +//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type golang_event -type sys_close tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86 type TlsTapper struct { bpfObjects tlsTapperObjects diff --git a/tap/tlstapper/tlstapper_bpfeb.go b/tap/tlstapper/tlstapper_bpfeb.go index 9622b3284..285bb5558 100644 --- a/tap/tlstapper/tlstapper_bpfeb.go +++ b/tap/tlstapper/tlstapper_bpfeb.go @@ -13,7 +13,7 @@ import ( "github.com/cilium/ebpf" ) -type tlsTapperGolangReadWrite struct { +type tlsTapperGolangEvent struct { Pid uint32 Fd uint32 ConnAddr uint32 @@ -109,8 +109,8 @@ type tlsTapperMapSpecs struct { ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"` GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"` + GolangEvents *ebpf.MapSpec `ebpf:"golang_events"` GolangHeap *ebpf.MapSpec `ebpf:"golang_heap"` - GolangReadWrites *ebpf.MapSpec `ebpf:"golang_read_writes"` GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"` Heap *ebpf.MapSpec `ebpf:"heap"` LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"` @@ -144,8 +144,8 @@ type tlsTapperMaps struct { ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"` GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"` + GolangEvents *ebpf.Map `ebpf:"golang_events"` GolangHeap *ebpf.Map `ebpf:"golang_heap"` - GolangReadWrites *ebpf.Map `ebpf:"golang_read_writes"` GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"` Heap *ebpf.Map `ebpf:"heap"` LogBuffer *ebpf.Map `ebpf:"log_buffer"` @@ -162,8 +162,8 @@ func (m *tlsTapperMaps) Close() error { m.ConnectSyscallInfo, m.FileDescriptorToIpv4, m.GolangDialToSocket, + m.GolangEvents, m.GolangHeap, - m.GolangReadWrites, m.GolangSocketToWrite, m.Heap, m.LogBuffer, diff --git a/tap/tlstapper/tlstapper_bpfeb.o b/tap/tlstapper/tlstapper_bpfeb.o index 119665920..7082a605a 100644 Binary files a/tap/tlstapper/tlstapper_bpfeb.o and b/tap/tlstapper/tlstapper_bpfeb.o differ diff --git a/tap/tlstapper/tlstapper_bpfel.go b/tap/tlstapper/tlstapper_bpfel.go index 0c8313b51..65385291f 100644 --- a/tap/tlstapper/tlstapper_bpfel.go +++ b/tap/tlstapper/tlstapper_bpfel.go @@ -13,7 +13,7 @@ import ( "github.com/cilium/ebpf" ) -type tlsTapperGolangReadWrite struct { +type tlsTapperGolangEvent struct { Pid uint32 Fd uint32 ConnAddr uint32 @@ -109,8 +109,8 @@ type tlsTapperMapSpecs struct { ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"` GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"` + GolangEvents *ebpf.MapSpec `ebpf:"golang_events"` GolangHeap *ebpf.MapSpec `ebpf:"golang_heap"` - GolangReadWrites *ebpf.MapSpec `ebpf:"golang_read_writes"` GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"` Heap *ebpf.MapSpec `ebpf:"heap"` LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"` @@ -144,8 +144,8 @@ type tlsTapperMaps struct { ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"` GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"` + GolangEvents *ebpf.Map `ebpf:"golang_events"` GolangHeap *ebpf.Map `ebpf:"golang_heap"` - GolangReadWrites *ebpf.Map `ebpf:"golang_read_writes"` GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"` Heap *ebpf.Map `ebpf:"heap"` LogBuffer *ebpf.Map `ebpf:"log_buffer"` @@ -162,8 +162,8 @@ func (m *tlsTapperMaps) Close() error { m.ConnectSyscallInfo, m.FileDescriptorToIpv4, m.GolangDialToSocket, + m.GolangEvents, m.GolangHeap, - m.GolangReadWrites, m.GolangSocketToWrite, m.Heap, m.LogBuffer, diff --git a/tap/tlstapper/tlstapper_bpfel.o b/tap/tlstapper/tlstapper_bpfel.o index 45e501e12..f83582b0c 100644 Binary files a/tap/tlstapper/tlstapper_bpfel.o and b/tap/tlstapper/tlstapper_bpfel.o differ