diff --git a/tap/tlstapper/bpf/common.c b/tap/tlstapper/bpf/common.c index aec55f9c1..0719019d9 100644 --- a/tap/tlstapper/bpf/common.c +++ b/tap/tlstapper/bpf/common.c @@ -9,6 +9,7 @@ Copyright (C) UP9 Inc. #include "include/maps.h" #include "include/log.h" #include "include/logger_messages.h" +#include "include/common.h" static __always_inline int get_count_bytes(struct pt_regs *ctx, struct ssl_info* info, __u64 id) { @@ -149,7 +150,7 @@ static __always_inline struct ssl_info lookup_ssl_info(struct pt_regs *ctx, stru struct ssl_info info = {}; if (infoPtr == NULL) { - info.fd = -1; + info.fd = invalid_fd; info.created_at_nano = bpf_ktime_get_ns(); } else { long err = bpf_probe_read(&info, sizeof(struct ssl_info), infoPtr); @@ -161,7 +162,7 @@ static __always_inline struct ssl_info lookup_ssl_info(struct pt_regs *ctx, stru if ((bpf_ktime_get_ns() - info.created_at_nano) > SSL_INFO_MAX_TTL_NANO) { // If the ssl info is too old, we don't want to use its info because it may be incorrect. // - info.fd = -1; + info.fd = invalid_fd; info.created_at_nano = bpf_ktime_get_ns(); } } diff --git a/tap/tlstapper/bpf/golang_uprobes.c b/tap/tlstapper/bpf/golang_uprobes.c index de274658b..03b3aaf2a 100644 --- a/tap/tlstapper/bpf/golang_uprobes.c +++ b/tap/tlstapper/bpf/golang_uprobes.c @@ -49,7 +49,29 @@ A Quick Guide to Go's Assembler: https://go.googlesource.com/go/+/refs/heads/dev #include "include/pids.h" #include "include/common.h" #include "include/go_abi_internal.h" +#include "include/go_types.h" +static __always_inline __u32 get_fd_from_tcp_conn(struct pt_regs *ctx) { + struct go_interface conn; + long err = bpf_probe_read(&conn, sizeof(conn), (void*)GO_ABI_INTERNAL_PT_REGS_R1(ctx)); + if (err != 0) { + return invalid_fd; + } + + void* net_fd_ptr; + err = bpf_probe_read(&net_fd_ptr, sizeof(net_fd_ptr), conn.ptr); + if (err != 0) { + return invalid_fd; + } + + __u32 fd; + err = bpf_probe_read(&fd, sizeof(fd), net_fd_ptr + 0x10); + if (err != 0) { + return invalid_fd; + } + + return fd; +} SEC("uprobe/golang_crypto_tls_write") static int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) { @@ -63,6 +85,7 @@ static int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) { info.buffer_len = GO_ABI_INTERNAL_PT_REGS_R2(ctx); info.buffer = (void*)GO_ABI_INTERNAL_PT_REGS_R4(ctx); + info.fd = get_fd_from_tcp_conn(ctx); long err = bpf_map_update_elem(&ssl_write_context, &pid_tgid, &info, BPF_ANY); @@ -112,6 +135,7 @@ static int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) { info.buffer_len = GO_ABI_INTERNAL_PT_REGS_R2(ctx); info.buffer = (void*)GO_ABI_INTERNAL_PT_REGS_R4(ctx); + info.fd = get_fd_from_tcp_conn(ctx); long err = bpf_map_update_elem(&ssl_read_context, &pid_tgid, &info, BPF_ANY); diff --git a/tap/tlstapper/bpf/include/common.h b/tap/tlstapper/bpf/include/common.h index 226c020f4..c145e08dd 100644 --- a/tap/tlstapper/bpf/include/common.h +++ b/tap/tlstapper/bpf/include/common.h @@ -7,11 +7,13 @@ Copyright (C) UP9 Inc. #ifndef __COMMON__ #define __COMMON__ -int get_count_bytes(struct pt_regs *ctx, struct ssl_info* info, __u64 id); -int add_address_to_chunk(struct pt_regs *ctx, struct tls_chunk* chunk, __u64 id, __u32 fd); -void send_chunk_part(struct pt_regs *ctx, __u8* buffer, __u64 id, struct tls_chunk* chunk, int start, int end); -void send_chunk(struct pt_regs *ctx, __u8* buffer, __u64 id, struct tls_chunk* chunk); -void output_ssl_chunk(struct pt_regs *ctx, struct ssl_info* info, int count_bytes, __u64 id, __u32 flags); -struct ssl_info lookup_ssl_info(struct pt_regs *ctx, struct bpf_map_def* map_fd, __u64 pid_tgid); +const int32_t invalid_fd = -1; + +static int get_count_bytes(struct pt_regs *ctx, struct ssl_info* info, __u64 id); +static int add_address_to_chunk(struct pt_regs *ctx, struct tls_chunk* chunk, __u64 id, __u32 fd); +static void send_chunk_part(struct pt_regs *ctx, __u8* buffer, __u64 id, struct tls_chunk* chunk, int start, int end); +static void send_chunk(struct pt_regs *ctx, __u8* buffer, __u64 id, struct tls_chunk* chunk); +static void output_ssl_chunk(struct pt_regs *ctx, struct ssl_info* info, int count_bytes, __u64 id, __u32 flags); +static struct ssl_info lookup_ssl_info(struct pt_regs *ctx, struct bpf_map_def* map_fd, __u64 pid_tgid); #endif /* __COMMON__ */ diff --git a/tap/tlstapper/bpf/include/go_abi_internal.h b/tap/tlstapper/bpf/include/go_abi_internal.h index 9201573a3..d96f658dc 100644 --- a/tap/tlstapper/bpf/include/go_abi_internal.h +++ b/tap/tlstapper/bpf/include/go_abi_internal.h @@ -1,4 +1,9 @@ -/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */ +/* +Note: This file is licenced differently from the rest of the project +SPDX-License-Identifier: GPL-2.0 +Copyright (C) UP9 Inc. +*/ + #ifndef __GOLANG_ABI_INTERNAL__ #define __GOLANG_ABI_INTERNAL__ diff --git a/tap/tlstapper/bpf/include/go_types.h b/tap/tlstapper/bpf/include/go_types.h new file mode 100644 index 000000000..4eca1ed2a --- /dev/null +++ b/tap/tlstapper/bpf/include/go_types.h @@ -0,0 +1,15 @@ +/* +Note: This file is licenced differently from the rest of the project +SPDX-License-Identifier: GPL-2.0 +Copyright (C) UP9 Inc. +*/ + +#ifndef __GOLANG_TYPES__ +#define __GOLANG_TYPES__ + +struct go_interface { + int64_t type; + void* ptr; +}; + +#endif /* __GOLANG_TYPES__ */ diff --git a/tap/tlstapper/bpf/include/headers.h b/tap/tlstapper/bpf/include/headers.h index 8078051af..756a92407 100644 --- a/tap/tlstapper/bpf/include/headers.h +++ b/tap/tlstapper/bpf/include/headers.h @@ -8,6 +8,7 @@ Copyright (C) UP9 Inc. #define __HEADERS__ #include +#include #include #include #include diff --git a/tap/tlstapper/bpf/openssl_uprobes.c b/tap/tlstapper/bpf/openssl_uprobes.c index 3a4e9a312..bd9db10d6 100644 --- a/tap/tlstapper/bpf/openssl_uprobes.c +++ b/tap/tlstapper/bpf/openssl_uprobes.c @@ -67,7 +67,7 @@ static __always_inline void ssl_uretprobe(struct pt_regs *ctx, struct bpf_map_de return; } - if (info.fd == -1) { + if (info.fd == invalid_fd) { log_error(ctx, LOG_ERROR_MISSING_FILE_DESCRIPTOR, id, 0l, 0l); return; } diff --git a/tap/tlstapper/tlstapper_bpfeb.o b/tap/tlstapper/tlstapper_bpfeb.o index dc68c18f4..a4c96155b 100644 Binary files a/tap/tlstapper/tlstapper_bpfeb.o and b/tap/tlstapper/tlstapper_bpfeb.o differ diff --git a/tap/tlstapper/tlstapper_bpfel.o b/tap/tlstapper/tlstapper_bpfel.o index d7ae2eef2..c89abe4d8 100644 Binary files a/tap/tlstapper/tlstapper_bpfel.o and b/tap/tlstapper/tlstapper_bpfel.o differ