From 308d3cfd87cee739f536c6973122ae78f25c4737 Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Thu, 2 Jun 2022 01:48:09 +0300 Subject: [PATCH] Fix the `key_gzip` offsets --- tap/tlstapper/bpf/golang_uprobes.c | 8 ++++---- tap/tlstapper/tlstapper_bpfeb.o | Bin 131064 -> 131064 bytes tap/tlstapper/tlstapper_bpfel.o | Bin 131064 -> 131064 bytes 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tap/tlstapper/bpf/golang_uprobes.c b/tap/tlstapper/bpf/golang_uprobes.c index 11bf989b6..d32e73351 100644 --- a/tap/tlstapper/bpf/golang_uprobes.c +++ b/tap/tlstapper/bpf/golang_uprobes.c @@ -138,8 +138,8 @@ static __always_inline int golang_net_http_gzipreader_read_uprobe(struct pt_regs __u64 pid_tgid = bpf_get_current_pid_tgid(); __u64 pid = pid_tgid >> 32; __u32 key_gzip; - // Address at ctx->rsp + 0x150 is common between golang_net_http_gzipreader_read_uprobe and golang_net_http_dialconn_uprobe - __u32 status = bpf_probe_read(&key_gzip, sizeof(key_gzip), stack_addr + 0x150); + // Address at ctx->rsp + 0x1b0 is common between golang_net_http_gzipreader_read_uprobe and golang_net_http_dialconn_uprobe + __u32 status = bpf_probe_read(&key_gzip, sizeof(key_gzip), stack_addr + 0x1b0); if (status < 0) { bpf_printk("[golang_net_http_gzipreader_read_uprobe] error reading key_gzip: %d", status); return 0; @@ -226,8 +226,8 @@ static __always_inline int golang_net_http_dialconn_uprobe(struct pt_regs *ctx) } __u32 key_gzip; - // Address at ctx->rsp + 0x1d0 is common between golang_net_http_gzipreader_read_uprobe and golang_net_http_dialconn_uprobe - status = bpf_probe_read(&key_gzip, sizeof(key_gzip), stack_addr + 0x1d0); + // Address at ctx->rsp + 0x58 is common between golang_net_http_gzipreader_read_uprobe and golang_net_http_dialconn_uprobe + status = bpf_probe_read(&key_gzip, sizeof(key_gzip), stack_addr + 0x58); if (status < 0) { bpf_printk("[golang_net_http_dialconn_uprobe] error reading key_gzip: %d", status); return 0; diff --git a/tap/tlstapper/tlstapper_bpfeb.o b/tap/tlstapper/tlstapper_bpfeb.o index 21af51d7f8b4e335bd5374a0c89c13b6a963cab4..e6fa9952a72cdbaa7e23dd41359f4f2d780114d2 100644 GIT binary patch delta 3327 zcmb7FU2GIp6h3EWOIs+?N_8o;?Dl8d-2zew&}|pBtqoSnPb;WJh!z93ibi-6BBYHr zwFVNAA(=jilthJxwp12EABa|iNz;Uc1Rt89Nu{KgC?Lv12|x8abMMyKO(1%cyK}#L z&OP5f-<&f$F_}CuncVkXJNHEg+6$8mYOwt6-st51`*Zo5=>4zfC1qXm5G4^&kSKc$ z&oWGm><8A8Zg1dmEF+i$L^)652`l4~lbwQJjB>2=tarN?bD4Fd+nbg8sAx0eqFJ}P zeVk)u^mwy|9(t;>$2)TbJo*m)Yu5Ij1$@i;tj8O85vNSp<|N)6dl{G&M0ritg&rU8 zu&#sU+yB8*+3Vwt7&xCx8X;~k0v33z1!uD8BF zS;Q|}*YNwgmC=`*$Q9XuN69vXxcpXvE-01tiL|&~NBC|gWrVgT6>xr^D$UN-@KB(}# zYh(^Q0o<8j?@~BB+5WqfTUr8SjzBrCQ`@t5lX*22xIw$^A#)tqs8E>yB69+_%aN=W zV`Aj&!2HnBk|;%C<7c96Ghs}3Vc4W2#NUK$@8EjVs6;mGn-M;`J+?m$eixM=R%#3@ zoYPOVHwRmP>NrrV4gMmS#7)je#^7bY!buB=y2Kt-cs|>A%Xo7VT(R6-&XJd7`3li# zlm=@S2Tunc*Qd1I(Amw$nR8ehI;yao2aDk(gLo(H-^(@2NxL?}k+*OnHq2HP6P$mzKVI{r)u@v}8}bmh6Ger6s4ytNvHYX3#-mPJ4uuzE6m=mnR}h^)L5vO0~Gt3=NY0oS5b1cFDflxT;RbqZ@)1xtw@)UxJ=?8yo~+7jCqSqD{^ z+>eP)NaLYm9U8&uz^Ek$A1CUT|ECcb#&<+2c*-B=8D|{)BWh7(FHu-(>zv3QMz@GV zUZy>xf@_o1ax<2ju#{pNMApvd<2i)KaJ-K>OmSJ?PRROpLe}@TR3vhy}^g=DSc<)0$1 zF@SYEsK9liLM+~xZB;1|^2hAaDvrpzi4C(tu|gCcfGB2-!UY8=BXpYC=)zzzcWS(a zcqdrQ-3hou<9)6;NRf z84IN?#?>*jk+DqLNGsuB;nhmy9w#FVf4ohH#=&SK2DQ-Qi({;mFAmO3Vfo_tiB>py zXhP{D2RD;ZEfuGgfHKA!T#y^J{fxbTm8!79GxlXHb(;YiNVKA7$!Haz zuY-?^(Uzc6TY^dl;#GPvA$ o6+Nx$Kq$$Mu2v0&mj3jhEB delta 3328 zcmb7FYiJZ#6h3EWqe*Hs@zFIVaX03*iB_XT^VnK8X|PdajnUF*E5xF0q!xldiikFW z1`XC9)@eHm6@y^Ok0f1OQ44}8l@bU-eps-jh4`vb8mVF-O49T@bMK}z3rc(8?%eO5 zbI-ZwoAb?%O->)1oF2V$h#O-4hYFJn9^_N2AE$6qi9%P?j?QH~!^SQ(F;oMilBRAHTGeblpztE^K!{>;=DMN9KUvmW&X zc%hZi>(3l~?y2ftf7(st(RT=Ev6Oz5asDIAy{%Kk??+%fO5fEo!l@^#*v4 zHHs`({zsPTz5xGZ?dbCt{Pmx*oazfKPo1I2*+f*lUFVvMdkA5(F)@mF<44v(toK@@ zeg3wCdZ!&bhi3v{Y{tZ?;$sQ;OahK2;K2m^a{|7TfS=8z*W3w9GQ18Yg$a0d0&cXv z|F($Vw(jG%*~*CKW$r~hO@7G%tao8H6O|mcHbniIUutU?o>KVxnEkMxv<^m#__TEv z5zfw1l)*$hMA= zDV}j$O_YlWQ+N#;L$b&1>xc@Z_2c+WqN1$W$G?TQRS%MRDHEnnqFEb>GCRpUFFH7; zaMlAd`{x0lNU(P)oSkexF6XwkLNbRz9XF`$Is3@GlLFkN-S(3?0&GMS=Er1?;Wjx^ z)iO+soIRMII%E<-eS(c&iFT&JnC`-&Oh`iPCaT_p>rJCl*{~mm`Sh;%{xtXvDL<^# zxS?>)cSHwru=S^ogE!d$e<4WXPR~Qd$jd>6lNJ+oi9Mw7Lc@Mm$?qh=70Yc^9DYld zsP;U1gLM`Mrvi`YQ`&Cm>K5Y6WvmSyRkB<~7Q-n9@uK#FDxD>2uM2Z{H%`Qd*{-63 zOB%w(osMvE8EDk+TW158?DKNTKGPYt;5u=wJyFR`$;hVA_A0Ju0s?`&#Y-q}@e=CTo=avB1qg4bVk6>xhPEG3+*0c(i7CokE%`LJ2j_~QW__okG zpu*&K5_OC4(6LS$!Rf&0B?osC^}Gx`?85kvNC!{(<2>VxgMUOX3hku|OK)8k+AE+I zaac6ZPL1&TB(>azh>9 zs)v-Dgm;FnauIqo7{rdQ$~*wciT{}L&s$2o#2UR-o+6i0=#|?=c6|+JtdyM(i6c_A zj+YlBt}}pjJg~qG!a_XWJ^Of#A|dadeXEAU@^0e8jHs+2h5JE@S*LJ*0on*kGn-u) zSoQ3Xk-Nlq{Db({Nq1q`d_gMr+|U`FRKOo^(<#)!kP#!bToYd$<5l_M;LH?G1r8Fe za_Z0tMMn9|lMG-RE z1?cPG<6?9qu+)*j(orugl3Eg4LV||gN#2`*k9G~8!2*J!QX4R z{5gU%>p@RkaG@W_7=H=4LEYcMh;BA33_+RcBB%k4Pm&oFLFsy@?87cQZYz3Fg1bv* z2!e76!YqS;eDig}`(!Q=98{R}@RceIL78Q+`6^r(!F_cK$1f1q5AB_IloU@xApt(aTkK^HVP8z{L|!xp~?@gsa_Y diff --git a/tap/tlstapper/tlstapper_bpfel.o b/tap/tlstapper/tlstapper_bpfel.o index 12c4375e2f4f414c6fd01f5cc8f857679be62bf0..65796359efc7ec6fed1ade8b364e947c90763f9b 100644 GIT binary patch delta 3268 zcma);U2IfU5Xa}-{pba0yO7G#+R`m;Y0HO{1nibAuv8>lilp_kAdyPIRxqI?K7f|A z5mGT4MK0zLW3U*bJhWwHA@G2tF_@4hCM5XK#E)#EX-cA`8Xj7$;(yLPw|nm@gp-_m z=XcKR%$d0}Cp&pJXYy`N@=BjbroQT{3WzqVq%WMBe&_EZ@n!1I&mRdC-Yg~x5c#W# zXbf^a-aP)X9vui*&MP5`frc^XLsq+js2DPaxdx9#*4}{?E9jX4c!Lp_Z3c+D!k zkNsSaee3o>sVK4X2E&CTk^B8Bja}zdx2#=*OU3WjdxPQ1rxp?U5X%Di^~8d>=3*_5 z*I-k)aq|<=eH*8GFHlK@m!Ab<)rf1faxpC@FsA#T}Zr5n=!{wK#u-a za8c^DA7k6ah)mXrQgKV(;8%{Es1rS+Qg%f_hvf072tUc5SFjn3eURV8KP!fB03RT4wocOnkD(Sq@_PhE~H%jZr*#|1xGtH_?RVZkP!k1t1FE zFUL2_Jw+7JycCy3u%D<}vyhYZ;)MXK3fZ6%M{3~bl;>^r{z`8)7{L$R0Yz1>bo>cmUH97gr zR5GioJZ@KIO_}^HCQkP_>p`qv*LrV3H+u131%hasGzLOO; z*c0}&C+sKK4yPlC^&8p_UTQdDeh)v9h+RUguez~X&?K~&m&^195mTpLE+dU1wwhP> zmLpgc5_cQ(d9aay70oL67Ff|dCXYAj*vDiVR@5iaN1-^*$W~M?h6N=wS5%;@It8`6 z*Z_BF-husKm!N}Ld`$CU?9V+as9*CbaN|iqNgwqnhmOK!mx2L>wB}#%gS?MX`I${i1$^so4q0^xFZkegyg<7n|USzs^>04p6NX3UQg61A7`D=Q=XMp1LVE)XnpscEP$+HwoCC zzs#U4;Dg)?F6Gv|X%&Fa2xz`0yJ8ypezm~!AaME@x6!~t?Q z8q}s)rDlsk?V2yjW1Dn|U6i8`Gws!8P!awHZE&S&J(zm4(sVQ{O<+%&-u0v@(_UD2 z(xhF?+#-kIr|fbjO{%?yGie%;?FrppBeEZ&YA>@Iv5p!u?bQl4(y-!=eH>OaACaLZ z9s3d4-gLkA+TxpOudiYCp=pC!boDX^!A`rW;tcudy53jq6YZ61Hux(J) pNZd!g`Ue4-+^pLtAVbZf<-6}G$a~6v~=SVzy!64#1I=JA28Mg1rxQ11_;quNDcny+_~L*S0S9_+@0T? z*_ku5GdDYYJA3$ccJlOI)s*^lZ+Vt=PT5oUPDqWs_D`YuICblz$yt-mPa(=83RV!& z5ajvz8)U+syisdip(WYR$FZr}O|r|zw;*w6LOR5$E5dLyN4A0i4Mmx+k$%LRFjg)V{J zYJb%mozn(OzHI|EvaCi3pO@Zy+=a)Y>RbDnW0BIo%I+oZd&i<3Ipt2=)rhrmx)W<0 zWZZ=wz~;3LdX{6@J48-E4q>yt1$&R^J0b6bjFq<*5BBqB1|LathcQT{6@~{g`1=h0 zIfHLy@Yop~KYf9+46YmHZ0Ck+?9ckj)jIoEJX`F%WJ$vgn7F^tZpd5UuLXOb$gPmq zW3x>s_Cc}lhP(&+dF+1dL-wv@xjJkgNtR6d5H_esKGgIqKd^$>y{R9Q2P46GRnz14 z`ZLp0-Dlqp2Ig$8O3nTHYX0g5r;m+w9iElwU#=>z#n{2(G%o}1aXN{QX*u=~I>@zO z37(vK>4*3RHK6;dRa9Nk-|$CRU#nIfs!YFF1KOnz)Tqeg9CH;7O zJ}<$KmisPIOn4^V7NKsU3SmqCJzqVQ#io{CSF7Srve-NoKh|-gL9t@a0blkopNEkY z+qdC7d>USbO_Vc8MmVX5Y9&fiKNeThy?CxKWrmMoi^oj<^nLcDf3b62|YxYJe&`{p7H$x z<=B4-`&=|wm9S|jG#JVsG7iVZD$ ztbL&b$)b^X+L%*ds~%p2P4Z3fB0QuIERo!Y^hJ0vKZ#t061XFKF}3JdR4-gQ4O7*s zsKvt;xLtT7&O_~rc4qK?;g@kfwo6gB@FDP$cN8T9)L{a;2B$m*77Q*4|AH^%y^qcp z-kL*Hcob<0kKnwp8)*u=35A1BLTn#{eSwF=;8?KQF>o(XAqItbnTLB6H3^$K9#_;X z+^SbC#VB#HT6N!2RlSm5|I;Kct8>c$1(v^W##!dg!{^*bVX&`nrda09^Ph2n-tC(P z_?4o@9PD)mxpt}F+~rX0B%6ckKt{& zK<-kDnuSei8ZBxOKB4z5lNLLnzk`?_uV#xTdYupS4Nq@zB0Y;D^q&B zpm)n8Ax7UKyAY@NRJu%Ny!z8+8qk~SWxNLTVTfkD?yEqqgVyMHtpQt?;KiH!Wq1+p z()kUNdzaqSaJTVl42+J~7w~%jh(%4(z04u7J8q^q3j%aj&dvD50yHS>p1ae+=N8V< z{myuq@u>*-+P`pafF?>e|Av5tvjP|g=O=cHS0!x52lh1{4uk83-3z$WVy34iKs$pG s$D!$wM1VTw3nAUNT*fD)^H->*lPxRMaIdP>>u)OjPdfS5O|>=jFPEIccmMzZ