Cancel golang_crypto_tls_read_uprobe if it's a gzip read

2025-06-25 15:54:43 +00:00 · 2022-06-01 14:34:25 +03:00 · 2022-06-01 14:34:25 +03:00 · 3b332d2a9a
commit 3b332d2a9a
parent 9fc8e0eb50
3 changed files with 7 additions and 1 deletions
--- a/tap/tlstapper/bpf/golang_uprobes.c
+++ b/tap/tlstapper/bpf/golang_uprobes.c
@ -71,6 +71,12 @@ static __always_inline int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) {
 SEC("uprobe/golang_crypto_tls_read")
 static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
    int r14 = ctx->r14;
    // Cancel if it's a gzip read
    if (r14 == 416) {
        return 0;
    }
    struct golang_read_write *b = NULL;
    b = bpf_ringbuf_reserve(&golang_read_writes, sizeof(struct golang_read_write), 0);
    if (!b) {
@ -89,7 +95,7 @@ static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
    // Address at ctx->rsp + 0xd8 holds the data
    __u32 status = bpf_probe_read(&data_p, sizeof(data_p), stack_addr + 0xd8);
    if (status < 0) {
-        bpf_printk("[golang_net_http_read_uprobe] error reading data pointer: %d", status);
+        bpf_printk("[golang_crypto_tls_read_uprobe] error reading data pointer: %d", status);
        bpf_ringbuf_discard(b, BPF_RB_FORCE_WAKEUP);
        return 0;
    }
--- a/tap/tlstapper/tlstapper_bpfeb.o
+++ b/tap/tlstapper/tlstapper_bpfeb.o
--- a/tap/tlstapper/tlstapper_bpfel.o
+++ b/tap/tlstapper/tlstapper_bpfel.o