From 3c62c1ccd86dacc976afd0a51b7f5ff6a6b54810 Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Thu, 9 Jun 2022 05:52:12 +0300 Subject: [PATCH] Move `get_count_bytes` from `common.c` to `openssl_uprobes.c` --- tap/tlstapper/bpf/common.c | 28 ---------------------------- tap/tlstapper/bpf/include/common.h | 1 - tap/tlstapper/bpf/openssl_uprobes.c | 28 ++++++++++++++++++++++++++++ tap/tlstapper/tlstapper_bpfeb.o | Bin 156376 -> 156376 bytes tap/tlstapper/tlstapper_bpfel.o | Bin 157192 -> 157192 bytes 5 files changed, 28 insertions(+), 29 deletions(-) diff --git a/tap/tlstapper/bpf/common.c b/tap/tlstapper/bpf/common.c index 1cf80152b..d7f42f91b 100644 --- a/tap/tlstapper/bpf/common.c +++ b/tap/tlstapper/bpf/common.c @@ -12,34 +12,6 @@ Copyright (C) UP9 Inc. #include "include/common.h" -static __always_inline int get_count_bytes(struct pt_regs *ctx, struct ssl_info* info, __u64 id) { - int returnValue = PT_REGS_RC(ctx); - - if (info->count_ptr == NULL) { - // ssl_read and ssl_write return the number of bytes written/read - // - return returnValue; - } - - // ssl_read_ex and ssl_write_ex return 1 for success - // - if (returnValue != 1) { - return 0; - } - - // ssl_read_ex and ssl_write_ex write the number of bytes to an arg named *count - // - size_t countBytes; - long err = bpf_probe_read(&countBytes, sizeof(size_t), (void*) info->count_ptr); - - if (err != 0) { - log_error(ctx, LOG_ERROR_READING_BYTES_COUNT, id, err, 0l); - return 0; - } - - return countBytes; -} - static __always_inline int add_address_to_chunk(struct pt_regs *ctx, struct tls_chunk* chunk, __u64 id, __u32 fd) { __u32 pid = id >> 32; __u64 key = (__u64) pid << 32 | fd; diff --git a/tap/tlstapper/bpf/include/common.h b/tap/tlstapper/bpf/include/common.h index 86e49b867..fcffd3e2f 100644 --- a/tap/tlstapper/bpf/include/common.h +++ b/tap/tlstapper/bpf/include/common.h @@ -9,7 +9,6 @@ Copyright (C) UP9 Inc. const int32_t invalid_fd = -1; -static int get_count_bytes(struct pt_regs *ctx, struct ssl_info* info, __u64 id); static int add_address_to_chunk(struct pt_regs *ctx, struct tls_chunk* chunk, __u64 id, __u32 fd); static void send_chunk_part(struct pt_regs *ctx, __u8* buffer, __u64 id, struct tls_chunk* chunk, int start, int end); static void send_chunk(struct pt_regs *ctx, __u8* buffer, __u64 id, struct tls_chunk* chunk); diff --git a/tap/tlstapper/bpf/openssl_uprobes.c b/tap/tlstapper/bpf/openssl_uprobes.c index df6d511cb..2f5151da9 100644 --- a/tap/tlstapper/bpf/openssl_uprobes.c +++ b/tap/tlstapper/bpf/openssl_uprobes.c @@ -13,6 +13,34 @@ Copyright (C) UP9 Inc. #include "include/common.h" +static __always_inline int get_count_bytes(struct pt_regs *ctx, struct ssl_info* info, __u64 id) { + int returnValue = PT_REGS_RC(ctx); + + if (info->count_ptr == NULL) { + // ssl_read and ssl_write return the number of bytes written/read + // + return returnValue; + } + + // ssl_read_ex and ssl_write_ex return 1 for success + // + if (returnValue != 1) { + return 0; + } + + // ssl_read_ex and ssl_write_ex write the number of bytes to an arg named *count + // + size_t countBytes; + long err = bpf_probe_read(&countBytes, sizeof(size_t), (void*) info->count_ptr); + + if (err != 0) { + log_error(ctx, LOG_ERROR_READING_BYTES_COUNT, id, err, 0l); + return 0; + } + + return countBytes; +} + static __always_inline void ssl_uprobe(struct pt_regs *ctx, void* ssl, void* buffer, int num, struct bpf_map_def* map_fd, size_t *count_ptr) { __u64 id = bpf_get_current_pid_tgid(); diff --git a/tap/tlstapper/tlstapper_bpfeb.o b/tap/tlstapper/tlstapper_bpfeb.o index 03709d1efea95192c744931d1b1d2cf916807d0f..8895e07e5c5e3b6925e2d662a3ff493461003d24 100644 GIT binary patch delta 13115 zcmeI2U1%KF701tA?Z@oLXlK`>{V4ueJCU>UN2|0L6yn6P(-b+lj#}zO4UwZJ4d|f{ zN^65&V(G=O&_V^pj2@C=iUWFR8-X3Hhd>2Ipo9k04})k8)q_p_keJ0KMHE7M?wtRb z%x)jjJ|s?H7ligd=gvL9Irq-ovuEz+T6S|SyL|NH( zxvXn3&26axeUIqvU%dM9o969Hhs~bSA9k^ATWo!&i8d}xn%#3|o12?4qP|7`yG!QQ zPS#T~{RHdjn6~y=(aCR7BAI2~g8l&|9G~?P^lvEPF``+9UZaHnDCc8f;LNhV5+OZEc98TTh<}N+0jTd+50>ieV1W>ji?=bJ7JzS z?cjC$?^^Id!c-q#C;m9nDDf_tq#d$PhR`J077gJ&GKJtspZV>~4^ZNCkDgiJFSOq$0N{Qu>oIri{6n-jQr=f`A@GDc!rn)9`obJjj1 z+PTgn9Nb9qMa%|+DRXRZE6-Qj6l=D?&)3fnF-di z9K~}%D#tf_lOGcf+_@aSCWq5ecYoq18+XTq;bpo!2NpRD*_!D7A);jtW3~Z(l4zY9 zXU9bIY2hb3C7RvSEo6H+^5gLOccRPO zYaU))Q0J#%9}>#^4D?B%%(E}+kBA4$e)21FAjAwl%$r{dm^&fI70gA)3g)6?1#_3+ z2w*PyRWNrIc7VC-&;aAdVJBFBO%4dypsQd-?bwbRN34jB6s))*=P8)y!4bf`2JDEK z*MuEl-Y_)4yeZL9#JqVqAYfGXun@wXNJDp(F1{`aehJH0-)zMBcP2&`-IxF@Fthy)% z1nkUy1*;FsaRsZRV+E^^!H$U45kZZZrfmvVzbx%FVw%P&SbaoFZ^+A^1__)wIlS#8s_nk=@w=1ZE^h-ruIP3U`EO$#QQhRbPzJA`_g;TAUO3+rjY zV?$9vZ9=G`f*K}PsBJ-Qw#$yNL>sPX)eU$((thr){5t^=s3 z^)aG-x<(Z>FQ#opjV~~=^UW7k%(S952D?_&#$(!6)FvbZnd8)5KszBNw%M)*3}a)K zIg5(gis-1K#@80wc?8?R;e(u`wS!j=n$u5(1Lkodz~p#f_+y)SU!_FN3cgOO?@#jf zMLuYKV*GTN3QjH+I|(A!c| zsDqEbW6mbbt?QHDHUH=G~dB*H1+s!t12a!EH+-#E#P9HS; zgQL%yXJyMxaz?BLY@tccqP2aO#M= zdCN$0RWwmho-pNbdrh*9Hu&YA#Pt{6lkGJrE>YPl2sQgiHAL(7niP_`Q1kYh)JV); zW{Rm>0tBHEHc0FCx;~9jeo5bf+&S(&$cWue!TQpUP=QxA^)= zFGcRd?KSCDEkaW8`|s;}8%MpO*zb(VS$bbPT@+4B>{=mq;8iQc&Slu~dc*;RQtGCn zs6y;uROI%#{hXGrbMr9}-eHhih-sd0IdzQEb#9{*EVqUB2xsmN>;TKbuY&0ds|YMV zDklio!1D@LfFrG`7t|5Pu>eOpZf>I!%pL9ob1?!st}gs4n7*Kjz}$s6*prhAR;;08 z3}vwy(;Ts)I!45b(_+`5EY6}mB37J-9T6+Gpijz9DSd$zffYBUfkf>5Sp_Rip<{rR zW@4JbO6nM3rDZt6>ygqb+5@b#4m-d~8_)nNljsPn+>iqT_Qneewqr$(>rn1M$2$3U zpkp0M-+?25`RG?Czu$x%VE!;P!2BuE5tu(O2L$ZKl!8^@NWm)V2y?6gM+#P%h9iJg zG@^)D1%7mnRa%{36$Byz(~U<0mU_`#uxrP~7yq}lhv#q`z=(uvqx kJHn+28B4W>^MaUsiPJ<*@np3CIt4u z4@zr;9vW*OY!I|iL2X74P7x&mJ*2I`4c3F9f>hv^1k^SL(LPiUG4(@YOiGF(sZDb0$Z67W(_jnGQ)WLjO`Z9YWMg(5uQh{}AaFrPBA& z-$R%FrH|_K(ZgClH8a;wa0F;bGUt>tH%#A&+3KD2y_V3_bKeN`AC+@?kiL&X|3f(o zyXpH_LhqvQ;~aqOKBZ2RzrG3RBkHJXm*_xiOM_|XQ%apN4hhbTMuy0KM5EES0Q+U7 zI?=Zs{gm!RubO|yq7NKheW0o6<8mX1hU}slvcwQxB%2*V8nVmL!9M+~qw2C5>NP%( zzVTQu^=%O)@*Uc=rcNy-gTSo14?M z=#;Tfv39R2?M63JbP;Yel-7rL);zk>VYcQ9O4q2h3B8F#ZlBWIq6^fF{;j6<*Jkej z23fDuAH^#73#G=Y^nDHb_ezZy={sFYY&V*wP~Qf$w5Lmp?e8nqCVPsm&S?3hT-JH| ze?B044SG^J>L=0JjE){R?ei}ywNRj`)?(WHtkU1SpL84Tf2;I0nmFm%geHG!IyXN5 zuS&lioy^kJtwooz6q5I%n_0S@HYtFaDQ@JwMoyzaSD%}48U&LCocFGB!ZK;Vd31l( z$XRw6=NWC*P#JMkHa_+7OcO<2N-O~7qFsqjEEJ{k$@G~_&fm% z0yqL#(10Bg3x;6_STF(&u%N}-f(0Euz+fl)1*|L`1FVdW1gt#D=LuMO3XT9)M!yoV z@+|BCE6+g#th~b7f|WP;0E1m93Rox|11v;G0v68mc>)%$!4bg1Td*Ty;T_lk7H&cV zY!DH(V1wh_fWh7j1gx@-jsaFd#{yPC#{yOzfg^xb(XT|TIsrSts!eEsRcBdSu<9Zo zV6dAd0jrPl@fd_Ae;pkQSREY;SbZLj09Hr80#;vw9bolkXn@u4u(n`darpp)4G!pY z&&H37qE<>BqCfhW<*!&$`m_<$-fCJNlWTl0O&j50X1-8qnqQ^m{B$%~r8KRR7{a@g zrroGfn%1G2)3$)pol&;iG;Iu8(li>l zI4v{Uq)%<=FM67W>!e4WNz)E)kJGfX+a*og;LDIlue%8?X&QybT(&%lbHl7{nuhNC z@u3JQ^D$|eIX`~Vnlx?pKWW;dJ8YWf!V6X^uaVG{JbLgd6kdz%{a6qr4U+}I zgIA&SI%p3{Z;`cK5WE#Wzzf1l4OyvtIFgmhrey|{z{HUTOFISZ|4!2oVTo8!W5)s}X`4jMrfrB=(B$?uV!;$2;E1j660mZBjxm&7X&XhX zyk#iMTZU57HUTSd8A?gxWWtpZaSK*PNEz&-dj%{6unc90IUzGYoCP?3kc5~L60vX{ zc1hDVSWCntjT5jzMA(82j`9f%HZ&w)6#xrZ1sw}mr1F0E3;}BVhFrJ}zK&bSz-?ao7>DIwB|$leA61>I>XnA|`2^fYmqHZo%rC ze1O3&+-K7?s>gJtX-i69q(e4MGuotSHC}AZnjfcWjf8f|J`DXKRnwx$VNK<<$lr^4 znx+;e>5J=W(ZhRfL9NMDwxEWI6>C#ao8DqaSZqOUp6w|qs4YWFL2U(E3TiYz_?K<; zm%VXC?Vf$8sPz$|dAiz)T9DADqDB{J?R4|mikYNp^3-O1kGJYur9 zwO;o2S!Zv(+S`AO zZzEHiJcPFDMeDpNHN`sm_&fTP{PN2`h3hZ8!`o}pl)akkk2U#7H(1N|nlzHR zSkv~J^k~9P`(e@(Th4E@#@g|EGk$M#v#Fntx7TE(d%TFqNO!1CXV9Izn8=_zslCeX zCV47n2;JbzC$nhX$J=W%D^i41(Och>_cpG0MX}!<=d@qJ3o8rejqwQ#Hu#)?72rr}>IHFxaV)@*jGN!+2J=U{!F-H>jH?g70wyo0ESNu+ z1bb{!z=}0=jG-(JCp1N@D2@@aVw>$Ul*MVZN5qO9*b%YfEHr8*@&e0(71y}|N9^n= z0V}o8F~CYw2~A)naSX815**?6NNEM_0am&WJHSe7&;X-*5qH7>eWOpg!3P-Z_2&g_ zV4080P!6DDnfwFjScWom;Rs+M`jyEa4#N(xa0D7)VT-kmSlHnM40fX>U==tLu!=as z9IL>QfK}RX1h9%k6cMYykIb>kY&Td1fv{k*@rc3FFX(e-?YQv5|F(9#`Xa9#AHVpy vtR1+R-rAvLBKFpf_yHidPjBsz&8)q(<2s&vy|n|Y?dP+0Tpc>2uiXAO4hdaT diff --git a/tap/tlstapper/tlstapper_bpfel.o b/tap/tlstapper/tlstapper_bpfel.o index b82a066b8094bc68858d24fa1fd885e6c215e670..64827d414009033493fbe6f9d44caf0a3fe4a67b 100644 GIT binary patch delta 13424 zcmeI2QD|G&9mda599K&0L{98RE6L)d$?9fF=WGjPENn`e6fcCu4>72lmntLK3=2%{ z8m5O4`(XvaGUh#W*AHQc;ej5~P0)nsp)fzRppF#0(Sc!w`5_&72*GsS(8C_~{dK?Z z`bbahlhYxAw7-`@2T9&RPJTwZu=jlPTuw|?VS5b%DG?Qs~?;t{~0`Z z+qqo8Y49ldBlM5F72QhtKl-<#=}ms`&^_l`?EUs8=U!NjZlHO#<=upLZUIe?@U{EC zcg2982hRj-{blkCea>b2Qm#V21RhSOT#ft&crcrCb@DsluMel(68M?T_&>g)Lw)|F zAC9i}`SY`*u!e)VT<>>o44e*lA9yt2LGW?%UvT`$;grjh{{=oUo^lfb?*~tUZ9oq_ z;oP;tI5*REz#RD^4j8=eT$Q{DZ_xkHxf=N<`j4(fKillj`?csEzMaK< zJwWRgd|Z3k+x{2qn(Oo0p2xn*gr^DX#z#pvxV{`{9QR3%&x z_S1Tm$=9}GXfZhR^OIGZ!$A z>(bL78*ci@&dPJRg9wcy+Y`Ppq4-#X4t{uVgX#8pAo$Db#+ z-~B#*;lat>E49u4dbR~+OqL{uAu$oKNllU^Q6c}s-n5FJB}=+WmSl}A$z`%h?zDf_ z*g(tZ;CBC86I;Ni4#jE#n^>JJu?J*{wa5~45VrG4EKQbJo}7pk*dVc~Y%FF=Stynb zxIK+zi518an;}cAM3z{YEU_9n5o@wRVy_LwVx=9OVsinTScNRHC9=ep$r4*3OKg=a zu`K4#1|ks~XM@D6x}_f+SI zWyuoDktH@tmRNzDh?UqNu`^Hl>o4NB(ry z$2jhtcnWb3^EHim3*+98ZC=;b=XImv-satid+_MRy$y?dclO3{FVA$OxHmyo+*7*l+RA;@&*@vm5scopJB-zINPO+!x2aEaRBs-WXZ;=sa2X^a5G; z>>^qB>tsnb z$dX(on_)Zdwb-DA<@Kkz;xVpCOz}>m)nLEG*2of5ypx#Xoy4-AHtxN1AQtevMe2EHTADi8a|TF~vcN z+5C0Hz0t0?ckr25tQo{RyT-!!XJV^eaWBVoCb4m{#Ez3CrZ_0E68n=8n`eVYY-%hP z8)y8|h~)z|u?ez9Y>q6k1+v7dWQi#bN^FJwiCBvb5_|30SZpDPcQ#_RfK9C475CQ2 z5>xz>Sh_3jDGo|(qC4&tyW-xRLvh@@i5L*Zy}HE$6wYv?YsWj|elTKeN8B3?*s6PD zWLEcXe6d~KJ8?L!?xpd!u!Tuh_pYMZs(S@A+XbiUUMXO!?x~um{tEk5-CH25y4N79 zx@XlqJHM)X%i!dOx#dW^x_9nKT-~!Wl^v_C zF?HYH{pFPZ=cXa-Cu(82viPI@L@)YZ*+wF(L0Pk2R)aFuMxs@6vXSUJ@sp)WUwoXN z6wQr9HV!ocwkJtTWP6fi`-GYS+diQcvU$$hKdWreMxiwKOKGD}maL6J zqXFAKpW|e06v_u|`-CO~wtYe~>p#DG;V}5q|{OWU6>x3fQE| zWJ%P?s!=bICEX-Ta+xg27TE;be}8Iwl#1sg7vti29h<8{v88}btVx!b;}a-}WyuoD zktH@tme?dY5i7AlVrO28#nN4mv~mHP*eF?I1+v6u$Pz1&B~~U&OpnYGu_h0Y*tKFT zRzTH09I=^zO{_$gSdA>P23cZDWQjG&5^IqYu^j&XFae4E{!%Pf8|oBm1Z-kUWQn!N z5=-+Dmc+7MkF;`RiA|6bu^Bc<>~G)aRCYbm$_3n>%C1LR1+v6SWQmo@8nHRD#OmZk zY?%!b+k80|D?ZsdV&#BMY>uoETOvzrnJlptvcy)&63cckdU~cNv13>Kbz58RT=`^c y%X>eF*Ontc+?chc%3FVLZRxEo>o=s{+R|HFdTR^s{Yrd~%i3~x>ZktANB;vgy6OV} delta 13424 zcmeI2QD|G&9mda999MGUL{98RE6$>%$(m+K=WGplENo7i6fcCu4>qWqmnxPe^< z8m5O5>mdcfGUh?L>xVGJ$UqO-CTK$RP?#QCaElAx$iT3N>7gBYC?Ry+(8C_~{qOxg z`AARg%bX4g9Ork=mGsj&SNDAW-&0vhRaR2v+rf_$Cr$+}>74s%!nvR0XAqnwzXu*Z zx4-Et- zf~(=Bf#BT2BCO$HE>{MfI|xpCyceAHco;lM{xgmryOD5HcEaBh{aW3OkAHT>A?reU%B zmU9ouyK&+S-d>;aW8k9=7tTEvd^3UHZ{YV)c+B9r_WW1SKfK~xksN)xfxuxlqyD@0 z{A4(g#HUM!v&rCFdow{a`1b6rDZCrl2H*G)_}F-O8;1qs;U~%9D+`AM*FvvN?QhY$ zYs$I%EA@ zpRpHs84X*j&XsWfnQjGq_}Rdf!PfsL@Yq{{t9qOQ*U5iFe`+PXI)sn68ooUgocrnr zfh*#KuxIO0B46Hup=}3lk$e-Ja*6Qtmf*@lHsL04O4#%6p?$|F&S3Hb@K^?CtjB3^ zj-1-++{ie-t>iu6UHkEE^>{nDLjF4XcjJ^;@_6A%G*rEYE#Nv?AEZIPfEW1UTh6t} zZ-P^AV;;%xTmL=Go5$P1X`DOu0lzeiew?tGb^e;$kB01egWCa~B-;zx3(SyhB2%sK zldTx{55i}Mam84|cMGS3z5GqQ{4h8}{tI}={=iL;KLYPc25y@C^frud7GDAKx524N zobqIS{6%u~?z4fbfjd{P#J1p93%EW`VzMML3W;ftO=^ZLi3<7e_NM8;Es-T%B}=kK zmgFkgBzM|B57|J=@WA%qHzu}(Pwk7-=cHd(Ydq|ep!Lj&wiA|9uHcgh;3|V4j za!0Jn28n&RGZvfN)h#yTv5Do#5?drotVWhtoh-2iSz`Ce9kFC47LeH3SS(ikLbq7M zV-stVCFY*!9*{CH<^ugHFje-`%^$)Df2m+OvuFYS%u-p##n+)Fc#DefI4 z>l!^p)-^px)-^j%)-}6A#uqhuSiH04n3rtV0C(cvEBoTOH^sDN5*GJz9^1l_Crd){ zuCwB?U($85BpYN&w#a4}#l1Egw6MJKBv(AfHHj(SX|x*bm)JwH#1!u&rg$f@^kvVdv^}Saqk9VfFJkj77MPg#{%O)Fk)<1 z+{=1w)xCpcR`;%bIjZg*KO9&0@V9OBY*zO!q1mc?IW*e|r|MqOW2^3!Jhtjyg{eIBo49ryTuQQf;dfw%{ce%#xzxYw`l4ZD7I4{51i-Ls{*U){qJ5GD71b+0Gx z{r^?>&SSmzxF7eBt`r9!;kY;c9O544YYp?}$GrzOuZX*v*Nv*~ zeRv9S4<7xvw_$OwU)}q(aj#$9bN%XGzq;42?%Cf)lUP(g*VVm5AqdB2gMaTs;jE1` zU}?q*ZB|%wER3=679N=k&L?IQcYiS#{A1Gy@E zk*G!PY$W<_d}pb`{Z6`5v`E&Sq$RTMJk`kBIMndi?j$wIb|=a92`zhU`-IlW=DA@1 zwAi4HLP_qI(ng^)SsR729@{>jNwPKyO?hnlgl0UpeL{ux=kJU*3YFOq6^2{kz3)YL zjz;H$7j2`^lr~`Do`;o#b7Yl!wSh}@>k9i-m(~U@m46%Tw~ua*Wirdst_AKCLO-65 z?;Pb37Hu+BJTH1|QYEq^>SWcZn`B8ZlO?%ImSmf3g3;ff+8(9i`PlimcwWcmDqpPW zv575{CFXbsN@8iU#4==wWyunoA$P=zY>?RL7h|zx&n>Nt$0n8~ODsp0Sb;3DB3WW3 zvcz=DtRuF}10;4iAB*Kswf9G?;IWAn$r7uPCDtHItVx#GGFf76az`wKzduYsV!yi( zi`7QD#Tp))Sd%QVHd$gx-olbty62WwhAgpZa!0Jd28sRk2b{{$Zn2EV(NvNpmLp57 zNS0WMtPv}dB~~YQ#8%lLvCS{VV)@6r#Y!HVSeY!bCRt*uWQnbjCDtNKEZw{4>7JUz zj$I6{*xGXE;-_0%-v42|wjBA<#;h$>Ui$lMOMh)yzaaJ3mj2q(Ut4(XSK@nA)|R_- JKMUS`@L%ekY<&O#