github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-16 15:38:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix the eBPF verifier error on ARM64

Browse Source
This commit is contained in:
M. Mert Yildiran 2022-06-15 22:29:37 +03:00
parent 18ccfaf4d7
commit 82befd14bb
No known key found for this signature in database
GPG Key ID: D42ADB236521BF7A
5 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tap/tlstapper/bpf/common.c
View File

@ -80,10 +80,6 @@ static __always_inline void send_chunk(struct pt_regs *ctx, __u8* buffer, __u64
} }
static __always_inline void output_ssl_chunk(struct pt_regs *ctx, struct ssl_info* info, int count_bytes, __u64 id, __u32 flags) { static __always_inline void output_ssl_chunk(struct pt_regs *ctx, struct ssl_info* info, int count_bytes, __u64 id, __u32 flags) {
if (count_bytes <= 0) {
return;
}
if (count_bytes > (CHUNK_SIZE * MAX_CHUNKS_PER_OPERATION)) { if (count_bytes > (CHUNK_SIZE * MAX_CHUNKS_PER_OPERATION)) {
log_error(ctx, LOG_ERROR_BUFFER_TOO_BIG, id, count_bytes, 0l); log_error(ctx, LOG_ERROR_BUFFER_TOO_BIG, id, count_bytes, 0l);
return; return;

4
tap/tlstapper/bpf/go_uprobes.c
View File

@ -93,6 +93,10 @@ static __always_inline void go_crypto_tls_uprobe(struct pt_regs *ctx, struct bpf
info.buffer = (void*)GO_ABI_INTERNAL_PT_REGS_R4(ctx); info.buffer = (void*)GO_ABI_INTERNAL_PT_REGS_R4(ctx);
info.fd = go_crypto_tls_get_fd_from_tcp_conn(ctx); info.fd = go_crypto_tls_get_fd_from_tcp_conn(ctx);
if (info.buffer_len <= 0) {
return;
}
// GO_ABI_INTERNAL_PT_REGS_GP is Goroutine address // GO_ABI_INTERNAL_PT_REGS_GP is Goroutine address
__u64 pid_fp = pid << 32 | GO_ABI_INTERNAL_PT_REGS_GP(ctx); __u64 pid_fp = pid << 32 | GO_ABI_INTERNAL_PT_REGS_GP(ctx);
long err = bpf_map_update_elem(go_context, &pid_fp, &info, BPF_ANY); long err = bpf_map_update_elem(go_context, &pid_fp, &info, BPF_ANY);

3
tap/tlstapper/bpf/openssl_uprobes.c
View File

@ -101,6 +101,9 @@ static __always_inline void ssl_uretprobe(struct pt_regs *ctx, struct bpf_map_de
} }
int count_bytes = get_count_bytes(ctx, &info, id); int count_bytes = get_count_bytes(ctx, &info, id);
if (count_bytes <= 0) {
return;
}
output_ssl_chunk(ctx, &info, count_bytes, id, flags); output_ssl_chunk(ctx, &info, count_bytes, id, flags);
} }

8
tap/tlstapper/go_offsets.go
View File

@ -112,7 +112,11 @@ func getOffsets(filePath string) (offsets map[string]*goExtendedOffset, err erro
return return
} }
syms, err := se.Symbols() var syms []elf.Symbol
syms, err = se.Symbols()
if err != nil {
return
}
for _, sym := range syms { for _, sym := range syms {
offset := sym.Value offset := sym.Value
@ -147,7 +151,7 @@ func getOffsets(filePath string) (offsets map[string]*goExtendedOffset, err erro
// collect the bytes of the symbol // collect the bytes of the symbol
symBytes := textSectionData[symStartingIndex:symEndingIndex] symBytes := textSectionData[symStartingIndex:symEndingIndex]
// disasemble the symbol // disassemble the symbol
var instructions []gapstone.Instruction var instructions []gapstone.Instruction
instructions, err = engine.Disasm(symBytes, sym.Value, 0) instructions, err = engine.Disasm(symBytes, sym.Value, 0)
if err != nil { if err != nil {

4
tap/tlstapper/tls_tapper.go
View File

@ -161,14 +161,14 @@ func setupRLimit() error {
} }
func (t *TlsTapper) tapSsllibPid(pid uint32, sslLibrary string, namespace string) error { func (t *TlsTapper) tapSsllibPid(pid uint32, sslLibrary string, namespace string) error {
logger.Log.Infof("Tapping TLS (pid: %v) (sslLibrary: %v)", pid, sslLibrary)
newSsl := sslHooks{} newSsl := sslHooks{}
if err := newSsl.installUprobes(&t.bpfObjects, sslLibrary); err != nil { if err := newSsl.installUprobes(&t.bpfObjects, sslLibrary); err != nil {
return err return err
} }
logger.Log.Infof("Tapping TLS (pid: %v) (sslLibrary: %v)", pid, sslLibrary)
t.sslHooksStructs = append(t.sslHooksStructs, newSsl) t.sslHooksStructs = append(t.sslHooksStructs, newSsl)
t.poller.addPid(pid, namespace) t.poller.addPid(pid, namespace)