github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-01 00:35:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update golang_crypto_tls_read_uprobe

Browse Source
This commit is contained in:
M. Mert Yildiran 2022-06-02 06:15:59 +03:00
parent 56c051aac8
commit 8574af7fa8
No known key found for this signature in database
GPG Key ID: D42ADB236521BF7A
3 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
tap/tlstapper/bpf/golang_uprobes.c
View File

@ -71,6 +71,15 @@ static __always_inline int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) {
SEC("uprobe/golang_crypto_tls_read")
static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
void* stack_addr = (void*)ctx->rsp;
__u64 data_p;
// Address at ctx->rsp + 0xd8 holds the data
__u32 status = bpf_probe_read(&data_p, sizeof(data_p), stack_addr + 0xd8);
if (status < 0) {
bpf_printk("[golang_crypto_tls_read_uprobe] error reading data pointer: %d", status);
return 0;
}
struct golang_read_write *b = NULL;
b = bpf_ringbuf_reserve(&golang_read_writes, sizeof(struct golang_read_write), 0);
if (!b) {
@ -85,16 +94,6 @@ static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
b->len = ctx->rcx;
b->cap = ctx->rcx; // no cap info
void* stack_addr = (void*)ctx->rsp;
__u64 data_p;
// Address at ctx->rsp + 0xd8 holds the data
__u32 status = bpf_probe_read(&data_p, sizeof(data_p), stack_addr + 0xd8);
if (status < 0) {
bpf_printk("[golang_crypto_tls_read_uprobe] error reading data pointer: %d", status);
bpf_ringbuf_discard(b, BPF_RB_FORCE_WAKEUP);
return 0;
}
status = bpf_probe_read(&b->data, CHUNK_SIZE, (void*)(data_p));
if (status < 0) {
bpf_printk("[golang_crypto_tls_read_uprobe] error reading data: %d", status);

BIN
tap/tlstapper/tlstapper_bpfeb.o
View File

Binary file not shown.

BIN
tap/tlstapper/tlstapper_bpfel.o
View File

Binary file not shown.