mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-06-24 15:24:17 +00:00
Improve tls info for openssl with kprobes (#1177)
Instead of going through the socket fd, addresses are obtained in kprobe/tcp_sendmsg on ssl write and kprobe/tcp_recvmsg on ssl read. The tcp kprobes and the openssl uprobes communicate through the id->sslInfo bpf map.
This commit is contained in:
Nimrod Gilboa Markevich
GitHub
parent
c010d336bb
commit
a2463b739a
@ -12,7 +12,7 @@ Copyright (C) UP9 Inc.
|
||||
#include "include/common.h"
|
||||
|
||||
|
||||
static __always_inline int add_address_to_chunk(struct pt_regs *ctx, struct tls_chunk* chunk, __u64 id, __u32 fd) {
|
||||
static __always_inline int add_address_to_chunk(struct pt_regs *ctx, struct tls_chunk* chunk, __u64 id, __u32 fd, struct ssl_info* info) {
|
||||
__u32 pid = id >> 32;
|
||||
__u64 key = (__u64) pid << 32 | fd;
|
||||
|
||||
@ -22,14 +22,29 @@ static __always_inline int add_address_to_chunk(struct pt_regs *ctx, struct tls_
|
||||
return 0;
|
||||
}
|
||||
|
||||
int err = bpf_probe_read(chunk->address, sizeof(chunk->address), fdinfo->ipv4_addr);
|
||||
chunk->flags |= (fdinfo->flags & FLAGS_IS_CLIENT_BIT);
|
||||
int err;
|
||||
|
||||
if (err != 0) {
|
||||
log_error(ctx, LOG_ERROR_READING_FD_ADDRESS, id, err, 0l);
|
||||
return 0;
|
||||
switch (info->address_info.mode) {
|
||||
case ADDRESS_INFO_MODE_UNDEFINED:
|
||||
chunk->address_info.mode = ADDRESS_INFO_MODE_SINGLE;
|
||||
err = bpf_probe_read(&chunk->address_info.sport, sizeof(chunk->address_info.sport), &fdinfo->ipv4_addr[2]);
|
||||
if (err != 0) {
|
||||
log_error(ctx, LOG_ERROR_READING_FD_ADDRESS, id, err, 0l);
|
||||
return 0;
|
||||
}
|
||||
|
||||
err = bpf_probe_read(&chunk->address_info.saddr, sizeof(chunk->address_info.saddr), &fdinfo->ipv4_addr[4]);
|
||||
if (err != 0) {
|
||||
log_error(ctx, LOG_ERROR_READING_FD_ADDRESS, id, err, 0l);
|
||||
return 0;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
bpf_probe_read(&chunk->address_info, sizeof(chunk->address_info), &info->address_info);
|
||||
}
|
||||
|
||||
chunk->flags |= (fdinfo->flags & FLAGS_IS_CLIENT_BIT);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -104,7 +119,7 @@ static __always_inline void output_ssl_chunk(struct pt_regs *ctx, struct ssl_inf
|
||||
chunk->len = count_bytes;
|
||||
chunk->fd = info->fd;
|
||||
|
||||
if (!add_address_to_chunk(ctx, chunk, id, chunk->fd)) {
|
||||
if (!add_address_to_chunk(ctx, chunk, id, chunk->fd, info)) {
|
||||
// Without an address, we drop the chunk because there is not much to do with it in Go
|
||||
//
|
||||
return;
|
||||
|
||||
@ -7,9 +7,11 @@ Copyright (C) UP9 Inc.
|
||||
#ifndef __COMMON__
|
||||
#define __COMMON__
|
||||
|
||||
#define AF_INET 2 /* Internet IP Protocol */
|
||||
|
||||
const __s32 invalid_fd = -1;
|
||||
|
||||
static int add_address_to_chunk(struct pt_regs *ctx, struct tls_chunk* chunk, __u64 id, __u32 fd);
|
||||
static int add_address_to_chunk(struct pt_regs *ctx, struct tls_chunk* chunk, __u64 id, __u32 fd, struct ssl_info* info);
|
||||
static void send_chunk_part(struct pt_regs *ctx, __u8* buffer, __u64 id, struct tls_chunk* chunk, int start, int end);
|
||||
static void send_chunk(struct pt_regs *ctx, __u8* buffer, __u64 id, struct tls_chunk* chunk);
|
||||
static void output_ssl_chunk(struct pt_regs *ctx, struct ssl_info* info, int count_bytes, __u64 id, __u32 flags);
|
||||
|
||||
@ -15,6 +15,7 @@ Copyright (C) UP9 Inc.
|
||||
|
||||
#include "legacy_kernel.h"
|
||||
|
||||
#include <bpf/bpf_endian.h>
|
||||
#include <bpf/bpf_helpers.h>
|
||||
#include <bpf/bpf_tracing.h>
|
||||
#include <bpf/bpf_core_read.h>
|
||||
|
||||
@ -26,6 +26,11 @@ Copyright (C) UP9 Inc.
|
||||
#define LOG_ERROR_PUTTING_CONNECT_INFO (14)
|
||||
#define LOG_ERROR_GETTING_CONNECT_INFO (15)
|
||||
#define LOG_ERROR_READING_CONNECT_INFO (16)
|
||||
#define LOG_ERROR_READING_SOCKET_FAMILY (17)
|
||||
#define LOG_ERROR_READING_SOCKET_DADDR (18)
|
||||
#define LOG_ERROR_READING_SOCKET_SADDR (19)
|
||||
#define LOG_ERROR_READING_SOCKET_DPORT (20)
|
||||
#define LOG_ERROR_READING_SOCKET_SPORT (21)
|
||||
|
||||
// Sometimes we have the same error, happening from different locations.
|
||||
// in order to be able to distinct between them in the log, we add an
|
||||
|
||||
@ -24,6 +24,21 @@ Copyright (C) UP9 Inc.
|
||||
//
|
||||
// Be careful when editing, alignment and padding should be exactly the same in go/c.
|
||||
//
|
||||
|
||||
typedef enum {
|
||||
ADDRESS_INFO_MODE_UNDEFINED,
|
||||
ADDRESS_INFO_MODE_SINGLE,
|
||||
ADDRESS_INFO_MODE_PAIR,
|
||||
} address_info_mode;
|
||||
|
||||
struct address_info {
|
||||
address_info_mode mode;
|
||||
__be32 saddr;
|
||||
__be32 daddr;
|
||||
__be16 sport;
|
||||
__be16 dport;
|
||||
};
|
||||
|
||||
struct tls_chunk {
|
||||
__u32 pid;
|
||||
__u32 tgid;
|
||||
@ -32,7 +47,7 @@ struct tls_chunk {
|
||||
__u32 recorded;
|
||||
__u32 fd;
|
||||
__u32 flags;
|
||||
__u8 address[16];
|
||||
struct address_info address_info;
|
||||
__u8 data[CHUNK_SIZE]; // Must be N^2
|
||||
};
|
||||
|
||||
@ -41,6 +56,7 @@ struct ssl_info {
|
||||
__u32 buffer_len;
|
||||
__u32 fd;
|
||||
__u64 created_at_nano;
|
||||
struct address_info address_info;
|
||||
|
||||
// for ssl_write and ssl_read must be zero
|
||||
// for ssl_write_ex and ssl_read_ex save the *written/*readbytes pointer.
|
||||
|
||||
@ -42,6 +42,8 @@ static __always_inline int get_count_bytes(struct pt_regs *ctx, struct ssl_info*
|
||||
}
|
||||
|
||||
static __always_inline void ssl_uprobe(struct pt_regs *ctx, void* ssl, void* buffer, int num, struct bpf_map_def* map_fd, size_t *count_ptr) {
|
||||
long err;
|
||||
|
||||
__u64 id = bpf_get_current_pid_tgid();
|
||||
|
||||
if (!should_tap(id >> 32)) {
|
||||
@ -53,7 +55,7 @@ static __always_inline void ssl_uprobe(struct pt_regs *ctx, void* ssl, void* buf
|
||||
info.count_ptr = count_ptr;
|
||||
info.buffer = buffer;
|
||||
|
||||
long err = bpf_map_update_elem(map_fd, &id, &info, BPF_ANY);
|
||||
err = bpf_map_update_elem(map_fd, &id, &info, BPF_ANY);
|
||||
|
||||
if (err != 0) {
|
||||
log_error(ctx, LOG_ERROR_PUTTING_SSL_CONTEXT, id, err, 0l);
|
||||
@ -66,7 +68,7 @@ static __always_inline void ssl_uretprobe(struct pt_regs *ctx, struct bpf_map_de
|
||||
if (!should_tap(id >> 32)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
struct ssl_info *infoPtr = bpf_map_lookup_elem(map_fd, &id);
|
||||
|
||||
if (infoPtr == NULL) {
|
||||
@ -99,10 +101,10 @@ static __always_inline void ssl_uretprobe(struct pt_regs *ctx, struct bpf_map_de
|
||||
return;
|
||||
}
|
||||
|
||||
int count_bytes = get_count_bytes(ctx, &info, id);
|
||||
if (count_bytes <= 0) {
|
||||
return;
|
||||
}
|
||||
int count_bytes = get_count_bytes(ctx, &info, id);
|
||||
if (count_bytes <= 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
output_ssl_chunk(ctx, &info, count_bytes, id, flags);
|
||||
}
|
||||
|
||||
79
tap/tlstapper/bpf/tcp_kprobes.c
Normal file
79
tap/tlstapper/bpf/tcp_kprobes.c
Normal file
@ -0,0 +1,79 @@
|
||||
#include "include/headers.h"
|
||||
#include "include/maps.h"
|
||||
#include "include/log.h"
|
||||
#include "include/logger_messages.h"
|
||||
#include "include/pids.h"
|
||||
#include "include/common.h"
|
||||
|
||||
static __always_inline void tcp_kprobe(struct pt_regs *ctx, struct bpf_map_def *map_fd, _Bool is_send) {
|
||||
long err;
|
||||
|
||||
__u64 id = bpf_get_current_pid_tgid();
|
||||
__u32 pid = id >> 32;
|
||||
|
||||
if (!should_tap(id >> 32)) {
|
||||
return;
|
||||
}
|
||||
|
||||
struct ssl_info *info_ptr = bpf_map_lookup_elem(map_fd, &id);
|
||||
// Happens when the connection is not tls
|
||||
if (info_ptr == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
struct sock *sk = (struct sock *) PT_REGS_PARM1(ctx);
|
||||
|
||||
short unsigned int family;
|
||||
err = bpf_probe_read(&family, sizeof(family), (void *)&sk->__sk_common.skc_family);
|
||||
if (err != 0) {
|
||||
log_error(ctx, LOG_ERROR_READING_SOCKET_FAMILY, id, err, 0l);
|
||||
return;
|
||||
}
|
||||
if (family != AF_INET) {
|
||||
return;
|
||||
}
|
||||
|
||||
// daddr, saddr and dport are in network byte order (big endian)
|
||||
// sport is in host byte order
|
||||
__be32 saddr;
|
||||
__be32 daddr;
|
||||
__be16 dport;
|
||||
__u16 sport;
|
||||
|
||||
err = bpf_probe_read(&saddr, sizeof(saddr), (void *)&sk->__sk_common.skc_rcv_saddr);
|
||||
if (err != 0) {
|
||||
log_error(ctx, LOG_ERROR_READING_SOCKET_SADDR, id, err, 0l);
|
||||
return;
|
||||
}
|
||||
err = bpf_probe_read(&daddr, sizeof(daddr), (void *)&sk->__sk_common.skc_daddr);
|
||||
if (err != 0) {
|
||||
log_error(ctx, LOG_ERROR_READING_SOCKET_DADDR, id, err, 0l);
|
||||
return;
|
||||
}
|
||||
err = bpf_probe_read(&dport, sizeof(dport), (void *)&sk->__sk_common.skc_dport);
|
||||
if (err != 0) {
|
||||
log_error(ctx, LOG_ERROR_READING_SOCKET_DPORT, id, err, 0l);
|
||||
return;
|
||||
}
|
||||
err = bpf_probe_read(&sport, sizeof(sport), (void *)&sk->__sk_common.skc_num);
|
||||
if (err != 0) {
|
||||
log_error(ctx, LOG_ERROR_READING_SOCKET_SPORT, id, err, 0l);
|
||||
return;
|
||||
}
|
||||
|
||||
info_ptr->address_info.mode = ADDRESS_INFO_MODE_PAIR;
|
||||
info_ptr->address_info.daddr = daddr;
|
||||
info_ptr->address_info.saddr = saddr;
|
||||
info_ptr->address_info.dport = dport;
|
||||
info_ptr->address_info.sport = bpf_htons(sport);
|
||||
}
|
||||
|
||||
SEC("kprobe/tcp_sendmsg")
|
||||
void BPF_KPROBE(tcp_sendmsg) {
|
||||
tcp_kprobe(ctx, &openssl_write_context, true);
|
||||
}
|
||||
|
||||
SEC("kprobe/tcp_recvmsg")
|
||||
void BPF_KPROBE(tcp_recvmsg) {
|
||||
tcp_kprobe(ctx, &openssl_read_context, false);
|
||||
}
|
||||
@ -15,6 +15,7 @@ Copyright (C) UP9 Inc.
|
||||
//
|
||||
#include "common.c"
|
||||
#include "openssl_uprobes.c"
|
||||
#include "tcp_kprobes.c"
|
||||
#include "go_uprobes.c"
|
||||
#include "fd_tracepoints.c"
|
||||
#include "fd_to_address_tracepoints.c"
|
||||
|
||||
@ -20,4 +20,9 @@ var bpfLogMessages = []string{
|
||||
/*0014*/ "[%d] Unable to put connect info [err: %d]",
|
||||
/*0015*/ "[%d] Unable to get connect info",
|
||||
/*0016*/ "[%d] Unable to read connect info [err: %d]",
|
||||
/*0017*/ "[%d] Unable to read socket family [err: %d]",
|
||||
/*0018*/ "[%d] Unable to read socket daddr [err: %d]",
|
||||
/*0019*/ "[%d] Unable to read socket saddr [err: %d]",
|
||||
/*0019*/ "[%d] Unable to read socket dport [err: %d]",
|
||||
/*0021*/ "[%d] Unable to read socket sport [err: %d]",
|
||||
}
|
||||
|
||||
@ -1,38 +1,33 @@
|
||||
package tlstapper
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/binary"
|
||||
"net"
|
||||
"unsafe"
|
||||
|
||||
"github.com/go-errors/errors"
|
||||
"github.com/up9inc/mizu/tap/api"
|
||||
)
|
||||
|
||||
const FlagsIsClientBit uint32 = 1 << 0
|
||||
const FlagsIsReadBit uint32 = 1 << 1
|
||||
const (
|
||||
addressInfoModeUndefined = iota
|
||||
addressInfoModeSingle
|
||||
addressInfoModePair
|
||||
)
|
||||
|
||||
func (c *tlsTapperTlsChunk) getAddress() (net.IP, uint16, error) {
|
||||
address := bytes.NewReader(c.Address[:])
|
||||
var family uint16
|
||||
var port uint16
|
||||
var ip32 uint32
|
||||
func (c *tlsTapperTlsChunk) getSrcAddress() (net.IP, uint16) {
|
||||
ip := intToIP(c.AddressInfo.Saddr)
|
||||
port := ntohs(c.AddressInfo.Sport)
|
||||
|
||||
if err := binary.Read(address, binary.BigEndian, &family); err != nil {
|
||||
return nil, 0, errors.Wrap(err, 0)
|
||||
}
|
||||
return ip, port
|
||||
}
|
||||
|
||||
if err := binary.Read(address, binary.BigEndian, &port); err != nil {
|
||||
return nil, 0, errors.Wrap(err, 0)
|
||||
}
|
||||
func (c *tlsTapperTlsChunk) getDstAddress() (net.IP, uint16) {
|
||||
ip := intToIP(c.AddressInfo.Daddr)
|
||||
port := ntohs(c.AddressInfo.Dport)
|
||||
|
||||
if err := binary.Read(address, binary.BigEndian, &ip32); err != nil {
|
||||
return nil, 0, errors.Wrap(err, 0)
|
||||
}
|
||||
|
||||
ip := net.IP{uint8(ip32 >> 24), uint8(ip32 >> 16), uint8(ip32 >> 8), uint8(ip32)}
|
||||
|
||||
return ip, port, nil
|
||||
return ip, port
|
||||
}
|
||||
|
||||
func (c *tlsTapperTlsChunk) isClient() bool {
|
||||
@ -59,26 +54,54 @@ func (c *tlsTapperTlsChunk) isRequest() bool {
|
||||
return (c.isClient() && c.isWrite()) || (c.isServer() && c.isRead())
|
||||
}
|
||||
|
||||
func (c *tlsTapperTlsChunk) getAddressPair() (addressPair, error) {
|
||||
ip, port, err := c.getAddress()
|
||||
func (c *tlsTapperTlsChunk) getAddressPair() (addressPair, bool) {
|
||||
var (
|
||||
srcIp, dstIp net.IP
|
||||
srcPort, dstPort uint16
|
||||
full bool
|
||||
)
|
||||
|
||||
if err != nil {
|
||||
return addressPair{}, err
|
||||
switch c.AddressInfo.Mode {
|
||||
case addressInfoModeSingle:
|
||||
if c.isRequest() {
|
||||
srcIp, srcPort = api.UnknownIp, api.UnknownPort
|
||||
dstIp, dstPort = c.getSrcAddress()
|
||||
} else {
|
||||
srcIp, srcPort = c.getSrcAddress()
|
||||
dstIp, dstPort = api.UnknownIp, api.UnknownPort
|
||||
}
|
||||
full = false
|
||||
case addressInfoModePair:
|
||||
if c.isRequest() {
|
||||
srcIp, srcPort = c.getSrcAddress()
|
||||
dstIp, dstPort = c.getDstAddress()
|
||||
} else {
|
||||
srcIp, srcPort = c.getDstAddress()
|
||||
dstIp, dstPort = c.getSrcAddress()
|
||||
}
|
||||
full = true
|
||||
case addressInfoModeUndefined:
|
||||
srcIp, srcPort = api.UnknownIp, api.UnknownPort
|
||||
dstIp, dstPort = api.UnknownIp, api.UnknownPort
|
||||
full = false
|
||||
}
|
||||
|
||||
if c.isRequest() {
|
||||
return addressPair{
|
||||
srcIp: api.UnknownIp,
|
||||
srcPort: api.UnknownPort,
|
||||
dstIp: ip,
|
||||
dstPort: port,
|
||||
}, nil
|
||||
} else {
|
||||
return addressPair{
|
||||
srcIp: ip,
|
||||
srcPort: port,
|
||||
dstIp: api.UnknownIp,
|
||||
dstPort: api.UnknownPort,
|
||||
}, nil
|
||||
}
|
||||
return addressPair{
|
||||
srcIp: srcIp,
|
||||
srcPort: srcPort,
|
||||
dstIp: dstIp,
|
||||
dstPort: dstPort,
|
||||
}, full
|
||||
}
|
||||
|
||||
// intToIP converts IPv4 number to net.IP
|
||||
func intToIP(ip32be uint32) net.IP {
|
||||
return net.IPv4(uint8(ip32be), uint8(ip32be>>8), uint8(ip32be>>16), uint8(ip32be>>24))
|
||||
}
|
||||
|
||||
// ntohs converts big endian (network byte order) to little endian (assuming that's the host byte order)
|
||||
func ntohs(i16be uint16) uint16 {
|
||||
b := make([]byte, 2)
|
||||
binary.BigEndian.PutUint16(b, i16be)
|
||||
return *(*uint16)(unsafe.Pointer(&b[0]))
|
||||
}
|
||||
|
||||
@ -14,6 +14,8 @@ type sslHooks struct {
|
||||
sslWriteExRetProbe link.Link
|
||||
sslReadExProbe link.Link
|
||||
sslReadExRetProbe link.Link
|
||||
tcpSendmsg link.Link
|
||||
tcpRecvmsg link.Link
|
||||
}
|
||||
|
||||
func (s *sslHooks) installUprobes(bpfObjects *tlsTapperObjects, sslLibraryPath string) error {
|
||||
@ -103,6 +105,16 @@ func (s *sslHooks) installSslHooks(bpfObjects *tlsTapperObjects, sslLibrary *lin
|
||||
}
|
||||
}
|
||||
|
||||
s.tcpSendmsg, err = link.Kprobe("tcp_sendmsg", bpfObjects.TcpSendmsg, nil)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, 0)
|
||||
}
|
||||
|
||||
s.tcpRecvmsg, err = link.Kprobe("tcp_recvmsg", bpfObjects.TcpRecvmsg, nil)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, 0)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -149,5 +161,17 @@ func (s *sslHooks) close() []error {
|
||||
}
|
||||
}
|
||||
|
||||
if s.tcpSendmsg != nil {
|
||||
if err := s.tcpSendmsg.Close(); err != nil {
|
||||
returnValue = append(returnValue, err)
|
||||
}
|
||||
}
|
||||
|
||||
if s.tcpRecvmsg != nil {
|
||||
if err := s.tcpRecvmsg.Close(); err != nil {
|
||||
returnValue = append(returnValue, err)
|
||||
}
|
||||
}
|
||||
|
||||
return returnValue
|
||||
}
|
||||
|
||||
@ -134,14 +134,9 @@ func (p *tlsPoller) pollChunksPerfBuffer(chunks chan<- *tlsTapperTlsChunk) {
|
||||
|
||||
func (p *tlsPoller) handleTlsChunk(chunk *tlsTapperTlsChunk, extension *api.Extension, emitter api.Emitter,
|
||||
options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) error {
|
||||
address, err := p.getSockfdAddressPair(chunk)
|
||||
|
||||
address, err := p.getAddressPair(chunk)
|
||||
if err != nil {
|
||||
address, err = chunk.getAddressPair()
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
key := buildTlsKey(address)
|
||||
@ -161,6 +156,22 @@ func (p *tlsPoller) handleTlsChunk(chunk *tlsTapperTlsChunk, extension *api.Exte
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *tlsPoller) getAddressPair(chunk *tlsTapperTlsChunk) (addressPair, error) {
|
||||
addrPairFromChunk, full := chunk.getAddressPair()
|
||||
if full {
|
||||
return addrPairFromChunk, nil
|
||||
}
|
||||
|
||||
addrPairFromSockfd, err := p.getSockfdAddressPair(chunk)
|
||||
if err == nil {
|
||||
return addrPairFromSockfd, nil
|
||||
} else {
|
||||
logger.Log.Error("failed to get address from sock fd:", err)
|
||||
}
|
||||
|
||||
return addrPairFromChunk, err
|
||||
}
|
||||
|
||||
func (p *tlsPoller) startNewTlsReader(chunk *tlsTapperTlsChunk, address *addressPair, key string,
|
||||
emitter api.Emitter, extension *api.Extension, options *api.TrafficFilteringOptions,
|
||||
streamsMap api.TcpStreamMap) *tlsReader {
|
||||
|
||||
@ -19,15 +19,21 @@ type tlsTapper46GoidOffsets struct {
|
||||
}
|
||||
|
||||
type tlsTapper46TlsChunk struct {
|
||||
Pid uint32
|
||||
Tgid uint32
|
||||
Len uint32
|
||||
Start uint32
|
||||
Recorded uint32
|
||||
Fd uint32
|
||||
Flags uint32
|
||||
Address [16]uint8
|
||||
Data [4096]uint8
|
||||
Pid uint32
|
||||
Tgid uint32
|
||||
Len uint32
|
||||
Start uint32
|
||||
Recorded uint32
|
||||
Fd uint32
|
||||
Flags uint32
|
||||
AddressInfo struct {
|
||||
Mode int32
|
||||
Saddr uint32
|
||||
Daddr uint32
|
||||
Sport uint16
|
||||
Dport uint16
|
||||
}
|
||||
Data [4096]uint8
|
||||
}
|
||||
|
||||
// loadTlsTapper46 returns the embedded CollectionSpec for tlsTapper46.
|
||||
@ -93,6 +99,8 @@ type tlsTapper46ProgramSpecs struct {
|
||||
SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"`
|
||||
TcpRecvmsg *ebpf.ProgramSpec `ebpf:"tcp_recvmsg"`
|
||||
TcpSendmsg *ebpf.ProgramSpec `ebpf:"tcp_sendmsg"`
|
||||
}
|
||||
|
||||
// tlsTapper46MapSpecs contains maps before they are loaded into the kernel.
|
||||
@ -189,6 +197,8 @@ type tlsTapper46Programs struct {
|
||||
SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"`
|
||||
TcpRecvmsg *ebpf.Program `ebpf:"tcp_recvmsg"`
|
||||
TcpSendmsg *ebpf.Program `ebpf:"tcp_sendmsg"`
|
||||
}
|
||||
|
||||
func (p *tlsTapper46Programs) Close() error {
|
||||
@ -215,6 +225,8 @@ func (p *tlsTapper46Programs) Close() error {
|
||||
p.SysEnterWrite,
|
||||
p.SysExitAccept4,
|
||||
p.SysExitConnect,
|
||||
p.TcpRecvmsg,
|
||||
p.TcpSendmsg,
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
Binary file not shown.
@ -19,15 +19,21 @@ type tlsTapper46GoidOffsets struct {
|
||||
}
|
||||
|
||||
type tlsTapper46TlsChunk struct {
|
||||
Pid uint32
|
||||
Tgid uint32
|
||||
Len uint32
|
||||
Start uint32
|
||||
Recorded uint32
|
||||
Fd uint32
|
||||
Flags uint32
|
||||
Address [16]uint8
|
||||
Data [4096]uint8
|
||||
Pid uint32
|
||||
Tgid uint32
|
||||
Len uint32
|
||||
Start uint32
|
||||
Recorded uint32
|
||||
Fd uint32
|
||||
Flags uint32
|
||||
AddressInfo struct {
|
||||
Mode int32
|
||||
Saddr uint32
|
||||
Daddr uint32
|
||||
Sport uint16
|
||||
Dport uint16
|
||||
}
|
||||
Data [4096]uint8
|
||||
}
|
||||
|
||||
// loadTlsTapper46 returns the embedded CollectionSpec for tlsTapper46.
|
||||
@ -93,6 +99,8 @@ type tlsTapper46ProgramSpecs struct {
|
||||
SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"`
|
||||
TcpRecvmsg *ebpf.ProgramSpec `ebpf:"tcp_recvmsg"`
|
||||
TcpSendmsg *ebpf.ProgramSpec `ebpf:"tcp_sendmsg"`
|
||||
}
|
||||
|
||||
// tlsTapper46MapSpecs contains maps before they are loaded into the kernel.
|
||||
@ -189,6 +197,8 @@ type tlsTapper46Programs struct {
|
||||
SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"`
|
||||
TcpRecvmsg *ebpf.Program `ebpf:"tcp_recvmsg"`
|
||||
TcpSendmsg *ebpf.Program `ebpf:"tcp_sendmsg"`
|
||||
}
|
||||
|
||||
func (p *tlsTapper46Programs) Close() error {
|
||||
@ -215,6 +225,8 @@ func (p *tlsTapper46Programs) Close() error {
|
||||
p.SysEnterWrite,
|
||||
p.SysExitAccept4,
|
||||
p.SysExitConnect,
|
||||
p.TcpRecvmsg,
|
||||
p.TcpSendmsg,
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
Binary file not shown.
@ -19,15 +19,21 @@ type tlsTapperGoidOffsets struct {
|
||||
}
|
||||
|
||||
type tlsTapperTlsChunk struct {
|
||||
Pid uint32
|
||||
Tgid uint32
|
||||
Len uint32
|
||||
Start uint32
|
||||
Recorded uint32
|
||||
Fd uint32
|
||||
Flags uint32
|
||||
Address [16]uint8
|
||||
Data [4096]uint8
|
||||
Pid uint32
|
||||
Tgid uint32
|
||||
Len uint32
|
||||
Start uint32
|
||||
Recorded uint32
|
||||
Fd uint32
|
||||
Flags uint32
|
||||
AddressInfo struct {
|
||||
Mode int32
|
||||
Saddr uint32
|
||||
Daddr uint32
|
||||
Sport uint16
|
||||
Dport uint16
|
||||
}
|
||||
Data [4096]uint8
|
||||
}
|
||||
|
||||
// loadTlsTapper returns the embedded CollectionSpec for tlsTapper.
|
||||
@ -93,6 +99,8 @@ type tlsTapperProgramSpecs struct {
|
||||
SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"`
|
||||
TcpRecvmsg *ebpf.ProgramSpec `ebpf:"tcp_recvmsg"`
|
||||
TcpSendmsg *ebpf.ProgramSpec `ebpf:"tcp_sendmsg"`
|
||||
}
|
||||
|
||||
// tlsTapperMapSpecs contains maps before they are loaded into the kernel.
|
||||
@ -189,6 +197,8 @@ type tlsTapperPrograms struct {
|
||||
SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"`
|
||||
TcpRecvmsg *ebpf.Program `ebpf:"tcp_recvmsg"`
|
||||
TcpSendmsg *ebpf.Program `ebpf:"tcp_sendmsg"`
|
||||
}
|
||||
|
||||
func (p *tlsTapperPrograms) Close() error {
|
||||
@ -215,6 +225,8 @@ func (p *tlsTapperPrograms) Close() error {
|
||||
p.SysEnterWrite,
|
||||
p.SysExitAccept4,
|
||||
p.SysExitConnect,
|
||||
p.TcpRecvmsg,
|
||||
p.TcpSendmsg,
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
Binary file not shown.
@ -19,15 +19,21 @@ type tlsTapperGoidOffsets struct {
|
||||
}
|
||||
|
||||
type tlsTapperTlsChunk struct {
|
||||
Pid uint32
|
||||
Tgid uint32
|
||||
Len uint32
|
||||
Start uint32
|
||||
Recorded uint32
|
||||
Fd uint32
|
||||
Flags uint32
|
||||
Address [16]uint8
|
||||
Data [4096]uint8
|
||||
Pid uint32
|
||||
Tgid uint32
|
||||
Len uint32
|
||||
Start uint32
|
||||
Recorded uint32
|
||||
Fd uint32
|
||||
Flags uint32
|
||||
AddressInfo struct {
|
||||
Mode int32
|
||||
Saddr uint32
|
||||
Daddr uint32
|
||||
Sport uint16
|
||||
Dport uint16
|
||||
}
|
||||
Data [4096]uint8
|
||||
}
|
||||
|
||||
// loadTlsTapper returns the embedded CollectionSpec for tlsTapper.
|
||||
@ -93,6 +99,8 @@ type tlsTapperProgramSpecs struct {
|
||||
SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"`
|
||||
TcpRecvmsg *ebpf.ProgramSpec `ebpf:"tcp_recvmsg"`
|
||||
TcpSendmsg *ebpf.ProgramSpec `ebpf:"tcp_sendmsg"`
|
||||
}
|
||||
|
||||
// tlsTapperMapSpecs contains maps before they are loaded into the kernel.
|
||||
@ -189,6 +197,8 @@ type tlsTapperPrograms struct {
|
||||
SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"`
|
||||
TcpRecvmsg *ebpf.Program `ebpf:"tcp_recvmsg"`
|
||||
TcpSendmsg *ebpf.Program `ebpf:"tcp_sendmsg"`
|
||||
}
|
||||
|
||||
func (p *tlsTapperPrograms) Close() error {
|
||||
@ -215,6 +225,8 @@ func (p *tlsTapperPrograms) Close() error {
|
||||
p.SysEnterWrite,
|
||||
p.SysExitAccept4,
|
||||
p.SysExitConnect,
|
||||
p.TcpRecvmsg,
|
||||
p.TcpSendmsg,
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
Binary file not shown.
Loading…
Reference in New Issue
Block a user