From a2c83c6040a6c26b9f005dc8e3cec46764956494 Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Mon, 20 Jun 2022 14:13:45 +0300 Subject: [PATCH] Determine the endianness on runtime if it's possible in Go (default little-endian) #run_acceptance_tests --- tap/passive_tapper.go | 25 +++++++++++++++++++++++-- tap/tlstapper/bpf_logger.go | 4 ++-- tap/tlstapper/tls_poller.go | 8 ++++---- tap/tlstapper/tls_tapper.go | 9 +++++---- 4 files changed, 34 insertions(+), 12 deletions(-) diff --git a/tap/passive_tapper.go b/tap/passive_tapper.go index b62ce3b40..24fed4ee0 100644 --- a/tap/passive_tapper.go +++ b/tap/passive_tapper.go @@ -9,6 +9,7 @@ package tap import ( + "encoding/binary" "encoding/json" "flag" "fmt" @@ -17,6 +18,7 @@ import ( "strconv" "strings" "time" + "unsafe" "github.com/shirou/gopsutil/cpu" "github.com/struCoder/pidusage" @@ -298,8 +300,10 @@ func startTlsTapper(extension *api.Extension, outputItems chan *api.OutputChanne OutputChannel: outputItems, } - go tls.PollForLogging() - go tls.Poll(emitter, options, streamsMap) + byteOrder := getByteOrder() + + go tls.PollForLogging(byteOrder) + go tls.Poll(byteOrder, emitter, options, streamsMap) return &tls } @@ -319,3 +323,20 @@ func buildIgnoredPortsList(ignoredPorts string) []uint16 { return result } + +func getByteOrder() (byteOrder binary.ByteOrder) { + buf := [2]byte{} + *(*uint16)(unsafe.Pointer(&buf[0])) = uint16(0xABCD) + + switch buf { + case [2]byte{0xCD, 0xAB}: + byteOrder = binary.LittleEndian + case [2]byte{0xAB, 0xCD}: + byteOrder = binary.BigEndian + default: + logger.Log.Warning("Could not determine native endianness. Defaulting to little-endian") + byteOrder = binary.LittleEndian + } + + return +} diff --git a/tap/tlstapper/bpf_logger.go b/tap/tlstapper/bpf_logger.go index 1cb1da48a..40b0dd94b 100644 --- a/tap/tlstapper/bpf_logger.go +++ b/tap/tlstapper/bpf_logger.go @@ -52,7 +52,7 @@ func (p *bpfLogger) close() error { return p.logReader.Close() } -func (p *bpfLogger) poll() { +func (p *bpfLogger) poll(byteOrder binary.ByteOrder) { logger.Log.Infof("Start polling for bpf logs") for { @@ -76,7 +76,7 @@ func (p *bpfLogger) poll() { var log logMessage - if err := binary.Read(buffer, binary.LittleEndian, &log); err != nil { + if err := binary.Read(buffer, byteOrder, &log); err != nil { LogError(errors.Errorf("Error parsing log %v", err)) continue } diff --git a/tap/tlstapper/tls_poller.go b/tap/tlstapper/tls_poller.go index c0dddf9a4..9c450239a 100644 --- a/tap/tlstapper/tls_poller.go +++ b/tap/tlstapper/tls_poller.go @@ -75,11 +75,11 @@ func (p *tlsPoller) close() error { return p.chunksReader.Close() } -func (p *tlsPoller) poll(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { +func (p *tlsPoller) poll(byteOrder binary.ByteOrder, emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { // tlsTapperTlsChunk is generated by bpf2go. chunks := make(chan *tlsTapperTlsChunk) - go p.pollChunksPerfBuffer(chunks) + go p.pollChunksPerfBuffer(byteOrder, chunks) for { select { @@ -97,7 +97,7 @@ func (p *tlsPoller) poll(emitter api.Emitter, options *api.TrafficFilteringOptio } } -func (p *tlsPoller) pollChunksPerfBuffer(chunks chan<- *tlsTapperTlsChunk) { +func (p *tlsPoller) pollChunksPerfBuffer(byteOrder binary.ByteOrder, chunks chan<- *tlsTapperTlsChunk) { logger.Log.Infof("Start polling for tls events") for { @@ -123,7 +123,7 @@ func (p *tlsPoller) pollChunksPerfBuffer(chunks chan<- *tlsTapperTlsChunk) { var chunk tlsTapperTlsChunk - if err := binary.Read(buffer, binary.LittleEndian, &chunk); err != nil { + if err := binary.Read(buffer, byteOrder, &chunk); err != nil { LogError(errors.Errorf("Error parsing chunk %v", err)) continue } diff --git a/tap/tlstapper/tls_tapper.go b/tap/tlstapper/tls_tapper.go index 578e28f36..a311e1f68 100644 --- a/tap/tlstapper/tls_tapper.go +++ b/tap/tlstapper/tls_tapper.go @@ -1,6 +1,7 @@ package tlstapper import ( + "encoding/binary" "strconv" "sync" @@ -58,12 +59,12 @@ func (t *TlsTapper) Init(chunksBufferSize int, logBufferSize int, procfs string, return t.poller.init(&t.bpfObjects, chunksBufferSize) } -func (t *TlsTapper) Poll(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { - t.poller.poll(emitter, options, streamsMap) +func (t *TlsTapper) Poll(byteOrder binary.ByteOrder, emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { + t.poller.poll(byteOrder, emitter, options, streamsMap) } -func (t *TlsTapper) PollForLogging() { - t.bpfLogger.poll() +func (t *TlsTapper) PollForLogging(byteOrder binary.ByteOrder) { + t.bpfLogger.poll(byteOrder) } func (t *TlsTapper) GlobalSsllibTap(sslLibrary string) error {