diff --git a/tap/passive_tapper.go b/tap/passive_tapper.go index 1aa7a620d..b62ce3b40 100644 --- a/tap/passive_tapper.go +++ b/tap/passive_tapper.go @@ -287,7 +287,7 @@ func startTlsTapper(extension *api.Extension, outputItems chan *api.OutputChanne // A quick way to instrument Go `crypto/tls` without PID filtering - used for debuging and troubleshooting // if os.Getenv("MIZU_GLOBAL_GOLANG_PID") != "" { - if err := tls.GlobalGolangTap(*procfs, os.Getenv("MIZU_GLOBAL_GOLANG_PID")); err != nil { + if err := tls.GlobalGoTap(*procfs, os.Getenv("MIZU_GLOBAL_GOLANG_PID")); err != nil { tlstapper.LogError(err) return nil } diff --git a/tap/tlstapper/bpf/golang_uprobes.c b/tap/tlstapper/bpf/go_uprobes.c similarity index 90% rename from tap/tlstapper/bpf/golang_uprobes.c rename to tap/tlstapper/bpf/go_uprobes.c index e526c49a7..bc7a83bcf 100644 --- a/tap/tlstapper/bpf/golang_uprobes.c +++ b/tap/tlstapper/bpf/go_uprobes.c @@ -8,7 +8,7 @@ Copyright (C) UP9 Inc. README -Golang does not follow any platform ABI like x86-64 ABI. +Go does not follow any platform ABI like x86-64 ABI. Before 1.17, Go followed stack-based Plan9 (Bell Labs) calling convention. After 1.17, Go switched to an internal register-based calling convention. (Go internal ABI) The probes in this file supports Go 1.17+ @@ -22,7 +22,7 @@ Therefore `uretprobe` CAN'T BE USED for a Go program. `_ex_uprobe` suffixed probes suppose to be `uretprobe`(s) are actually `uprobe`(s) because of the non-standard ABI of Go. Therefore we probe `ret` mnemonics under the symbol by automatically finding them through reading the ELF binary and disassembling the symbols. -Disassembly related code located in `golang_offsets.go` file. +Disassembly related code located in `go_offsets.go` file. Example: We probe an arbitrary point in a function body (offset +559): https://github.com/golang/go/blob/go1.17.6/src/crypto/tls/conn.go#L1296 @@ -73,8 +73,8 @@ static __always_inline __u32 get_fd_from_tcp_conn(struct pt_regs *ctx) { return fd; } -SEC("uprobe/golang_crypto_tls_write") -static int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) { +SEC("uprobe/go_crypto_tls_write") +static int go_crypto_tls_write_uprobe(struct pt_regs *ctx) { __u64 pid_tgid = bpf_get_current_pid_tgid(); __u64 pid = pid_tgid >> 32; if (!should_tap(pid)) { @@ -97,8 +97,8 @@ static int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) { return 0; } -SEC("uprobe/golang_crypto_tls_write_ex") -static int golang_crypto_tls_write_ex_uprobe(struct pt_regs *ctx) { +SEC("uprobe/go_crypto_tls_write_ex") +static int go_crypto_tls_write_ex_uprobe(struct pt_regs *ctx) { __u64 pid_tgid = bpf_get_current_pid_tgid(); __u64 pid = pid_tgid >> 32; if (!should_tap(pid)) { @@ -125,8 +125,8 @@ static int golang_crypto_tls_write_ex_uprobe(struct pt_regs *ctx) { return 0; } -SEC("uprobe/golang_crypto_tls_read") -static int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) { +SEC("uprobe/go_crypto_tls_read") +static int go_crypto_tls_read_uprobe(struct pt_regs *ctx) { __u64 pid_tgid = bpf_get_current_pid_tgid(); __u64 pid = pid_tgid >> 32; if (!should_tap(pid)) { @@ -149,8 +149,8 @@ static int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) { return 0; } -SEC("uprobe/golang_crypto_tls_read_ex") -static int golang_crypto_tls_read_ex_uprobe(struct pt_regs *ctx) { +SEC("uprobe/go_crypto_tls_read_ex") +static int go_crypto_tls_read_ex_uprobe(struct pt_regs *ctx) { __u64 pid_tgid = bpf_get_current_pid_tgid(); __u64 pid = pid_tgid >> 32; if (!should_tap(pid)) { diff --git a/tap/tlstapper/bpf/include/go_abi_internal.h b/tap/tlstapper/bpf/include/go_abi_internal.h index 5303ea751..368b32679 100644 --- a/tap/tlstapper/bpf/include/go_abi_internal.h +++ b/tap/tlstapper/bpf/include/go_abi_internal.h @@ -4,8 +4,8 @@ SPDX-License-Identifier: GPL-2.0 Copyright (C) UP9 Inc. */ -#ifndef __GOLANG_ABI_INTERNAL__ -#define __GOLANG_ABI_INTERNAL__ +#ifndef __GO_ABI_INTERNAL__ +#define __GO_ABI_INTERNAL__ /* Go internal ABI specification @@ -138,4 +138,4 @@ https://github.com/golang/go/blob/go1.17.6/src/cmd/compile/internal/ssa/gen/PPC6 #endif -#endif /* __GOLANG_ABI_INTERNAL__ */ +#endif /* __GO_ABI_INTERNAL__ */ diff --git a/tap/tlstapper/bpf/include/go_types.h b/tap/tlstapper/bpf/include/go_types.h index 4eca1ed2a..b6cd1b78b 100644 --- a/tap/tlstapper/bpf/include/go_types.h +++ b/tap/tlstapper/bpf/include/go_types.h @@ -4,12 +4,12 @@ SPDX-License-Identifier: GPL-2.0 Copyright (C) UP9 Inc. */ -#ifndef __GOLANG_TYPES__ -#define __GOLANG_TYPES__ +#ifndef __GO_TYPES__ +#define __GO_TYPES__ struct go_interface { int64_t type; void* ptr; }; -#endif /* __GOLANG_TYPES__ */ +#endif /* __GO_TYPES__ */ diff --git a/tap/tlstapper/bpf/include/logger_messages.h b/tap/tlstapper/bpf/include/logger_messages.h index d581c25f7..e48a65786 100644 --- a/tap/tlstapper/bpf/include/logger_messages.h +++ b/tap/tlstapper/bpf/include/logger_messages.h @@ -26,7 +26,7 @@ Copyright (C) UP9 Inc. #define LOG_ERROR_PUTTING_CONNECT_INFO (14) #define LOG_ERROR_GETTING_CONNECT_INFO (15) #define LOG_ERROR_READING_CONNECT_INFO (16) -#define LOG_ERROR_GOLANG_READ_READING_DATA_POINTER (17) +#define LOG_ERROR_GO_READ_READING_DATA_POINTER (17) // Sometimes we have the same error, happening from different locations. // in order to be able to distinct between them in the log, we add an diff --git a/tap/tlstapper/bpf/tls_tapper.c b/tap/tlstapper/bpf/tls_tapper.c index 5bda416fb..e5388b9f8 100644 --- a/tap/tlstapper/bpf/tls_tapper.c +++ b/tap/tlstapper/bpf/tls_tapper.c @@ -15,7 +15,7 @@ Copyright (C) UP9 Inc. // #include "common.c" #include "openssl_uprobes.c" -#include "golang_uprobes.c" +#include "go_uprobes.c" #include "fd_tracepoints.c" #include "fd_to_address_tracepoints.c" diff --git a/tap/tlstapper/bpf_logger_messages.go b/tap/tlstapper/bpf_logger_messages.go index 6ab5ea509..460ecef26 100644 --- a/tap/tlstapper/bpf_logger_messages.go +++ b/tap/tlstapper/bpf_logger_messages.go @@ -20,5 +20,5 @@ var bpfLogMessages = []string{ /*0014*/ "[%d] Unable to put connect info [err: %d]", /*0015*/ "[%d] Unable to get connect info", /*0016*/ "[%d] Unable to read connect info [err: %d]", - /*0017*/ "[%d] Golang read unable to read data pointer [err: %d]", + /*0017*/ "[%d] Go read unable to read data pointer [err: %d]", } diff --git a/tap/tlstapper/go_hooks.go b/tap/tlstapper/go_hooks.go new file mode 100644 index 000000000..57881f81f --- /dev/null +++ b/tap/tlstapper/go_hooks.go @@ -0,0 +1,105 @@ +package tlstapper + +import ( + "github.com/cilium/ebpf/link" + "github.com/go-errors/errors" +) + +type goHooks struct { + goWriteProbe link.Link + goWriteExProbes []link.Link + goReadProbe link.Link + goReadExProbes []link.Link +} + +func (s *goHooks) installUprobes(bpfObjects *tlsTapperObjects, filePath string) error { + ex, err := link.OpenExecutable(filePath) + + if err != nil { + return errors.Wrap(err, 0) + } + + offsets, err := findGoOffsets(filePath) + + if err != nil { + return errors.Wrap(err, 0) + } + + return s.installHooks(bpfObjects, ex, offsets) +} + +func (s *goHooks) installHooks(bpfObjects *tlsTapperObjects, ex *link.Executable, offsets goOffsets) error { + var err error + + // Symbol points to + // [`crypto/tls.(*Conn).Write`](https://github.com/golang/go/blob/go1.17.6/src/crypto/tls/conn.go#L1099) + s.goWriteProbe, err = ex.Uprobe(goWriteSymbol, bpfObjects.GoCryptoTlsWriteUprobe, &link.UprobeOptions{ + Offset: offsets.GoWriteOffset.enter, + }) + + if err != nil { + return errors.Wrap(err, 0) + } + + for _, offset := range offsets.GoWriteOffset.exits { + probe, err := ex.Uprobe(goWriteSymbol, bpfObjects.GoCryptoTlsWriteExUprobe, &link.UprobeOptions{ + Offset: offset, + }) + + if err != nil { + return errors.Wrap(err, 0) + } + + s.goWriteExProbes = append(s.goWriteExProbes, probe) + } + + // Symbol points to + // [`crypto/tls.(*Conn).Read`](https://github.com/golang/go/blob/go1.17.6/src/crypto/tls/conn.go#L1263) + s.goReadProbe, err = ex.Uprobe(goReadSymbol, bpfObjects.GoCryptoTlsReadUprobe, &link.UprobeOptions{ + Offset: offsets.GoReadOffset.enter, + }) + + if err != nil { + return errors.Wrap(err, 0) + } + + for _, offset := range offsets.GoReadOffset.exits { + probe, err := ex.Uprobe(goReadSymbol, bpfObjects.GoCryptoTlsReadExUprobe, &link.UprobeOptions{ + Offset: offset, + }) + + if err != nil { + return errors.Wrap(err, 0) + } + + s.goReadExProbes = append(s.goReadExProbes, probe) + } + + return nil +} + +func (s *goHooks) close() []error { + errors := make([]error, 0) + + if err := s.goWriteProbe.Close(); err != nil { + errors = append(errors, err) + } + + for _, probe := range s.goWriteExProbes { + if err := probe.Close(); err != nil { + errors = append(errors, err) + } + } + + if err := s.goReadProbe.Close(); err != nil { + errors = append(errors, err) + } + + for _, probe := range s.goReadExProbes { + if err := probe.Close(); err != nil { + errors = append(errors, err) + } + } + + return errors +} diff --git a/tap/tlstapper/golang_offsets.go b/tap/tlstapper/go_offsets.go similarity index 70% rename from tap/tlstapper/golang_offsets.go rename to tap/tlstapper/go_offsets.go index 9b5835e95..2a202382f 100644 --- a/tap/tlstapper/golang_offsets.go +++ b/tap/tlstapper/go_offsets.go @@ -11,60 +11,60 @@ import ( "github.com/knightsc/gapstone" ) -type golangOffsets struct { - GolangWriteOffset *golangExtendedOffset - GolangReadOffset *golangExtendedOffset +type goOffsets struct { + GoWriteOffset *goExtendedOffset + GoReadOffset *goExtendedOffset } -type golangExtendedOffset struct { +type goExtendedOffset struct { enter uint64 exits []uint64 } const ( minimumSupportedGoVersion = "1.17.0" - golangVersionSymbol = "runtime.buildVersion.str" - golangWriteSymbol = "crypto/tls.(*Conn).Write" - golangReadSymbol = "crypto/tls.(*Conn).Read" + goVersionSymbol = "runtime.buildVersion.str" + goWriteSymbol = "crypto/tls.(*Conn).Write" + goReadSymbol = "crypto/tls.(*Conn).Read" ) -func findGolangOffsets(filePath string) (golangOffsets, error) { +func findGoOffsets(filePath string) (goOffsets, error) { offsets, err := getOffsets(filePath) if err != nil { - return golangOffsets{}, err + return goOffsets{}, err } - goVersionOffset, err := getOffset(offsets, golangVersionSymbol) + goVersionOffset, err := getOffset(offsets, goVersionSymbol) if err != nil { - return golangOffsets{}, err + return goOffsets{}, err } passed, goVersion, err := checkGoVersion(filePath, goVersionOffset) if err != nil { - return golangOffsets{}, fmt.Errorf("Checking Go version: %s", err) + return goOffsets{}, fmt.Errorf("Checking Go version: %s", err) } if !passed { - return golangOffsets{}, fmt.Errorf("Unsupported Go version: %s", goVersion) + return goOffsets{}, fmt.Errorf("Unsupported Go version: %s", goVersion) } - writeOffset, err := getOffset(offsets, golangWriteSymbol) + writeOffset, err := getOffset(offsets, goWriteSymbol) if err != nil { - return golangOffsets{}, fmt.Errorf("reading offset [%s]: %s", golangWriteSymbol, err) + return goOffsets{}, fmt.Errorf("reading offset [%s]: %s", goWriteSymbol, err) } - readOffset, err := getOffset(offsets, golangReadSymbol) + readOffset, err := getOffset(offsets, goReadSymbol) if err != nil { - return golangOffsets{}, fmt.Errorf("reading offset [%s]: %s", golangReadSymbol, err) + return goOffsets{}, fmt.Errorf("reading offset [%s]: %s", goReadSymbol, err) } - return golangOffsets{ - GolangWriteOffset: writeOffset, - GolangReadOffset: readOffset, + return goOffsets{ + GoWriteOffset: writeOffset, + GoReadOffset: readOffset, }, nil } -func getOffsets(filePath string) (offsets map[string]*golangExtendedOffset, err error) { +func getOffsets(filePath string) (offsets map[string]*goExtendedOffset, err error) { var engine gapstone.Engine engine, err = gapstone.New( gapstone.CS_ARCH_X86, @@ -74,7 +74,7 @@ func getOffsets(filePath string) (offsets map[string]*golangExtendedOffset, err return } - offsets = make(map[string]*golangExtendedOffset) + offsets = make(map[string]*goExtendedOffset) var fd *os.File fd, err = os.Open(filePath) if err != nil { @@ -114,7 +114,7 @@ func getOffsets(filePath string) (offsets map[string]*golangExtendedOffset, err } } - extendedOffset := &golangExtendedOffset{enter: offset} + extendedOffset := &goExtendedOffset{enter: offset} // source: https://gist.github.com/grantseltzer/3efa8ecc5de1fb566e8091533050d608 // skip over any symbols that aren't functinons/methods @@ -156,14 +156,14 @@ func getOffsets(filePath string) (offsets map[string]*golangExtendedOffset, err return } -func getOffset(offsets map[string]*golangExtendedOffset, symbol string) (*golangExtendedOffset, error) { +func getOffset(offsets map[string]*goExtendedOffset, symbol string) (*goExtendedOffset, error) { if offset, ok := offsets[symbol]; ok { return offset, nil } return nil, fmt.Errorf("symbol %s: %w", symbol, link.ErrNoSymbol) } -func checkGoVersion(filePath string, offset *golangExtendedOffset) (bool, string, error) { +func checkGoVersion(filePath string, offset *goExtendedOffset) (bool, string, error) { fd, err := os.Open(filePath) if err != nil { return false, "", err diff --git a/tap/tlstapper/golang_hooks.go b/tap/tlstapper/golang_hooks.go deleted file mode 100644 index 882b8a0b0..000000000 --- a/tap/tlstapper/golang_hooks.go +++ /dev/null @@ -1,105 +0,0 @@ -package tlstapper - -import ( - "github.com/cilium/ebpf/link" - "github.com/go-errors/errors" -) - -type golangHooks struct { - golangWriteProbe link.Link - golangWriteExProbes []link.Link - golangReadProbe link.Link - golangReadExProbes []link.Link -} - -func (s *golangHooks) installUprobes(bpfObjects *tlsTapperObjects, filePath string) error { - ex, err := link.OpenExecutable(filePath) - - if err != nil { - return errors.Wrap(err, 0) - } - - offsets, err := findGolangOffsets(filePath) - - if err != nil { - return errors.Wrap(err, 0) - } - - return s.installHooks(bpfObjects, ex, offsets) -} - -func (s *golangHooks) installHooks(bpfObjects *tlsTapperObjects, ex *link.Executable, offsets golangOffsets) error { - var err error - - // Symbol points to - // [`crypto/tls.(*Conn).Write`](https://github.com/golang/go/blob/go1.17.6/src/crypto/tls/conn.go#L1099) - s.golangWriteProbe, err = ex.Uprobe(golangWriteSymbol, bpfObjects.GolangCryptoTlsWriteUprobe, &link.UprobeOptions{ - Offset: offsets.GolangWriteOffset.enter, - }) - - if err != nil { - return errors.Wrap(err, 0) - } - - for _, offset := range offsets.GolangWriteOffset.exits { - probe, err := ex.Uprobe(golangWriteSymbol, bpfObjects.GolangCryptoTlsWriteExUprobe, &link.UprobeOptions{ - Offset: offset, - }) - - if err != nil { - return errors.Wrap(err, 0) - } - - s.golangWriteExProbes = append(s.golangWriteExProbes, probe) - } - - // Symbol points to - // [`crypto/tls.(*Conn).Read`](https://github.com/golang/go/blob/go1.17.6/src/crypto/tls/conn.go#L1263) - s.golangReadProbe, err = ex.Uprobe(golangReadSymbol, bpfObjects.GolangCryptoTlsReadUprobe, &link.UprobeOptions{ - Offset: offsets.GolangReadOffset.enter, - }) - - if err != nil { - return errors.Wrap(err, 0) - } - - for _, offset := range offsets.GolangReadOffset.exits { - probe, err := ex.Uprobe(golangReadSymbol, bpfObjects.GolangCryptoTlsReadExUprobe, &link.UprobeOptions{ - Offset: offset, - }) - - if err != nil { - return errors.Wrap(err, 0) - } - - s.golangReadExProbes = append(s.golangReadExProbes, probe) - } - - return nil -} - -func (s *golangHooks) close() []error { - errors := make([]error, 0) - - if err := s.golangWriteProbe.Close(); err != nil { - errors = append(errors, err) - } - - for _, probe := range s.golangWriteExProbes { - if err := probe.Close(); err != nil { - errors = append(errors, err) - } - } - - if err := s.golangReadProbe.Close(); err != nil { - errors = append(errors, err) - } - - for _, probe := range s.golangReadExProbes { - if err := probe.Close(); err != nil { - errors = append(errors, err) - } - } - - return errors -} diff --git a/tap/tlstapper/tls_process_discoverer.go b/tap/tlstapper/tls_process_discoverer.go index 7b653acd9..d55536798 100644 --- a/tap/tlstapper/tls_process_discoverer.go +++ b/tap/tlstapper/tls_process_discoverer.go @@ -32,7 +32,7 @@ func UpdateTapTargets(tls *TlsTapper, pods *[]v1.Pod, procfs string) error { LogError(err) } - if err := tls.AddGolangPid(procfs, pid, pod.Namespace); err != nil { + if err := tls.AddGoPid(procfs, pid, pod.Namespace); err != nil { LogError(err) } } diff --git a/tap/tlstapper/tls_tapper.go b/tap/tlstapper/tls_tapper.go index 12f37ddef..4e7229ab6 100644 --- a/tap/tlstapper/tls_tapper.go +++ b/tap/tlstapper/tls_tapper.go @@ -15,13 +15,13 @@ const GLOABL_TAP_PID = 0 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type tls_chunk tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86 type TlsTapper struct { - bpfObjects tlsTapperObjects - syscallHooks syscallHooks - sslHooksStructs []sslHooks - golangHooksStructs []golangHooks - poller *tlsPoller - bpfLogger *bpfLogger - registeredPids sync.Map + bpfObjects tlsTapperObjects + syscallHooks syscallHooks + sslHooksStructs []sslHooks + goHooksStructs []goHooks + poller *tlsPoller + bpfLogger *bpfLogger + registeredPids sync.Map } func (t *TlsTapper) Init(chunksBufferSize int, logBufferSize int, procfs string, extension *api.Extension) error { @@ -70,13 +70,13 @@ func (t *TlsTapper) GlobalSsllibTap(sslLibrary string) error { return t.tapSsllibPid(GLOABL_TAP_PID, sslLibrary, api.UNKNOWN_NAMESPACE) } -func (t *TlsTapper) GlobalGolangTap(procfs string, pid string) error { +func (t *TlsTapper) GlobalGoTap(procfs string, pid string) error { _pid, err := strconv.Atoi(pid) if err != nil { return err } - return t.tapGolangPid(procfs, uint32(_pid), api.UNKNOWN_NAMESPACE) + return t.tapGoPid(procfs, uint32(_pid), api.UNKNOWN_NAMESPACE) } func (t *TlsTapper) AddSsllibPid(procfs string, pid uint32, namespace string) error { @@ -90,8 +90,8 @@ func (t *TlsTapper) AddSsllibPid(procfs string, pid uint32, namespace string) er return t.tapSsllibPid(pid, sslLibrary, namespace) } -func (t *TlsTapper) AddGolangPid(procfs string, pid uint32, namespace string) error { - return t.tapGolangPid(procfs, pid, namespace) +func (t *TlsTapper) AddGoPid(procfs string, pid uint32, namespace string) error { + return t.tapGoPid(procfs, pid, namespace) } func (t *TlsTapper) RemovePid(pid uint32) error { @@ -135,8 +135,8 @@ func (t *TlsTapper) Close() []error { errors = append(errors, sslHooks.close()...) } - for _, golangHooks := range t.golangHooksStructs { - errors = append(errors, golangHooks.close()...) + for _, goHooks := range t.goHooksStructs { + errors = append(errors, goHooks.close()...) } if err := t.bpfLogger.close(); err != nil { @@ -184,21 +184,21 @@ func (t *TlsTapper) tapSsllibPid(pid uint32, sslLibrary string, namespace string return nil } -func (t *TlsTapper) tapGolangPid(procfs string, pid uint32, namespace string) error { +func (t *TlsTapper) tapGoPid(procfs string, pid uint32, namespace string) error { exePath, err := findLibraryByPid(procfs, pid, "") if err != nil { return err } - hooks := golangHooks{} + hooks := goHooks{} if err := hooks.installUprobes(&t.bpfObjects, exePath); err != nil { return err } - logger.Log.Infof("Tapping TLS (pid: %v) (Golang: %v)", pid, exePath) + logger.Log.Infof("Tapping TLS (pid: %v) (Go: %v)", pid, exePath) - t.golangHooksStructs = append(t.golangHooksStructs, hooks) + t.goHooksStructs = append(t.goHooksStructs, hooks) t.poller.addPid(pid, namespace) diff --git a/tap/tlstapper/tlstapper_bpfeb.go b/tap/tlstapper/tlstapper_bpfeb.go index a0fd337e8..69cd9178d 100644 --- a/tap/tlstapper/tlstapper_bpfeb.go +++ b/tap/tlstapper/tlstapper_bpfeb.go @@ -66,24 +66,24 @@ type tlsTapperSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type tlsTapperProgramSpecs struct { - GolangCryptoTlsReadExUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_read_ex_uprobe"` - GolangCryptoTlsReadUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_read_uprobe"` - GolangCryptoTlsWriteExUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_write_ex_uprobe"` - GolangCryptoTlsWriteUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_write_uprobe"` - SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"` - SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"` - SslRetRead *ebpf.ProgramSpec `ebpf:"ssl_ret_read"` - SslRetReadEx *ebpf.ProgramSpec `ebpf:"ssl_ret_read_ex"` - SslRetWrite *ebpf.ProgramSpec `ebpf:"ssl_ret_write"` - SslRetWriteEx *ebpf.ProgramSpec `ebpf:"ssl_ret_write_ex"` - SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"` - SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"` - SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"` - SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"` - SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"` - SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"` - SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"` - SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"` + GoCryptoTlsReadExUprobe *ebpf.ProgramSpec `ebpf:"go_crypto_tls_read_ex_uprobe"` + GoCryptoTlsReadUprobe *ebpf.ProgramSpec `ebpf:"go_crypto_tls_read_uprobe"` + GoCryptoTlsWriteExUprobe *ebpf.ProgramSpec `ebpf:"go_crypto_tls_write_ex_uprobe"` + GoCryptoTlsWriteUprobe *ebpf.ProgramSpec `ebpf:"go_crypto_tls_write_uprobe"` + SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"` + SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"` + SslRetRead *ebpf.ProgramSpec `ebpf:"ssl_ret_read"` + SslRetReadEx *ebpf.ProgramSpec `ebpf:"ssl_ret_read_ex"` + SslRetWrite *ebpf.ProgramSpec `ebpf:"ssl_ret_write"` + SslRetWriteEx *ebpf.ProgramSpec `ebpf:"ssl_ret_write_ex"` + SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"` + SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"` + SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"` + SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"` + SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"` + SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"` + SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"` + SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"` } // tlsTapperMapSpecs contains maps before they are loaded into the kernel. @@ -155,32 +155,32 @@ func (m *tlsTapperMaps) Close() error { // // It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign. type tlsTapperPrograms struct { - GolangCryptoTlsReadExUprobe *ebpf.Program `ebpf:"golang_crypto_tls_read_ex_uprobe"` - GolangCryptoTlsReadUprobe *ebpf.Program `ebpf:"golang_crypto_tls_read_uprobe"` - GolangCryptoTlsWriteExUprobe *ebpf.Program `ebpf:"golang_crypto_tls_write_ex_uprobe"` - GolangCryptoTlsWriteUprobe *ebpf.Program `ebpf:"golang_crypto_tls_write_uprobe"` - SslRead *ebpf.Program `ebpf:"ssl_read"` - SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"` - SslRetRead *ebpf.Program `ebpf:"ssl_ret_read"` - SslRetReadEx *ebpf.Program `ebpf:"ssl_ret_read_ex"` - SslRetWrite *ebpf.Program `ebpf:"ssl_ret_write"` - SslRetWriteEx *ebpf.Program `ebpf:"ssl_ret_write_ex"` - SslWrite *ebpf.Program `ebpf:"ssl_write"` - SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"` - SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"` - SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"` - SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"` - SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"` - SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"` - SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"` + GoCryptoTlsReadExUprobe *ebpf.Program `ebpf:"go_crypto_tls_read_ex_uprobe"` + GoCryptoTlsReadUprobe *ebpf.Program `ebpf:"go_crypto_tls_read_uprobe"` + GoCryptoTlsWriteExUprobe *ebpf.Program `ebpf:"go_crypto_tls_write_ex_uprobe"` + GoCryptoTlsWriteUprobe *ebpf.Program `ebpf:"go_crypto_tls_write_uprobe"` + SslRead *ebpf.Program `ebpf:"ssl_read"` + SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"` + SslRetRead *ebpf.Program `ebpf:"ssl_ret_read"` + SslRetReadEx *ebpf.Program `ebpf:"ssl_ret_read_ex"` + SslRetWrite *ebpf.Program `ebpf:"ssl_ret_write"` + SslRetWriteEx *ebpf.Program `ebpf:"ssl_ret_write_ex"` + SslWrite *ebpf.Program `ebpf:"ssl_write"` + SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"` + SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"` + SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"` + SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"` + SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"` + SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"` + SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"` } func (p *tlsTapperPrograms) Close() error { return _TlsTapperClose( - p.GolangCryptoTlsReadExUprobe, - p.GolangCryptoTlsReadUprobe, - p.GolangCryptoTlsWriteExUprobe, - p.GolangCryptoTlsWriteUprobe, + p.GoCryptoTlsReadExUprobe, + p.GoCryptoTlsReadUprobe, + p.GoCryptoTlsWriteExUprobe, + p.GoCryptoTlsWriteUprobe, p.SslRead, p.SslReadEx, p.SslRetRead, diff --git a/tap/tlstapper/tlstapper_bpfeb.o b/tap/tlstapper/tlstapper_bpfeb.o index 8895e07e5..9a213817c 100644 Binary files a/tap/tlstapper/tlstapper_bpfeb.o and b/tap/tlstapper/tlstapper_bpfeb.o differ diff --git a/tap/tlstapper/tlstapper_bpfel.go b/tap/tlstapper/tlstapper_bpfel.go index 7527af903..af222bfdf 100644 --- a/tap/tlstapper/tlstapper_bpfel.go +++ b/tap/tlstapper/tlstapper_bpfel.go @@ -66,24 +66,24 @@ type tlsTapperSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type tlsTapperProgramSpecs struct { - GolangCryptoTlsReadExUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_read_ex_uprobe"` - GolangCryptoTlsReadUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_read_uprobe"` - GolangCryptoTlsWriteExUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_write_ex_uprobe"` - GolangCryptoTlsWriteUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_write_uprobe"` - SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"` - SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"` - SslRetRead *ebpf.ProgramSpec `ebpf:"ssl_ret_read"` - SslRetReadEx *ebpf.ProgramSpec `ebpf:"ssl_ret_read_ex"` - SslRetWrite *ebpf.ProgramSpec `ebpf:"ssl_ret_write"` - SslRetWriteEx *ebpf.ProgramSpec `ebpf:"ssl_ret_write_ex"` - SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"` - SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"` - SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"` - SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"` - SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"` - SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"` - SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"` - SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"` + GoCryptoTlsReadExUprobe *ebpf.ProgramSpec `ebpf:"go_crypto_tls_read_ex_uprobe"` + GoCryptoTlsReadUprobe *ebpf.ProgramSpec `ebpf:"go_crypto_tls_read_uprobe"` + GoCryptoTlsWriteExUprobe *ebpf.ProgramSpec `ebpf:"go_crypto_tls_write_ex_uprobe"` + GoCryptoTlsWriteUprobe *ebpf.ProgramSpec `ebpf:"go_crypto_tls_write_uprobe"` + SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"` + SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"` + SslRetRead *ebpf.ProgramSpec `ebpf:"ssl_ret_read"` + SslRetReadEx *ebpf.ProgramSpec `ebpf:"ssl_ret_read_ex"` + SslRetWrite *ebpf.ProgramSpec `ebpf:"ssl_ret_write"` + SslRetWriteEx *ebpf.ProgramSpec `ebpf:"ssl_ret_write_ex"` + SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"` + SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"` + SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"` + SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"` + SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"` + SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"` + SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"` + SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"` } // tlsTapperMapSpecs contains maps before they are loaded into the kernel. @@ -155,32 +155,32 @@ func (m *tlsTapperMaps) Close() error { // // It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign. type tlsTapperPrograms struct { - GolangCryptoTlsReadExUprobe *ebpf.Program `ebpf:"golang_crypto_tls_read_ex_uprobe"` - GolangCryptoTlsReadUprobe *ebpf.Program `ebpf:"golang_crypto_tls_read_uprobe"` - GolangCryptoTlsWriteExUprobe *ebpf.Program `ebpf:"golang_crypto_tls_write_ex_uprobe"` - GolangCryptoTlsWriteUprobe *ebpf.Program `ebpf:"golang_crypto_tls_write_uprobe"` - SslRead *ebpf.Program `ebpf:"ssl_read"` - SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"` - SslRetRead *ebpf.Program `ebpf:"ssl_ret_read"` - SslRetReadEx *ebpf.Program `ebpf:"ssl_ret_read_ex"` - SslRetWrite *ebpf.Program `ebpf:"ssl_ret_write"` - SslRetWriteEx *ebpf.Program `ebpf:"ssl_ret_write_ex"` - SslWrite *ebpf.Program `ebpf:"ssl_write"` - SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"` - SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"` - SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"` - SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"` - SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"` - SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"` - SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"` + GoCryptoTlsReadExUprobe *ebpf.Program `ebpf:"go_crypto_tls_read_ex_uprobe"` + GoCryptoTlsReadUprobe *ebpf.Program `ebpf:"go_crypto_tls_read_uprobe"` + GoCryptoTlsWriteExUprobe *ebpf.Program `ebpf:"go_crypto_tls_write_ex_uprobe"` + GoCryptoTlsWriteUprobe *ebpf.Program `ebpf:"go_crypto_tls_write_uprobe"` + SslRead *ebpf.Program `ebpf:"ssl_read"` + SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"` + SslRetRead *ebpf.Program `ebpf:"ssl_ret_read"` + SslRetReadEx *ebpf.Program `ebpf:"ssl_ret_read_ex"` + SslRetWrite *ebpf.Program `ebpf:"ssl_ret_write"` + SslRetWriteEx *ebpf.Program `ebpf:"ssl_ret_write_ex"` + SslWrite *ebpf.Program `ebpf:"ssl_write"` + SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"` + SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"` + SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"` + SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"` + SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"` + SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"` + SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"` } func (p *tlsTapperPrograms) Close() error { return _TlsTapperClose( - p.GolangCryptoTlsReadExUprobe, - p.GolangCryptoTlsReadUprobe, - p.GolangCryptoTlsWriteExUprobe, - p.GolangCryptoTlsWriteUprobe, + p.GoCryptoTlsReadExUprobe, + p.GoCryptoTlsReadUprobe, + p.GoCryptoTlsWriteExUprobe, + p.GoCryptoTlsWriteUprobe, p.SslRead, p.SslReadEx, p.SslRetRead, diff --git a/tap/tlstapper/tlstapper_bpfel.o b/tap/tlstapper/tlstapper_bpfel.o index 64827d414..6c0b938d8 100644 Binary files a/tap/tlstapper/tlstapper_bpfel.o and b/tap/tlstapper/tlstapper_bpfel.o differ