github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-07-04 03:48:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge sys read and write to one function

Browse Source
This commit is contained in:
Nimrod Gilboa Markevich 2022-07-14 08:43:26 +00:00
parent 7b3863c678
commit cd7ae82556
1 changed files with 25 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
tap/tlstapper/bpf/fd_tracepoints.c
View File

@ -11,7 +11,7 @@ Copyright (C) UP9 Inc.
#include "include/logger_messages.h" #include "include/logger_messages.h"
#include "include/pids.h" #include "include/pids.h"
struct sys_enter_read_ctx { struct sys_enter_read_write_ctx {
__u64 __unused_syscall_header; __u64 __unused_syscall_header;
__u32 __unused_syscall_nr; __u32 __unused_syscall_nr;
@ -20,8 +20,26 @@ struct sys_enter_read_ctx {
__u64 count; __u64 count;
}; };
static __always_inline void sys_read_write_tracepoint(struct sys_enter_read_write_ctx *ctx, __u64 id, struct ssl_info *infoPtr, struct bpf_map_def *map_fd, __u64 origin_code) {
struct ssl_info info;
long err = bpf_probe_read(&info, sizeof(struct ssl_info), infoPtr);
if (err != 0) {
log_error(ctx, LOG_ERROR_READING_SSL_CONTEXT, id, err, origin_code);
return;
}
info.fd = ctx->fd;
err = bpf_map_update_elem(&openssl_read_context, &id, &info, BPF_ANY);
if (err != 0) {
log_error(ctx, LOG_ERROR_PUTTING_FILE_DESCRIPTOR, id, err, origin_code);
}
}
SEC("tracepoint/syscalls/sys_enter_read") SEC("tracepoint/syscalls/sys_enter_read")
void sys_enter_read(struct sys_enter_read_ctx *ctx) { void sys_enter_read(struct sys_enter_read_write_ctx *ctx) {
__u64 id = bpf_get_current_pid_tgid(); __u64 id = bpf_get_current_pid_tgid();
if (!should_tap(id >> 32)) { if (!should_tap(id >> 32)) {
@ -33,35 +51,12 @@ void sys_enter_read(struct sys_enter_read_ctx *ctx) {
if (infoPtr == NULL) { if (infoPtr == NULL) {
return; return;
} }
struct ssl_info info; sys_read_write_tracepoint(ctx, id, infoPtr, &openssl_read_context, ORIGIN_SYS_ENTER_READ_CODE);
long err = bpf_probe_read(&info, sizeof(struct ssl_info), infoPtr);
if (err != 0) {
log_error(ctx, LOG_ERROR_READING_SSL_CONTEXT, id, err, ORIGIN_SYS_ENTER_READ_CODE);
return;
}
info.fd = ctx->fd;
err = bpf_map_update_elem(&openssl_read_context, &id, &info, BPF_ANY);
if (err != 0) {
log_error(ctx, LOG_ERROR_PUTTING_FILE_DESCRIPTOR, id, err, ORIGIN_SYS_ENTER_READ_CODE);
}
} }
struct sys_enter_write_ctx {
__u64 __unused_syscall_header;
__u32 __unused_syscall_nr;
__u64 fd;
__u64* buf;
__u64 count;
};
SEC("tracepoint/syscalls/sys_enter_write") SEC("tracepoint/syscalls/sys_enter_write")
void sys_enter_write(struct sys_enter_write_ctx *ctx) { void sys_enter_write(struct sys_enter_read_write_ctx *ctx) {
__u64 id = bpf_get_current_pid_tgid(); __u64 id = bpf_get_current_pid_tgid();
if (!should_tap(id >> 32)) { if (!should_tap(id >> 32)) {
@ -73,20 +68,6 @@ void sys_enter_write(struct sys_enter_write_ctx *ctx) {
if (infoPtr == NULL) { if (infoPtr == NULL) {
return; return;
} }
struct ssl_info info; sys_read_write_tracepoint(ctx, id, infoPtr, &openssl_write_context, ORIGIN_SYS_ENTER_WRITE_CODE);
long err = bpf_probe_read(&info, sizeof(struct ssl_info), infoPtr);
if (err != 0) {
log_error(ctx, LOG_ERROR_READING_SSL_CONTEXT, id, err, ORIGIN_SYS_ENTER_WRITE_CODE);
return;
}
info.fd = ctx->fd;
err = bpf_map_update_elem(&openssl_write_context, &id, &info, BPF_ANY);
if (err != 0) {
log_error(ctx, LOG_ERROR_PUTTING_FILE_DESCRIPTOR, id, err, ORIGIN_SYS_ENTER_WRITE_CODE);
}
} }