mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-06-25 15:54:43 +00:00
Remove golang_net_http_gzipreader_read_uprobe
This commit is contained in:
M. Mert Yildiran
parent
c55f43bbd1
commit
ed15332a0b
@ -17,7 +17,6 @@ struct golang_read_write {
|
||||
__u32 fd;
|
||||
__u32 conn_addr;
|
||||
bool is_request;
|
||||
bool is_gzip_chunk;
|
||||
__u32 len;
|
||||
__u32 cap;
|
||||
__u8 data[BUFFER_SIZE_READ_WRITE];
|
||||
@ -57,24 +56,9 @@ static __always_inline int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) {
|
||||
// ctx->rsi is common between golang_crypto_tls_write_uprobe and golang_crypto_tls_read_uprobe
|
||||
b->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address
|
||||
b->is_request = true;
|
||||
b->is_gzip_chunk = false;
|
||||
b->len = ctx->rcx;
|
||||
b->cap = ctx->rdi;
|
||||
|
||||
struct socket x = {
|
||||
.pid = s->pid,
|
||||
.fd = ctx->rax,
|
||||
.key_dial = s->key_dial,
|
||||
.key_gzip = s->key_gzip,
|
||||
.conn_addr = b->conn_addr,
|
||||
};
|
||||
|
||||
__u64 key_gzip_full = (pid << 32) + s->key_gzip;
|
||||
status = bpf_map_update_elem(&golang_write_to_gzip, &key_gzip_full, &x, BPF_ANY);
|
||||
if (status != 0) {
|
||||
bpf_printk("[golang_crypto_tls_write_uprobe] error updating gzip conn addr: %d", status);
|
||||
}
|
||||
|
||||
status = bpf_probe_read_str(&b->data, sizeof(b->data), (void*)ctx->rbx);
|
||||
if (status < 0) {
|
||||
bpf_printk("[golang_crypto_tls_write_uprobe] error reading data: %d", status);
|
||||
@ -89,12 +73,6 @@ static __always_inline int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) {
|
||||
|
||||
SEC("uprobe/golang_crypto_tls_read")
|
||||
static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
|
||||
int r14 = ctx->r14;
|
||||
// Cancel if it's a gzip read
|
||||
if (r14 == 416) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct golang_read_write *b = NULL;
|
||||
b = bpf_ringbuf_reserve(&golang_read_writes, sizeof(struct golang_read_write), 0);
|
||||
if (!b) {
|
||||
@ -106,7 +84,6 @@ static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
|
||||
// ctx->rsi is common between golang_crypto_tls_write_uprobe and golang_crypto_tls_read_uprobe
|
||||
b->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address
|
||||
b->is_request = false;
|
||||
b->is_gzip_chunk = false;
|
||||
b->len = ctx->rcx;
|
||||
b->cap = ctx->rcx; // no cap info
|
||||
|
||||
@ -132,60 +109,6 @@ static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
SEC("uprobe/golang_net_http_gzipreader_read")
|
||||
static __always_inline int golang_net_http_gzipreader_read_uprobe(struct pt_regs *ctx) {
|
||||
void* stack_addr = (void*)ctx->rsp;
|
||||
__u64 pid_tgid = bpf_get_current_pid_tgid();
|
||||
__u64 pid = pid_tgid >> 32;
|
||||
__u32 key_gzip;
|
||||
// Address at ctx->rsp + 0x1b0 is common between golang_net_http_gzipreader_read_uprobe and golang_net_http_dialconn_uprobe
|
||||
__u32 status = bpf_probe_read(&key_gzip, sizeof(key_gzip), stack_addr + 0x1b0);
|
||||
if (status < 0) {
|
||||
bpf_printk("[golang_net_http_gzipreader_read_uprobe] error reading key_gzip: %d", status);
|
||||
return 0;
|
||||
}
|
||||
|
||||
__u64 key_gzip_full = (pid << 32) + key_gzip;
|
||||
struct socket *s = bpf_map_lookup_elem(&golang_write_to_gzip, &key_gzip_full);
|
||||
if (s == NULL) {
|
||||
bpf_printk("[golang_net_http_gzipreader_read_uprobe] error getting socket");
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct golang_read_write *b = NULL;
|
||||
b = bpf_ringbuf_reserve(&golang_read_writes, sizeof(struct golang_read_write), 0);
|
||||
if (!b) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
b->pid = pid;
|
||||
b->conn_addr = s->conn_addr;
|
||||
b->is_request = false;
|
||||
b->is_gzip_chunk = true;
|
||||
b->len = ctx->rax;
|
||||
b->cap = ctx->rax; // no cap info
|
||||
|
||||
__u64 data_p;
|
||||
// Address at ctx->rsp + 0x8 holds the data
|
||||
status = bpf_probe_read(&data_p, sizeof(data_p), stack_addr + 0x8);
|
||||
if (status < 0) {
|
||||
bpf_printk("[golang_net_http_gzipreader_read_uprobe] error reading data pointer: %d", status);
|
||||
bpf_ringbuf_discard(b, BPF_RB_FORCE_WAKEUP);
|
||||
return 0;
|
||||
}
|
||||
|
||||
status = bpf_probe_read_str(&b->data, sizeof(b->data), (void*)(data_p));
|
||||
if (status < 0) {
|
||||
bpf_printk("[golang_net_http_gzipreader_read_uprobe] error reading data: %d", status);
|
||||
bpf_ringbuf_discard(b, BPF_RB_FORCE_WAKEUP);
|
||||
return 0;
|
||||
}
|
||||
|
||||
bpf_ringbuf_submit(b, 0);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
SEC("uprobe/golang_net_socket")
|
||||
static __always_inline int golang_net_socket_uprobe(struct pt_regs *ctx) {
|
||||
__u64 pid_tgid = bpf_get_current_pid_tgid();
|
||||
@ -201,7 +124,6 @@ static __always_inline int golang_net_socket_uprobe(struct pt_regs *ctx) {
|
||||
.pid = s->pid,
|
||||
.fd = ctx->rax,
|
||||
.key_dial = s->key_dial,
|
||||
.key_gzip = s->key_gzip,
|
||||
.conn_addr = 0,
|
||||
};
|
||||
|
||||
@ -225,20 +147,11 @@ static __always_inline int golang_net_http_dialconn_uprobe(struct pt_regs *ctx)
|
||||
return 0;
|
||||
}
|
||||
|
||||
__u32 key_gzip;
|
||||
// Address at ctx->rsp + 0x58 is common between golang_net_http_gzipreader_read_uprobe and golang_net_http_dialconn_uprobe
|
||||
status = bpf_probe_read(&key_gzip, sizeof(key_gzip), stack_addr + 0x58);
|
||||
if (status < 0) {
|
||||
bpf_printk("[golang_net_http_dialconn_uprobe] error reading key_gzip: %d", status);
|
||||
return 0;
|
||||
}
|
||||
|
||||
__u64 pid_tgid = bpf_get_current_pid_tgid();
|
||||
struct socket b = {
|
||||
.pid = pid_tgid >> 32,
|
||||
.fd = 0,
|
||||
.key_dial = key_dial,
|
||||
.key_gzip = key_gzip,
|
||||
.conn_addr = 0,
|
||||
};
|
||||
|
||||
|
||||
@ -57,7 +57,6 @@ struct socket {
|
||||
__u32 pid;
|
||||
__u32 fd;
|
||||
__u64 key_dial;
|
||||
__u64 key_gzip;
|
||||
__u64 conn_addr;
|
||||
};
|
||||
|
||||
@ -93,7 +92,6 @@ BPF_PERF_OUTPUT(log_buffer);
|
||||
|
||||
BPF_LRU_HASH(golang_dial_to_socket, __u64, struct socket);
|
||||
BPF_LRU_HASH(golang_socket_to_write, __u64, struct socket);
|
||||
BPF_LRU_HASH(golang_write_to_gzip, __u64, struct socket);
|
||||
BPF_RINGBUF(golang_read_writes);
|
||||
|
||||
#endif /* __MAPS__ */
|
||||
|
||||
@ -8,7 +8,6 @@ type golangConnection struct {
|
||||
AddressPair addressPair
|
||||
Requests [][]byte
|
||||
Responses [][]byte
|
||||
Gzipped bool
|
||||
Stream *tlsStream
|
||||
ClientReader *golangReader
|
||||
ServerReader *golangReader
|
||||
|
||||
@ -10,7 +10,6 @@ type golangHooks struct {
|
||||
golangSocketProbe link.Link
|
||||
golangWriteProbe link.Link
|
||||
golangReadProbe link.Link
|
||||
golangGzipProbe link.Link
|
||||
}
|
||||
|
||||
func (s *golangHooks) installUprobes(bpfObjects *tlsTapperObjects, filePath string) error {
|
||||
@ -72,16 +71,6 @@ func (s *golangHooks) installHooks(bpfObjects *tlsTapperObjects, ex *link.Execut
|
||||
return errors.Wrap(err, 0)
|
||||
}
|
||||
|
||||
// Relative offset points to
|
||||
// [`net/http.(*gzipReader).Read+363`](https://github.com/golang/go/blob/go1.17.6/src/net/http/transport.go#L2832)
|
||||
s.golangGzipProbe, err = ex.Uprobe(golangReadSymbol, bpfObjects.GolangNetHttpGzipreaderReadUprobe, &link.UprobeOptions{
|
||||
Offset: offsets.GolangGzipOffset + 0x16b,
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return errors.Wrap(err, 0)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -104,9 +93,5 @@ func (s *golangHooks) close() []error {
|
||||
errors = append(errors, err)
|
||||
}
|
||||
|
||||
if err := s.golangGzipProbe.Close(); err != nil {
|
||||
errors = append(errors, err)
|
||||
}
|
||||
|
||||
return errors
|
||||
}
|
||||
|
||||
@ -15,7 +15,6 @@ type golangOffsets struct {
|
||||
GolangSocketOffset uint64
|
||||
GolangWriteOffset uint64
|
||||
GolangReadOffset uint64
|
||||
GolangGzipOffset uint64
|
||||
}
|
||||
|
||||
const (
|
||||
@ -23,7 +22,6 @@ const (
|
||||
golangVersionSymbol = "runtime.buildVersion.str"
|
||||
golangWriteSymbol = "crypto/tls.(*Conn).Write"
|
||||
golangReadSymbol = "crypto/tls.(*Conn).Read"
|
||||
golangGzipSymbol = "net/http.(*gzipReader).Read"
|
||||
golangSocketSymbol = "net.socket"
|
||||
golangDialSymbol = "net/http.(*Transport).dialConn"
|
||||
)
|
||||
@ -68,17 +66,11 @@ func findGolangOffsets(filePath string) (golangOffsets, error) {
|
||||
return golangOffsets{}, fmt.Errorf("reading offset [%s]: %s", golangReadSymbol, err)
|
||||
}
|
||||
|
||||
gzipOffset, err := getOffset(offsets, golangGzipSymbol)
|
||||
if err != nil {
|
||||
return golangOffsets{}, fmt.Errorf("reading offset [%s]: %s", golangGzipSymbol, err)
|
||||
}
|
||||
|
||||
return golangOffsets{
|
||||
GolangDialOffset: dialOffset,
|
||||
GolangSocketOffset: socketOffset,
|
||||
GolangWriteOffset: writeOffset,
|
||||
GolangReadOffset: readOffset,
|
||||
GolangGzipOffset: gzipOffset,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
@ -161,10 +161,6 @@ func (p *tlsPoller) pollGolangReadWrite(rd *ringbuf.Reader, emitter api.Emitter,
|
||||
connection = _connection.(*golangConnection)
|
||||
}
|
||||
|
||||
if b.IsGzipChunk {
|
||||
connection.Gzipped = true
|
||||
}
|
||||
|
||||
if b.IsRequest {
|
||||
err := connection.setAddressBySockfd(p.procfs, b.Pid, b.Fd)
|
||||
if err != nil {
|
||||
|
||||
@ -14,15 +14,14 @@ import (
|
||||
)
|
||||
|
||||
type tlsTapperGolangReadWrite struct {
|
||||
Pid uint32
|
||||
Fd uint32
|
||||
ConnAddr uint32
|
||||
IsRequest bool
|
||||
IsGzipChunk bool
|
||||
_ [2]byte
|
||||
Len uint32
|
||||
Cap uint32
|
||||
Data [524288]uint8
|
||||
Pid uint32
|
||||
Fd uint32
|
||||
ConnAddr uint32
|
||||
IsRequest bool
|
||||
_ [3]byte
|
||||
Len uint32
|
||||
Cap uint32
|
||||
Data [524288]uint8
|
||||
}
|
||||
|
||||
type tlsTapperTlsChunk struct {
|
||||
@ -78,25 +77,24 @@ type tlsTapperSpecs struct {
|
||||
//
|
||||
// It can be passed ebpf.CollectionSpec.Assign.
|
||||
type tlsTapperProgramSpecs struct {
|
||||
GolangCryptoTlsReadUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.ProgramSpec `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetHttpGzipreaderReadUprobe *ebpf.ProgramSpec `ebpf:"golang_net_http_gzipreader_read_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.ProgramSpec `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"`
|
||||
SslRetRead *ebpf.ProgramSpec `ebpf:"ssl_ret_read"`
|
||||
SslRetReadEx *ebpf.ProgramSpec `ebpf:"ssl_ret_read_ex"`
|
||||
SslRetWrite *ebpf.ProgramSpec `ebpf:"ssl_ret_write"`
|
||||
SslRetWriteEx *ebpf.ProgramSpec `ebpf:"ssl_ret_write_ex"`
|
||||
SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"`
|
||||
SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"`
|
||||
GolangCryptoTlsReadUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.ProgramSpec `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.ProgramSpec `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"`
|
||||
SslRetRead *ebpf.ProgramSpec `ebpf:"ssl_ret_read"`
|
||||
SslRetReadEx *ebpf.ProgramSpec `ebpf:"ssl_ret_read_ex"`
|
||||
SslRetWrite *ebpf.ProgramSpec `ebpf:"ssl_ret_write"`
|
||||
SslRetWriteEx *ebpf.ProgramSpec `ebpf:"ssl_ret_write_ex"`
|
||||
SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"`
|
||||
SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"`
|
||||
}
|
||||
|
||||
// tlsTapperMapSpecs contains maps before they are loaded into the kernel.
|
||||
@ -110,7 +108,6 @@ type tlsTapperMapSpecs struct {
|
||||
GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"`
|
||||
GolangReadWrites *ebpf.MapSpec `ebpf:"golang_read_writes"`
|
||||
GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"`
|
||||
GolangWriteToGzip *ebpf.MapSpec `ebpf:"golang_write_to_gzip"`
|
||||
Heap *ebpf.MapSpec `ebpf:"heap"`
|
||||
LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"`
|
||||
PidsMap *ebpf.MapSpec `ebpf:"pids_map"`
|
||||
@ -144,7 +141,6 @@ type tlsTapperMaps struct {
|
||||
GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"`
|
||||
GolangReadWrites *ebpf.Map `ebpf:"golang_read_writes"`
|
||||
GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"`
|
||||
GolangWriteToGzip *ebpf.Map `ebpf:"golang_write_to_gzip"`
|
||||
Heap *ebpf.Map `ebpf:"heap"`
|
||||
LogBuffer *ebpf.Map `ebpf:"log_buffer"`
|
||||
PidsMap *ebpf.Map `ebpf:"pids_map"`
|
||||
@ -161,7 +157,6 @@ func (m *tlsTapperMaps) Close() error {
|
||||
m.GolangDialToSocket,
|
||||
m.GolangReadWrites,
|
||||
m.GolangSocketToWrite,
|
||||
m.GolangWriteToGzip,
|
||||
m.Heap,
|
||||
m.LogBuffer,
|
||||
m.PidsMap,
|
||||
@ -174,25 +169,24 @@ func (m *tlsTapperMaps) Close() error {
|
||||
//
|
||||
// It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign.
|
||||
type tlsTapperPrograms struct {
|
||||
GolangCryptoTlsReadUprobe *ebpf.Program `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.Program `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.Program `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetHttpGzipreaderReadUprobe *ebpf.Program `ebpf:"golang_net_http_gzipreader_read_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.Program `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.Program `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"`
|
||||
SslRetRead *ebpf.Program `ebpf:"ssl_ret_read"`
|
||||
SslRetReadEx *ebpf.Program `ebpf:"ssl_ret_read_ex"`
|
||||
SslRetWrite *ebpf.Program `ebpf:"ssl_ret_write"`
|
||||
SslRetWriteEx *ebpf.Program `ebpf:"ssl_ret_write_ex"`
|
||||
SslWrite *ebpf.Program `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"`
|
||||
SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"`
|
||||
GolangCryptoTlsReadUprobe *ebpf.Program `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.Program `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.Program `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.Program `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.Program `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"`
|
||||
SslRetRead *ebpf.Program `ebpf:"ssl_ret_read"`
|
||||
SslRetReadEx *ebpf.Program `ebpf:"ssl_ret_read_ex"`
|
||||
SslRetWrite *ebpf.Program `ebpf:"ssl_ret_write"`
|
||||
SslRetWriteEx *ebpf.Program `ebpf:"ssl_ret_write_ex"`
|
||||
SslWrite *ebpf.Program `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"`
|
||||
SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"`
|
||||
}
|
||||
|
||||
func (p *tlsTapperPrograms) Close() error {
|
||||
@ -200,7 +194,6 @@ func (p *tlsTapperPrograms) Close() error {
|
||||
p.GolangCryptoTlsReadUprobe,
|
||||
p.GolangCryptoTlsWriteUprobe,
|
||||
p.GolangNetHttpDialconnUprobe,
|
||||
p.GolangNetHttpGzipreaderReadUprobe,
|
||||
p.GolangNetSocketUprobe,
|
||||
p.SslRead,
|
||||
p.SslReadEx,
|
||||
|
||||
Binary file not shown.
@ -14,15 +14,14 @@ import (
|
||||
)
|
||||
|
||||
type tlsTapperGolangReadWrite struct {
|
||||
Pid uint32
|
||||
Fd uint32
|
||||
ConnAddr uint32
|
||||
IsRequest bool
|
||||
IsGzipChunk bool
|
||||
_ [2]byte
|
||||
Len uint32
|
||||
Cap uint32
|
||||
Data [524288]uint8
|
||||
Pid uint32
|
||||
Fd uint32
|
||||
ConnAddr uint32
|
||||
IsRequest bool
|
||||
_ [3]byte
|
||||
Len uint32
|
||||
Cap uint32
|
||||
Data [524288]uint8
|
||||
}
|
||||
|
||||
type tlsTapperTlsChunk struct {
|
||||
@ -78,25 +77,24 @@ type tlsTapperSpecs struct {
|
||||
//
|
||||
// It can be passed ebpf.CollectionSpec.Assign.
|
||||
type tlsTapperProgramSpecs struct {
|
||||
GolangCryptoTlsReadUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.ProgramSpec `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetHttpGzipreaderReadUprobe *ebpf.ProgramSpec `ebpf:"golang_net_http_gzipreader_read_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.ProgramSpec `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"`
|
||||
SslRetRead *ebpf.ProgramSpec `ebpf:"ssl_ret_read"`
|
||||
SslRetReadEx *ebpf.ProgramSpec `ebpf:"ssl_ret_read_ex"`
|
||||
SslRetWrite *ebpf.ProgramSpec `ebpf:"ssl_ret_write"`
|
||||
SslRetWriteEx *ebpf.ProgramSpec `ebpf:"ssl_ret_write_ex"`
|
||||
SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"`
|
||||
SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"`
|
||||
GolangCryptoTlsReadUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.ProgramSpec `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.ProgramSpec `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"`
|
||||
SslRetRead *ebpf.ProgramSpec `ebpf:"ssl_ret_read"`
|
||||
SslRetReadEx *ebpf.ProgramSpec `ebpf:"ssl_ret_read_ex"`
|
||||
SslRetWrite *ebpf.ProgramSpec `ebpf:"ssl_ret_write"`
|
||||
SslRetWriteEx *ebpf.ProgramSpec `ebpf:"ssl_ret_write_ex"`
|
||||
SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"`
|
||||
SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.ProgramSpec `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.ProgramSpec `ebpf:"sys_exit_connect"`
|
||||
}
|
||||
|
||||
// tlsTapperMapSpecs contains maps before they are loaded into the kernel.
|
||||
@ -110,7 +108,6 @@ type tlsTapperMapSpecs struct {
|
||||
GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"`
|
||||
GolangReadWrites *ebpf.MapSpec `ebpf:"golang_read_writes"`
|
||||
GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"`
|
||||
GolangWriteToGzip *ebpf.MapSpec `ebpf:"golang_write_to_gzip"`
|
||||
Heap *ebpf.MapSpec `ebpf:"heap"`
|
||||
LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"`
|
||||
PidsMap *ebpf.MapSpec `ebpf:"pids_map"`
|
||||
@ -144,7 +141,6 @@ type tlsTapperMaps struct {
|
||||
GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"`
|
||||
GolangReadWrites *ebpf.Map `ebpf:"golang_read_writes"`
|
||||
GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"`
|
||||
GolangWriteToGzip *ebpf.Map `ebpf:"golang_write_to_gzip"`
|
||||
Heap *ebpf.Map `ebpf:"heap"`
|
||||
LogBuffer *ebpf.Map `ebpf:"log_buffer"`
|
||||
PidsMap *ebpf.Map `ebpf:"pids_map"`
|
||||
@ -161,7 +157,6 @@ func (m *tlsTapperMaps) Close() error {
|
||||
m.GolangDialToSocket,
|
||||
m.GolangReadWrites,
|
||||
m.GolangSocketToWrite,
|
||||
m.GolangWriteToGzip,
|
||||
m.Heap,
|
||||
m.LogBuffer,
|
||||
m.PidsMap,
|
||||
@ -174,25 +169,24 @@ func (m *tlsTapperMaps) Close() error {
|
||||
//
|
||||
// It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign.
|
||||
type tlsTapperPrograms struct {
|
||||
GolangCryptoTlsReadUprobe *ebpf.Program `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.Program `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.Program `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetHttpGzipreaderReadUprobe *ebpf.Program `ebpf:"golang_net_http_gzipreader_read_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.Program `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.Program `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"`
|
||||
SslRetRead *ebpf.Program `ebpf:"ssl_ret_read"`
|
||||
SslRetReadEx *ebpf.Program `ebpf:"ssl_ret_read_ex"`
|
||||
SslRetWrite *ebpf.Program `ebpf:"ssl_ret_write"`
|
||||
SslRetWriteEx *ebpf.Program `ebpf:"ssl_ret_write_ex"`
|
||||
SslWrite *ebpf.Program `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"`
|
||||
SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"`
|
||||
GolangCryptoTlsReadUprobe *ebpf.Program `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.Program `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.Program `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.Program `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.Program `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"`
|
||||
SslRetRead *ebpf.Program `ebpf:"ssl_ret_read"`
|
||||
SslRetReadEx *ebpf.Program `ebpf:"ssl_ret_read_ex"`
|
||||
SslRetWrite *ebpf.Program `ebpf:"ssl_ret_write"`
|
||||
SslRetWriteEx *ebpf.Program `ebpf:"ssl_ret_write_ex"`
|
||||
SslWrite *ebpf.Program `ebpf:"ssl_write"`
|
||||
SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"`
|
||||
SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"`
|
||||
SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"`
|
||||
SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"`
|
||||
SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"`
|
||||
SysExitAccept4 *ebpf.Program `ebpf:"sys_exit_accept4"`
|
||||
SysExitConnect *ebpf.Program `ebpf:"sys_exit_connect"`
|
||||
}
|
||||
|
||||
func (p *tlsTapperPrograms) Close() error {
|
||||
@ -200,7 +194,6 @@ func (p *tlsTapperPrograms) Close() error {
|
||||
p.GolangCryptoTlsReadUprobe,
|
||||
p.GolangCryptoTlsWriteUprobe,
|
||||
p.GolangNetHttpDialconnUprobe,
|
||||
p.GolangNetHttpGzipreaderReadUprobe,
|
||||
p.GolangNetSocketUprobe,
|
||||
p.SslRead,
|
||||
p.SslReadEx,
|
||||
|
||||
Binary file not shown.
Loading…
Reference in New Issue
Block a user