mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-06-24 23:34:45 +00:00
Change the read symbol from net/http.(*persistConn).Read to crypto/tls.(*Conn).Read
This commit is contained in:
M. Mert Yildiran
parent
3b27c5c704
commit
fbdbe1a9f1
@ -51,7 +51,7 @@ static __always_inline int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) {
|
||||
__u64 pid_tgid = bpf_get_current_pid_tgid();
|
||||
b->pid = pid_tgid >> 32;
|
||||
b->fd = s->fd;
|
||||
// ctx->rsi is common between golang_crypto_tls_write_uprobe and golang_net_http_read_uprobe
|
||||
// ctx->rsi is common between golang_crypto_tls_write_uprobe and golang_crypto_tls_read_uprobe
|
||||
b->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address
|
||||
b->is_request = true;
|
||||
b->len = ctx->rcx;
|
||||
@ -69,8 +69,8 @@ static __always_inline int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
SEC("uprobe/golang_net_http_read")
|
||||
static __always_inline int golang_net_http_read_uprobe(struct pt_regs *ctx) {
|
||||
SEC("uprobe/golang_crypto_tls_read")
|
||||
static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
|
||||
struct golang_read_write *b = NULL;
|
||||
b = bpf_ringbuf_reserve(&golang_read_writes, sizeof(struct golang_read_write), 0);
|
||||
if (!b) {
|
||||
@ -79,15 +79,16 @@ static __always_inline int golang_net_http_read_uprobe(struct pt_regs *ctx) {
|
||||
|
||||
__u64 pid_tgid = bpf_get_current_pid_tgid();
|
||||
b->pid = pid_tgid >> 32;
|
||||
// ctx->rsi is common between golang_crypto_tls_write_uprobe and golang_net_http_read_uprobe
|
||||
// ctx->rsi is common between golang_crypto_tls_write_uprobe and golang_crypto_tls_read_uprobe
|
||||
b->conn_addr = ctx->rsi; // go.itab.*net.TCPConn,net.Conn address
|
||||
b->is_request = false;
|
||||
b->len = ctx->rax;
|
||||
b->cap = ctx->r10;
|
||||
|
||||
__u32 status = bpf_probe_read_str(&b->data, sizeof(b->data), (void*)ctx->r8);
|
||||
// Address at ctx->rbx - 0x2bf holds the data
|
||||
__u32 status = bpf_probe_read_str(&b->data, sizeof(b->data), (void*)(ctx->rbx - 0x2bf));
|
||||
if (status < 0) {
|
||||
bpf_printk("[golang_net_http_read_uprobe] error reading data: %d", status);
|
||||
bpf_printk("[golang_crypto_tls_read_uprobe] error reading data: %d", status);
|
||||
bpf_ringbuf_discard(b, BPF_RB_FORCE_WAKEUP);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -62,9 +62,9 @@ func (s *golangHooks) installHooks(bpfObjects *tlsTapperObjects, ex *link.Execut
|
||||
}
|
||||
|
||||
// Relative offset points to
|
||||
// [`net/http.(*persistConn).Read+92`](https://github.com/golang/go/blob/fe4de36198794c447fbd9d7cc2d7199a506c76a5/src/net/http/transport.go#L1929)
|
||||
s.golangReadProbe, err = ex.Uprobe(golangReadSymbol, bpfObjects.GolangNetHttpReadUprobe, &link.UprobeOptions{
|
||||
Offset: offsets.GolangReadOffset + 0x5c,
|
||||
// [`crypto/tls.(*Conn).Read+559`](https://github.com/golang/go/blob/fe4de36198794c447fbd9d7cc2d7199a506c76a5/src/crypto/tls/conn.go#L1306)
|
||||
s.golangReadProbe, err = ex.Uprobe(golangReadSymbol, bpfObjects.GolangCryptoTlsReadUprobe, &link.UprobeOptions{
|
||||
Offset: offsets.GolangReadOffset + 0x22f,
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
|
||||
@ -21,7 +21,7 @@ const (
|
||||
minimumSupportedGoVersion = "1.17.0"
|
||||
golangVersionSymbol = "runtime.buildVersion.str"
|
||||
golangWriteSymbol = "crypto/tls.(*Conn).Write"
|
||||
golangReadSymbol = "net/http.(*persistConn).Read"
|
||||
golangReadSymbol = "crypto/tls.(*Conn).Read"
|
||||
golangSocketSymbol = "net.socket"
|
||||
golangDialSymbol = "net/http.(*Transport).dialConn"
|
||||
)
|
||||
|
||||
@ -77,9 +77,9 @@ type tlsTapperSpecs struct {
|
||||
//
|
||||
// It can be passed ebpf.CollectionSpec.Assign.
|
||||
type tlsTapperProgramSpecs struct {
|
||||
GolangCryptoTlsReadUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.ProgramSpec `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetHttpReadUprobe *ebpf.ProgramSpec `ebpf:"golang_net_http_read_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.ProgramSpec `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"`
|
||||
@ -169,9 +169,9 @@ func (m *tlsTapperMaps) Close() error {
|
||||
//
|
||||
// It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign.
|
||||
type tlsTapperPrograms struct {
|
||||
GolangCryptoTlsReadUprobe *ebpf.Program `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.Program `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.Program `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetHttpReadUprobe *ebpf.Program `ebpf:"golang_net_http_read_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.Program `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.Program `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"`
|
||||
@ -191,9 +191,9 @@ type tlsTapperPrograms struct {
|
||||
|
||||
func (p *tlsTapperPrograms) Close() error {
|
||||
return _TlsTapperClose(
|
||||
p.GolangCryptoTlsReadUprobe,
|
||||
p.GolangCryptoTlsWriteUprobe,
|
||||
p.GolangNetHttpDialconnUprobe,
|
||||
p.GolangNetHttpReadUprobe,
|
||||
p.GolangNetSocketUprobe,
|
||||
p.SslRead,
|
||||
p.SslReadEx,
|
||||
|
||||
Binary file not shown.
@ -77,9 +77,9 @@ type tlsTapperSpecs struct {
|
||||
//
|
||||
// It can be passed ebpf.CollectionSpec.Assign.
|
||||
type tlsTapperProgramSpecs struct {
|
||||
GolangCryptoTlsReadUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.ProgramSpec `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.ProgramSpec `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetHttpReadUprobe *ebpf.ProgramSpec `ebpf:"golang_net_http_read_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.ProgramSpec `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.ProgramSpec `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.ProgramSpec `ebpf:"ssl_read_ex"`
|
||||
@ -169,9 +169,9 @@ func (m *tlsTapperMaps) Close() error {
|
||||
//
|
||||
// It can be passed to loadTlsTapperObjects or ebpf.CollectionSpec.LoadAndAssign.
|
||||
type tlsTapperPrograms struct {
|
||||
GolangCryptoTlsReadUprobe *ebpf.Program `ebpf:"golang_crypto_tls_read_uprobe"`
|
||||
GolangCryptoTlsWriteUprobe *ebpf.Program `ebpf:"golang_crypto_tls_write_uprobe"`
|
||||
GolangNetHttpDialconnUprobe *ebpf.Program `ebpf:"golang_net_http_dialconn_uprobe"`
|
||||
GolangNetHttpReadUprobe *ebpf.Program `ebpf:"golang_net_http_read_uprobe"`
|
||||
GolangNetSocketUprobe *ebpf.Program `ebpf:"golang_net_socket_uprobe"`
|
||||
SslRead *ebpf.Program `ebpf:"ssl_read"`
|
||||
SslReadEx *ebpf.Program `ebpf:"ssl_read_ex"`
|
||||
@ -191,9 +191,9 @@ type tlsTapperPrograms struct {
|
||||
|
||||
func (p *tlsTapperPrograms) Close() error {
|
||||
return _TlsTapperClose(
|
||||
p.GolangCryptoTlsReadUprobe,
|
||||
p.GolangCryptoTlsWriteUprobe,
|
||||
p.GolangNetHttpDialconnUprobe,
|
||||
p.GolangNetHttpReadUprobe,
|
||||
p.GolangNetSocketUprobe,
|
||||
p.SslRead,
|
||||
p.SslReadEx,
|
||||
|
||||
Binary file not shown.
Loading…
Reference in New Issue
Block a user