* Run `go generate tls_tapper.go`
* Add `golang_uprobes.c`
* Add Golang hooks and offsets
* Add `golangConnection` struct and implement `pollGolangReadWrite` method
* Upgrade `github.com/cilium/ebpf` version to `v0.8.1`
* Fix the linter error
* Move map related stuff to `maps.h` and run `go generate tls_tapper.go`
* Remove unused parameter
* Add an environment variable to test Golang locally
* Replace `Libssl` occurrences with `Ssllib` for consistency
* Fix exe path finding
* Temporarily disable OpenSSL
* Fix the mixed offsets and dissection preparation
* Change the read symbol from `net/http.(*persistConn).Read` to `crypto/tls.(*Conn).Read`
* Remove `len` and `cap` fields
* Fix the indent
* Fix the read data address
* Make `golang_dial_writes` key `__u64` and include the PID
* Fix the read data address one more time
* Temporarily disable the PCAP capture
* Add a uprobe for `net/http.(*gzipReader).Read` to read chunked HTTP response body
* Cancel `golang_crypto_tls_read_uprobe` if it's a gzip read
* Make hash map names more meaningful
* Pass the connection address from `write` to `gzip` through a common address between `gzip` and `dial`
* Fix the probed line number links
* Add `golangReader` struct and implement its `Read` method
* Have a single counter pair and request response matcher per Golang connection
* Add `MIZU_GLOBAL_GOLANG_PATH` environment variable
* `NULL` terminate the bytes with `unix.ByteSliceToString`
* Temporarily reject the gzip chunks
* Add malformed TODOs
* Revert "`NULL` terminate the bytes with `unix.ByteSliceToString`"
This reverts commit 7ee7ef7e44.
* Bring back `len` and `cap` fields
* Set `len` and `cap` in `golang_net_http_gzipreader_read_uprobe` as well
* Remove two `TODO`s
* Fix the `key_gzip` offsets
* Compress if it's gzip chunk (probably wrong!)
* Revert "Compress if it's gzip chunk (probably wrong!)"
This reverts commit 094a7c3da4.
* Remove `golang_net_http_gzipreader_read_uprobe`
* Read constant 4KiB
* Use constant read length
* Get the correct len of bytes (saw the second entry)
* Set all buffer sizes to `CHUNK_SIZE`
* Remove a `TODO`
* Revert "Temporarily disable the PCAP capture"
This reverts commit a2da15ef2d.
* Update `golang_crypto_tls_read_uprobe`
* Set the `reader` field of `tlsStream` to fix a `nil pointer dereference` error
* Don't export any fields of `golangConnection`
* Close the reader when we drop the connection
* Add a tracepoint for `sys_enter_close` to detect socket closes
* Rename `socket` struct to `golang_socket`
* Call `should_tap` in Golang uprobes
* Add `log_error` calls
* Revert "Temporarily disable OpenSSL"
This reverts commit f54d9a453f.
* Fix linter
* Revert "Revert "Temporarily disable OpenSSL""
This reverts commit 2433d867af.
* Change `golang_read_writes` map type from `BPF_RINGBUF` to `BPF_PERF_OUTPUT`
* Rename `golang_read_write` to `golang_event`
* Define an error
* Add comments
* Revert "Revert "Revert "Temporarily disable OpenSSL"""
This reverts commit e5a1de9c71.
* Fix `pollGolang`
* Revert "Revert "Revert "Revert "Temporarily disable OpenSSL""""
This reverts commit 6e1bd5d4f3.
* Fix `panic: send on closed channel`
* Revert "Revert "Revert "Revert "Revert "Temporarily disable OpenSSL"""""
This reverts commit 57d0584655.
* Use `findLibraryByPid`
* Revert "Revert "Revert "Revert "Revert "Revert "Temporarily disable OpenSSL""""""
This reverts commit 46f3d290b0.
* Revert "Revert "Revert "Revert "Revert "Revert "Revert "Temporarily disable OpenSSL"""""""
This reverts commit 775c833c06.
* Log tapping Golang
* Fix `Poll`
* Refactor `golang_net_http_dialconn_uprobe`
* Remove an excess error check
* Fix `can only use path@version syntax with 'go get' and 'go install' in module-aware mode` error in `tap/tlstapper/bpf-builder/build.sh`
* Unify Golang and OpenSSL under a single perf event buffer and `tls_chunk` struct
* Generate `tlsTapperChunkType` type (enum) as well
* Use kernel page size for the `sys_closes` perf buffer
* Fix the linter error
* Fix `MIZU_GLOBAL_GOLANG_PID` environment variable's functionality
* Rely on tracepoints for file descriptor retrieval in Golang implementation
* Remove the unnecessary changes
* Move common functions into `common.c`
* Declare `lookup_ssl_info` function to reduce duplication
* Fix linter
* Add comments and TODOs
* Remove `MIZU_GLOBAL_GOLANG_PATH` environment variable
* Update the object files
* Fix indentation
* Update object files
* Add `go_abi_internal.h`
* Fix `lookup_ssl_info`
* Convert indentation to spaces
* Add header guard comment
* Add more comments
* Find the `ret` instructions using Capstone Engine and `uprobe` the `return` statements
* Implement `get_fd_from_tcp_conn` function
* Separate SSL contexts to OpenSSL and Go
* Move `get_count_bytes` from `common.c` to `openssl_uprobes.c`
* Rename everything contains Golang to Go
* Reduce duplication in `go_uprobes.c`
* Update the comments
* Install Capstone in CI and Docker native builds
* Update `devops/install-capstone.sh`
* Add Capstone to AArch64 cross-compilation target
* Fix some of the issues on ARM64
* Delete the map element in `_ex_urpobe`
* Remove an unsued `LOG_` macro
* Rename `aquynh` to `capstone-engine`
* Add comment
* Revert "Fix some of the issues on ARM64"
This reverts commit 0b3eceddf4.
* Revert "Revert "Fix some of the issues on ARM64""
This reverts commit 681534ada1.
* Update object files
* Remove unnecessary return
* Increase timeout
* #run_acceptance_tests
* #run_acceptance_tests
* Fix the `arm64v8` sourced builds
* #run_acceptance_tests
* Call OAS feeder
* Don't call old OAS code
* Rework calls
* Work on it
* Put back rules
* Make it compile
* start thinking of test
* Compiles
* Save
* Fixes
* Save
* Fixing
* Trying to fake conn
* add timeout
* Test timeout
* Fix tests
* Only build OAS for HTTP entries
* Remove some dead code
* Adding SampleIDs
* Cosmetics
* lint
* Revert rename
* Sample ID for content
* Cleanuo
* Add more sample IDs
* Checking hypothesis
* Move assignment place a bit
* Cosmetics
* Update test.yml
Co-authored-by: undera <undera@undera-old-desktop.home>
Co-authored-by: Igor Gov <iggvrv@gmail.com>
* Add unit tests for HTTP dissector
* Ignore some fields on test environment
* Remove Git patches
* Don't have indent in the expected JSONs
* Fix more issues and update expected JSONs
* Refactor the test environment lookup
* Add a Makefile
* Include HTTP tests into the CI
* Fix the linting errors
* Fix another linting error
* Update the expected JSONs
* Sort `PostData.Params` params as well
* Move expected JSONs into `expect/dissect`
* Add `TestAnalyze` method
* Add `TestRepresent` method
* Add `TestRegister`, `TestMacros` and `TestPing` methods
* Test extensions first
* Remove expected JSONs
* Remove `bin` directory and update `Makefile` rules
* Update `.gitignore`
* Fix skipping download functionality in the Makefile
* Run `go mod tidy`
* Fix the race condition in the tests
* Revert "Test extensions first"
This reverts commit b8350cf139.
* Make `TEST_UPDATE` env lookup one-liner
* Update .github/workflows/test.yml
Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
* Add a newline
* Replace `ls` with `find`
Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
* modified Dockerfile to work for both amd64 (Intel) and arm64 (M1)
* added changelog
* Update `Dockerfile` to have `ARCH` build argument
* Remove `docs/CHANGES.md`
* Upgrade the Basenine version from `v0.3.0` to `v0.4.6`
* Update `publish.yml` to have `ARCH` build argument
* Switch `BasenineImageRepo` to Docker Hub
* Have separate build arguments for `ARCH` and `GOARCH`
* Upgrade the Basenine version from `v0.4.6` to `v0.4.10`
* Oops forgot to update the 10th duplicated shell script
* Fix the oopsie and reduce duplications
* Fix `Dockerfile`
* Fix the incompatibility issue between Go plugins and gold linker in Alpine inside `Dockerfile`
* Fix `asm: xxhash_amd64.s:120: when dynamic linking, R15 is clobbered by a global variable access` error
* Update `Dockerfile` to have cross-compilation on an AMD64 machine
Also revert changes in the shell scripts
* Delete `debug.Dockerfile`
* Create a custom base (`debian:buster-slim` based) image for the shipped image
* Replace `mertyildiran/debian-pcap` with `up9inc/debian-pcap`
* Upgrade Basenine version to `v0.4.12`
* Use `debian:stable-slim` as the base
* Fix the indentation in the `Dockerfile`
* Update `publish.yml`
* Enable `publish.yml` for `feature/multiarch_build` branch
* Tag correctly and set `ARCH` Docker argument
* Remove the lines that are forgotten to be removed from the shell scripts
* Add `MizuAgentImageRepo` constant and use it as default `AgentImage` value
* Bring back `Set up Cloud SDK` step to `Build the CLI and publish` job
* Build ARM64 CLI for Linux as well
* Revert "Enable `publish.yml` for `feature/multiarch_build` branch"
This reverts commit d30be4c1f0.
* Revert Go 1.17 upgrade
* Remove `build_extensions_debug.sh` as well
* Make the `Dockerfile` to compile the agent statically
* Statically link the protocol extensions
* Fix `Dockerfile`
* Bring back `-s -w` flags
* Verify the signatures of the downloads in `dockcross/linux-arm64-musl`
* Revert modifications in some shell scripts
* Make the `BUILDARCH` and `TARGETARCH` separation in the `Dockerfile`
* Separate cross-compilation builder image into a separate repo named `up9inc/linux-arm64-musl-go-libpcap`
* Fill the shell script and specify the tag for `dockcross/linux-arm64-musl`
* Remove the unnecessary dependencies from `builder-native-base`
* Improve the comments in the `Dockerfile`
* Upgrade Basenine version to `v0.4.13`
* Fix `Dockerfile`
* Revert "Revert "Enable `publish.yml` for `feature/multiarch_build` branch""
This reverts commit 303e466bdc.
* Revert "Revert "Revert "Enable `publish.yml` for `feature/multiarch_build` branch"""
This reverts commit 0fe252bbdb.
* Remove `push-docker-debug` from the `Makefile`
* Rename `publish.yml` to `release.yml`
Co-authored-by: Alex Haiut <alex@up9.com>
