Fetch source and destination addresses with bpf from tcp kprobes, similar to how it is done for openssl lib.
Chunk contains both source address and destination address.
FD is no longer used to obtain addresses.
Instead of going through the socket fd, addresses are obtained in kprobe/tcp_sendmsg on ssl write and kprobe/tcp_recvmsg on ssl read. The tcp kprobes and the openssl uprobes communicate through the id->sslInfo bpf map.
* add protocols array to the endpoint
* no message
* no message
* fix tests and small fix for the iteration
* fix the color of the protocol
* Get protocols list and method colors from server
* fix tests
* cr fixes
Co-authored-by: Amit Fainholts <amit@up9.com>
* Determine the Go ABI and get `goid` offset from DWARF
* Add `ABI` enum and morph the function according to the detected ABI
* Pass `goid` offset to an eBPF map to retrieve it in eBPF context
* Add `vmlinux.h` and implement `get_goid_from_thread_local_storage`
* Fix BPF verifier errors
* Update the comments
* Add `go_abi_0.h` and implement `ABI0` specific reads for `arm64`
* Upgrade `github.com/cilium/ebpf` to `v0.9.0`
* Add a comment
* Add macros for x86 specific parts
* Update `x86.o`
* Fix the map key type
* Add `user_pt_regs`
* Update arm64 object file
* Fix the version detection logic
* Add `getGStructOffset` method
* Define `goid_offsets`, `goid_offsets_map` structs and pass the offsets correctly
* Fix the `net.TCPConn` and buffer addresses for `ABI0`
* Remove comment
* Fix the issues for arm64 build
* Update x86.o
* Revert "Fix the issues for arm64 build"
This reverts commit 48b041b1b6.
* Revert `user_pt_regs`
* Add `vmlinux` directory
* Fix the `build.sh` and `Dockerfile`
* Add vmlinux_arm64.h
* Disable `get_goid_from_thread_local_storage` on ARM64 with a macro
* Update x86.o
* Update arm64.o
* x86
* arm64
* Fix the cross-compilation issue from x86 to arm64
* Fix the same thing for x86
* Use `BPF_CORE_READ` macro instead of `bpf_ringbuf_reserve` to support kernel versions older than 5.8
Also;
Add legacy version of thread_struct: thread_struct___v46
Build an additional object file for the kernel versions older than or equal to 4.6 and load them accordingly.
Add github.com/moby/moby
* Make #define directives more definitive
* Select the x86 and arm64 versions of `vmlinux.h` using macros
* Put `goid` offsets into the map before installing `uprobe`(s)
* arm64
* #run_acceptance_tests
* Remove a forgotten `fmt.Printf`
* Log the detected Linux kernel version
* close ws on open
* chech if json before parsing
* setting defualt tab reponse and missing dep
* remove redundant
* space
* PR fixes
* remove redundant
* changed order
* Revert "remove redundant"
This reverts commit 2f0bef5d33.
* revert order change
* changes
* change
* changes
Co-authored-by: Leon <>
* Add select protocol → when selected, the view will be on commands of that exact protocol
* CR fixes
* added const instead of free string
* remove redundant sass file
* Handle the Go `ABIInternal` differences on ARM64
* Log the Capstone version, arch and mode
* Upgrade Capstone from `4.0.2` to `5.0-rc2` to have ARM64 instructions fix
* Use the correct register on ARM64 for reading buffer length
* Fix the addresses on ARM64
* #run_acceptance_tests
* Update `x86.o`
* Update `arm64.o`
* #run_acceptance_tests
