Fetch source and destination addresses with bpf from tcp kprobes, similar to how it is done for openssl lib.
Chunk contains both source address and destination address.
FD is no longer used to obtain addresses.
Instead of going through the socket fd, addresses are obtained in kprobe/tcp_sendmsg on ssl write and kprobe/tcp_recvmsg on ssl read. The tcp kprobes and the openssl uprobes communicate through the id->sslInfo bpf map.
* Run `go generate tls_tapper.go`
* Add `golang_uprobes.c`
* Add Golang hooks and offsets
* Add `golangConnection` struct and implement `pollGolangReadWrite` method
* Upgrade `github.com/cilium/ebpf` version to `v0.8.1`
* Fix the linter error
* Move map related stuff to `maps.h` and run `go generate tls_tapper.go`
* Remove unused parameter
* Add an environment variable to test Golang locally
* Replace `Libssl` occurrences with `Ssllib` for consistency
* Fix exe path finding
* Temporarily disable OpenSSL
* Fix the mixed offsets and dissection preparation
* Change the read symbol from `net/http.(*persistConn).Read` to `crypto/tls.(*Conn).Read`
* Remove `len` and `cap` fields
* Fix the indent
* Fix the read data address
* Make `golang_dial_writes` key `__u64` and include the PID
* Fix the read data address one more time
* Temporarily disable the PCAP capture
* Add a uprobe for `net/http.(*gzipReader).Read` to read chunked HTTP response body
* Cancel `golang_crypto_tls_read_uprobe` if it's a gzip read
* Make hash map names more meaningful
* Pass the connection address from `write` to `gzip` through a common address between `gzip` and `dial`
* Fix the probed line number links
* Add `golangReader` struct and implement its `Read` method
* Have a single counter pair and request response matcher per Golang connection
* Add `MIZU_GLOBAL_GOLANG_PATH` environment variable
* `NULL` terminate the bytes with `unix.ByteSliceToString`
* Temporarily reject the gzip chunks
* Add malformed TODOs
* Revert "`NULL` terminate the bytes with `unix.ByteSliceToString`"
This reverts commit 7ee7ef7e44.
* Bring back `len` and `cap` fields
* Set `len` and `cap` in `golang_net_http_gzipreader_read_uprobe` as well
* Remove two `TODO`s
* Fix the `key_gzip` offsets
* Compress if it's gzip chunk (probably wrong!)
* Revert "Compress if it's gzip chunk (probably wrong!)"
This reverts commit 094a7c3da4.
* Remove `golang_net_http_gzipreader_read_uprobe`
* Read constant 4KiB
* Use constant read length
* Get the correct len of bytes (saw the second entry)
* Set all buffer sizes to `CHUNK_SIZE`
* Remove a `TODO`
* Revert "Temporarily disable the PCAP capture"
This reverts commit a2da15ef2d.
* Update `golang_crypto_tls_read_uprobe`
* Set the `reader` field of `tlsStream` to fix a `nil pointer dereference` error
* Don't export any fields of `golangConnection`
* Close the reader when we drop the connection
* Add a tracepoint for `sys_enter_close` to detect socket closes
* Rename `socket` struct to `golang_socket`
* Call `should_tap` in Golang uprobes
* Add `log_error` calls
* Revert "Temporarily disable OpenSSL"
This reverts commit f54d9a453f.
* Fix linter
* Revert "Revert "Temporarily disable OpenSSL""
This reverts commit 2433d867af.
* Change `golang_read_writes` map type from `BPF_RINGBUF` to `BPF_PERF_OUTPUT`
* Rename `golang_read_write` to `golang_event`
* Define an error
* Add comments
* Revert "Revert "Revert "Temporarily disable OpenSSL"""
This reverts commit e5a1de9c71.
* Fix `pollGolang`
* Revert "Revert "Revert "Revert "Temporarily disable OpenSSL""""
This reverts commit 6e1bd5d4f3.
* Fix `panic: send on closed channel`
* Revert "Revert "Revert "Revert "Revert "Temporarily disable OpenSSL"""""
This reverts commit 57d0584655.
* Use `findLibraryByPid`
* Revert "Revert "Revert "Revert "Revert "Revert "Temporarily disable OpenSSL""""""
This reverts commit 46f3d290b0.
* Revert "Revert "Revert "Revert "Revert "Revert "Revert "Temporarily disable OpenSSL"""""""
This reverts commit 775c833c06.
* Log tapping Golang
* Fix `Poll`
* Refactor `golang_net_http_dialconn_uprobe`
* Remove an excess error check
* Fix `can only use path@version syntax with 'go get' and 'go install' in module-aware mode` error in `tap/tlstapper/bpf-builder/build.sh`
* Unify Golang and OpenSSL under a single perf event buffer and `tls_chunk` struct
* Generate `tlsTapperChunkType` type (enum) as well
* Use kernel page size for the `sys_closes` perf buffer
* Fix the linter error
* Fix `MIZU_GLOBAL_GOLANG_PID` environment variable's functionality
* Rely on tracepoints for file descriptor retrieval in Golang implementation
* Remove the unnecessary changes
* Move common functions into `common.c`
* Declare `lookup_ssl_info` function to reduce duplication
* Fix linter
* Add comments and TODOs
* Remove `MIZU_GLOBAL_GOLANG_PATH` environment variable
* Update the object files
* Fix indentation
* Update object files
* Add `go_abi_internal.h`
* Fix `lookup_ssl_info`
* Convert indentation to spaces
* Add header guard comment
* Add more comments
* Find the `ret` instructions using Capstone Engine and `uprobe` the `return` statements
* Implement `get_fd_from_tcp_conn` function
* Separate SSL contexts to OpenSSL and Go
* Move `get_count_bytes` from `common.c` to `openssl_uprobes.c`
* Rename everything contains Golang to Go
* Reduce duplication in `go_uprobes.c`
* Update the comments
* Install Capstone in CI and Docker native builds
* Update `devops/install-capstone.sh`
* Add Capstone to AArch64 cross-compilation target
* Fix some of the issues on ARM64
* Delete the map element in `_ex_urpobe`
* Remove an unsued `LOG_` macro
* Rename `aquynh` to `capstone-engine`
* Add comment
* Revert "Fix some of the issues on ARM64"
This reverts commit 0b3eceddf4.
* Revert "Revert "Fix some of the issues on ARM64""
This reverts commit 681534ada1.
* Update object files
* Remove unnecessary return
* Increase timeout
* #run_acceptance_tests
* #run_acceptance_tests
* Fix the `arm64v8` sourced builds
* #run_acceptance_tests
* Spawn only two Goroutines per TCP stream
* Fix the linter error
* Use `isProtocolIdentified` method instead
* Fix the `Read` method of `tcpReader`
* Remove unnecessary `append`
* Copy to buffer only a message is received
* Remove `exhaustBuffer` field and add `rewind` function
* Rename `buffer` field to `pastData`
* Update tap/tcp_reader.go
Co-authored-by: Nimrod Gilboa Markevich <59927337+nimrod-up9@users.noreply.github.com>
* Use `copy` instead of assignment
* No lint
* #run_acceptance_tests
* Fix `rewind` #run_acceptance_tests
* Fix the buffering algorithm #run_acceptance_tests
* Add `TODO`
* Fix the problems in AMQP and Kafka #run_acceptance_tests
* Use `*bytes.Buffer` instead of `[]api.TcpReaderDataMsg` #run_acceptance_tests
* Have a single `*bytes.Buffer`
* Revert "Have a single `*bytes.Buffer`"
This reverts commit fad96a288a.
* Revert "Use `*bytes.Buffer` instead of `[]api.TcpReaderDataMsg` #run_acceptance_tests"
This reverts commit 0fc70bffe2.
* Fix the early timing out issue #run_acceptance_tests
* Remove `NewBytes()` method
* Update the `NewTcpReader` method signature #run_acceptance_tests
* #run_acceptance_tests
* #run_acceptance_tests
* #run_acceptance_tests
Co-authored-by: Nimrod Gilboa Markevich <59927337+nimrod-up9@users.noreply.github.com>
* avoid chunks with invalid address
* tls tapper should distict between pids
* prettfy tls verbose log and tls key
* support tls from multi threads + duplicate calls to the same target
* introduce fdCache and user address pair as tls key
* remove unused comment
* fix merge conflicts
* use lru for fdcache
* pr fixes - renaming
* fix conflict issue
* Fix `panic: interface conversion: api.RequestResponseMatcher is nil, not *http.requestResponseMatcher` error
Also fix the request-response matcher maps iteration in `clean()` method.
* Fix the mocks in the unit tests
* Remove unnecessary fields from `tlsPoller` and implement `SetProtocol` method
* Use concrete types in `tap` package
* Share the streams map with the TLS tapper
* Check interface conversion error
* Remove `tcpStreamWrapper` struct
* Refactor `tap` module and move some of the code to `tap/api` module
* Move `TrafficFilteringOptions` struct to `shared` module
* Change the `Dissect` method signature to have `*TcpReader` as an argument
* Add `CloseOtherProtocolDissectors` method and use it to synchronously close the other protocol dissectors
* Run `go mod tidy` in `cli` module
* Rename `SuperIdentifier` struct to `ProtoIdentifier`
* Remove `SuperTimer` struct
* Bring back `CloseTimedoutTcpStreamChannels` method
* Run `go mod tidy` everywhere
* Remove `GOGC` environment variable from tapper
* Fix the tests
* Bring back `debug.FreeOSMemory()` call
* Make `CloseOtherProtocolDissectors` method mutexed
* Revert "Remove `GOGC` environment variable from tapper"
This reverts commit cfc2484bbb.
* Bring back the removed `checksum`, `nooptcheck` and `ignorefsmerr` flags
* Define a bunch of interfaces and don't export any new structs from `tap/api`
* Keep the interfaces in `tap/api` but move the structs to `tap/tcp`
* Fix the unit tests by depending on `github.com/up9inc/mizu/tap`
* Use the modified `tlsEmitter`
* Define `TlsChunk` interface and make `tlsReader` implement `TcpReader`
* Remove unused fields in `tlsReader`
* Define `ReassemblyStream` interface and separate `gopacket` specififc fields to `tcpReassemblyStream` struct
Such that make `tap/api` don't depend on `gopacket`
* Remove the unused fields
* Make `tlsPoller` implement `TcpStream` interface and remove the call to `NewTcpStreamDummy` method
* Remove unused fields from `tlsPoller`
* Remove almost all of the setter methods in `TcpReader` and `TcpStream` interface and remove `TlsChunk` interface
* Revert "Revert "Remove `GOGC` environment variable from tapper""
This reverts commit ab2b9a803b.
* Revert "Bring back `debug.FreeOSMemory()` call"
This reverts commit 1cce863bbb.
* Remove excess comment
* Fix acceptance tests (`logger` module) #run_acceptance_tests
* Bring back `github.com/patrickmn/go-cache`
* Fix `NewTcpStream` method signature
* Put `tcpReader` and `tcpStream` mocks into protocol dissectors to remove `github.com/up9inc/mizu/tap` dependency
* Fix AMQP tests
* Revert 960ba644cd
* Revert `go.mod` and `go.sum` files in protocol dissectors
* Fix the comment position
* Revert `AppStatsInst` change
* Fix indent
* Fix CLI build
* Fix linter error
* Fix error msg
* Revert some of the changes in `chunk.go`
* Define `ReadProgress` struct and update `Dissector` interface such that the `bufio.Reader` progress can be learned on item emitting
* Display the `requestSize` and `responseSize` fields in the UI
* Update the tests
* publish ui-common version 1.0.130 and bump to this version in ui/package.json file
Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
Co-authored-by: Roee Gadot <roee.gadot@up9.com>
* Define `Capture` type and expect it as an argument in `Dissect` method
* Add an indicator for the eBPF sourced entries
* Fix the Go lint error
* Fix the logic in the UI
* Update the expected JSONs
* Add TODOs
* Add `UndefinedCapture` constant
* Define `CaptureTypes` enum
* initial tls tapper commit
* add tls flag to mizu cli
* support ssl_read_ex/ssl_write_ex
* use hostproc to find libssl
* auto discover tls processes
* support libssl1.0
* recompile ebpf with old clang/llvm
* Update tap/passive_tapper.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* upgrade ebpf go lib
* handling big tls messages
* fixing max buffer size in ebpf
* remove unused import
* fix linter issues
* minor pr fixes
* compile with old clang
* fix cgroup file format
* pr fixes + cgroup extract enhance
* fix linter
* adding indirect ebpf dep to agent go.mod
* adding ebpf docker builder
* minor pr fixes
* add req resp matcher to dissect
* rename ssl hooks to ssl hooks structs
* move to alpine, use local copy of mizu instead of git, add readme
* use global req resp mather for tls
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
