Instead of going through the socket fd, addresses are obtained in kprobe/tcp_sendmsg on ssl write and kprobe/tcp_recvmsg on ssl read. The tcp kprobes and the openssl uprobes communicate through the id->sslInfo bpf map.
* add protocols array to the endpoint
* no message
* no message
* fix tests and small fix for the iteration
* fix the color of the protocol
* Get protocols list and method colors from server
* fix tests
* cr fixes
Co-authored-by: Amit Fainholts <amit@up9.com>
* Determine the Go ABI and get `goid` offset from DWARF
* Add `ABI` enum and morph the function according to the detected ABI
* Pass `goid` offset to an eBPF map to retrieve it in eBPF context
* Add `vmlinux.h` and implement `get_goid_from_thread_local_storage`
* Fix BPF verifier errors
* Update the comments
* Add `go_abi_0.h` and implement `ABI0` specific reads for `arm64`
* Upgrade `github.com/cilium/ebpf` to `v0.9.0`
* Add a comment
* Add macros for x86 specific parts
* Update `x86.o`
* Fix the map key type
* Add `user_pt_regs`
* Update arm64 object file
* Fix the version detection logic
* Add `getGStructOffset` method
* Define `goid_offsets`, `goid_offsets_map` structs and pass the offsets correctly
* Fix the `net.TCPConn` and buffer addresses for `ABI0`
* Remove comment
* Fix the issues for arm64 build
* Update x86.o
* Revert "Fix the issues for arm64 build"
This reverts commit 48b041b1b6.
* Revert `user_pt_regs`
* Add `vmlinux` directory
* Fix the `build.sh` and `Dockerfile`
* Add vmlinux_arm64.h
* Disable `get_goid_from_thread_local_storage` on ARM64 with a macro
* Update x86.o
* Update arm64.o
* x86
* arm64
* Fix the cross-compilation issue from x86 to arm64
* Fix the same thing for x86
* Use `BPF_CORE_READ` macro instead of `bpf_ringbuf_reserve` to support kernel versions older than 5.8
Also;
Add legacy version of thread_struct: thread_struct___v46
Build an additional object file for the kernel versions older than or equal to 4.6 and load them accordingly.
Add github.com/moby/moby
* Make #define directives more definitive
* Select the x86 and arm64 versions of `vmlinux.h` using macros
* Put `goid` offsets into the map before installing `uprobe`(s)
* arm64
* #run_acceptance_tests
* Remove a forgotten `fmt.Printf`
* Log the detected Linux kernel version
* close ws on open
* chech if json before parsing
* setting defualt tab reponse and missing dep
* remove redundant
* space
* PR fixes
* remove redundant
* changed order
* Revert "remove redundant"
This reverts commit 2f0bef5d33.
* revert order change
* changes
* change
* changes
Co-authored-by: Leon <>
* Add select protocol → when selected, the view will be on commands of that exact protocol
* CR fixes
* added const instead of free string
* remove redundant sass file
* Handle the Go `ABIInternal` differences on ARM64
* Log the Capstone version, arch and mode
* Upgrade Capstone from `4.0.2` to `5.0-rc2` to have ARM64 instructions fix
* Use the correct register on ARM64 for reading buffer length
* Fix the addresses on ARM64
* #run_acceptance_tests
* Update `x86.o`
* Update `arm64.o`
* #run_acceptance_tests
* pie chart for protocols and methods by requests and volume
* protocols legend
* timeline bar chart component created
* timeline can view requests and volume
* sorting the bra charts by timestemp
* disable view of <1% pieces in pie
* space added to the end of the file
* package.json update
* cr fixes
* remove spave
* remove unnecessary react fragment
Co-authored-by: Liraz Yehezkel <lirazy@up9.com>
* Define and use `BPF_CFLAGS` environment variable
* Add eBPF dependencies to `builder-from-amd64-to-arm64v8` and `builder-native-base`
* Add eBPF dependencies to `builder-from-arm64v8-to-amd64`
* Only compile x86 arch of Capstone for x86 target
* Build and install `libbpf` from source
* Fix `builder-from-arm64v8-to-amd64`
* Add `BPF_TARGET` environment variable
* Fix the eBPF verifier error on ARM64
* Fix `go_crypto_tls_ex_uprobe`
* Fix the check
* #run_acceptance_tests
* Fix the build script
* Include ARM64 files
* Bring back `x86.o`
* Generate both endianness
* Fix Dockerfile
* #run_acceptance_tests
* Determine the endianness on runtime if it's possible in Go (default little-endian) #run_acceptance_tests
* Revert "Determine the endianness on runtime if it's possible in Go (default little-endian) #run_acceptance_tests"
This reverts commit a2c83c6040.
* Remove big-endian files #run_acceptance_tests
* Fix Dockerfile #run_acceptance_tests
Co-authored-by: Ubuntu <ubuntu@ip-172-31-33-233.eu-central-1.compute.internal>
* pie chart for protocols and methods by requests and volume
* protocols legend
* methods legend
* pie chart component
* code refactor
* no message
Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
Do not save OAS example response if it is over the limit.
SpecGen.MaxExampleLen is measured in bytes.
Limit=0 means "don't record any examples", while limit=-1 means "record all".
Limit is configured via the config file / --set: --set oas.max-example-len=100.
The default is 10KB.
This PR breaks the previous config. Moved oas bool (enable/disable OAS) to oas.enable.
Users who wish to disable OAS (or to explicitly enable it) should now to so with --set oas.enable=false instead of --set oas=false.
Co-authored-by: Nimrod Gilboa Markevich <nimrod@up9.com>
Co-authored-by: Nimrod Gilboa Markevich <59927337+nimrod-up9@users.noreply.github.com>
