mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-06-23 23:08:35 +00:00
87ef469e25
* initial tls tapper commit * add tls flag to mizu cli * support ssl_read_ex/ssl_write_ex * use hostproc to find libssl * auto discover tls processes * support libssl1.0 * recompile ebpf with old clang/llvm * Update tap/passive_tapper.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * upgrade ebpf go lib * handling big tls messages * fixing max buffer size in ebpf * remove unused import * fix linter issues * minor pr fixes * compile with old clang * fix cgroup file format * pr fixes + cgroup extract enhance * fix linter * adding indirect ebpf dep to agent go.mod * adding ebpf docker builder * minor pr fixes * add req resp matcher to dissect * rename ssl hooks to ssl hooks structs * move to alpine, use local copy of mizu instead of git, add readme * use global req resp mather for tls Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
88 lines
1.9 KiB
Go
88 lines
1.9 KiB
Go
package tlstapper
|
|
|
|
import (
|
|
"github.com/cilium/ebpf/link"
|
|
"github.com/go-errors/errors"
|
|
)
|
|
|
|
type syscallHooks struct {
|
|
sysEnterRead link.Link
|
|
sysEnterWrite link.Link
|
|
sysEnterAccept4 link.Link
|
|
sysExitAccept4 link.Link
|
|
sysEnterConnect link.Link
|
|
sysExitConnect link.Link
|
|
}
|
|
|
|
func (s *syscallHooks) installSyscallHooks(bpfObjects *tlsTapperObjects) error {
|
|
var err error
|
|
|
|
s.sysEnterRead, err = link.Tracepoint("syscalls", "sys_enter_read", bpfObjects.SysEnterRead)
|
|
|
|
if err != nil {
|
|
return errors.Wrap(err, 0)
|
|
}
|
|
|
|
s.sysEnterWrite, err = link.Tracepoint("syscalls", "sys_enter_write", bpfObjects.SysEnterWrite)
|
|
|
|
if err != nil {
|
|
return errors.Wrap(err, 0)
|
|
}
|
|
|
|
s.sysEnterAccept4, err = link.Tracepoint("syscalls", "sys_enter_accept4", bpfObjects.SysEnterAccept4)
|
|
|
|
if err != nil {
|
|
return errors.Wrap(err, 0)
|
|
}
|
|
|
|
s.sysExitAccept4, err = link.Tracepoint("syscalls", "sys_exit_accept4", bpfObjects.SysExitAccept4)
|
|
|
|
if err != nil {
|
|
return errors.Wrap(err, 0)
|
|
}
|
|
|
|
s.sysEnterConnect, err = link.Tracepoint("syscalls", "sys_enter_connect", bpfObjects.SysEnterConnect)
|
|
|
|
if err != nil {
|
|
return errors.Wrap(err, 0)
|
|
}
|
|
|
|
s.sysExitConnect, err = link.Tracepoint("syscalls", "sys_exit_connect", bpfObjects.SysExitConnect)
|
|
|
|
if err != nil {
|
|
return errors.Wrap(err, 0)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *syscallHooks) close() []error {
|
|
errors := make([]error, 0)
|
|
|
|
if err := s.sysEnterRead.Close(); err != nil {
|
|
errors = append(errors, err)
|
|
}
|
|
|
|
if err := s.sysEnterWrite.Close(); err != nil {
|
|
errors = append(errors, err)
|
|
}
|
|
|
|
if err := s.sysEnterAccept4.Close(); err != nil {
|
|
errors = append(errors, err)
|
|
}
|
|
|
|
if err := s.sysExitAccept4.Close(); err != nil {
|
|
errors = append(errors, err)
|
|
}
|
|
|
|
if err := s.sysEnterConnect.Close(); err != nil {
|
|
errors = append(errors, err)
|
|
}
|
|
|
|
if err := s.sysExitConnect.Close(); err != nil {
|
|
errors = append(errors, err)
|
|
}
|
|
|
|
return errors
|
|
}
|