mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-09-27 21:38:06 +00:00
87ef469e25
* initial tls tapper commit * add tls flag to mizu cli * support ssl_read_ex/ssl_write_ex * use hostproc to find libssl * auto discover tls processes * support libssl1.0 * recompile ebpf with old clang/llvm * Update tap/passive_tapper.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * upgrade ebpf go lib * handling big tls messages * fixing max buffer size in ebpf * remove unused import * fix linter issues * minor pr fixes * compile with old clang * fix cgroup file format * pr fixes + cgroup extract enhance * fix linter * adding indirect ebpf dep to agent go.mod * adding ebpf docker builder * minor pr fixes * add req resp matcher to dissect * rename ssl hooks to ssl hooks structs * move to alpine, use local copy of mizu instead of git, add readme * use global req resp mather for tls Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
71 lines
1.4 KiB
Go
71 lines
1.4 KiB
Go
package tlstapper
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/binary"
|
|
"net"
|
|
|
|
"github.com/go-errors/errors"
|
|
)
|
|
|
|
const FLAGS_IS_CLIENT_BIT int32 = (1 << 0)
|
|
const FLAGS_IS_READ_BIT int32 = (1 << 1)
|
|
|
|
// The same struct can be found in maps.h
|
|
//
|
|
// Be careful when editing, alignment and padding should be exactly the same in go/c.
|
|
//
|
|
type tlsChunk struct {
|
|
Pid int32
|
|
Tgid int32
|
|
Len int32
|
|
Recorded int32
|
|
Fd int32
|
|
Flags int32
|
|
Address [16]byte
|
|
Data [4096]byte
|
|
}
|
|
|
|
func (c *tlsChunk) getAddress() (net.IP, uint16, error) {
|
|
address := bytes.NewReader(c.Address[:])
|
|
var family uint16
|
|
var port uint16
|
|
var ip32 uint32
|
|
|
|
if err := binary.Read(address, binary.BigEndian, &family); err != nil {
|
|
return nil, 0, errors.Wrap(err, 0)
|
|
}
|
|
|
|
if err := binary.Read(address, binary.BigEndian, &port); err != nil {
|
|
return nil, 0, errors.Wrap(err, 0)
|
|
}
|
|
|
|
if err := binary.Read(address, binary.BigEndian, &ip32); err != nil {
|
|
return nil, 0, errors.Wrap(err, 0)
|
|
}
|
|
|
|
ip := net.IP{uint8(ip32 >> 24), uint8(ip32 >> 16), uint8(ip32 >> 8), uint8(ip32)}
|
|
|
|
return ip, port, nil
|
|
}
|
|
|
|
func (c *tlsChunk) isClient() bool {
|
|
return c.Flags&FLAGS_IS_CLIENT_BIT != 0
|
|
}
|
|
|
|
func (c *tlsChunk) isServer() bool {
|
|
return !c.isClient()
|
|
}
|
|
|
|
func (c *tlsChunk) isRead() bool {
|
|
return c.Flags&FLAGS_IS_READ_BIT != 0
|
|
}
|
|
|
|
func (c *tlsChunk) isWrite() bool {
|
|
return !c.isRead()
|
|
}
|
|
|
|
func (c *tlsChunk) getRecordedData() []byte {
|
|
return c.Data[:c.Recorded]
|
|
}
|