mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-09-27 05:23:06 +00:00
87ef469e25
* initial tls tapper commit * add tls flag to mizu cli * support ssl_read_ex/ssl_write_ex * use hostproc to find libssl * auto discover tls processes * support libssl1.0 * recompile ebpf with old clang/llvm * Update tap/passive_tapper.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * Update tap/tlstapper/tls_poller.go Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> * upgrade ebpf go lib * handling big tls messages * fixing max buffer size in ebpf * remove unused import * fix linter issues * minor pr fixes * compile with old clang * fix cgroup file format * pr fixes + cgroup extract enhance * fix linter * adding indirect ebpf dep to agent go.mod * adding ebpf docker builder * minor pr fixes * add req resp matcher to dissect * rename ssl hooks to ssl hooks structs * move to alpine, use local copy of mizu instead of git, add readme * use global req resp mather for tls Co-authored-by: M. Mert Yıldıran <mehmet@up9.com> Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
64 lines
1.2 KiB
Go
64 lines
1.2 KiB
Go
package tlstapper
|
|
|
|
import (
|
|
"bufio"
|
|
"fmt"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/go-errors/errors"
|
|
"github.com/up9inc/mizu/shared/logger"
|
|
)
|
|
|
|
func findSsllib(procfs string, pid uint32) (string, error) {
|
|
binary, err := os.Readlink(fmt.Sprintf("%s/%d/exe", procfs, pid))
|
|
|
|
if err != nil {
|
|
return "", errors.Wrap(err, 0)
|
|
}
|
|
|
|
logger.Log.Debugf("Binary file for %v = %v", pid, binary)
|
|
|
|
if strings.HasSuffix(binary, "/node") {
|
|
return findLibraryByPid(procfs, pid, binary)
|
|
} else {
|
|
return findLibraryByPid(procfs, pid, "libssl.so")
|
|
}
|
|
}
|
|
|
|
func findLibraryByPid(procfs string, pid uint32, libraryName string) (string, error) {
|
|
file, err := os.Open(fmt.Sprintf("%v/%v/maps", procfs, pid))
|
|
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
defer file.Close()
|
|
scanner := bufio.NewScanner(file)
|
|
scanner.Split(bufio.ScanLines)
|
|
|
|
for scanner.Scan() {
|
|
parts := strings.Fields(scanner.Text())
|
|
|
|
if len(parts) <= 5 {
|
|
continue
|
|
}
|
|
|
|
filepath := parts[5]
|
|
|
|
if !strings.Contains(filepath, libraryName) {
|
|
continue
|
|
}
|
|
|
|
fullpath := fmt.Sprintf("%v/%v/root/%v", procfs, pid, filepath)
|
|
|
|
if _, err := os.Stat(fullpath); os.IsNotExist(err) {
|
|
continue
|
|
}
|
|
|
|
return fullpath, nil
|
|
}
|
|
|
|
return "", errors.Errorf("%s not found for PID %d", libraryName, pid)
|
|
}
|