kern: use kprobe __sys_connect instead libc connect.

Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
gojue · May 31, 2024 · 2f4ea9e · 2f4ea9e
1 parent 1564d61
commit 2f4ea9e
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 118 deletions.
diff --git a/cli/cmd/tls.go b/cli/cmd/tls.go
@@ -49,7 +49,6 @@ func init() {
 	// opensslCmd.PersistentFlags().StringVar(&oc.Curlpath, "curl", "", "curl or wget file path, use to dectet openssl.so path, default:/usr/bin/curl. (Deprecated)")
 	opensslCmd.PersistentFlags().StringVar(&oc.Openssl, "libssl", "", "libssl.so file path, will automatically find it from curl default.")
 	opensslCmd.PersistentFlags().StringVar(&oc.CGroupPath, "cgroup_path", "/sys/fs/cgroup", "cgroup path, default: /sys/fs/cgroup.")
-	opensslCmd.PersistentFlags().StringVar(&oc.Pthread, "pthread", "", "libpthread.so file path, use to hook connect to capture socket FD.will automatically find it from curl.")
 	opensslCmd.PersistentFlags().StringVarP(&oc.Model, "model", "m", "text", "capture model, such as : text, pcap/pcapng, key/keylog")
 	opensslCmd.PersistentFlags().StringVarP(&oc.KeylogFile, "keylogfile", "k", "ecapture_openssl_key.og", "The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file.")
 	opensslCmd.PersistentFlags().StringVarP(&oc.PcapFile, "pcapfile", "w", "save.pcapng", "write the raw packets to file as pcapng format.")

diff --git a/user/config/config_openssl.go b/user/config/config_openssl.go
@@ -40,7 +40,6 @@ type OpensslConfig struct {
 	BaseConfig
 	// Curlpath   string `json:"curlPath"` //curl的文件路径
 	Openssl    string `json:"openssl"`
-	Pthread    string `json:"pthread"`    // /lib/x86_64-linux-gnu/libpthread.so.0
 	Model      string `json:"model"`      // eCapture Openssl capture model. text:pcap:keylog
 	PcapFile   string `json:"pcapfile"`   // pcapFile  the  raw  packets  to file rather than parsing and printing them out.
 	KeylogFile string `json:"keylog"`     // Keylog  The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file.

diff --git a/user/config/config_openssl_androidgki.go b/user/config/config_openssl_androidgki.go
@@ -46,15 +46,6 @@ func (oc *OpensslConfig) Check() error {
 		oc.Openssl = DefaultOpensslPath
 	}
 
-	if oc.Pthread != "" || len(strings.TrimSpace(oc.Pthread)) > 0 {
-		_, e := os.Stat(oc.Pthread)
-		if e != nil {
-			return e
-		}
-	} else {
-		oc.Pthread = DefaultLibcPath
-	}
-
 	if oc.Ifname == "" || len(strings.TrimSpace(oc.Ifname)) == 0 {
 		oc.Ifname = DefaultIfname
 	}

diff --git a/user/config/config_openssl_linux.go b/user/config/config_openssl_linux.go
@@ -18,9 +18,7 @@
 package config
 
 import (
-	"debug/elf"
 	"errors"
-	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
@@ -35,11 +33,6 @@ var (
 		"libssl.so.3",   // ubuntu server 22.04
 		"libssl.so.1.1", // ubuntu server 21.04
 	}
-	connectSharedObjects = []string{
-		"libpthread.so.0", // ubuntu 21.04 server
-		"libc.so.6",       // ubuntu 21.10 server
-		"libc.so",         // Android
-	}
 )
 
 func (oc *OpensslConfig) checkOpenssl() error {
@@ -73,73 +66,9 @@ func (oc *OpensslConfig) checkOpenssl() error {
 	return nil
 }
 
-func (oc *OpensslConfig) checkConnect() error {
-
-	var funcName = ""
-	var found bool
-	var e error
-	for _, so := range connectSharedObjects {
-		var prefix string
-		var soLoadPaths = GetDynLibDirs()
-		for _, soPath := range soLoadPaths {
-
-			_, e = os.Stat(soPath)
-			if e != nil {
-				continue
-			}
-			prefix = soPath
-			break
-		}
-		if prefix == "" {
-			continue
-		}
-		oc.Pthread = filepath.Join(prefix, so)
-		_, e = os.Stat(oc.Pthread)
-		if e != nil {
-			// search all of connectSharedObjects
-			//return e
-			continue
-		}
-
-		_elf, e := elf.Open(oc.Pthread)
-		if e != nil {
-			//return e
-			continue
-		}
-
-		dynamicSymbols, err := _elf.DynamicSymbols()
-		if err != nil {
-			//return err
-			continue
-		}
-
-		//
-		for _, sym := range dynamicSymbols {
-			if sym.Name != "connect" {
-				continue
-			}
-			funcName = sym.Name
-			found = true
-			break
-		}
-
-		// if found
-		if found && funcName != "" {
-			break
-		}
-	}
-
-	//如果没找到，则报错。
-	if !found || funcName == "" {
-		oc.Pthread = ""
-		return errors.New(fmt.Sprintf("cant found 'connect' function to hook in files::%v", connectSharedObjects))
-	}
-	return nil
-}
-
 func (oc *OpensslConfig) Check() error {
 	oc.IsAndroid = false
-	var checkedOpenssl, checkedConnect bool
+	var checkedOpenssl bool
 	// 如果readline 配置，且存在，则直接返回。
 	if oc.Openssl != "" || len(strings.TrimSpace(oc.Openssl)) > 0 {
 		_, e := os.Stat(oc.Openssl)
@@ -154,21 +83,15 @@ func (oc *OpensslConfig) Check() error {
 		oc.Ifname = DefaultIfname
 	}
 
-	if checkedConnect && checkedOpenssl {
+	if checkedOpenssl {
 		return nil
 	}
 
-	if !checkedOpenssl {
-		e := oc.checkOpenssl()
-		if e != nil {
-			return e
-		}
+	e := oc.checkOpenssl()
+	if e != nil {
+		return e
 	}
 
-	if !checkedConnect {
-		// Optional check
-		_ = oc.checkConnect()
-	}
 	s, e := checkCgroupPath(oc.CGroupPath)
 	if e != nil {
 		return e

diff --git a/user/event/event_openssl.go b/user/event/event_openssl.go
@@ -178,7 +178,7 @@ func (se *SSLDataEvent) String() string {
 
 func (se *SSLDataEvent) Clone() IEventStruct {
 	event := new(SSLDataEvent)
-	event.eventType = EventTypeEventProcessor
+	event.eventType = EventTypeOutput //EventTypeEventProcessor
 	return event
 }
 

diff --git a/user/module/probe_openssl_text.go b/user/module/probe_openssl_text.go
@@ -14,7 +14,7 @@ import (
 )
 
 func (m *MOpenSSLProbe) setupManagersText() error {
-	var libPthread, binaryPath, sslVersion string
+	var binaryPath, sslVersion string
 	sslVersion = m.conf.(*config.OpensslConfig).SslVersion
 	sslVersion = strings.ToLower(sslVersion)
 	switch m.conf.(*config.OpensslConfig).ElfType {
@@ -35,12 +35,6 @@ func (m *MOpenSSLProbe) setupManagersText() error {
 		}
 	}
 
-	libPthread = m.conf.(*config.OpensslConfig).Pthread
-	if libPthread == "" {
-		//libPthread = "/lib/x86_64-linux-gnu/libpthread.so.0"
-		m.logger.Warn().Msg("libPthread path not found, IP info lost.")
-	}
-
 	_, err := os.Stat(binaryPath)
 	if err != nil {
 		return err
@@ -137,23 +131,6 @@ func (m *MOpenSSLProbe) setupManagersText() error {
 		},
 	}
 
-	// TODO disable
-	libPthread = ""
-	if libPthread != "" {
-		// detect libpthread.so path
-		_, err = os.Stat(libPthread)
-		if err == nil {
-			m.logger.Info().Str("libPthread", libPthread).Msg("libPthread path found")
-			m.bpfManager.Probes = append(m.bpfManager.Probes, &manager.Probe{
-				Section:          "uprobe/connect",
-				EbpfFuncName:     "probe_connect",
-				AttachToFuncName: "connect",
-				BinaryPath:       libPthread,
-				UID:              "uprobe_connect",
-			})
-		}
-	}
-
 	m.bpfManagerOptions = manager.Options{
 		DefaultKProbeMaxActive: 512,