Inaccurate/Confusing Diagrams

[andrewstucki]

Just ran across this project, looks neat. Taking a look at the underlying implementation, this works as a program that just hooks common shared library encryption routines via uprobes and events with the unencrypted data as those routines are invoked. That makes sense.

The README diagrams however, are kind of odd. They:

1. Have libpcap in them, which, as far as I can tell doesn't appear to be leveraged anywhere in this project
2. Within libpcap shows TC and XDP boxes, almost implying that this works with network-level packet capture

Neither of those seem accurate, since installing a system-wide uprobe hook into say, the openssl library, will event on data even if it's being encrypted/decrypted locally on a filesystem and doing 0 with the network.

I think it'd be helpful to update the diagrams to better illustrate the uprobe hooks without any reference to libpcap or the network just for people wondering how this actually works.

[cfc4n]

I agree, thanks.