diff --git a/build/agent.Dockerfile b/build/agent.Dockerfile index f0488635..ac200538 100644 --- a/build/agent.Dockerfile +++ b/build/agent.Dockerfile @@ -3,12 +3,18 @@ FROM golang:1.22.1 AS ebpf-buildenv RUN apt-get update RUN apt-get install -y clang libelf-dev libbpf-dev -COPY . /src/ WORKDIR /src +COPY go.mod go.sum ./ RUN --mount=type=cache,target="/root/.cache/go-build" < +#include +#include +#include diff --git a/src/ebpf/include/maps.h b/src/ebpf/include/maps.h new file mode 100644 index 00000000..1975740a --- /dev/null +++ b/src/ebpf/include/maps.h @@ -0,0 +1,47 @@ +const __u32 MAX_SIZE = 4096; +const __u32 MAX_ENTRIES_HASH = 4096; + +struct ssl_event_meta_t { + __u32 pid; + __u64 timestamp; + __u32 dataSize; +}; + +struct ssl_event_t { + struct ssl_event_meta_t meta; + __u8 data[MAX_SIZE]; +}; + +struct ssl_context_t { + __u64 size; + __u64 buffer; +}; + +struct target_t { + _Bool enabled; +}; + +struct { + __uint(type, BPF_MAP_TYPE_HASH); + __uint(max_entries, 1024); + __type(key, __u64); + __type(value, struct ssl_context_t); +} ssl_contexts SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY); + __type(key, __u32); + __type(value, struct ssl_event_t); + __uint(max_entries, 1); +} ssl_event SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY); +} ssl_events SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_HASH); + __uint(max_entries, MAX_ENTRIES_HASH); + __type(key, __u32); + __type(value, struct target_t); +} targets SEC(".maps"); diff --git a/src/ebpf/openssl/vmlinux_aarch64.h b/src/ebpf/include/vmlinux_aarch64.h similarity index 100% rename from src/ebpf/openssl/vmlinux_aarch64.h rename to src/ebpf/include/vmlinux_aarch64.h diff --git a/src/ebpf/openssl/vmlinux_x86_64.h b/src/ebpf/include/vmlinux_x86_64.h similarity index 100% rename from src/ebpf/openssl/vmlinux_x86_64.h rename to src/ebpf/include/vmlinux_x86_64.h diff --git a/src/ebpf/openssl/generate.go b/src/ebpf/openssl/generate.go index daae190a..14d6e91c 100644 --- a/src/ebpf/openssl/generate.go +++ b/src/ebpf/openssl/generate.go @@ -2,4 +2,4 @@ package openssl -//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -target $GOARCH -cc clang -no-strip -cflags "-O2 -g -Wall" openssl ./openssl.ebpf.c -- -I.:/usr/include/bpf:/usr/include/linux -DTARGET_ARCH_$GOARCH +//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -target $GOARCH -cc clang -no-strip -cflags "-O2 -g -Wall" openssl ./openssl.ebpf.c -- -I.:/usr/include/bpf:/usr/include/linux -I/src/ebpf/include -DTARGET_ARCH_$GOARCH diff --git a/src/ebpf/openssl/openssl.ebpf.c b/src/ebpf/openssl/openssl.ebpf.c index fcb9fd9d..dadd47fe 100644 --- a/src/ebpf/openssl/openssl.ebpf.c +++ b/src/ebpf/openssl/openssl.ebpf.c @@ -1,65 +1,7 @@ //go:build ignore -#ifdef TARGET_ARCH_amd64 -#include "vmlinux_x86_64.h" -#endif - -#ifdef TARGET_ARCH_arm64 -#include "vmlinux_aarch64.h" -#endif - -#include -#include -#include -#include - -const __u32 MAX_SIZE = 4096; -const __u32 MAX_ENTRIES_HASH = 4096; - -struct ssl_event_meta_t { - __u32 pid; - __u64 timestamp; - __u32 dataSize; -}; - -struct ssl_event_t { - struct ssl_event_meta_t meta; - __u8 data[MAX_SIZE]; -}; - -struct ssl_context_t { - __u64 size; - __u64 buffer; -}; - -struct target_t { - _Bool enabled; -}; - -struct { - __uint(type, BPF_MAP_TYPE_HASH); - __uint(max_entries, 1024); - __type(key, __u64); - __type(value, struct ssl_context_t); -} ssl_contexts SEC(".maps"); - -struct { - __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY); - __type(key, __u32); - __type(value, struct ssl_event_t); - __uint(max_entries, 1); -} ssl_event SEC(".maps"); - -struct { - __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY); -} ssl_events SEC(".maps"); - -struct { - __uint(type, BPF_MAP_TYPE_HASH); - __uint(max_entries, MAX_ENTRIES_HASH); - __type(key, __u32); - __type(value, struct target_t); -} targets SEC(".maps"); +#include "headers.h" +#include "maps.h" int shouldTrace() { // gets the current (real) PID