Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

save as Pcapng files #145 #148

Merged
merged 21 commits into from
Aug 3, 2022
Merged

save as Pcapng files #145 #148

merged 21 commits into from
Aug 3, 2022

Conversation

cfc4n
Copy link
Member

@cfc4n cfc4n commented Jul 30, 2022

No description provided.

cfc4n added 12 commits July 21, 2022 00:23
@cfc4n
update CHANGELOG.md
a723bd8 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
user : add TLS 1.3 master secret event.
eecf74d 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
improve TLS 1.3 master secret.
eda0c38 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
improve: get SESSION_CIPHER->cipher->id for tls 1.3
3c971eb 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
get all master_secrets of tls 1.3 ,sent to userspace by ebpf map.
e4dfc84 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
Merge branch 'master' of github.com:ehids/ecapture
145dd36 
� Conflicts:
�	user/probe_openssl.go
@cfc4n
cli : change write-file command flag to log-file .
fab8669 
and change short name -w to -l of global flags.

Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
cli : add -w, -i flags into tls module.
541685c 
longflag: write, ifname.
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
user : disable gossl module when gobin not setting.
2387854 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
cli : rename constant name ErrorGoBINNotFound to ErrorGoBINNotSET.
270ef13 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
kern : add openssl_tc submodule.
d13fec9 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
kern : capture rawpacket from TC eBPF program.
9b88333 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n cfc4n linked an issue Jul 30, 2022 that may be closed by this pull request
save as .pcapng files. #145
Closed
@cfc4n cfc4n added the enhancement New feature or request label Jul 30, 2022
@cfc4n cfc4n requested review from chriskaliX and xjas July 30, 2022 16:54
@cfc4n cfc4n mentioned this pull request Aug 1, 2022
Closed
chriskaliX
chriskaliX approved these changes Jul 31, 2022
View reviewed changes
Copy link
Contributor

@chriskaliX chriskaliX left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

cfc4n added 7 commits August 2, 2022 20:56
@cfc4n
kern : add port filter for TC probe.
03dbfe4 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
user : add pcap writer.
283dbaf 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
Merge branch 'master' into pcapng-files
ce62a82
@cfc4n
Merge branch 'master' into pcapng-files
42cb345
@cfc4n
go.sum : revert go-bindata package
def9373 
add go-bindata to go.sum for Makefile script.

Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
cli/cmd : fix variable name.
c90747c 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
user : remove return value.
e6dfa38 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
chenhengqi
chenhengqi reviewed Aug 2, 2022
View reviewed changes
kern/openssl_tc.h Outdated
// make sure data_len is not negative
event->data_len = data_len;

bpf_probe_read_kernel(event->data, sizeof(event->data), &data_start);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't need to read skb->data, just specify the skb->len in flags of bpf_perf_event_output.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

__u64 len = data_end - data;
flags = (len << 32) | BPF_F_CURRENT_CPU;
bpf_perf_event_output(ctx, &events, flags, &event, sizeof(event));

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good advice,thanks.

cfc4n added 2 commits August 3, 2022 20:52
@cfc4n
user : improve TCP packet captured.
1cf4ba5 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
user : check error, return value of unix.ClockGettime.
c31a460 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n cfc4n merged commit 620e7f6 into master Aug 3, 2022
@cfc4n cfc4n deleted the pcapng-files branch August 3, 2022 13:43
fengjixuchui referenced this pull request in fengjixuchui/ecapture Aug 6, 2022
@fengjixuchui
Merge pull request #19 from ehids/master
91b70bc 
Merge pull request ehids#148 from ehids/pcapng-files
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenhengqi chenhengqi chenhengqi left review comments

@chriskaliX chriskaliX chriskaliX approved these changes

@xjas xjas Awaiting requested review from xjas

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

save as .pcapng files.
3 participants
@cfc4n @chenhengqi @chriskaliX