user: add daddr field used kprobe __sys_connect

Signed-off-by: CFC4N <[email protected]>
gojue · Jun 1, 2024 · 71c4128 · 71c4128
1 parent 776104b
commit 71c4128
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 11 deletions.
diff --git a/kern/tc.h b/kern/tc.h
@@ -281,10 +281,7 @@ int tcp_sendmsg(struct pt_regs *ctx){
     struct net_ctx_t net_ctx;
     net_ctx.pid = pid;
     bpf_get_current_comm(&net_ctx.comm, sizeof(net_ctx.comm));
-    //
-//    struct task_struct *task = (struct task_struct *)bpf_get_current_task();
-//    get_proc_cmdline(task, net_ctx.cmdline, sizeof(net_ctx.cmdline));
-//
+
     debug_bpf_printk("tcp_sendmsg pid : %d, comm :%s\n", net_ctx.pid, net_ctx.comm);
     bpf_map_update_elem(&network_map, &conn_id, &net_ctx, BPF_ANY);
     return 0;

diff --git a/user/event/event_openssl.go b/user/event/event_openssl.go
@@ -120,7 +120,7 @@ func (se *SSLDataEvent) Decode(payload []byte) (err error) {
 }
 
 func (se *SSLDataEvent) GetUUID() string {
-	return fmt.Sprintf("%d_%d_%s_%d_%d", se.Pid, se.Tid, CToGoString(se.Comm[:]), se.Fd, se.DataType)
+	return fmt.Sprintf("%d_%d_%s_%d_%d_%s", se.Pid, se.Tid, CToGoString(se.Comm[:]), se.Fd, se.DataType, se.Addr)
 }
 
 func (se *SSLDataEvent) Payload() []byte {
@@ -178,7 +178,7 @@ func (se *SSLDataEvent) String() string {
 
 func (se *SSLDataEvent) Clone() IEventStruct {
 	event := new(SSLDataEvent)
-	event.eventType = EventTypeEventProcessor
+	event.eventType = EventTypeModuleData //EventTypeEventProcessor
 	return event
 }
 

diff --git a/user/module/probe_openssl.go b/user/module/probe_openssl.go
@@ -656,11 +656,12 @@ func (m *MOpenSSLProbe) dumpSslData(eventStruct *event.SSLDataEvent) {
 		eventStruct.Addr = addr
 	}
 	// m.processor.PcapFile(eventStruct)
-	if m.conf.GetHex() {
-		m.logger.Println(eventStruct.StringHex())
-	} else {
-		m.logger.Println(eventStruct.String())
-	}
+	//if m.conf.GetHex() {
+	//	m.logger.Println(eventStruct.StringHex())
+	//} else {
+	//	m.logger.Println(eventStruct.String())
+	//}
+	m.processor.Write(eventStruct)
 }
 
 func init() {