From 01481ddfdf8edd3487d72d94ef6a188349e534c8 Mon Sep 17 00:00:00 2001 From: laborant Date: Thu, 15 May 2025 23:14:02 +0000 Subject: [PATCH 1/2] fix: porting the code to ubuntu 24.04 with llvm 18 and libssl 3.0 Signed-off-by: entlein --- openssl-tracer/Makefile | 2 +- openssl-tracer/openssl_tracer.cc | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/openssl-tracer/Makefile b/openssl-tracer/Makefile index e31cb69..61baacd 100644 --- a/openssl-tracer/Makefile +++ b/openssl-tracer/Makefile @@ -15,7 +15,7 @@ # SPDX-License-Identifier: Apache-2.0 openssl_tracer: openssl_tracer.cc probe_deployment.cc - clang++ --std=c++17 -o $@ $^ -lbcc + clang++ --std=c++17 -o $@ $^ -lbcc -I /usr/lib/llvm-18 -I/usr/include/llvm-18 clean: rm openssl_tracer diff --git a/openssl-tracer/openssl_tracer.cc b/openssl-tracer/openssl_tracer.cc index 6445dab..b8ac60d 100644 --- a/openssl-tracer/openssl_tracer.cc +++ b/openssl-tracer/openssl_tracer.cc @@ -22,13 +22,14 @@ #include #include #include +#include #include "openssl_tracer_types.h" #include "probe_deployment.h" // A probe on entry of SSL_write UProbeSpec kSSLWriteEntryProbeSpec{ - .obj_path = "/usr/lib/x86_64-linux-gnu/libssl.so.1.1", + .obj_path = "/usr/lib/x86_64-linux-gnu/libssl.so.3", .symbol = "SSL_write", .attach_type = BPF_PROBE_ENTRY, .probe_fn = "probe_entry_SSL_write", @@ -36,7 +37,7 @@ UProbeSpec kSSLWriteEntryProbeSpec{ // A probe on return of SSL_write UProbeSpec kSSLWriteRetProbeSpec{ - .obj_path = "/usr/lib/x86_64-linux-gnu/libssl.so.1.1", + .obj_path = "/usr/lib/x86_64-linux-gnu/libssl.so.3", .symbol = "SSL_write", .attach_type = BPF_PROBE_RETURN, .probe_fn = "probe_ret_SSL_write", @@ -44,7 +45,7 @@ UProbeSpec kSSLWriteRetProbeSpec{ // A probe on entry of SSL_read UProbeSpec kSSLReadEntryProbeSpec{ - .obj_path = "/usr/lib/x86_64-linux-gnu/libssl.so.1.1", + .obj_path = "/usr/lib/x86_64-linux-gnu/libssl.so.3", .symbol = "SSL_read", .attach_type = BPF_PROBE_ENTRY, .probe_fn = "probe_entry_SSL_read", @@ -52,7 +53,7 @@ UProbeSpec kSSLReadEntryProbeSpec{ // A probe on return of SSL_read UProbeSpec kSSLReadRetProbeSpec{ - .obj_path = "/usr/lib/x86_64-linux-gnu/libssl.so.1.1", + .obj_path = "/usr/lib/x86_64-linux-gnu/libssl.so.3", .symbol = "SSL_read", .attach_type = BPF_PROBE_RETURN, .probe_fn = "probe_ret_SSL_read", From 4c7e9f23a2fd4c9077570658dd769d9ba1728bdd Mon Sep 17 00:00:00 2001 From: Duck <70207455+entlein@users.noreply.github.com> Date: Fri, 16 May 2025 18:55:14 +0200 Subject: [PATCH 2/2] Change the demo connection python3 doesnt hook into libssl on Ubuntu24.04, thus changed demo command Signed-off-by: Duck <70207455+entlein@users.noreply.github.com> Signed-off-by: entlein --- openssl-tracer/README.md | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/openssl-tracer/README.md b/openssl-tracer/README.md index ff241eb..b3c5621 100644 --- a/openssl-tracer/README.md +++ b/openssl-tracer/README.md @@ -9,7 +9,7 @@ This demo was created to accompany the "Debugging with eBPF Part 3: Tracing SSL/ You must have the BCC development package installed. On Ubuntu, the package can be installed as follows: ``` -sudo apt install libbpfcc-dev +sudo apt install libbpfcc-dev binutils clang llvm bcc python3 openssl -y ``` Other distributions have similar commands. @@ -29,34 +29,26 @@ A demo application to trace is included. It is a simple client-server written in First, you'll have to generate some certificates for the client and server. To keep things simple, you can generate some self-signed certificates as follows: -``` -make -C ssl_client_server certs -``` -To run the demo app, you'll need two terminals. +To run the demo, you'll need two terminals. -In one terminal, run the server: +In one terminal, open a secure connection to e.g. google ``` -cd ssl_client_server; ./server.py +openssl s_client -connect google.com:443 ``` -In the second terminal, run the client: +In the second terminal, run the tracer on the ProcessID (pid) of the above connection ``` -cd ssl_client_server; ./client.py +sudo ./openssl_tracer $(pgrep -f openssl) ``` - -## Run Tracer - -The BPF tracer is run as follows: - +Now, back in the openssl terminal ``` -sudo ./openssl_tracer +GET / HTTP/1.1 +and press enter twice ``` -To run it on the demo app, run the following command in a separate terminal: -``` -sudo ./openssl_tracer $(pgrep -f "./client.py") -``` + +