diff --git a/.bcc.metadata b/.bcc.metadata index 71269e3..4c0f80b 100644 --- a/.bcc.metadata +++ b/.bcc.metadata @@ -1 +1 @@ -34cd5c38225fedc75417f55108a306d6cbc198dd SOURCES/bcc-0.6.1.tar.gz +168b517240fd27aaa48f480d2470907fe1875dac SOURCES/bcc-0.8.0.tar.gz diff --git a/.gitignore b/.gitignore index 7c6148e..8294aed 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/bcc-0.6.1.tar.gz +SOURCES/bcc-0.8.0.tar.gz diff --git a/SOURCES/Fix-tools-for-RHEL-7.patch b/SOURCES/Fix-tools-for-RHEL-7.patch index be136bb..9135b3f 100644 --- a/SOURCES/Fix-tools-for-RHEL-7.patch +++ b/SOURCES/Fix-tools-for-RHEL-7.patch @@ -1,4 +1,4 @@ -From c28fdc2ad6c6acbd6c61dc78a6c6e114572357a5 Mon Sep 17 00:00:00 2001 +From ac5050ea551af40b47bf2010e179e9020acada69 Mon Sep 17 00:00:00 2001 From: Jerome Marchand Date: Thu, 16 Aug 2018 14:58:56 +0200 Subject: [PATCH] Fix tools for RHEL 7 @@ -27,6 +27,7 @@ fixes the following: tools/nfsslower.py | 1 + tools/offcputime.py | 4 +++- tools/offwaketime.py | 4 +++- + tools/oomkill.py | 8 ++++---- tools/runqlat.py | 2 +- tools/runqslower.py | 2 +- tools/solisten.py | 2 +- @@ -34,13 +35,13 @@ fixes the following: tools/tcptracer.py | 9 ++++----- tools/xfsdist.py | 8 ++++---- tools/xfsslower.py | 11 ++++++----- - 19 files changed, 84 insertions(+), 58 deletions(-) + 20 files changed, 88 insertions(+), 62 deletions(-) diff --git a/src/python/bcc/__init__.py b/src/python/bcc/__init__.py -index 8f793aa..470ac49 100644 +index 1d99afd..f38d23f 100644 --- a/src/python/bcc/__init__.py +++ b/src/python/bcc/__init__.py -@@ -500,8 +500,11 @@ DEBUG_BPF_REGISTER_STATE = 0x10 +@@ -511,8 +511,11 @@ DEBUG_BPF_REGISTER_STATE = 0x10 @staticmethod def get_kprobe_functions(event_re): @@ -55,7 +56,7 @@ index 8f793aa..470ac49 100644 in_init_section = 0 diff --git a/tools/btrfsdist.py b/tools/btrfsdist.py -index 4659ab4..3326b67 100755 +index a0aeb24..3f179d0 100755 --- a/tools/btrfsdist.py +++ b/tools/btrfsdist.py @@ -60,6 +60,7 @@ debug = 0 @@ -95,7 +96,7 @@ index 4659ab4..3326b67 100755 b.attach_kretprobe(event="btrfs_sync_file", fn_name="trace_fsync_return") diff --git a/tools/btrfsslower.py b/tools/btrfsslower.py -index 644cb22..a720396 100755 +index cff61b8..26aff65 100755 --- a/tools/btrfsslower.py +++ b/tools/btrfsslower.py @@ -63,6 +63,7 @@ debug = 0 @@ -124,7 +125,7 @@ index 644cb22..a720396 100755 int trace_write_entry(struct pt_regs *ctx, struct kiocb *iocb) { u64 id = bpf_get_current_pid_tgid(); -@@ -327,12 +328,12 @@ TASK_COMM_LEN = 16 # linux/sched.h +@@ -329,12 +330,12 @@ TASK_COMM_LEN = 16 # linux/sched.h b = BPF(text=bpf_text) # Common file functions. See earlier comment about generic_*(). @@ -142,7 +143,7 @@ index 644cb22..a720396 100755 b.attach_kretprobe(event="btrfs_sync_file", fn_name="trace_fsync_return") diff --git a/tools/cpudist.py b/tools/cpudist.py -index 4d7c9eb..ddb675e 100755 +index 9e61341..e5fd550 100755 --- a/tools/cpudist.py +++ b/tools/cpudist.py @@ -94,7 +94,9 @@ static inline void update_hist(u32 tgid, u32 pid, u64 ts) @@ -157,7 +158,7 @@ index 4d7c9eb..ddb675e 100755 u64 ts = bpf_ktime_get_ns(); u64 pid_tgid = bpf_get_current_pid_tgid(); diff --git a/tools/ext4dist.py b/tools/ext4dist.py -index 227c138..f57cda8 100755 +index b71cfda..a6a7e55 100755 --- a/tools/ext4dist.py +++ b/tools/ext4dist.py @@ -60,6 +60,7 @@ debug = 0 @@ -177,8 +178,8 @@ index 227c138..f57cda8 100755 // own function, for reads. So we need to trace that and then filter on ext4, // which I do by checking file->f_op. int trace_read_entry(struct pt_regs *ctx, struct kiocb *iocb) -@@ -183,12 +184,12 @@ b = BPF(text=bpf_text) - if BPF.get_kprobe_functions('ext4_file_read_iter'): +@@ -189,12 +190,12 @@ b = BPF(text=bpf_text) + if BPF.get_kprobe_functions(b'ext4_file_read_iter'): b.attach_kprobe(event="ext4_file_read_iter", fn_name="trace_entry") else: - b.attach_kprobe(event="generic_file_read_iter", fn_name="trace_read_entry") @@ -195,7 +196,7 @@ index 227c138..f57cda8 100755 b.attach_kretprobe(event="ext4_sync_file", fn_name="trace_fsync_return") diff --git a/tools/ext4slower.py b/tools/ext4slower.py -index eb6430e..276123f 100755 +index 344e68f..fe90046 100755 --- a/tools/ext4slower.py +++ b/tools/ext4slower.py @@ -64,6 +64,7 @@ debug = 0 @@ -224,7 +225,7 @@ index eb6430e..276123f 100755 int trace_write_entry(struct pt_regs *ctx, struct kiocb *iocb) { u64 id = bpf_get_current_pid_tgid(); -@@ -328,15 +329,15 @@ b = BPF(text=bpf_text) +@@ -330,15 +331,15 @@ b = BPF(text=bpf_text) if BPF.get_kprobe_functions(b'ext4_file_read_iter'): b.attach_kprobe(event="ext4_file_read_iter", fn_name="trace_read_entry") else: @@ -245,7 +246,7 @@ index eb6430e..276123f 100755 b.attach_kretprobe(event="ext4_sync_file", fn_name="trace_fsync_return") diff --git a/tools/fileslower.py b/tools/fileslower.py -index 5caa4ca..6af91af 100755 +index 219a94a..46ead05 100755 --- a/tools/fileslower.py +++ b/tools/fileslower.py @@ -124,7 +124,7 @@ int trace_read_entry(struct pt_regs *ctx, struct file *file, @@ -283,10 +284,10 @@ index 5caa4ca..6af91af 100755 b.attach_kprobe(event="__vfs_write", fn_name="trace_write_entry") b.attach_kretprobe(event="__vfs_write", fn_name="trace_write_return") diff --git a/tools/memleak.py b/tools/memleak.py -index 5d69538..3cf9ee0 100755 +index 4021bf8..7e70af4 100755 --- a/tools/memleak.py +++ b/tools/memleak.py -@@ -354,13 +354,21 @@ TRACEPOINT_PROBE(kmem, kmem_cache_free) { +@@ -355,13 +355,21 @@ TRACEPOINT_PROBE(kmem, kmem_cache_free) { return gen_free_enter((struct pt_regs *)args, (void *)args->ptr); } @@ -311,7 +312,7 @@ index 5d69538..3cf9ee0 100755 """ diff --git a/tools/mountsnoop.py b/tools/mountsnoop.py -index 2d0fa1a..bec8993 100755 +index b6f96ca..e2956f8 100755 --- a/tools/mountsnoop.py +++ b/tools/mountsnoop.py @@ -24,7 +24,6 @@ bpf_text = r""" @@ -359,7 +360,7 @@ index 2d0fa1a..bec8993 100755 event.type = EVENT_UMOUNT_TARGET; diff --git a/tools/nfsslower.py b/tools/nfsslower.py -index 0f836af..a7018cb 100755 +index 8113eff..e6c62ba 100755 --- a/tools/nfsslower.py +++ b/tools/nfsslower.py @@ -65,6 +65,7 @@ bpf_text = """ @@ -371,7 +372,7 @@ index 0f836af..a7018cb 100755 #include diff --git a/tools/offcputime.py b/tools/offcputime.py -index e1f3af9..802fbfd 100755 +index 6440260..ef328c1 100755 --- a/tools/offcputime.py +++ b/tools/offcputime.py @@ -128,7 +128,9 @@ BPF_HASH(counts, struct key_t); @@ -386,7 +387,7 @@ index e1f3af9..802fbfd 100755 u32 tgid = prev->tgid; u64 ts, *tsp; diff --git a/tools/offwaketime.py b/tools/offwaketime.py -index 2b78c89..83838c9 100755 +index 3c4f0f3..89e7b60 100755 --- a/tools/offwaketime.py +++ b/tools/offwaketime.py @@ -163,7 +163,9 @@ int waker(struct pt_regs *ctx, struct task_struct *p) { @@ -400,8 +401,32 @@ index 2b78c89..83838c9 100755 // PID and TGID of the previous Process (Process going into waiting) u32 pid = p->pid; u32 tgid = p->tgid; +diff --git a/tools/oomkill.py b/tools/oomkill.py +index db3a537..5357d9f 100755 +--- a/tools/oomkill.py ++++ b/tools/oomkill.py +@@ -36,15 +36,15 @@ struct data_t { + + BPF_PERF_OUTPUT(events); + +-void kprobe__oom_kill_process(struct pt_regs *ctx, struct oom_control *oc, const char *message) ++void kprobe__oom_kill_process(struct pt_regs *ctx, struct task_struct *p, ++ gfp_t gfp_mask, int order, unsigned int points, ++ unsigned long totalpages, struct mem_cgroup *memcg) + { +- unsigned long totalpages; +- struct task_struct *p = oc->chosen; + struct data_t data = {}; + u32 pid = bpf_get_current_pid_tgid(); + data.fpid = pid; + data.tpid = p->pid; +- data.pages = oc->totalpages; ++ data.pages = totalpages; + bpf_get_current_comm(&data.fcomm, sizeof(data.fcomm)); + bpf_probe_read(&data.tcomm, sizeof(data.tcomm), p->comm); + events.perf_submit(ctx, &data, sizeof(data)); diff --git a/tools/runqlat.py b/tools/runqlat.py -index 9fd4064..0c9bb1c 100755 +index 9c56d22..3a56d56 100755 --- a/tools/runqlat.py +++ b/tools/runqlat.py @@ -111,7 +111,7 @@ int trace_ttwu_do_wakeup(struct pt_regs *ctx, struct rq *rq, struct task_struct @@ -414,7 +439,7 @@ index 9fd4064..0c9bb1c 100755 u32 pid, tgid; diff --git a/tools/runqslower.py b/tools/runqslower.py -index 7a1869c..b3e3fac 100755 +index 0b3e1c1..8be9ef0 100755 --- a/tools/runqslower.py +++ b/tools/runqslower.py @@ -98,7 +98,7 @@ int trace_ttwu_do_wakeup(struct pt_regs *ctx, struct rq *rq, struct task_struct @@ -427,10 +452,10 @@ index 7a1869c..b3e3fac 100755 u32 pid, tgid; diff --git a/tools/solisten.py b/tools/solisten.py -index 6a35f82..a9e8722 100755 +index 81e82e0..f30a23f 100755 --- a/tools/solisten.py +++ b/tools/solisten.py -@@ -100,7 +100,7 @@ int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) +@@ -101,7 +101,7 @@ int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) // Get network namespace id, if kernel supports it #ifdef CONFIG_NET_NS @@ -440,7 +465,7 @@ index 6a35f82..a9e8722 100755 evt.netns = 0; #endif diff --git a/tools/tcpsubnet.py b/tools/tcpsubnet.py -index 2779276..f47eea7 100755 +index bf944e1..a054a7d 100755 --- a/tools/tcpsubnet.py +++ b/tools/tcpsubnet.py @@ -110,8 +110,8 @@ struct index_key_t { @@ -453,9 +478,9 @@ index 2779276..f47eea7 100755 + struct sock *sk, struct msghdr *msg, size_t size) { u16 family = sk->__sk_common.skc_family; - u64 *val, zero = 0; + diff --git a/tools/tcptracer.py b/tools/tcptracer.py -index 5e97ee6..177e860 100755 +index 8f272eb..021803a 100755 --- a/tools/tcptracer.py +++ b/tools/tcptracer.py @@ -116,7 +116,7 @@ static int read_ipv4_tuple(struct ipv4_tuple_t *tuple, struct sock *skp) @@ -496,7 +521,7 @@ index 5e97ee6..177e860 100755 ##FILTER_NETNS## diff --git a/tools/xfsdist.py b/tools/xfsdist.py -index f409f90..2976f9e 100755 +index 1a7fdd9..8f2ab46 100755 --- a/tools/xfsdist.py +++ b/tools/xfsdist.py @@ -137,12 +137,12 @@ bpf_text = bpf_text.replace('FACTOR', str(factor)) @@ -517,7 +542,7 @@ index f409f90..2976f9e 100755 b.attach_kretprobe(event="xfs_file_fsync", fn_name="trace_fsync_return") diff --git a/tools/xfsslower.py b/tools/xfsslower.py -index da70c57..4320284 100755 +index 5b4e0a2..0dd75b6 100755 --- a/tools/xfsslower.py +++ b/tools/xfsslower.py @@ -60,6 +60,7 @@ debug = 0 @@ -537,7 +562,7 @@ index da70c57..4320284 100755 int trace_rw_entry(struct pt_regs *ctx, struct kiocb *iocb) { u64 id = bpf_get_current_pid_tgid(); -@@ -273,12 +274,12 @@ TASK_COMM_LEN = 16 # linux/sched.h +@@ -280,12 +281,12 @@ TASK_COMM_LEN = 16 # linux/sched.h b = BPF(text=bpf_text) # common file functions @@ -555,5 +580,5 @@ index da70c57..4320284 100755 b.attach_kretprobe(event="xfs_file_fsync", fn_name="trace_fsync_return") -- -2.17.1 +2.20.1 diff --git a/SOURCES/Miscellaneous-fixes-1914.patch b/SOURCES/Miscellaneous-fixes-1914.patch deleted file mode 100644 index 20eba8c..0000000 --- a/SOURCES/Miscellaneous-fixes-1914.patch +++ /dev/null @@ -1,127 +0,0 @@ -From b84714a47a3a1ec646bbd489442b305c84b35e15 Mon Sep 17 00:00:00 2001 -From: jeromemarchand <38073585+jeromemarchand@users.noreply.github.com> -Date: Wed, 8 Aug 2018 18:09:44 +0200 -Subject: [PATCH] Miscellaneous fixes (#1914) - -* Fix multiple memory access errors - -Fixes a buffer overflow in get_pid_exe(), a use-after-free error in -bcc_usdt_get_probe_argctype() and a possible NULL pointer dereference -in find_debug_via_debuglink(). - -* Fix multiple ressource leaks - -Leaked file descriptors in bpf_attach_uprobe() and verify_checksum(). -Memory leaks in Parser::func_add() and bcc_procutils_language(). - -* fixup! Fix multiple ressource leaks ---- - src/cc/bcc_elf.c | 6 ++++-- - src/cc/bcc_proc.c | 4 +++- - src/cc/common.cc | 2 ++ - src/cc/frontends/b/parser.cc | 4 +++- - src/cc/libbpf.c | 1 + - src/cc/usdt/usdt.cc | 5 +++-- - 6 files changed, 16 insertions(+), 6 deletions(-) - -diff --git a/src/cc/bcc_elf.c b/src/cc/bcc_elf.c -index e848912..c425db6 100644 ---- a/src/cc/bcc_elf.c -+++ b/src/cc/bcc_elf.c -@@ -377,8 +377,10 @@ static int verify_checksum(const char *file, unsigned int crc) { - if (fd < 0) - return 0; - -- if (fstat(fd, &st) < 0) -+ if (fstat(fd, &st) < 0) { -+ close(fd); - return 0; -+ } - - buf = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); - if (!buf) { -@@ -433,7 +435,7 @@ static char *find_debug_via_debuglink(Elf *e, const char *binpath, - - DONE: - free(bindir); -- if (check_crc && !verify_checksum(res, crc)) -+ if (res && check_crc && !verify_checksum(res, crc)) - return NULL; - return res; - } -diff --git a/src/cc/bcc_proc.c b/src/cc/bcc_proc.c -index 14ee18e..6fe11a0 100644 ---- a/src/cc/bcc_proc.c -+++ b/src/cc/bcc_proc.c -@@ -446,8 +446,10 @@ const char *bcc_procutils_language(int pid) { - while (isspace(mapname[0])) mapname++; - for (i = 0; i < nb_languages; i++) { - snprintf(pathname, sizeof(pathname), "/lib%s", languages[i]); -- if (strstr(mapname, pathname)) -+ if (strstr(mapname, pathname)) { -+ fclose(procfile); - return languages[i]; -+ } - if ((str = strstr(mapname, "libc")) && - (str[4] == '-' || str[4] == '.')) - libc = true; -diff --git a/src/cc/common.cc b/src/cc/common.cc -index 1cfe91a..c8370a3 100644 ---- a/src/cc/common.cc -+++ b/src/cc/common.cc -@@ -57,6 +57,8 @@ std::string get_pid_exe(pid_t pid) { - res = readlink(exe_link.c_str(), exe_path, sizeof(exe_path)); - if (res == -1) - return ""; -+ if (res >= sizeof(exe_path)) -+ res = sizeof(exe_path) - 1; - exe_path[res] = '\0'; - return std::string(exe_path); - } -diff --git a/src/cc/frontends/b/parser.cc b/src/cc/frontends/b/parser.cc -index 9e61346..8a5e149 100644 ---- a/src/cc/frontends/b/parser.cc -+++ b/src/cc/frontends/b/parser.cc -@@ -199,8 +199,10 @@ StmtNode * Parser::func_add(vector *types, Scopes::StateScope *scope, - auto cur_scope = scopes_->current_var(); - scopes_->set_current(scope); - for (auto it = formals->begin(); it != formals->end(); ++it) -- if (!variable_add(nullptr, it->get())) -+ if (!variable_add(nullptr, it->get())) { -+ delete decl; - return nullptr; -+ } - scopes_->set_current(cur_scope); - decl->scope_ = scope; - scopes_->top_func()->add(id->name_, decl); -diff --git a/src/cc/libbpf.c b/src/cc/libbpf.c -index c23030e..acfbc5e 100644 ---- a/src/cc/libbpf.c -+++ b/src/cc/libbpf.c -@@ -925,6 +925,7 @@ static void exit_mount_ns(int fd) { - - if (setns(fd, CLONE_NEWNS)) - perror("setns"); -+ close(fd); - } - - int bpf_attach_uprobe(int progfd, enum bpf_probe_attach_type attach_type, -diff --git a/src/cc/usdt/usdt.cc b/src/cc/usdt/usdt.cc -index 2992593..2010520 100644 ---- a/src/cc/usdt/usdt.cc -+++ b/src/cc/usdt/usdt.cc -@@ -478,8 +478,9 @@ const char *bcc_usdt_get_probe_argctype( - void *ctx, const char* probe_name, const int arg_index - ) { - USDT::Probe *p = static_cast(ctx)->get(probe_name); -- std::string res = p ? p->get_arg_ctype(arg_index) : ""; -- return res.c_str(); -+ if (p) -+ return p->get_arg_ctype(arg_index).c_str(); -+ return ""; - } - - void bcc_usdt_foreach(void *usdt, bcc_usdt_cb callback) { --- -2.17.1 - diff --git a/SOURCES/link-against-libLLVM.so-instead-of-static-libs.patch b/SOURCES/link-against-libLLVM.so-instead-of-static-libs.patch index c39e643..fe40e27 100644 --- a/SOURCES/link-against-libLLVM.so-instead-of-static-libs.patch +++ b/SOURCES/link-against-libLLVM.so-instead-of-static-libs.patch @@ -16,12 +16,12 @@ index 8ddfd8f..0c3d7df 100644 # bcc_common_libs_for_s for shared libraries set(bcc_common_libs_for_a b_frontend clang_frontend bpf-static - -Wl,--whole-archive ${clang_libs} ${llvm_libs} -Wl,--no-whole-archive -+ -Wl,--whole-archive ${clang_libs} libLLVM-6.0-rhel.so -Wl,--no-whole-archive ++ -Wl,--whole-archive ${clang_libs} libLLVM-7-rhel.so -Wl,--no-whole-archive ${LIBELF_LIBRARIES}) set(bcc_common_libs_for_s ${bcc_common_libs_for_a}) set(bcc_common_libs_for_lua b_frontend clang_frontend bpf-static - ${clang_libs} ${llvm_libs} ${LIBELF_LIBRARIES}) -+ ${clang_libs} libLLVM-6.0-rhel.so ${LIBELF_LIBRARIES}) ++ ${clang_libs} libLLVM-7-rhel.so ${LIBELF_LIBRARIES}) if(ENABLE_CPP_API) add_subdirectory(api) diff --git a/SOURCES/llcstat-print-a-nicer-error-message-when-hardware-ev.patch b/SOURCES/llcstat-print-a-nicer-error-message-when-hardware-ev.patch deleted file mode 100644 index bec257c..0000000 --- a/SOURCES/llcstat-print-a-nicer-error-message-when-hardware-ev.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d274b66f58d59d97543c8b64e9f88449581e4299 Mon Sep 17 00:00:00 2001 -From: Jerome Marchand -Date: Tue, 7 Aug 2018 17:24:31 +0200 -Subject: [PATCH] llcstat: print a nicer error message when hardware events are - missing - -Hardware events such as CACHE_MISSES and CACHE_REFERENCES are usually -not available on virtual machine. Print a more useful message when -this happen. ---- - tools/llcstat.py | 16 ++++++++++------ - 1 file changed, 10 insertions(+), 6 deletions(-) - -diff --git a/tools/llcstat.py b/tools/llcstat.py -index e59f9a8..fe8bdd9 100755 ---- a/tools/llcstat.py -+++ b/tools/llcstat.py -@@ -78,12 +78,16 @@ int on_cache_ref(struct bpf_perf_event_data *ctx) { - exit() - - b = BPF(text=bpf_text) --b.attach_perf_event( -- ev_type=PerfType.HARDWARE, ev_config=PerfHWConfig.CACHE_MISSES, -- fn_name="on_cache_miss", sample_period=args.sample_period) --b.attach_perf_event( -- ev_type=PerfType.HARDWARE, ev_config=PerfHWConfig.CACHE_REFERENCES, -- fn_name="on_cache_ref", sample_period=args.sample_period) -+try: -+ b.attach_perf_event( -+ ev_type=PerfType.HARDWARE, ev_config=PerfHWConfig.CACHE_MISSES, -+ fn_name="on_cache_miss", sample_period=args.sample_period) -+ b.attach_perf_event( -+ ev_type=PerfType.HARDWARE, ev_config=PerfHWConfig.CACHE_REFERENCES, -+ fn_name="on_cache_ref", sample_period=args.sample_period) -+except: -+ print("Failed to attach to a hardware event. Is this a virtual machine?") -+ exit() - - print("Running for {} seconds or hit Ctrl-C to end.".format(args.duration)) - --- -2.17.1 - diff --git a/SOURCES/sslsniff-add-NSS-support-1908.patch b/SOURCES/sslsniff-add-NSS-support-1908.patch deleted file mode 100644 index fc1c74d..0000000 --- a/SOURCES/sslsniff-add-NSS-support-1908.patch +++ /dev/null @@ -1,185 +0,0 @@ -From 8b17dc3472a9c11139d0058bbf8b42eae66022b8 Mon Sep 17 00:00:00 2001 -From: jeromemarchand <38073585+jeromemarchand@users.noreply.github.com> -Date: Sat, 4 Aug 2018 07:09:36 +0200 -Subject: [PATCH] sslsniff: add NSS support (#1908) - -* sslsniff: add NSS support - -* sslsniff: update documentation ---- - man/man8/sslsniff.8 | 18 +++++++++--------- - tools/sslsniff.py | 21 +++++++++++++++++++-- - tools/sslsniff_example.txt | 16 +++++++++------- - 3 files changed, 37 insertions(+), 18 deletions(-) - -diff --git a/man/man8/sslsniff.8 b/man/man8/sslsniff.8 -index e20e28a..72836e2 100644 ---- a/man/man8/sslsniff.8 -+++ b/man/man8/sslsniff.8 -@@ -1,12 +1,12 @@ - .TH sslsniff 8 "2016-08-16" "USER COMMANDS" - .SH NAME --sslsniff \- Print data passed to OpenSSL. Uses Linux eBPF/bcc. -+sslsniff \- Print data passed to OpenSSL, GnuTLS or NSS. Uses Linux eBPF/bcc. - .SH SYNOPSIS --.B sslsniff -+.B sslsniff [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d] - .SH DESCRIPTION --sslsniff prints data sent to SSL_write and SSL_read OpenSSL functions, allowing --us to read plain text content before encryption (when writing) and after --decryption (when reading). -+sslsniff prints data sent to write/send and read/recv functions of -+OpenSSL, GnuTLS and NSS, allowing us to read plain text content before -+encryption (when writing) and after decryption (when reading). - - This works reading the second parameter of both functions (*buf). - -@@ -15,13 +15,13 @@ Since this uses BPF, only the root user can use this tool. - CONFIG_BPF and bcc. - .SH EXAMPLES - .TP --Print all calls to SSL_write and SSL_read system-wide: -+Print all calls to SSL write/send and read/recv system-wide: - # - .B sslsniff - .SH FIELDS - .TP - FUNC --Which function is being called (SSL_write or SSL_read) -+Which function is being called (write/send or read/recv) - .TP - TIME - Time of the command, in seconds. -@@ -30,10 +30,10 @@ COMM - Entered command. - .TP - PID --Process ID calling OpenSSL. -+Process ID calling SSL. - .TP - LEN --Bytes written or read by OpenSSL functions. -+Bytes written or read by SSL functions. - .SH SOURCE - This is from bcc. - .IP -diff --git a/tools/sslsniff.py b/tools/sslsniff.py -index 174577b..2e74fba 100755 ---- a/tools/sslsniff.py -+++ b/tools/sslsniff.py -@@ -1,7 +1,7 @@ - #!/usr/bin/python - # --# sslsniff Captures data on read/recv or write/send functions of OpenSSL and --# GnuTLS -+# sslsniff Captures data on read/recv or write/send functions of OpenSSL, -+# GnuTLS and NSS - # For Linux, uses BCC, eBPF. - # - # USAGE: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-d] -@@ -25,6 +25,7 @@ import argparse - ./sslsniff -c curl # sniff curl command only - ./sslsniff --no-openssl # don't show OpenSSL calls - ./sslsniff --no-gnutls # don't show GnuTLS calls -+ ./sslsniff --no-nss # don't show NSS calls - """ - parser = argparse.ArgumentParser( - description="Sniff SSL data", -@@ -37,6 +38,8 @@ parser.add_argument("-o", "--no-openssl", action="store_false", dest="openssl", - help="do not show OpenSSL calls.") - parser.add_argument("-g", "--no-gnutls", action="store_false", dest="gnutls", - help="do not show GnuTLS calls.") -+parser.add_argument("-n", "--no-nss", action="store_false", dest="nss", -+ help="do not show NSS calls.") - parser.add_argument('-d', '--debug', dest='debug', action='count', default=0, - help='debug mode.') - parser.add_argument("--ebpf", action="store_true", -@@ -149,6 +152,20 @@ b = BPF(text=prog) - b.attach_uretprobe(name="gnutls", sym="gnutls_record_recv", - fn_name="probe_SSL_read_exit", pid=args.pid or -1) - -+if args.nss: -+ b.attach_uprobe(name="nspr4", sym="PR_Write", fn_name="probe_SSL_write", -+ pid=args.pid or -1) -+ b.attach_uprobe(name="nspr4", sym="PR_Send", fn_name="probe_SSL_write", -+ pid=args.pid or -1) -+ b.attach_uprobe(name="nspr4", sym="PR_Read", fn_name="probe_SSL_read_enter", -+ pid=args.pid or -1) -+ b.attach_uretprobe(name="nspr4", sym="PR_Read", -+ fn_name="probe_SSL_read_exit", pid=args.pid or -1) -+ b.attach_uprobe(name="nspr4", sym="PR_Recv", fn_name="probe_SSL_read_enter", -+ pid=args.pid or -1) -+ b.attach_uretprobe(name="nspr4", sym="PR_Recv", -+ fn_name="probe_SSL_read_exit", pid=args.pid or -1) -+ - # define output data structure in Python - TASK_COMM_LEN = 16 # linux/sched.h - MAX_BUF_SIZE = 464 # Limited by the BPF stack -diff --git a/tools/sslsniff_example.txt b/tools/sslsniff_example.txt -index c16b572..8c51722 100644 ---- a/tools/sslsniff_example.txt -+++ b/tools/sslsniff_example.txt -@@ -1,16 +1,16 @@ - Demonstrations of sslsniff.py - - --This tool traces the OpenSSL functions SSL_READ and SSL_WRITE. --Data passed to this functions is printed as plain text. --Useful, for example, to sniff HTTP before encrypted with SSL. -+This tool traces the write/send and read/recv functions of OpenSSL, -+GnuTLS and NSS. Data passed to this functions is printed as plain -+text. Useful, for example, to sniff HTTP before encrypted with SSL. - - - Output of tool executing in other shell "curl https://example.com" - - % sudo python sslsniff.py - FUNC TIME(s) COMM PID LEN --SSL_WRITE 0.000000000 curl 12915 75 -+WRITE/SEND 0.000000000 curl 12915 75 - ----- DATA ----- - GET / HTTP/1.1 - Host: example.com -@@ -20,7 +20,7 @@ Accept: */* - - ----- END DATA ----- - --SSL_READ 0.127144585 curl 12915 333 -+READ/RECV 0.127144585 curl 12915 333 - ----- DATA ----- - HTTP/1.1 200 OK - Cache-Control: max-age=604800 -@@ -38,7 +38,7 @@ Content-Length: 1270 - - ----- END DATA ----- - --SSL_READ 0.129967972 curl 12915 1270 -+READ/RECV 0.129967972 curl 12915 1270 - ----- DATA ----- - - -@@ -65,7 +65,7 @@ SSL_READ 0.129967972 curl 12915 1270 - - USAGE message: - --usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-d] -+usage: sslsniff.py [-h] [-p PID] [-c COMM] [-o] [-g] [-n] [-d] - - Sniff SSL data - -@@ -75,6 +75,7 @@ Sniff SSL data - -c COMM, --comm COMM sniff only commands matching string. - -o, --no-openssl do not show OpenSSL calls. - -g, --no-gnutls do not show GnuTLS calls. -+ -n, --no-nss do not show NSS calls. - -d, --debug debug mode. - - examples: -@@ -83,3 +84,4 @@ Sniff SSL data - ./sslsniff -c curl # sniff curl command only - ./sslsniff --no-openssl # don't show OpenSSL calls - ./sslsniff --no-gnutls # don't show GnuTLS calls -+ ./sslsniff --no-nss # don't show NSS calls --- -2.17.1 - diff --git a/SPECS/bcc.spec b/SPECS/bcc.spec index 885c385..0e43fbb 100644 --- a/SPECS/bcc.spec +++ b/SPECS/bcc.spec @@ -10,17 +10,14 @@ %endif Name: bcc -Version: 0.6.1 -Release: 2%{?dist} +Version: 0.8.0 +Release: 1%{?dist} Summary: BPF Compiler Collection (BCC) License: ASL 2.0 URL: https://github.com/iovisor/bcc Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz Patch0: link-against-libLLVM.so-instead-of-static-libs.patch Patch1: Fix-tools-for-RHEL-7.patch -Patch2: sslsniff-add-NSS-support-1908.patch -Patch3: llcstat-print-a-nicer-error-message-when-hardware-ev.patch -Patch4: Miscellaneous-fixes-1914.patch # tests/cc doesn't compile on s390x, so disable it until we have a better fix Patch10: Disable-tests-cc.patch @@ -99,9 +96,6 @@ Command line tools for BPF Compiler Collection (BCC) %setup %patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 %ifarch s390x %patch10 -p1 @@ -182,6 +176,10 @@ mv %{buildroot}%{_datadir}/%{name}/examples %{buildroot}%{_docdir}/%{name}/ %changelog +* Mon Jan 28 2019 Jerome Marchand - 0.8.0-1 +- Rebase on bcc-8.0.0 +- Update libLLVM.so name for 7.0 + * Fri Sep 21 2018 Jerome Marchand - 0.6.1-2 - Set a minimal version for llvm-private(-devel)