module run failed, [skip it]. error:EBPFProbeOPENSSL couldn't find asset open user/bytecode: file does not exist

树莓派 4B 内核 5.10.201
OpenWrt
./ecapture tls
2024/04/05 12:07:53 Your environment is like a container. We won't be able to detect the BTF configuration.
tls_2024/04/05 12:07:53 ECAPTURE :: ecapture Version : linux_aarch64:0.7.6-20240330-f1930dc:[CORE]
tls_2024/04/05 12:07:53 ECAPTURE :: Pid Info : 18932
tls_2024/04/05 12:07:53 ECAPTURE :: Kernel Info : 5.10.201
tls_2024/04/05 12:07:53 EBPFProbeOPENSSL module initialization
tls_2024/04/05 12:07:53 EBPFProbeOPENSSL master key keylogger:
tls_2024/04/05 12:07:53 ECAPTURE :: Module.Run()
tls_2024/04/05 12:07:53 EBPFProbeOPENSSL Text MODEL
tls_2024/04/05 12:07:53 EBPFProbeOPENSSL libPthread path not found, IP info lost.
tls_2024/04/05 12:07:53 EBPFProbeOPENSSL HOOK type:2, binrayPath:/usr/lib64/libssl.so.1.1
tls_2024/04/05 12:07:53 EBPFProbeOPENSSL Hook masterKey function:[SSL_get_wbio SSL_in_before SSL_do_handshake]
tls_2024/04/05 12:07:53 EBPFProbeOPENSSL target all process.
tls_2024/04/05 12:07:53 EBPFProbeOPENSSL target all users.
tls_2024/04/05 12:07:53 EBPFProbeOPENSSL BPF bytecode filename:user/bytecode
tls_2024/04/05 12:07:53 EBPFProbeOPENSSL module run failed, [skip it]. error:EBPFProbeOPENSSL couldn't find asset open user/bytecode: file does not exist .
tls_2024/04/05 12:07:53 ECAPTURE :: No runnable modules, Exit(1)

Can you give me a test environment?

我只能给你固件包的下载地址
https://fw3.koolcenter.com:5000/iStoreOS/rpi4/istoreos-22.03.6-2024031514-raspberrypi-rpi4-squashfs.img.gz
原谅我太穷了送不了你树莓派

可以给我ssh 的帐号密码。

可以给我ssh 的帐号密码。

内网部署，可以远程我的电脑然后进去

你可以自己debug一下看看是哪里的问题吗？
大概是

ecapture/user/module/probe_openssl_lib.go

Lines 117 to 243 in f1930dc

    
           func (m *MOpenSSLProbe) detectOpenssl(soPath string) error { 
        
           	f, err := os.OpenFile(soPath, os.O_RDONLY, os.ModePerm) 
        
           	if err != nil { 
        
           		return fmt.Errorf("can not open %s, with error:%v", soPath, err) 
        
           	} 
        
           	r, e := elf.NewFile(f) 
        
           	if e != nil { 
        
           		return fmt.Errorf("parse the ELF file  %s failed, with error:%v", soPath, err) 
        
           	} 
        
           	switch r.FileHeader.Machine { 
        
           	case elf.EM_X86_64: 
        
           	case elf.EM_AARCH64: 
        
           	default: 
        
           		return fmt.Errorf("unsupported arch library ,ELF Header Machine is :%s, must be one of EM_X86_64 and EM_AARCH64", r.FileHeader.Machine.String()) 
        
           	} 
        
           	s := r.Section(".rodata") 
        
           	if s == nil { 
        
           		// not found 
        
           		return nil 
        
           	} 
        
           	sectionOffset := int64(s.Offset) 
        
           	sectionSize := s.Size 
        
           	r.Close() 
        
           	_, err = f.Seek(0, 0) 
        
           	if err != nil { 
        
           		return err 
        
           	} 
        
           	ret, err := f.Seek(sectionOffset, 0) 
        
           	if ret != sectionOffset || err != nil { 
        
           		return err 
        
           	} 
        
           	versionKey := "" 
        
           	// e.g : OpenSSL 1.1.1j  16 Feb 2021 
        
           	// OpenSSL 3.2.0 23 Nov 2023 
        
           	rex, err := regexp.Compile(`(OpenSSL\s\d\.\d\.[0-9a-z]+)`) 
        
           	if err != nil { 
        
           		return nil 
        
           	} 
        
           	buf := make([]byte, 1024*1024) // 1Mb 
        
           	totalReadCount := 0 
        
           	for totalReadCount < int(sectionSize) { 
        
           		readCount, err := f.Read(buf) 
        
           		if err != nil { 
        
           			m.logger.Printf("%s\t[f.Read] Error:%v\t", m.Name(), err) 
        
           			break 
        
           		} 
        
           		if readCount == 0 { 
        
           			break 
        
           		} 
        
           		match := rex.Find(buf) 
        
           		if match != nil { 
        
           			versionKey = string(match) 
        
           			break 
        
           		} 
        
           		// Substracting OpenSslVersionLen from totalReadCount, 
        
           		// to cover the edge-case in which openssl version string 
        
           		// could be split into two buffers. Substraction will, 
        
           		// makes sure that last 30 bytes of previous buffer are considered. 
        
           		totalReadCount += readCount - OpenSslVersionLen 
        
           		_, err = f.Seek(sectionOffset+int64(totalReadCount), 0) 
        
           		if err != nil { 
        
           			break 
        
           		} 
        
           		clear(buf) 
        
           	} 
        
           	f.Close() 
        
           	buf = nil 
        
           	var bpfFile string 
        
           	var found bool 
        
           	if versionKey != "" { 
        
           		versionKeyLower := strings.ToLower(versionKey) 
        
           		m.logger.Printf("%s\torigin version:%s, as key:%s", m.Name(), versionKey, versionKeyLower) 
        
           		// find the sslVersion bpfFile from sslVersionBpfMap 
        
           		bpfFile, found = m.sslVersionBpfMap[versionKeyLower] 
        
           		if found { 
        
           			m.sslBpfFile = bpfFile 
        
           			return nil 
        
           		} 
        
           	} 
        
           	isAndroid := m.conf.(*config.OpensslConfig).IsAndroid 
        
           	androidVer := m.conf.(*config.OpensslConfig).AndroidVer 
        
           	// if not found, use default 
        
           	if isAndroid { 
        
           		// sometimes,boringssl version always was "boringssl 1.1.1" on android. but offsets are different. 
        
           		// see kern/boringssl_a_13_kern.c and kern/boringssl_a_14_kern.c 
        
           		// Perhaps we can utilize the Android Version to choose a specific version of boringssl. 
        
           		// use the corresponding bpfFile 
        
           		bpfFildAndroid := fmt.Sprintf("boringssl_a_%s", androidVer) 
        
           		bpfFile, found = m.sslVersionBpfMap[bpfFildAndroid] 
        
           		if found { 
        
           			m.sslBpfFile = bpfFile 
        
           			m.logger.Printf("%s\tOpenSSL/BoringSSL version found, ro.build.version.release=%s\n", m.Name(), androidVer) 
        
           		} else { 
        
           			bpfFile, _ = m.sslVersionBpfMap[AndroidDefauleFilename] 
        
           			m.logger.Printf("%s\tOpenSSL/BoringSSL version not found, used default version :%s\n", m.Name(), AndroidDefauleFilename) 
        
           		} 
        
           	} else { 
        
           		if strings.Contains(soPath, "libssl.so.3") { 
        
           			bpfFile, _ = m.sslVersionBpfMap[LinuxDefauleFilename_3_0] 
        
           			m.logger.Printf("%s\tOpenSSL/BoringSSL version not found from shared library file, used default version:%s\n", m.Name(), LinuxDefauleFilename_3_0) 
        
           		} else { 
        
           			bpfFile, _ = m.sslVersionBpfMap[LinuxDefauleFilename_1_1_1] 
        
           			m.logger.Printf("%s\tOpenSSL/BoringSSL version not found from shared library file, used default version:%s\n", m.Name(), LinuxDefauleFilename_1_1_1) 
        
           		} 
        
           	} 
        
           	m.sslBpfFile = bpfFile 
        
           	return nil 
        
           }

函数中对m.sslBpfFile变量获取失败导致的。

	func (m *MOpenSSLProbe) detectOpenssl(soPath string) error {
	f, err := os.OpenFile(soPath, os.O_RDONLY, os.ModePerm)
	if err != nil {
	return fmt.Errorf("can not open %s, with error:%v", soPath, err)
	}
	r, e := elf.NewFile(f)
	if e != nil {
	return fmt.Errorf("parse the ELF file %s failed, with error:%v", soPath, err)
	}

	switch r.FileHeader.Machine {
	case elf.EM_X86_64:
	case elf.EM_AARCH64:
	default:
	return fmt.Errorf("unsupported arch library ,ELF Header Machine is :%s, must be one of EM_X86_64 and EM_AARCH64", r.FileHeader.Machine.String())
	}

	s := r.Section(".rodata")
	if s == nil {
	// not found
	return nil
	}

	sectionOffset := int64(s.Offset)
	sectionSize := s.Size

	r.Close()

	_, err = f.Seek(0, 0)
	if err != nil {
	return err
	}

	ret, err := f.Seek(sectionOffset, 0)
	if ret != sectionOffset \|\| err != nil {
	return err
	}

	versionKey := ""

	// e.g : OpenSSL 1.1.1j 16 Feb 2021
	// OpenSSL 3.2.0 23 Nov 2023
	rex, err := regexp.Compile(`(OpenSSL\s\d\.\d\.[0-9a-z]+)`)
	if err != nil {
	return nil
	}

	buf := make([]byte, 1024*1024) // 1Mb
	totalReadCount := 0
	for totalReadCount < int(sectionSize) {
	readCount, err := f.Read(buf)

	if err != nil {
	m.logger.Printf("%s\t[f.Read] Error:%v\t", m.Name(), err)
	break
	}

	if readCount == 0 {
	break
	}

	match := rex.Find(buf)
	if match != nil {
	versionKey = string(match)
	break
	}

	// Substracting OpenSslVersionLen from totalReadCount,
	// to cover the edge-case in which openssl version string
	// could be split into two buffers. Substraction will,
	// makes sure that last 30 bytes of previous buffer are considered.
	totalReadCount += readCount - OpenSslVersionLen

	_, err = f.Seek(sectionOffset+int64(totalReadCount), 0)
	if err != nil {
	break
	}

	clear(buf)

	}

	f.Close()
	buf = nil

	var bpfFile string
	var found bool
	if versionKey != "" {
	versionKeyLower := strings.ToLower(versionKey)
	m.logger.Printf("%s\torigin version:%s, as key:%s", m.Name(), versionKey, versionKeyLower)
	// find the sslVersion bpfFile from sslVersionBpfMap
	bpfFile, found = m.sslVersionBpfMap[versionKeyLower]
	if found {
	m.sslBpfFile = bpfFile
	return nil
	}
	}

	isAndroid := m.conf.(*config.OpensslConfig).IsAndroid
	androidVer := m.conf.(*config.OpensslConfig).AndroidVer
	// if not found, use default
	if isAndroid {
	// sometimes,boringssl version always was "boringssl 1.1.1" on android. but offsets are different.
	// see kern/boringssl_a_13_kern.c and kern/boringssl_a_14_kern.c
	// Perhaps we can utilize the Android Version to choose a specific version of boringssl.
	// use the corresponding bpfFile
	bpfFildAndroid := fmt.Sprintf("boringssl_a_%s", androidVer)
	bpfFile, found = m.sslVersionBpfMap[bpfFildAndroid]
	if found {
	m.sslBpfFile = bpfFile
	m.logger.Printf("%s\tOpenSSL/BoringSSL version found, ro.build.version.release=%s\n", m.Name(), androidVer)
	} else {
	bpfFile, _ = m.sslVersionBpfMap[AndroidDefauleFilename]
	m.logger.Printf("%s\tOpenSSL/BoringSSL version not found, used default version :%s\n", m.Name(), AndroidDefauleFilename)
	}
	} else {
	if strings.Contains(soPath, "libssl.so.3") {
	bpfFile, _ = m.sslVersionBpfMap[LinuxDefauleFilename_3_0]
	m.logger.Printf("%s\tOpenSSL/BoringSSL version not found from shared library file, used default version:%s\n", m.Name(), LinuxDefauleFilename_3_0)
	} else {
	bpfFile, _ = m.sslVersionBpfMap[LinuxDefauleFilename_1_1_1]
	m.logger.Printf("%s\tOpenSSL/BoringSSL version not found from shared library file, used default version:%s\n", m.Name(), LinuxDefauleFilename_1_1_1)
	}
	}
	m.sslBpfFile = bpfFile
	return nil
	}