gojue/ecapture

load bpf failed on kernel 4.18.0

darren opened this issue · 0 comments

darren commented

Describe the bug
load bpf failed on kernel 4.18.0

To Reproduce
Steps to reproduce the behavior:

ecapture tls

Expected behavior
capture tls should goes OK

Screenshots

./ecapture  tls 
tls_2024/05/16 09:38:01 ECAPTURE :: ecapture Version : linux_amd64:v0.8.0:6.5.0-1018-azure
tls_2024/05/16 09:38:01 ECAPTURE :: Pid Info : 3979458
tls_2024/05/16 09:38:01 ECAPTURE :: Kernel Info : 4.18.0
2024/05/16 09:38:01 read keylogger :ld.so.conf.d/*.conf error .
2024/05/16 09:38:01 read keylogger :ld.so.conf.d/*.conf error .
2024/05/16 09:38:01 read keylogger :ld.so.conf.d/*.conf error .
2024/05/16 09:38:01 read keylogger :ld.so.conf.d/*.conf error .
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        module initialization
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        Your environment is like a container. We won't be able to detect the BTF configuration.
If eCapture fails to run, try specifying the BTF mode. use `-b 2` to specify non-CORE mode.
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        BTF bytecode mode: CORE.
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        master key keylogger: 
tls_2024/05/16 09:38:01 ECAPTURE ::     Module.Run()
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        Text MODEL
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        origin version:OpenSSL 1.1.1k, as key:openssl 1.1.1k
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        libPthread path not found, IP info lost.
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        HOOK type:2, binrayPath:/lib64/libssl.so.1.1
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        Hook masterKey function:[SSL_get_wbio SSL_in_before SSL_do_handshake]
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        Your kernel version is less than 5.2, the following parameters will be ignored:[target_pid, target_uid, target_port]
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        BPF bytecode filename:user/bytecode/openssl_1_1_1j_kern_less52.o
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        module run failed, [skip it]. error:EBPFProbeOPENSSL    couldn't find asset open user/bytecode/openssl_1_1_1j_kern_less52.o: file does not exist .
tls_2024/05/16 09:38:01 ECAPTURE ::     No runnable modules, Exit(1)

Linux Server/Android (please complete the following information):

  • Env: [run make env to get the environment variables]
  • OS: [CentOS Linux release 8.2.2004 (Core) ]
  • Arch: [x86_64]
  • Kernel Version: [4.18.0-193.6.3.el8_2.x86_64]
  • Version: [0.8.0]