Including an uprobe SSL_get_error
Closed this issue · 2 comments
Hello!
Thanks so much for your team's contributions here. There have been some great learnings in this project as I dive more into ebpfs!
I'm curious how this project been aggregating response chunks that have been sniffed from SSL_read/write uprobes.
I've taken a look at https://www.openssl.org/docs/manmaster/man7/ossl-guide-tls-client-block.html and I read that to verify that a response has completed, a 0 value gets returned from the SSL_read_ex function and then a followup call is made to SSL_get_error to verify a response has completed successfully.
I noticed that a 0 value returned by SSL_read_ex does not get handled and is returned early: https://github.com/kubeshark/tracer/blob/master/bpf/openssl_uprobes.c#L104
When aggregating responses to serve in the UI, I'm curious how you are able to tell when a response has completed.
Hello @zbenamram
The traffic is aggregating by consumer on a higher protocols, for example if consumer is interested in HTTP protocol handling, it expects to receive all traffic based on HTTP length headers
Thanks for the reply - thats what I was expecting.