• Home
  • Raw
  • Download

Lines Matching +full:- +full:- +full:pid

7 # USAGE: sslsniff.py [-h] [-p PID] [-u UID] [-x] [-c COMM] [-o] [-g] [-n] [-d]
8 #                    [--hexdump] [--max-buffer-size SIZE] [-l] [--handshake]
12 # 12-Aug-2016    Adrian Lopez   Created this.
13 # 13-Aug-2016    Mark Drayton   Fix SSL_Read
14 # 17-Aug-2016    Adrian Lopez   Capture GnuTLS and add options
27     ./sslsniff -p 181       # sniff PID 181 only
28     ./sslsniff -u 1000      # sniff only UID 1000
29     ./sslsniff -c curl      # sniff curl command only
30     ./sslsniff --no-openssl # don't show OpenSSL calls
31     ./sslsniff --no-gnutls  # don't show GnuTLS calls
32     ./sslsniff --no-nss     # don't show NSS calls
33     ./sslsniff --hexdump    # show data as hex instead of trying to decode it as UTF-8
34     ./sslsniff -x           # show process UID and TID
35     ./sslsniff -l           # show function latency
36     ./sslsniff -l --handshake  # show SSL handshake latency
37     ./sslsniff --extra-lib openssl:/path/libssl.so.1.1 # sniff extra library
62 parser.add_argument("-p", "--pid", type=int, help="sniff this PID only.")
63 parser.add_argument("-u", "--uid", type=int, default=None,
65 parser.add_argument("-x", "--extra", action="store_true",
67 parser.add_argument("-c", "--comm",
69 parser.add_argument("-o", "--no-openssl", action="store_false", dest="openssl",
71 parser.add_argument("-g", "--no-gnutls", action="store_false", dest="gnutls",
73 parser.add_argument("-n", "--no-nss", action="store_false", dest="nss",
75 parser.add_argument('-d', '--debug', dest='debug', action='count', default=0,
77 parser.add_argument("--ebpf", action="store_true",
79 parser.add_argument("--hexdump", action="store_true", dest="hexdump",
80                     help="show data as hexdump instead of trying to decode it as UTF-8")
81 parser.add_argument('--max-buffer-size', type=int, default=8192,
83 parser.add_argument("-l", "--latency", action="store_true",
85 parser.add_argument("--handshake", action="store_true",
87 parser.add_argument("--extra-lib", type=ssllib_type, action='append',
101         u32 pid;
111 #define BASE_EVENT_SIZE ((size_t)(&((struct probe_SSL_data_t*)0)->buf))
124         u32 pid = pid_tgid >> 32;
141         u32 pid = pid_tgid >> 32;
165         data->timestamp_ns = ts;
166         data->delta_ns = ts - *tsp;
167         data->pid = pid;
168         data->tid = tid;
169         data->uid = uid;
170         data->len = (u32)len;
171         data->buf_filled = 0;
172         data->rw = rw;
175         bpf_get_current_comm(&data->comm, sizeof(data->comm));
178                 ret = bpf_probe_read_user(&data->buf, buf_copy_size, (char *)*bufp);
184                 data->buf_filled = 1;
204         u32 pid = pid_tgid >> 32;
218         u32 pid = pid_tgid >> 32;
239         data->timestamp_ns = ts;
240         data->delta_ns = ts - *tsp;
241         data->pid = pid;
242         data->tid = tid;
243         data->uid = uid;
244         data->len = ret;
245         data->buf_filled = 0;
246         data->rw = 2;
247         bpf_get_current_comm(&data->comm, sizeof(data->comm));
255 if args.pid:
256     prog = prog.replace('PID_FILTER', 'if (pid != %d) { return 0; }' % args.pid)
281                     fn_name="probe_SSL_rw_enter", pid=args.pid or -1)
283                        fn_name="probe_SSL_write_exit", pid=args.pid or -1)
285                     fn_name="probe_SSL_rw_enter", pid=args.pid or -1)
287                        fn_name="probe_SSL_read_exit", pid=args.pid or -1)
290                         fn_name="probe_SSL_do_handshake_enter", pid=args.pid or -1)
292                            fn_name="probe_SSL_do_handshake_exit", pid=args.pid or -1)
296                     fn_name="probe_SSL_rw_enter", pid=args.pid or -1)
298                        fn_name="probe_SSL_write_exit", pid=args.pid or -1)
300                     fn_name="probe_SSL_rw_enter", pid=args.pid or -1)
302                        fn_name="probe_SSL_read_exit", pid=args.pid or -1)
306                     fn_name="probe_SSL_rw_enter", pid=args.pid or -1)
308                        fn_name="probe_SSL_write_exit", pid=args.pid or -1)
310                     fn_name="probe_SSL_rw_enter", pid=args.pid or -1)
312                        fn_name="probe_SSL_write_exit", pid=args.pid or -1)
314                     fn_name="probe_SSL_rw_enter", pid=args.pid or -1)
316                        fn_name="probe_SSL_read_exit", pid=args.pid or -1)
318                     fn_name="probe_SSL_rw_enter", pid=args.pid or -1)
320                        fn_name="probe_SSL_read_exit", pid=args.pid or -1)
346 header = "%-12s %-18s %-16s %-7s %-7s" % ("FUNC", "TIME(s)", "COMM", "PID", "LEN")
349     header += " %-7s %-7s" % ("UID", "TID")
352     header += " %-7s" % ("LAT(ms)")
380         if not args.comm == event.comm.decode('utf-8', 'replace'):
385     time_s = (float(event.timestamp_ns - start)) / 1000000000
389     s_mark = "-" * 5 + " DATA " + "-" * 5
391     e_mark = "-" * 5 + " END DATA " + "-" * 5
393     truncated_bytes = event.len - buf_size
395         e_mark = "-" * 5 + " END DATA (TRUNCATED, " + str(truncated_bytes) + \
396                 " bytes lost) " + "-" * 5
398     base_fmt = "%(func)-12s %(time)-18.9f %(comm)-16s %(pid)-7d %(len)-6d"
401         base_fmt += " %(uid)-7d %(tid)-7d"
404         base_fmt += " %(lat)-7s"
409         data = textwrap.fill(unwrapped_data.decode('utf-8', 'replace'), width=32)
411         data = buf.decode('utf-8', 'replace')
423         'comm': event.comm.decode('utf-8', 'replace'),
424         'pid': event.pid,