Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

load bpf failed on kernel 4.18.0 #544

Closed
darren opened this issue May 16, 2024 · 0 comments · Fixed by #545
Closed

load bpf failed on kernel 4.18.0 #544

darren opened this issue May 16, 2024 · 0 comments · Fixed by #545
Labels
bug Something isn't working

Comments

@darren
Copy link
Contributor

darren commented May 16, 2024

Describe the bug
load bpf failed on kernel 4.18.0

To Reproduce
Steps to reproduce the behavior:

ecapture tls

Expected behavior
capture tls should goes OK

Screenshots

./ecapture  tls 
tls_2024/05/16 09:38:01 ECAPTURE :: ecapture Version : linux_amd64:v0.8.0:6.5.0-1018-azure
tls_2024/05/16 09:38:01 ECAPTURE :: Pid Info : 3979458
tls_2024/05/16 09:38:01 ECAPTURE :: Kernel Info : 4.18.0
2024/05/16 09:38:01 read keylogger :ld.so.conf.d/*.conf error .
2024/05/16 09:38:01 read keylogger :ld.so.conf.d/*.conf error .
2024/05/16 09:38:01 read keylogger :ld.so.conf.d/*.conf error .
2024/05/16 09:38:01 read keylogger :ld.so.conf.d/*.conf error .
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        module initialization
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        Your environment is like a container. We won't be able to detect the BTF configuration.
If eCapture fails to run, try specifying the BTF mode. use `-b 2` to specify non-CORE mode.
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        BTF bytecode mode: CORE.
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        master key keylogger: 
tls_2024/05/16 09:38:01 ECAPTURE ::     Module.Run()
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        Text MODEL
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        origin version:OpenSSL 1.1.1k, as key:openssl 1.1.1k
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        libPthread path not found, IP info lost.
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        HOOK type:2, binrayPath:/lib64/libssl.so.1.1
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        Hook masterKey function:[SSL_get_wbio SSL_in_before SSL_do_handshake]
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        Your kernel version is less than 5.2, the following parameters will be ignored:[target_pid, target_uid, target_port]
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        BPF bytecode filename:user/bytecode/openssl_1_1_1j_kern_less52.o
tls_2024/05/16 09:38:01 EBPFProbeOPENSSL        module run failed, [skip it]. error:EBPFProbeOPENSSL    couldn't find asset open user/bytecode/openssl_1_1_1j_kern_less52.o: file does not exist .
tls_2024/05/16 09:38:01 ECAPTURE ::     No runnable modules, Exit(1)

Linux Server/Android (please complete the following information):

  • Env: [run make env to get the environment variables]
  • OS: [CentOS Linux release 8.2.2004 (Core) ]
  • Arch: [x86_64]
  • Kernel Version: [4.18.0-193.6.3.el8_2.x86_64]
  • Version: [0.8.0]
@darren darren mentioned this issue May 16, 2024
Merged
@cfc4n cfc4n added the bug Something isn't working label May 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

BPF name should be appended after _core/_noncore darren/ecapture
2 participants
@darren @cfc4n