Replies: 2 comments 1 reply
-
|
[root@openwrt ecapture-v0.8.3-linux-amd64]# ecapture gotls -e /usr/bin/dockerd --hex 最新版本测试 docker pull 还是有问题 |
Beta Was this translation helpful? Give feedback.
-
|
看上去是跟你的内核有关系,不确定openwrt的系统在内核功能上有什么差异,你可以开启DEBUG=1环境变量自行编译,查看内核日志,发出来,我看看。 |
Beta Was this translation helpful? Give feedback.
-
现在不是docker hub加速屏蔽吗?所以想分析下, docker pull 时候,调用了docker hub 的哪些api
以下方法测试不行, 执行docker pull nginx看不到任何日志输出
`
./ecapture --hex gotls -e /usr/bin/dockerd
2024-06-12T11:20:28+08:00 INF AppName="eCapture(旁观者)"
2024-06-12T11:20:28+08:00 INF HomePage=https://ecapture.cc
2024-06-12T11:20:28+08:00 INF Repository=https://github.com/gojue/ecapture
2024-06-12T11:20:28+08:00 INF Author="CFC4N [email protected]"
2024-06-12T11:20:28+08:00 INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-06-12T11:20:28+08:00 INF Version=linux_amd64:v0.8.3:6.5.0-1021-azure
2024-06-12T11:20:28+08:00 INF listen=localhost:28256
2024-06-12T11:20:28+08:00 INF https server starting...You can update the configuration file via the HTTP interface.
2024-06-12T11:20:28+08:00 WRN ========== module starting. ==========
2024-06-12T11:20:28+08:00 INF Kernel Info=5.10.178 Pid=2302
2024-06-12T11:20:28+08:00 INF BTF bytecode mode: CORE. btfMode=0
2024-06-12T11:20:28+08:00 INF GoTlsProbe init keylogFile= model=Text
2024-06-12T11:20:28+08:00 INF module initialization. isReload=false moduleName=EBPFProbeGoTLS
2024-06-12T11:20:28+08:00 INF Module.Run()
2024-06-12T11:20:28+08:00 INF HOOK type:Golang elf GoVersion=go1.21.6 binrayPath=/usr/bin/dockerd buildInfo=" -buildmode=pie -compiler=gc -ldflags=-w -X "github.com/docker/docker/dockerversion.Version=25.0.1" -X "github.com/docker/docker/dockerversion.GitCommit=71fa3ab" -X "github.com/docker/docker/dockerversion.BuildTime=2024-01-23T23:09:52.000000000+00:00" -X "github.com/docker/docker/dockerversion.PlatformName=Docker Engine - Community" -X "github.com/docker/docker/dockerversion.ProductName=docker" -X "github.com/docker/docker/dockerversion.DefaultProductLicense=" -tags=journald DefaultGODEBUG=panicnil=1 CGO_ENABLED=1 GOARCH=amd64 GOOS=linux GOAMD64=v1" isRegisterABI=true
2024-06-12T11:20:28+08:00 WRN Golang elf buildmode with pie
2024-06-12T11:20:28+08:00 INF golang uretprobe added. function=crypto/tls.(*Conn).Read offset=18914B3
2024-06-12T11:20:28+08:00 INF golang uretprobe added. function=crypto/tls.(*Conn).Read offset=18914DC
2024-06-12T11:20:28+08:00 INF golang uretprobe added. function=crypto/tls.(*Conn).Read offset=1891560
2024-06-12T11:20:28+08:00 INF golang uretprobe added. function=crypto/tls.(*Conn).Read offset=18916AB
2024-06-12T11:20:28+08:00 INF golang uretprobe added. function=crypto/tls.(*Conn).Read offset=18916DA
2024-06-12T11:20:28+08:00 INF golang uretprobe added. function=crypto/tls.(*Conn).Read offset=1891749
2024-06-12T11:20:28+08:00 INF golang uretprobe added. function=crypto/tls.(*Conn).Read offset=1891763
2024-06-12T11:20:28+08:00 INF target all process.
2024-06-12T11:20:28+08:00 INF target all users.
2024-06-12T11:20:28+08:00 INF BPF bytecode file is matched. bpfFileName=user/bytecode/gotls_kern_core.o
2024-06-12T11:20:29+08:00 INF perfEventReader created mapSize(MB)=4
2024-06-12T11:20:29+08:00 INF module started successfully. isReload=false moduleName=EBPFProbeGoTLS
^C2024-06-12T11:26:33+08:00 INF module close.
2024-06-12T11:26:33+08:00 INF Module closed,message recived from Context
2024-06-12T11:26:33+08:00 INF iModule module close
2024-06-12T11:26:33+08:00 INF bye bye.
`
Beta Was this translation helpful? Give feedback.
All reactions