On Fri, Aug 12, 2016 at 4:50 PM, Brenden Blanco via iovisor-dev <iovisor-dev@lists.iovisor.org> wrote: > > > On Fri, Aug 12, 2016 at 4:46 PM, Mark Drayton via iovisor-dev > <iovisor-dev@lists.iovisor.org> wrote: >> >> Here’s a version that works: >> >> >> >> https://gist.github.com/markdrayton/d077459b7ed23ce25bb3eff2d5e220ba >> >> >> >> It looks like SSL_read’s arguments aren’t available in a return probe so >> you need to stash the buffer address in a map on the function entry and read >> it on its exit. >> >> >> >> As you’ll see in my example, the amount of data captured is limited by the >> size of probe_SSL_data_t.v0, which in turn is limited by the (relatively >> small) size of the BPF stack. I’m not sure how best to handle this. >> >> >> >> Unrelatedly: I suspect that GitHub is a better place to send questions >> like this than the –dev mailing list. > > +1
+2 I think that sniff_openssl.py you can wrap into PR into examples/ or even tools/. Looks quite useful as it is. _______________________________________________ iovisor-dev mailing list iovisor-dev@lists.iovisor.org https://lists.iovisor.org/mailman/listinfo/iovisor-dev
