search

gojue / ecapture

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
https://ecapture.cc
Apache License 2.0
13.35k stars 1.41k forks source link

archlinux不存在/boot/config-`uname -r`文件,导致启动程序时报错 #475

Closed xtay573269555 closed 8 months ago

xtay573269555 commented 9 months ago

大佬您好,我在 archlinux 上执行下载到的 release 包报错,在 debian 上则能正常运行。麻烦看看是否是兼容性问题?谢谢~

另外,如果 archlinux 上就是没有 KernelConfig 文件,是否可以考虑提供一个参数来跳过这个检查。

启动程序时报错如下:

[root@archlinux ~]# ./ecapture --version
2024/01/31 09:06:54 Failed to read kernel configuration., error:KernelConfig not found. with error: open /boot/config-6.5.11-7-pve: no such file or directory

排查发现 /boot/config-xxx 不存在

[root@archlinux ~]# cat /boot/config-`uname -r` | grep CONFIG_DEBUG_INFO_BTF
cat: /boot/config-6.6.8-arch1-1: No such file or directory
[root@archlinux ~]# ll /boot/config*
ls: cannot access '/boot/config*': No such file or directory
[root@archlinux ~]# ll /boot
total 93260
drwxr-xr-x 6 root root     4096 2022-10-27 20:43 grub
-rw------- 1 root root 72462153 2023-12-27 14:49 initramfs-linux-fallback.img
-rw------- 1 root root 10139387 2023-12-27 14:49 initramfs-linux.img
-rw-r--r-- 1 root root 12885600 2023-12-27 14:49 vmlinuz-linux

OS 和 kernel 版本

[root@archlinux ~]# cat /etc/os-release 
NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
BUILD_ID=rolling
ANSI_COLOR="38;2;23;147;209"
HOME_URL="https://archlinux.org/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://bugs.archlinux.org/"
PRIVACY_POLICY_URL="https://terms.archlinux.org/docs/privacy-policy/"
LOGO=archlinux-logo
[root@archlinux ~]# uname -a
Linux archlinux 6.6.8-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 21 Dec 2023 19:01:01 +0000 x86_64 GNU/Linux
[root@archlinux ~]# pacman -Qn | grep -i linux
archlinux-keyring 20231222-1
linux 6.6.8.arch1-1
linux-api-headers 6.4-1
linux-firmware 20231211.f2e52a1c-1
linux-firmware-whence 20231211.f2e52a1c-1
util-linux 2.39.3-1
util-linux-libs 2.39.3-1
[root@archlinux ~]#
cfc4n commented 9 months ago

我对archLinux系统不熟悉,你了解哪里保存里KernelConfig信息吗?

xtay573269555 commented 8 months ago

根据 https://wiki.archlinux.org/title/Kernel#Compilationhttps://wiki.archlinux.org/title/Compile_kernel_module 中的介绍(搜索 config.gz 关键字),archlinux 在运行时会将 KernelConfig 释放到 /proc 目录下。

我在 archlinux 上实际测试了下,是能找到这个文件和内容的

[root@archlinux ~]# zcat /proc/config.gz | grep CONFIG_DEBUG_INFO_BTF
CONFIG_DEBUG_INFO_BTF=y
CONFIG_DEBUG_INFO_BTF_MODULES=y
cfc4n commented 8 months ago

我手头没有archLinux的测试服务器,你的服务器方便我用一下吗?

xtay573269555 commented 8 months ago

我的不是公网服务器,是家里的NAS装PVE再建的archlinux虚拟机。我得先改一遍内网密码才能把主机映射出去。搞完了联系你

cfc4n commented 8 months ago

之前做过对archLinux 的兼容的,理应不会报错。

https://github.com/gojue/ecapture/blob/1a2abb8ca31f4c522cbe17d1dc36d26f231fdff0/pkg/util/ebpf/bpf.go#L37-L41

xtay573269555 commented 8 months ago

抱歉,是我搞错了,ecapture 能在 archlinux 上正常运行。是我连上一台 VM 运行的 archlinux 主机后 ssh 跳到另一台 LXC 运行的 archlinux,securecrt 会话中断后搞混淆了。