Unable to access network,ERR SSLDataEvent's fd is 0 address= fd=0 pid=9059

[wwf1227]

设备信息：小米14

houji:/data/local/tmp # uname -a Linux localhost 6.1.57-android14-11-gd8b333a26dfd-ab11564698 #1 SMP PREEMPT Tue Mar 12 18:33:08 UTC 2024 aarch64 Toybox

houji:/data/local/tmp # ./ecapture tls 2024-10-24T09:10:36Z INF AppName="eCapture(旁观者)" 2024-10-24T09:10:36Z INF HomePage=https://ecapture.cc 2024-10-24T09:10:36Z INF Repository=https://github.com/gojue/ecapture 2024-10-24T09:10:36Z INF Author="CFC4N cfc4ncs@gmail.com" 2024-10-24T09:10:36Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64." 2024-10-24T09:10:36Z INF Version=androidgki_arm64:v0.8.8:6.5.0-1025-azure 2024-10-24T09:10:36Z INF Listen=localhost:28256 2024-10-24T09:10:36Z INF eCapture running logs logger= 2024-10-24T09:10:36Z INF the file handler that receives the captured event eventCollector= 2024-10-24T09:10:36Z WRN ========== module starting. ========== 2024-10-24T09:10:36Z INF Kernel Info=6.1.57 Pid=27697 2024-10-24T09:10:36Z INF listen=localhost:28256 2024-10-24T09:10:36Z WRN Your environment is like a container. We won't be able to detect the BTF configuration. If eCapture fails to run, try specifying the BTF mode. use -b 2 to specify non-CORE mode. 2024-10-24T09:10:36Z INF https server starting...You can update the configuration file via the HTTP interface. 2024-10-24T09:10:36Z INF BTF bytecode mode: CORE. btfMode=0 2024-10-24T09:10:36Z INF master key keylogger has been set. eBPFProgramType=Text keylogger= 2024-10-24T09:10:36Z INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL 2024-10-24T09:10:36Z INF Module.Run() 2024-10-24T09:10:36Z INF OpenSSL/BoringSSL version found BoringSSL Version=14 2024-10-24T09:10:36Z INF Hook masterKey function ElfType=2 Functions=["SSL_in_init"] binrayPath=/apex/com.android.conscrypt/lib64/libssl.so 2024-10-24T09:10:36Z INF target all process. 2024-10-24T09:10:36Z INF target all users. 2024-10-24T09:10:36Z INF setupManagers eBPFProgramType=Text 2024-10-24T09:10:36Z INF BPF bytecode file is matched. bpfFileName=user/bytecode/boringssl_a_14_kern_core.o 2024-10-24T09:10:36Z INF perfEventReader created mapSize(MB)=4 2024-10-24T09:10:36Z INF perfEventReader created mapSize(MB)=4 2024-10-24T09:10:36Z INF module started successfully. isReload=false moduleName=EBPFProbeOPENSSL 2024-10-24T09:11:02Z ERR SSLDataEvent's fd is 0 address= fd=0 pid=9059 2024-10-24T09:11:02Z ERR SSLDataEvent's fd is 0 address= fd=0 pid=9059

[cfc4n]

SSLDataEvent's fd is 0 address= fd=0 pid=9059

In fact, this information does not affect the normal operation of the software. Just a reminder, I will adjust the error level of this message to INF in the next version.

[yuweizzz]

try the master branch. it should be fix by #642

[cfc4n]

or try v0.8.9

[xxxxxliil]

@yuweizzz 如果在 0.8.9 的 debug 日志中可以显示 bio 模式但 fd 仍为 0 是预期行为吗？

[yuweizzz]

参考对应的 bio 类型，不大于 BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR 的值，num 不用于表示 fd