Including an uprobe SSL_get_error

[zbenamram]

Hello!

Thanks so much for your team's contributions here. There have been some great learnings in this project as I dive more into ebpfs!

I'm curious how this project been aggregating response chunks that have been sniffed from SSL_read/write uprobes.

I've taken a look at https://www.openssl.org/docs/manmaster/man7/ossl-guide-tls-client-block.html and I read that to verify that a response has completed, a 0 value gets returned from the SSL_read_ex function and then a followup call is made to SSL_get_error to verify a response has completed successfully.

I noticed that a 0 value returned by SSL_read_ex does not get handled and is returned early: https://github.com/kubeshark/tracer/blob/master/bpf/openssl_uprobes.c#L104

When aggregating responses to serve in the UI, I'm curious how you are able to tell when a response has completed.

[iluxa]

Hello @zbenamram

The traffic is aggregating by consumer on a higher protocols, for example if consumer is interested in HTTP protocol handling, it expects to receive all traffic based on HTTP length headers

[zbenamram]

Thanks for the reply - thats what I was expecting.