clang: error: linker command failed with exit code 1 (use -v to see invocation)

NobinPegasus commented 2 months ago

When I'm trying to build the tools using make I find the following error:

pegasus@pegasus:~/Documents/ssl-ebpf-projects/evilBPF$ make
find . -mindepth 2 -name libbpf -prune -o -name Makefile -execdir make release \; || exit 1
make[1]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/ssl_sniffer'
make -C /home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src
make[2]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
make[2]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
clang -Wall -O2 sniffer.c -Iinclude -Iebpf ebpf/loader.o utils/libresolver.o -I/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -L/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -l:libbpf.a -lbpf -lelf -lz -o sniffer -static
In file included from sniffer.c:7:
include/utils/libresolver.h:22:12: warning: unused function 'lookup_path' [-Wunused-function]
   22 | static int lookup_path(const char *path, char *library_name, int strict, char *library_path, int depth);
      |            ^~~~~~~~~~~
1 warning generated.
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_compress':
(.text+0x113): undefined reference to `ZSTD_createCCtx'
/usr/bin/ld: (.text+0x2a9): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x2b4): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x2db): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x5a0): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x5ab): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x6b9): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x835): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x86f): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x91b): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0xa12): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress':
(.text+0xbfc): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xc04): undefined reference to `ZSTD_isError'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress_elf':
(.text+0xd45): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xd4d): undefined reference to `ZSTD_isError'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:23: sniffer] Error 1
make[1]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/ssl_sniffer'
make[1]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/hidden_ssh'
make -C /home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src
make[2]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
make[2]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
clang -Wall -O2 hidden_ssh.c   -I/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -L/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -l:libbpf.a -lbpf -lelf -lz -o hidden_ssh -static
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_compress':
(.text+0x113): undefined reference to `ZSTD_createCCtx'
/usr/bin/ld: (.text+0x2a9): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x2b4): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x2db): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x5a0): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x5ab): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x6b9): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x835): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x86f): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x91b): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0xa12): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress':
(.text+0xbfc): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xc04): undefined reference to `ZSTD_isError'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress_elf':
(.text+0xd45): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xd4d): undefined reference to `ZSTD_isError'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:23: hidden_ssh] Error 1
make[1]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/hidden_ssh'
make[1]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/hide_pid'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:37: warning: overriding recipe for target 'hider.bpf.o'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:32: warning: ignoring old recipe for target 'hider.bpf.o'
make[1]: Circular hider.bpf.o <- hider.bpf.o dependency dropped.
make -C /home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src
make[2]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
make[2]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
clang -Wall -O2 hider.c   -I/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -L/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -l:libbpf.a -lbpf -lelf -lz -o hider -static
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_compress':
(.text+0x113): undefined reference to `ZSTD_createCCtx'
/usr/bin/ld: (.text+0x2a9): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x2b4): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x2db): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x5a0): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x5ab): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x6b9): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x835): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x86f): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x91b): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0xa12): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress':
(.text+0xbfc): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xc04): undefined reference to `ZSTD_isError'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress_elf':
(.text+0xd45): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xd4d): undefined reference to `ZSTD_isError'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:23: hider] Error 1
make[1]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/hide_pid'
make[1]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/icmp_pingback/maps'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:37: warning: overriding recipe for target 'icmp.bpf.o'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:32: warning: ignoring old recipe for target 'icmp.bpf.o'
make[1]: Circular icmp.bpf.o <- icmp.bpf.o dependency dropped.
make -C /home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src
make[2]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
make[2]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
clang -Wall -O2 icmp.c   -I/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -L/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -l:libbpf.a -lbpf -lelf -lz -o icmp -static
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_compress':
(.text+0x113): undefined reference to `ZSTD_createCCtx'
/usr/bin/ld: (.text+0x2a9): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x2b4): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x2db): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x5a0): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x5ab): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x6b9): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x835): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x86f): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x91b): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0xa12): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress':
(.text+0xbfc): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xc04): undefined reference to `ZSTD_isError'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress_elf':
(.text+0xd45): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xd4d): undefined reference to `ZSTD_isError'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:23: icmp] Error 1
make[1]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/icmp_pingback/maps'
make[1]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/icmp_pingback/minimum'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:37: warning: overriding recipe for target 'icmp.bpf.o'
/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:32: warning: ignoring old recipe for target 'icmp.bpf.o'
make[1]: Circular icmp.bpf.o <- icmp.bpf.o dependency dropped.
make -C /home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src
make[2]: Entering directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
make[2]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/lib/libbpf/src'
clang -Wall -O2 icmp.c   -I/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -L/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/../lib/libbpf/src -l:libbpf.a -lbpf -lelf -lz -o icmp -static
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_compress':
(.text+0x113): undefined reference to `ZSTD_createCCtx'
/usr/bin/ld: (.text+0x2a9): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x2b4): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x2db): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x5a0): undefined reference to `ZSTD_compressStream2'
/usr/bin/ld: (.text+0x5ab): undefined reference to `ZSTD_isError'
/usr/bin/ld: (.text+0x6b9): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x835): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x86f): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0x91b): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: (.text+0xa12): undefined reference to `ZSTD_freeCCtx'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress':
(.text+0xbfc): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xc04): undefined reference to `ZSTD_isError'
/usr/bin/ld: /lib/x86_64-linux-gnu/libelf.a(elf_compress.o): in function `__libelf_decompress_elf':
(.text+0xd45): undefined reference to `ZSTD_decompress'
/usr/bin/ld: (.text+0xd4d): undefined reference to `ZSTD_isError'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/common.mk:23: icmp] Error 1
make[1]: Leaving directory '/home/pegasus/Documents/ssl-ebpf-projects/evilBPF/src/icmp_pingback/minimum'

rphang commented 2 months ago

Hey! You seems to be missing a dependency on your machine related to libelf. If you're on a debian based system, you can install it by running the following command:

sudo apt-get install libelf-dev

Let me know if the issue still persists, also there's a provided Dockerfile in another branch (ci/multi-arch) that you can use to run the code without any issues.

NobinPegasus commented 2 months ago

libelf-dev is already there.

pegasus@pegasus:~/Documents/ssl-ebpf-projects/evilBPF$ sudo apt-get install libelf-dev
[sudo] password for pegasus: 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
libelf-dev is already the newest version (0.190-1.1build4).
The following package was automatically installed and is no longer required:
  mailcap
Use 'sudo apt autoremove' to remove it.
0 upgraded, 0 newly installed, 0 to remove and 9 not upgraded.

rphang commented 2 months ago

Or else this may also be triggered by zlib1g-dev missing, if this also doesn't get things fixed. If issue still persist I'll need you to send me the result of the following command:

pkg-config --static --libs libelf

NobinPegasus commented 2 months ago

zlib1g-dev is also installed.

pegasus@pegasus:~/Documents/ssl-ebpf-projects/evilBPF$ sudo apt install zlib1g-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
zlib1g-dev is already the newest version (1:1.3.dfsg-3.1ubuntu2).
The following package was automatically installed and is no longer required:
  mailcap
Use 'sudo apt autoremove' to remove it.
0 upgraded, 0 newly installed, 0 to remove and 9 not upgraded.

The output of pkg-config --static --libs libelf:

pegasus@pegasus:~$ pkg-config --static --libs libelf
-L/home/linuxbrew/.linuxbrew/Cellar/elfutils/0.191/lib -L/home/linuxbrew/.linuxbrew/opt/zlib/lib -L/home/linuxbrew/.linuxbrew/opt/zstd/lib -lelf -lz -lzstd

rphang commented 2 months ago

Oh I see what's might be causing this issue, your system use a different set of flags to gather the libs than mine that I have for now hardcoded into the Makefile, could you try compiling on the ci/multi-arch branch? The Makefile there is dynamically getting the libs in that one.

NobinPegasus commented 2 months ago

It's still not being able to sniff the traffic. Can you look into this?

rphang commented 2 months ago

The way that ssl_sniffer work is by hooking at the SSL libraries in User-space, if the "auto-detected" libs by the sniffer are not the one being actually used by curl it won't be logged. To see the actual used libraries by the program you're trying to sniff, do:

ldd $(which curl) | grep ssl

Meanwhile, is the original issue fixed? If it worked, I'll make sure to get the fix out on the main branch but you can close the issue anytime soon.

NobinPegasus commented 2 months ago

Yes my main issue is fixed. But I want to make this tool working on my system and on other systems Here's the output of ldd $(which curl) | grep ssl How can I make sure it works? On my system? and then generalize it for other Ubuntu/Debian OS and Arch Based OS.

pegasus@pegasus:~$ ldd $(which curl) | grep ssl
    libssl.so.3 => /home/linuxbrew/.linuxbrew/opt/openssl@3/lib/libssl.so.3 (0x00007761e46c1000)
    libcrypto.so.3 => /home/linuxbrew/.linuxbrew/opt/openssl@3/lib/libcrypto.so.3 (0x00007761e4000000)

Also I want the tool to also capture firefox, chrome, ms-edge, traffics too.

rphang commented 2 months ago

It seems that your system is using libs from a home directory of a "linuxbrew" user which is far from being common in many Linux system where libs are mostly in /lib*/.

My current implementation of getting the system libs is simply by looking recursively in hardcoded common paths in linux systems which is why yours is not sniffed. As written in the readme of ssl_sniffer my goal is to sniff every possible program that the user want. Some program like Firefox bring their own lib next to the binaries which forces me to parse the ELF / DWARF info to know the exact path of the actual libs (kinda just like ldd) and which is still W.I.P for now.

In your case, you can sniff your traffic by hardcoding your linuxbrew openssl path in the utils C file (replace the first path with /home/linuxbrew/.linuxbrew/opt/). For dynamically getting paths for any bin, that's something in my TODOs and set for further releases.

rphang / evilBPF

clang: error: linker command failed with exit code 1 (use -v to see invocation) #3