Last active
August 29, 2015 14:23
-
-
Save indutny/6aee5191d8d6e8ad886f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/sbin/dtrace -C -s | |
| #pragma D option quiet | |
| #pragma D option strsize=4096 | |
| #define PTR__SIZE sizeof(uint64_t) | |
| struct SSL { | |
| uint32_t version; | |
| uint8_t pad[0x12c]; | |
| uint64_t session; | |
| }; | |
| struct SSL_SESSION { | |
| uint8_t pad[0x118]; | |
| uint64_t hostname; | |
| }; | |
| struct STACK_OF { | |
| uint32_t num; | |
| uint8_t pad[4]; | |
| uint64_t data; | |
| }; | |
| struct SSL_CIPHER { | |
| uint32_t valid; | |
| uint8_t pad[4]; | |
| uint64_t name; | |
| }; | |
| pid*::ssl3_choose_cipher:entry | |
| { | |
| this->ssl = (struct SSL*) copyin(arg0, sizeof(struct SSL)); | |
| this->version = this->ssl->version; | |
| this->session = this->ssl->session != 0 ? | |
| (struct SSL_SESSION*) copyin(this->ssl->session, | |
| sizeof(struct SSL_SESSION)) : | |
| NULL; | |
| this->host_ptr = this->session != NULL ? this->session->hostname : 0; | |
| this->host = this->host_ptr != 0 ? copyinstr(this->host_ptr, 256) : ""; | |
| this->stack_of = (struct STACK_OF*) copyin(arg1, sizeof(struct STACK_OF)); | |
| this->num = this->stack_of->num; | |
| this->left = this->num; | |
| this->data = (uint64_t*) copyin(this->stack_of->data, PTR__SIZE * this->num); | |
| this->pending = 1; | |
| this->buf = ""; | |
| } | |
| #define LOOP_BODY(INDEX) \ | |
| pid*::ssl3_choose_cipher:entry \ | |
| /this->pending && this->left == (INDEX)/ \ | |
| { \ | |
| this->left--; \ | |
| this->cipher = (struct SSL_CIPHER*) copyin(this->data[this->left], \ | |
| sizeof(struct SSL_CIPHER)); \ | |
| this->cipher_name = copyinstr(this->cipher->name, 256); \ | |
| this->buf = strjoin(this->buf, this->cipher_name); \ | |
| this->buf = strjoin(this->buf, ":"); \ | |
| } | |
| #define LOOP__4(off) \ | |
| LOOP_BODY(off + 3) \ | |
| LOOP_BODY(off + 2) \ | |
| LOOP_BODY(off + 1) \ | |
| LOOP_BODY(off + 0) | |
| #define LOOP__16(off) \ | |
| LOOP__4(off + 12) \ | |
| LOOP__4(off + 8) \ | |
| LOOP__4(off + 4) \ | |
| LOOP__4(off + 0) | |
| #define LOOP__64(off) \ | |
| LOOP__16(off + 48) \ | |
| LOOP__16(off + 32) \ | |
| LOOP__16(off + 16) \ | |
| LOOP__16(off + 0) | |
| #define LOOP__256(off) \ | |
| LOOP__64(off + 192) \ | |
| LOOP__64(off + 128) \ | |
| LOOP__64(off + 64) \ | |
| LOOP__64(off + 0) | |
| LOOP__16(1) | |
| pid*::ssl3_choose_cipher:entry | |
| /this->pending == 1/ | |
| { | |
| this->pending = 0; | |
| printf("type=ciphers num=%d version=\"%04x\" host=\"%s\" value=\"%s\"\n", | |
| this->num, | |
| this->version, | |
| this->host, | |
| this->buf); | |
| } | |
| pid*::ssl3_choose_cipher:entry | |
| { | |
| this->ssl = 0; | |
| this->session = 0; | |
| this->host_ptr = 0; | |
| this->host = 0; | |
| this->version = 0; | |
| this->left = 0; | |
| this->num = 0; | |
| this->data = 0; | |
| this->cipher = 0; | |
| this->pending = 0; | |
| this->cipher_name_ptr = 0; | |
| this->cipher_name = 0; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var fs = require('fs'); | |
| var util = require('util'); | |
| var map = {}; | |
| var count = 0; | |
| function onLine(line) { | |
| if (!line) | |
| return; | |
| var match = line.match( | |
| /type=ciphers num=(\d+) version="([^"]*)" host="([^"]*)" value="([^"]*)"/ | |
| ); | |
| if (!match) | |
| return; | |
| var num = match[1] | 0; | |
| var version = match[2]; | |
| var hasSNI = match[3] !== ''; | |
| var value = match[4]; | |
| var key = version + '/' + hasSNI + '/' + value; | |
| if (map[key]) | |
| map[key].count++; | |
| else | |
| map[key] = { version: version, hasSNI: hasSNI, value: value, count: 1 }; | |
| count++; | |
| } | |
| function print(type) { | |
| var out = Object.keys(map).sort(function(a, b) { | |
| return map[b].count - map[a].count; | |
| }).map(function(key) { | |
| var item = map[key]; | |
| return util.format('count=%d version=%j sni=%j value=%j', | |
| item.count, | |
| item.version, | |
| item.hasSNI, | |
| item.value); | |
| }).join('\n'); | |
| if (type === 'log') | |
| console.log(out); | |
| else if (type === 'error') | |
| console.error(out); | |
| } | |
| var chunks = ''; | |
| process.stdin.on('data', function(chunk) { | |
| chunks += chunk; | |
| if (!/\n/.test(chunks)) | |
| return; | |
| var split = chunks.split(/\n/g); | |
| chunks = split.pop(); | |
| split.forEach(onLine); | |
| }); | |
| process.stdin.resume(); | |
| process.on('SIGINT', function() { | |
| print('log'); | |
| process.exit(0); | |
| }); | |
| process.on('SIGUSR2', function() { | |
| print('error'); | |
| }); | |
| setInterval(function() { | |
| console.error('count=' + count); | |
| }, 5000); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment