Skip to content

Instantly share code, notes, and snippets.

@thehajime

thehajime/-

Created April 30, 2021 09:04
Show Gist options
  • Save thehajime/b112a33684fc4c11212fdee6729e7bd3 to your computer and use it in GitHub Desktop.
Save thehajime/b112a33684fc4c11212fdee6729e7bd3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
-
% LD_LIBRARY_PATH=../openssl LKL_HIJACK_CONFIG_FILE=./tools/lkl/lkl-hijack-ktls.json ./tools/lkl/bin/lkl-hijack.sh ../openssl/apps/openssl s_client -connect 8.8.8.8:443
LKL: Pin To CPU 0
[ 0.000000] Linux version 5.3.0+ ([email protected]) (gcc version 8.3.1 20190223 (Red Hat 8.3.1-2) (GCC)) #30 Fri Apr 30 17:01:24 JST 2021
[ 0.000000] memblock address range: 0x7fc8c4000000 - 0x7fc8c8000000
[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 16160
[ 0.000000] Kernel command line: virtio_mmio.device=273@0x1000000:1
[ 0.000000] Dentry cache hash table entries: 8192 (order: 4, 65536 bytes, linear)
[ 0.000000] Inode-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
[ 0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
[ 0.000000] Memory available: 64504k/65536k RAM
[ 0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] NR_IRQS: 4096
[ 0.000000] lkl: irqs initialized
[ 0.000000] clocksource: lkl: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[ 0.000001] lkl: time and timers initialized (irq2)
[ 0.000010] pid_max: default: 4096 minimum: 301
[ 0.000094] Mount-cache hash table entries: 512 (order: 0, 4096 bytes, linear)
[ 0.000106] Mountpoint-cache hash table entries: 512 (order: 0, 4096 bytes, linear)
[ 0.012532] random: get_random_bytes called from _etext+0xc59b/0x1540a with crng_init=0
[ 0.012687] printk: console [lkl_console0] enabled
[ 0.012737] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 0.012756] xor: automatically using best checksumming function 8regs
[ 0.013062] NET: Registered protocol family 16
[ 0.013247] lkl_pci: probe of lkl_pci failed with error -1
[ 0.414851] raid6: int64x8 gen() 10004 MB/s
[ 0.805832] raid6: int64x8 xor() 7299 MB/s
[ 1.196855] raid6: int64x4 gen() 10754 MB/s
[ 1.587823] raid6: int64x4 xor() 7322 MB/s
[ 1.982857] raid6: int64x2 gen() 14387 MB/s
[ 2.373842] raid6: int64x2 xor() 8692 MB/s
[ 2.764825] raid6: int64x1 gen() 11800 MB/s
[ 3.154838] raid6: int64x1 xor() 6603 MB/s
[ 3.154845] raid6: using algorithm int64x2 gen() 14387 MB/s
[ 3.154848] raid6: .... xor() 8692 MB/s, rmw enabled
[ 3.154866] raid6: using intx1 recovery algorithm
[ 3.154897] vgaarb: loaded
[ 3.154978] clocksource: Switched to clocksource lkl
[ 3.155090] NET: Registered protocol family 2
[ 3.155170] tcp_listen_portaddr_hash hash table entries: 256 (order: 0, 4096 bytes, linear)
[ 3.155174] TCP established hash table entries: 512 (order: 0, 4096 bytes, linear)
[ 3.155177] TCP bind hash table entries: 512 (order: 0, 4096 bytes, linear)
[ 3.155181] TCP: Hash tables configured (established 512 bind 512)
[ 3.155225] UDP hash table entries: 128 (order: 0, 4096 bytes, linear)
[ 3.155229] UDP-Lite hash table entries: 128 (order: 0, 4096 bytes, linear)
[ 3.155246] PCI: CLS 0 bytes, default 32
[ 3.155304] virtio-mmio: Registering device virtio-mmio.0 at 0x1000000-0x1000110, IRQ 1.
[ 3.155448] workingset: timestamp_bits=62 max_order=15 bucket_order=0
[ 3.156352] SGI XFS with ACLs, security attributes, no debug enabled
[ 3.158740] io scheduler mq-deadline registered
[ 3.158743] io scheduler kyber registered
[ 3.158756] virtio-mmio virtio-mmio.0: Failed to enable 64-bit or 32-bit DMA. Trying to continue, but this might not work.
[ 3.161362] NET: Registered protocol family 10
[ 3.161564] Segment Routing with IPv6
[ 3.161578] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 3.161933] Btrfs loaded, crc32c=crc32c-generic
[ 3.161987] Warning: unable to open an initial console.
[ 3.162013] This architecture does not have kernel memory protection.
[ 3.162015] Run /init as init process
lkl_sys_open /proc/sys/net/mptcp/mptcp_debug: No such file or directory
Failed to configure sysctl entries: Operation not permitted
CONNECTED(00000200)
Can't use SSL_get_servername
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = dns.google
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = dns.google
i:C = US, O = Google Trust Services, CN = GTS CA 1O1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 23 08:11:56 2021 GMT; NotAfter: Jun 15 08:11:55 2021 GMT
1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1
i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 15 00:00:42 2017 GMT; NotAfter: Dec 15 00:00:42 2021 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGIDCCBQigAwIBAgIQBvkxxnopTB8DAAAAAMvWcTANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw
EQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIxMDMyMzA4MTE1NloXDTIxMDYxNTA4MTE1
NVowZDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxEzARBgNVBAMTCmRu
cy5nb29nbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIMDmpeZjn
Mj5XC5+3f1ANHcFrVwOplmXGgTlL2ecKxLDHrDbC6T63NRQsYV+xyx9pM4U2B+WC
emoqQ2Ja3oZU7h2SoKOcPmY/V8apGjNzr2YlkUChlAuB4zXDi/OSzXB/v2pb5VIY
e5iBeztS0Lq8ZP4H427Ur8lSk/zjbmF8bbGjC5Enbwy/J5fZ1KANKYgNF+WfbU2G
KYF0XflLCRtggUPlBsTbBylrKKyygMlHUhForXGRYu2mfCVOEAcO99lX6JKXv1vB
Y1DnknD0FJd085uC36m2Od81hXgJ3DLfnocm6i0KkrZd1IvWBLhWUdDTYaxusJn5
tb9WoGubh6oTAgMBAAGjggLuMIIC6jAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAww
CgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUhG0DZ9KpctB41n+W
+sfcfMbHiiwwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswaAYIKwYB
BQUHAQEEXDBaMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMx
bzFjb3JlMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEu
Y3J0MIGsBgNVHREEgaQwgaGCCmRucy5nb29nbGWCECouZG5zLmdvb2dsZS5jb22C
Czg4ODguZ29vZ2xlgg5kbnMuZ29vZ2xlLmNvbYIQZG5zNjQuZG5zLmdvb2dsZYcQ
IAFIYEhgAAAAAAAAAAAAZIcQIAFIYEhgAAAAAAAAAABkZIcQIAFIYEhgAAAAAAAA
AACIRIcQIAFIYEhgAAAAAAAAAACIiIcECAgEBIcECAgICDAhBgNVHSAEGjAYMAgG
BmeBDAECAjAMBgorBgEEAdZ5AgUDMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9j
cmwucGtpLmdvb2cvR1RTMU8xY29yZS5jcmwwggECBgorBgEEAdZ5AgQCBIHzBIHw
AO4AdQB9PvL4j/+IVWgkwsDKnlKJeSvFDngJfy5ql2iZfiLw1wAAAXheWuFhAAAE
AwBGMEQCIE159QxYxOgurd3GFO4xDDiI31Tfeac6ZfGtra17ooxQAiAvfgSOA8/J
1tBwSqgILSXsO/yKiEvljfbDyThIDdqVAwB1AO7Ale6NcmQPkuPDuRvHEqNpagl7
S2oaFDjmR7LL7cX5AAABeF5a4T4AAAQDAEYwRAIgbqRRrDA5Li1lxi3cD03vBpNt
fviWto44WcnRVAIb0f4CICILkbBCj6d/tR8zfp68zICIw3NCQkYjw++FPe7TYPby
MA0GCSqGSIb3DQEBCwUAA4IBAQATvrsPXcFbOimmkhycc3hWRsW8YSLqWFo0+KHX
lvuBkCukk22lj4n7Thhn8ML8pa1+GAJ9p71QK9/0UW0f56F5MtFYcch+qzBYtiGU
aJyBRUXgRlCoD7opl9M4PFb6drcVk9ca4SZjGqvocFbglpeGVmzr9aMCbnfcO7A4
XhJgEEsSy2MJAtT1Bw3mLRkP5cpAygeFT6eYP+b1ex6972/JistweI2Xd8hUZg9p
bF8YgOuKWdTbvSNLBB9veXUlFi/UPeahx0r3P6SP8kLPG2vORBDZaW+Y4FJz4i6v
xDGar3yzN0iXXYUzTT7BPYjEQBSvbZBsVjhqwWrKLTbS8+0r
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN = dns.google
issuer=C = US, O = Google Trust Services, CN = GTS CA 1O1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3169 bytes and written 377 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
[ 4.155046] random: fast init done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment