Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Figure out how to properly support TLS with multiple processes #395

Closed
grcevski opened this issue Oct 30, 2023 · 0 comments · Fixed by #471
Closed

Figure out how to properly support TLS with multiple processes #395

grcevski opened this issue Oct 30, 2023 · 0 comments · Fixed by #471

Comments

@grcevski
Copy link
Contributor

We currently have one BPF program which we load when instrumenting with kprobes. The load of this BPF program checks if the executable we are instrumenting has loaded libssl and then instruments the library. In certain cases like nodejs, the runtime vendors libssl and we try to instrument the executable itself.

However, we load the BPF program once and whatever the initial configuration was we'll only instrument that. It's not a problem with the kprobes, because they are consistent across all executables, but we need special logic for instrumenting SSL.

Namely we can have the following scenario:

  • Application without SSL is instrumented first.
  • Application that dynamically links libSSL is loaded.
  • Application that vendors libSSL is loaded.

We need state flag that we've instrumented libssl and then instrument if the executable requires it.
We need to always check if the executable vendors libssl when we find new non-Go executable.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Reuse BPF programs in multi-process mode grcevski/ebpf-autoinstrument
1 participant
@grcevski