[system-probe] Add static binary inspection to create lookup tables for crypto/tls.(*Conn).{Read,Write,Close} - copy #12897
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
einat-stern
added
team/networks
[deprecated] qa/skip-qa - use other qa/ labels
added 6 commits
July 28, 2022 10:59
hmahmood
approved these changes
Aug 1, 2022
10 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See this PR for previous discussion
What does this PR do?
This PR builds on the work done in #10039 to add another set of lookup tables that are generated ahead-of-time from a suite of Go versions/architectures-- this time, to contain information about the layout of structs and function arguments/return values that is useful to trace TLS traffic running through the standard library. Doing so requires knowledge about:
crypto/tls.(*Conn).Read,crypto/tls.(*Conn).Write, andcrypto/tls.(*Conn).Closecrypto/tls.(*Conn)value (there are a handful of around 5 pointer/struct embeds that each need to have offsets)The rest of the information needed to attach probes is able to be determined at runtime, even if the debug/ELF symbols have been stripped from a binary (as opposed to the above two sets of data), so some of it was excluded from this PR (namely, static interface-table entries and
runtime.gpointer location information), and is instead in #10161.Motivation
Tracing Go HTTPS traffic using eBPF.
Additional Notes
I'm not sure whether the changes I made to
generate_tools.goare appropriate.Possible Drawbacks / Trade-offs
The lookup table generation for the binary-inspected data is only run on minor-version bumps (and the latest beta/RC version), so in the unlikely case that the language introduces changes on a revision-level version bump, those changes won't be detected by this implementation.
Describe how to test/QA your changes
Running
inv -e system-probe.generate-lookup-tablesshould run the loookup table generation logic usinggo generate .... The output file will be atpkg/network/http/gotls/lookup/luts.go, and should be the same as the one currently in the PR.Reviewer's Checklist
Triagemilestone is set.team/..label has been applied, if known.changelog/no-changeloglabel has been applied.qa/skip-qalabel is not applied.need-change/operatorandneed-change/helmlabels have been applied.