usm: go-tls: Add periodic process check (#31529)

DataDog · Nov 28, 2024 · 1ade87d · 1ade87d
1 parent 625691c
commit 1ade87d
Showing 1 changed file with 26 additions and 5 deletions.
diff --git a/pkg/network/usm/ebpf_gotls.go b/pkg/network/usm/ebpf_gotls.go
@@ -37,6 +37,7 @@ import (
 	"github.com/DataDog/datadog-agent/pkg/network/usm/consts"
 	"github.com/DataDog/datadog-agent/pkg/network/usm/utils"
 	"github.com/DataDog/datadog-agent/pkg/process/monitor"
+	"github.com/DataDog/datadog-agent/pkg/util/kernel"
 	"github.com/DataDog/datadog-agent/pkg/util/log"
 	"github.com/DataDog/datadog-agent/pkg/util/safeelf"
 )
@@ -243,18 +244,38 @@ func (p *goTLSProgram) PreStart(m *manager.Manager) error {
 			case <-p.done:
 				return
 			case <-processSync.C:
-				processSet := p.registry.GetRegisteredProcesses()
-				deletedPids := monitor.FindDeletedProcesses(processSet)
-				for deletedPid := range deletedPids {
-					_ = p.registry.Unregister(deletedPid)
-				}
+				p.sync()
+				p.registry.Log()
 			}
 		}
 	}()
 
 	return nil
 }
 
+func (p *goTLSProgram) sync() {
+	deletionCandidates := p.registry.GetRegisteredProcesses()
+
+	_ = kernel.WithAllProcs(p.procRoot, func(pid int) error {
+		if _, ok := deletionCandidates[uint32(pid)]; ok {
+			// We have previously hooked into this process and it remains active,
+			// so we remove it from the deletionCandidates list, and move on to the next PID
+			delete(deletionCandidates, uint32(pid))
+			return nil
+		}
+
+		// This is a new PID so we attempt to attach SSL probes to it
+		_ = p.AttachPID(uint32(pid))
+		return nil
+	})
+
+	// At this point all entries from deletionCandidates are no longer alive, so
+	// we should detach our SSL probes from them
+	for pid := range deletionCandidates {
+		p.handleProcessExit(pid)
+	}
+}
+
 // PostStart registers the goTLS program to the attacher list.
 func (p *goTLSProgram) PostStart(*manager.Manager) error {
 	utils.AddAttacher(consts.USMModuleName, p.Name(), p)