From 7c18f139c61a393c706dcd6bb07c6c0a496cfce1 Mon Sep 17 00:00:00 2001 From: Vincent Whitchurch Date: Wed, 27 Nov 2024 12:53:01 +0100 Subject: [PATCH] usm: go-tls: Add periodic process check Add a periodic check for new process to go-tls similar to the one used by istio and nodejs. This is to have a safety net to ensure that we don't missing hooking a program even if we happen to miss exec events in some case. --- pkg/network/usm/ebpf_gotls.go | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/pkg/network/usm/ebpf_gotls.go b/pkg/network/usm/ebpf_gotls.go index 5fcbec13f047e..e12871aa619bf 100644 --- a/pkg/network/usm/ebpf_gotls.go +++ b/pkg/network/usm/ebpf_gotls.go @@ -37,6 +37,7 @@ import ( "github.com/DataDog/datadog-agent/pkg/network/usm/consts" "github.com/DataDog/datadog-agent/pkg/network/usm/utils" "github.com/DataDog/datadog-agent/pkg/process/monitor" + "github.com/DataDog/datadog-agent/pkg/util/kernel" "github.com/DataDog/datadog-agent/pkg/util/log" "github.com/DataDog/datadog-agent/pkg/util/safeelf" ) @@ -243,11 +244,8 @@ func (p *goTLSProgram) PreStart(m *manager.Manager) error { case <-p.done: return case <-processSync.C: - processSet := p.registry.GetRegisteredProcesses() - deletedPids := monitor.FindDeletedProcesses(processSet) - for deletedPid := range deletedPids { - _ = p.registry.Unregister(deletedPid) - } + p.sync() + p.registry.Log() } } }() @@ -255,6 +253,29 @@ func (p *goTLSProgram) PreStart(m *manager.Manager) error { return nil } +func (p *goTLSProgram) sync() { + deletionCandidates := p.registry.GetRegisteredProcesses() + + _ = kernel.WithAllProcs(p.procRoot, func(pid int) error { + if _, ok := deletionCandidates[uint32(pid)]; ok { + // We have previously hooked into this process and it remains active, + // so we remove it from the deletionCandidates list, and move on to the next PID + delete(deletionCandidates, uint32(pid)) + return nil + } + + // This is a new PID so we attempt to attach SSL probes to it + _ = p.AttachPID(uint32(pid)) + return nil + }) + + // At this point all entries from deletionCandidates are no longer alive, so + // we should detach our SSL probes from them + for pid := range deletionCandidates { + p.handleProcessExit(pid) + } +} + // PostStart registers the goTLS program to the attacher list. func (p *goTLSProgram) PostStart(*manager.Manager) error { utils.AddAttacher(consts.USMModuleName, p.Name(), p)