Draft: Add SSL hooks into envoy debug binary

pkg/discoverer/pids.go

@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
@@ -41,6 +42,7 @@ type pids struct {
 	targetedPIDs    *lru.Cache[uint32, *pidInfo]
 	targetedCgroups *lru.Cache[uint64, struct{}]
 	scanGolangQueue chan foundPidEvent
+	envoyPath       string
 }
 
 func newPids(procfs string, bpfObjs *bpf.BpfObjects, containersInfo *lru.Cache[ContainerID, []CgroupData]) (*pids, error) {
@@ -203,8 +205,15 @@ func (p *pids) installHooks(e foundPidEvent) {
 		log.Debug().Uint32("pid", e.pid).Uint64("cgroup", e.cgroup).Msg("Install go hook end")
 	}()
 
+	var sslHook *sslHooks.SslHooks
+	var sslPath string
 	goHook, goPath := p.installGoHook(e)
-	sslHook, sslPath := p.installOpensslHook(e)
+	if len(p.envoyPath) > 0 {
+		sslHook = p.installEnvoysslHook(e, p.envoyPath)
+		sslPath = p.envoyPath
+	} else {
+		sslHook, sslPath = p.installOpensslHook(e)
+	}
 	pi := pidInfo{
 		cgroupId: e.cgroup,
 		goHook:   goHook,
@@ -221,6 +230,10 @@ func (p *pids) installGoHook(e foundPidEvent) (*goHooks.GoHooks, string) {
 		return nil, ""
 	}
 
+	if filepath.Base(path) == "envoy" {
+		p.envoyPath = path
+	}
+
 	ex, err := link.OpenExecutable(path)
 	if err != nil {
 		log.Debug().Err(err).Uint32("pid", e.pid).Uint64("cgroup", e.cgroup).Str("path", path).Msg("Open executable failed")
@@ -270,6 +283,22 @@ func (p *pids) installOpensslHook(e foundPidEvent) (*sslHooks.SslHooks, string)
 	return &hook, path
 }
 
+func (p *pids) installEnvoysslHook(e foundPidEvent, path string) *sslHooks.SslHooks {
+	if _, ok := p.targetedCgroups.Get(e.cgroup); !ok {
+		return nil
+	}
+
+	hook := sslHooks.SslHooks{}
+	err := hook.InstallUprobes(p.bpfObjs, path)
+	if err != nil {
+		log.Debug().Err(err).Str("path", path).Msg("Install ssl hook failed")
+		return nil
+	}
+
+	log.Debug().Uint32("pid", e.pid).Uint64("cgroup", e.cgroup).Msg("openssl hook installed")
+	return &hook
+}
+
 var numberRegex = regexp.MustCompile("[0-9]+")
 
 func (p *pids) scanPidsV2() error {

pkg/hooks/ssl/ssllib_hooks.go

@@ -1,6 +1,8 @@
 package ssl
 
 import (
+	"path/filepath"
+
 	"github.com/cilium/ebpf/link"
 	"github.com/go-errors/errors"
 	lru "github.com/hashicorp/golang-lru/v2"
@@ -23,6 +25,11 @@ type SslHooks struct {
 var hookInodes, _ = lru.New[uint64, uint32](16384)
 
 func (s *SslHooks) InstallUprobes(bpfObjects *bpf.BpfObjects, sslLibraryPath string) error {
+	var isEnvoy bool
+	if filepath.Base(sslLibraryPath) == "envoy" {
+		isEnvoy = true
+	}
+
 	ino, err := utils.GetInode(sslLibraryPath)
 	if err != nil {
 		return err
@@ -37,12 +44,15 @@ func (s *SslHooks) InstallUprobes(bpfObjects *bpf.BpfObjects, sslLibraryPath str
 		return errors.Wrap(err, 0)
 	}
 
+	if isEnvoy {
+		return s.installEnvoySslHooks(bpfObjects, sslLibrary)
+	}
+
 	return s.installSslHooks(bpfObjects, sslLibrary)
 }
 
 func (s *SslHooks) installSslHooks(bpfObjects *bpf.BpfObjects, sslLibrary *link.Executable) error {
 	var err error
-
 	s.sslWriteProbe, err = sslLibrary.Uprobe("SSL_write", bpfObjects.BpfObjs.SslWrite, nil)
 
 	if err != nil {
@@ -94,6 +104,36 @@ func (s *SslHooks) installSslHooks(bpfObjects *bpf.BpfObjects, sslLibrary *link.
 	return nil
 }
 
+func (s *SslHooks) installEnvoySslHooks(bpfObjects *bpf.BpfObjects, sslLibrary *link.Executable) error {
+	var err error
+
+	s.sslWriteProbe, err = sslLibrary.Uprobe("SSL_write", bpfObjects.BpfObjs.SslWrite, nil)
+
+	if err != nil {
+		return errors.Wrap(err, 0)
+	}
+
+	s.sslWriteRetProbe, err = sslLibrary.Uretprobe("SSL_write", bpfObjects.BpfObjs.SslRetWrite, nil)
+
+	if err != nil {
+		return errors.Wrap(err, 0)
+	}
+
+	s.sslReadProbe, err = sslLibrary.Uprobe("SSL_read", bpfObjects.BpfObjs.SslRead, nil)
+
+	if err != nil {
+		return errors.Wrap(err, 0)
+	}
+
+	s.sslReadRetProbe, err = sslLibrary.Uretprobe("SSL_read", bpfObjects.BpfObjs.SslRetRead, nil)
+
+	if err != nil {
+		return errors.Wrap(err, 0)
+	}
+
+	return nil
+}
+
 func (s *SslHooks) Close() []error {
 	returnValue := make([]error, 0)