pixie-io
Prevent the need for netty runtime configuration to enable tls tracing
Is your feature request related to a problem? Please describe.
While netty TLS tracing isn't supported yet, the functionality added in #407 won't achieve Pixie's goal of 'automatic instrumentation'. This is because netty requires the following runtime configuration (-Dio.netty.native.deleteLibAfterLoading=false) to allow Pixie's existing TLS tracing code to access the shared library. When netty runs without that flag, it deletes the shared object file containing the binary containing the tracing targets (openssl symbols) after the library is mmaped into the process.
The file must be accessible for the following reasons:
- netty-tcnative strips removes the
Openssl_version_numsymbol from the binary's .dynsym. Therefore we must determine the openssl version through an elf parser and the RawFptrManager. - Uprobes must be attached the the
SSL_writeandSSL_readfunctions for tls tracing to work
This feature request is to remove that requirement so netty applications can be traced by pixie without any upfront changes.
Describe the solution you'd like
The goal of the solution is to prevent the need for upfront configuration for tracing TLS netty applications. Until the options listed below are investigated, it's hard to saw which is the ideal solution yet.
Describe alternatives you've considered
- Intercept file before deletion and keep a file descriptor open
- Access deleted file through another mechanism (through inode,
/proc/$PID/maps, etc)
Additional context N/A
