feat(bpf/openssl): Add SSL pointer to FD cache as fallback #14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduces an LRU hash map (`ssl_to_fd_map`) to cache the mapping between an SSL structure pointer and its associated file descriptor (FD). Problem: The `get_fd` function, when called from SSL uprobe return handlers (uretprobes), sometimes failed to retrieve the FD. This was determined to be a timing issue where the uretprobe could execute before the backing I/O syscall's exit tracepoint had run to update the `uprobe_fd_requests` map via `respond_to_fd_request`. This resulted in missed data events for SSL traffic. Solution: This change implements a caching layer as a fallback: - A new LRU map `ssl_to_fd_map` stores `uintptr_t ssl -> int32_t fd`. - The map is populated within the `SSL_read`/`write` uretprobes *after* `get_fd` successfully retrieves an FD (using the existing primary `ssl_get_fd` or secondary `get_fd_from_syscall` methods). - A new function `get_fd_from_cache` looks up the SSL pointer in this map. - `get_fd` is modified to attempt `get_fd_from_cache` as a third resort if the primary and secondary methods fail. - The `SSL_free` uprobe is updated to delete the corresponding entry from `ssl_to_fd_map`. Future: We may want to consider hooking into the the SSL_set_fd, SSL_set_rfd, and SSL_set_wfd to populate the cache by pointer. Though it seems largely unnecessary now.
jonfriesen
force-pushed
the
jon/eng-414-http1-connection-closed-with-unread-data
branch
from
7c42d70 to
f22dc6a
Compare
tylerflint
approved these changes
Apr 24, 2025
jonfriesen
deleted the
jon/eng-414-http1-connection-closed-with-unread-data
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduces an LRU hash map (
ssl_to_fd_map) to cache the mapping between an SSL structure pointer and its associated file descriptor (FD).Problem:
The
get_fdfunction, when called from SSL uprobe return handlers (uretprobes), sometimes failed to retrieve the FD. This was determined to be a timing issue where the uretprobe could execute before the backing I/O syscall's exit tracepoint had run to update theuprobe_fd_requestsmap viarespond_to_fd_request. This resulted in missed data events for SSL traffic.Solution:
This change implements a caching layer as a fallback:
ssl_to_fd_mapstoresuintptr_t ssl -> int32_t fd.SSL_read/writeuretprobes afterget_fdsuccessfully retrieves an FD (using the existing primaryssl_get_fdor secondaryget_fd_from_syscallmethods).get_fd_from_cachelooks up the SSL pointer in this map.get_fdis modified to attemptget_fd_from_cacheas a third resort if the primary and secondary methods fail.SSL_freeuprobe is updated to delete the corresponding entry fromssl_to_fd_map.Future:
We may want to consider hooking into the the
SSL_set_fd,SSL_set_rfd, andSSL_set_wfdto populate the cache by pointer. Though it seems largely unnecessary now.