Add stirling cli flag to opt into disabling Go TLS tracing (#1534)

pixie-io · Jun 23, 2023 · fb743d9 · fb743d9
1 parent c0ff63a
commit fb743d9
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 5 deletions.
diff --git a/src/stirling/source_connectors/socket_tracer/socket_trace_connector.cc b/src/stirling/source_connectors/socket_tracer/socket_trace_connector.cc
@@ -101,6 +101,11 @@ DEFINE_int32(stirling_enable_mux_tracing, px::stirling::TraceMode::OnForNewerKer
 DEFINE_int32(stirling_enable_amqp_tracing, px::stirling::TraceMode::On,
              "If true, stirling will trace and process AMQP messages.");
 
+DEFINE_bool(stirling_disable_golang_tls_tracing,
+            gflags::BoolFromEnv("PX_STIRLING_DISABLE_GOLANG_TLS_TRACING", false),
+            "If true, stirling will not trace TLS traffic for Go applications. This implies "
+            "stirling_enable_http2_tracing=false.");
+
 DEFINE_bool(stirling_disable_self_tracing, true,
             "If true, stirling will not trace and process syscalls made by itself.");
 
@@ -484,7 +489,8 @@ Status SocketTraceConnector::InitImpl() {
   conn_info_map_mgr_ = std::make_shared<ConnInfoMapManager>(this);
   ConnTracker::SetConnInfoMapManager(conn_info_map_mgr_);
 
-  uprobe_mgr_.Init(protocol_transfer_specs_[kProtocolHTTP2].enabled,
+  uprobe_mgr_.Init(FLAGS_stirling_disable_golang_tls_tracing,
+                   protocol_transfer_specs_[kProtocolHTTP2].enabled,
                    FLAGS_stirling_disable_self_tracing);
 
   openssl_trace_state_ =

diff --git a/src/stirling/source_connectors/socket_tracer/uprobe_manager.cc b/src/stirling/source_connectors/socket_tracer/uprobe_manager.cc
@@ -66,7 +66,9 @@ UProbeManager::UProbeManager(bpf_tools::BCCWrapper* bcc) : bcc_(bcc) {
   proc_parser_ = std::make_unique<system::ProcParser>();
 }
 
-void UProbeManager::Init(bool enable_http2_tracing, bool disable_self_probing) {
+void UProbeManager::Init(bool disable_go_tls_tracing, bool enable_http2_tracing,
+                         bool disable_self_probing) {
+  cfg_disable_go_tls_tracing_ = disable_go_tls_tracing;
   cfg_enable_http2_tracing_ = enable_http2_tracing;
   cfg_disable_self_probing_ = disable_self_probing;
 
@@ -834,7 +836,7 @@ int UProbeManager::DeployGoUProbes(const absl::flat_hash_set<md::UPID>& pids) {
     }
 
     // GoTLS Probes.
-    {
+    if (!cfg_disable_go_tls_tracing_) {
       StatusOr<int> attach_status =
           AttachGoTLSUProbes(binary, elf_reader.get(), dwarf_reader.get(), pid_vec);
       if (!attach_status.ok()) {
@@ -848,7 +850,7 @@ int UProbeManager::DeployGoUProbes(const absl::flat_hash_set<md::UPID>& pids) {
     }
 
     // Go HTTP2 Probes.
-    if (cfg_enable_http2_tracing_) {
+    if (!cfg_disable_go_tls_tracing_ && cfg_enable_http2_tracing_) {
       StatusOr<int> attach_status =
           AttachGoHTTP2UProbes(binary, elf_reader.get(), dwarf_reader.get(), pid_vec);
       if (!attach_status.ok()) {

diff --git a/src/stirling/source_connectors/socket_tracer/uprobe_manager.h b/src/stirling/source_connectors/socket_tracer/uprobe_manager.h
@@ -115,10 +115,13 @@ class UProbeManager {
 
   /**
    * Mandatory initialization step before RunDeployUprobesThread can be called.
+   * @param disable_go_tls_tracing Whether to disable Go TLS tracing. Implies enable_http2_tracing
+   * is false.
    * @param enable_http2_tracing Whether to enable HTTP2 tracing.
    * @param disable_self_tracing Whether to enable uprobe deployment on Stirling itself.
    */
-  void Init(bool enable_http2_tracing, bool disable_self_tracing = true);
+  void Init(bool disable_go_tls_tracing, bool enable_http2_tracing,
+            bool disable_self_tracing = true);
 
   /**
    * Notify uprobe manager of an mmap event. An mmap may be indicative of a dlopen,
@@ -618,6 +621,10 @@ class UProbeManager {
   // Whether to try to uprobe ourself (e.g. for OpenSSL). Typically, we don't want to do that.
   bool cfg_disable_self_probing_;
 
+  // Whether we want to enable Go TLS tracing. When true, it implies cfg_enable_http2_tracing_ is
+  // false.
+  bool cfg_disable_go_tls_tracing_;
+
   // Whether we want to enable HTTP2 tracing. When false, we don't deploy HTTP2 uprobes.
   bool cfg_enable_http2_tracing_;