feat(gotls): add fd extraction from tls.Conn for connection tuple sup…#947
Merged
Conversation
dosubot
Bot
added
size:L
skylar2826
force-pushed
the
feature/gotls2
branch
from
f1d5ede to
f74306b
Compare
Contributor
Author
|
我的梳理&测试:[ecapture]go1.20 tls fd抽取 |
There was a problem hiding this comment.
Pull request overview
This PR enhances GoTLS plaintext capture events by extracting the underlying socket FD from *tls.Conn in the eBPF probe, extending the Go/C event struct layouts to carry that FD, and attempting to populate source/destination tuple information on the Go side.
Changes:
- Extend
go_tls_event(BPF) /inner(Go) with explicit padding +fdto keep struct layouts aligned. - Add eBPF logic to walk
tls.Conn -> net.Conn -> netFD -> poll.FD.Sysfdand emit the extracted FD. - Add
Tuple/Sockfields toGoTLSEvent, update UUID composition, and parse tuple intoBase().
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
user/event/event_gotls.go |
Adds fd + tuple/sock fields, updates UUID, and parses tuple into Base() fields. |
kern/gotls_kern.c |
Adds fd to the perf event struct and introduces BPF-side FD extraction from tls.Conn. |
Comments suppressed due to low confidence (1)
user/event/event_gotls.go:74
- These comments say GoTLS events do not have Src/Dst IP/port, but this function now derives them from ge.Tuple. Please update the comments to avoid misleading readers (and to reflect when/if Tuple is expected to be populated).
SrcIP: "127.0.0.1", // GoTLS events do not have SrcIP
SrcPort: 0, // GoTLS events do not have SrcPort
DstIP: "127.0.0.1", // GoTLS events do not have DstIP
DstPort: 0, // GoTLS events do not have DstPort
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
skylar2826
force-pushed
the
feature/gotls2
branch
6 times, most recently
from
a9ffc0f to
632c1db
Compare
cfc4n
requested changes
Mar 13, 2026
skylar2826
force-pushed
the
feature/gotls2
branch
2 times, most recently
from
88b116d to
e3e0ce3
Compare
dosubot
Bot
added
size:M
skylar2826
force-pushed
the
feature/gotls2
branch
from
e3e0ce3 to
1caf291
Compare
…port Add pad[3]+fd to go_tls_event struct and extract_fd_from_tls_conn() in BPF to walk tls.Conn->netFD->Sysfd. Align Go-side inner struct, add Tuple/Sock to GoTLSEvent, and parse real IP:port in Base() replacing the hardcoded 127.0.0.1.
skylar2826
force-pushed
the
feature/gotls2
branch
from
1caf291 to
9a32754
Compare
dosubot
Bot
added
size:L
Contributor
Author
这个失败的测试不是我的代码导致的 |
donge
reviewed
Mar 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…port
Add pad[3]+fd to go_tls_event struct and extract_fd_from_tls_conn() in BPF to walk tls.Conn->netFD->Sysfd. Align Go-side inner struct, add Tuple/Sock to GoTLSEvent, and parse real IP:port in Base() replacing the hardcoded 127.0.0.1.
bpftool prog tracelog:
