attach TLS uprobes upon receiving the `connection-open` event

containers/container.go

@@ -90,7 +90,9 @@ type Process struct {
 	Pid       uint32
 	StartedAt time.Time
 	NetNsId   string
-	uprobes   []link.Link
+
+	uprobes             []link.Link
+	goTlsUprobesChecked bool
 }
 
 func (p *Process) isHostNs() bool {
@@ -358,7 +360,7 @@ func (c *Container) Collect(ch chan<- prometheus.Metric) {
 	}
 }
 
-func (c *Container) onProcessStart(pid uint32, uprobes []link.Link) {
+func (c *Container) onProcessStart(pid uint32) {
 	c.lock.Lock()
 	defer c.lock.Unlock()
 	stats, err := TaskstatsPID(pid)
@@ -371,7 +373,7 @@ func (c *Container) onProcessStart(pid uint32, uprobes []link.Link) {
 	}
 	defer ns.Close()
 	c.zombieAt = time.Time{}
-	c.processes[pid] = &Process{Pid: pid, StartedAt: stats.BeginTime, NetNsId: ns.UniqueId(), uprobes: uprobes}
+	c.processes[pid] = &Process{Pid: pid, StartedAt: stats.BeginTime, NetNsId: ns.UniqueId()}
 
 	if c.startedAt.IsZero() {
 		c.startedAt = stats.BeginTime
@@ -992,6 +994,17 @@ func (c *Container) revalidateListens(now time.Time, actualListens map[netaddr.I
 	}
 }
 
+func (c *Container) attachTlsUprobes(tracer *ebpftracer.Tracer, pid uint32) {
+	p := c.processes[pid]
+	if p == nil {
+		return
+	}
+	if !p.goTlsUprobesChecked {
+		p.uprobes = append(p.uprobes, tracer.AttachGoTlsUprobes(pid)...)
+		p.goTlsUprobesChecked = true
+	}
+}
+
 func resolveFd(pid uint32, fd uint64) (mntId string, logPath string) {
 	info := proc.GetFdInfo(pid, fd)
 	if info == nil {

containers/registry.go

@@ -167,8 +167,7 @@ func (r *Registry) handleEvents(ch <-chan ebpftracer.Event) {
 					}
 				}
 				if c := r.getOrCreateContainer(e.Pid); c != nil {
-					uprobes := r.tracer.AttachGoTlsUprobes(e.Pid)
-					c.onProcessStart(e.Pid, uprobes)
+					c.onProcessStart(e.Pid)
 				}
 			case ebpftracer.EventTypeProcessExit:
 				if c := r.containersByPid[e.Pid]; c != nil {
@@ -195,6 +194,7 @@ func (r *Registry) handleEvents(ch <-chan ebpftracer.Event) {
 			case ebpftracer.EventTypeConnectionOpen:
 				if c := r.getOrCreateContainer(e.Pid); c != nil {
 					c.onConnectionOpen(e.Pid, e.Fd, e.SrcAddr, e.DstAddr, e.Timestamp, false)
+					c.attachTlsUprobes(r.tracer, e.Pid)
 				} else {
 					klog.Infoln("TCP connection from unknown container", e)
 				}

ebpftracer/tls.go

@@ -38,6 +38,7 @@ func (t *Tracer) AttachGoTlsUprobes(pid uint32) []link.Link {
 				}
 			}
 			klog.ErrorfDepth(1, "pid=%d golang_app=%s golang_version=%s: %s: %s", pid, name, version, msg, err)
+			return
 		}
 		klog.InfofDepth(1, "pid=%d golang_app=%s golang_version=%s: %s", pid, name, version, msg)
 	}