diff --git a/pkg/network/encoding/encoding_test.go b/pkg/network/encoding/encoding_test.go index 281295ce2cbc47..874682d700c7a7 100644 --- a/pkg/network/encoding/encoding_test.go +++ b/pkg/network/encoding/encoding_test.go @@ -144,7 +144,7 @@ func getExpectedConnections(encodedWithQueryType bool, httpOutBlob []byte) *mode NpmEnabled: false, UsmEnabled: false, }, - Tags: network.GetStaticTags(tagOpenSSL | tagTLS), + Tags: tls.GetStaticTags(tagOpenSSL | tagTLS), } // fixup Protocol stack as on windows or macos // we don't have tags mechanism inserting TLS protocol on protocol stack diff --git a/pkg/network/encoding/marshal/format.go b/pkg/network/encoding/marshal/format.go index 0254309c4212d9..4e6f9f8b2e640c 100644 --- a/pkg/network/encoding/marshal/format.go +++ b/pkg/network/encoding/marshal/format.go @@ -13,6 +13,7 @@ import ( "github.com/twmb/murmur3" "github.com/DataDog/datadog-agent/pkg/network" + "github.com/DataDog/datadog-agent/pkg/network/protocols/tls" "github.com/DataDog/datadog-agent/pkg/process/util" ) @@ -268,7 +269,7 @@ func formatRouteIdx(v *network.Via, routes map[network.Via]RouteIdx) int32 { func formatTags(c network.ConnectionStats, tagsSet *network.TagsSet, connDynamicTags map[string]struct{}) ([]uint32, uint32) { var checksum uint32 - staticTags := network.GetStaticTags(c.StaticTags) + staticTags := tls.GetStaticTags(c.StaticTags) tagsIdx := make([]uint32, 0, len(staticTags)+len(connDynamicTags)+len(c.Tags)) for _, tag := range staticTags { diff --git a/pkg/network/encoding/marshal/format_usm_linux_test.go b/pkg/network/encoding/marshal/format_usm_linux_test.go index 9f0d31fc84db92..c79c661a542a82 100644 --- a/pkg/network/encoding/marshal/format_usm_linux_test.go +++ b/pkg/network/encoding/marshal/format_usm_linux_test.go @@ -15,7 +15,7 @@ import ( model "github.com/DataDog/agent-payload/v5/process" "github.com/DataDog/datadog-agent/pkg/network/protocols" - "github.com/DataDog/datadog-agent/pkg/network/protocols/http" + "github.com/DataDog/datadog-agent/pkg/network/protocols/tls" ) func TestFormatTLSProtocols(t *testing.T) { @@ -28,7 +28,7 @@ func TestFormatTLSProtocols(t *testing.T) { { name: "GnuTLS - unknown protocol", protocol: protocols.Stack{Application: protocols.Unknown}, - staticTags: http.TLS | http.GnuTLS, + staticTags: tls.TLS | tls.GnuTLS, want: &model.ProtocolStack{ Stack: []model.ProtocolType{ model.ProtocolType_protocolTLS, @@ -38,7 +38,7 @@ func TestFormatTLSProtocols(t *testing.T) { { name: "OpenSSL - HTTP protocol", protocol: protocols.Stack{Application: protocols.HTTP}, - staticTags: http.TLS | http.OpenSSL, + staticTags: tls.TLS | tls.OpenSSL, want: &model.ProtocolStack{ Stack: []model.ProtocolType{ model.ProtocolType_protocolTLS, @@ -49,7 +49,7 @@ func TestFormatTLSProtocols(t *testing.T) { { name: "GoTLS - MySQL protocol", protocol: protocols.Stack{Application: protocols.MySQL}, - staticTags: http.TLS | http.Go, + staticTags: tls.TLS | tls.Go, want: &model.ProtocolStack{ Stack: []model.ProtocolType{ model.ProtocolType_protocolTLS, diff --git a/pkg/network/encoding/marshal/usm_protocols.go b/pkg/network/encoding/marshal/usm_protocols.go index 5aa59f63e09b6f..c3e694224edef9 100644 --- a/pkg/network/encoding/marshal/usm_protocols.go +++ b/pkg/network/encoding/marshal/usm_protocols.go @@ -8,8 +8,8 @@ package marshal import ( model "github.com/DataDog/agent-payload/v5/process" - "github.com/DataDog/datadog-agent/pkg/network" "github.com/DataDog/datadog-agent/pkg/network/protocols" + "github.com/DataDog/datadog-agent/pkg/network/protocols/tls" "github.com/DataDog/datadog-agent/pkg/util/log" ) @@ -34,7 +34,7 @@ import ( func FormatProtocolStack(originalStack protocols.Stack, staticTags uint64) *model.ProtocolStack { var stack []model.ProtocolType - if network.IsTLSTag(staticTags) || originalStack.Encryption == protocols.TLS { + if tls.IsTLSTag(staticTags) || originalStack.Encryption == protocols.TLS { stack = addProtocol(stack, protocols.TLS) } if originalStack.Application != protocols.Unknown { diff --git a/pkg/network/protocols/http/tls_counter_linux.go b/pkg/network/protocols/http/tls_counter_linux.go index 68b80b73e028c0..6c406dc3a25f2b 100644 --- a/pkg/network/protocols/http/tls_counter_linux.go +++ b/pkg/network/protocols/http/tls_counter_linux.go @@ -7,18 +7,20 @@ package http +import "github.com/DataDog/datadog-agent/pkg/network/protocols/tls" + // Add increments the TLS-aware counter based on the specified transaction's static tags func (t *TLSCounter) Add(tx Transaction) { switch tx.StaticTags() { - case GnuTLS: + case tls.GnuTLS: t.counterGnuTLS.Add(1) - case OpenSSL: + case tls.OpenSSL: t.counterOpenSSL.Add(1) - case Go: + case tls.Go: t.counterGoTLS.Add(1) - case Istio: + case tls.Istio: t.counterIstioTLS.Add(1) - case NodeJS: + case tls.NodeJS: t.counterNodeJSTLS.Add(1) default: t.counterPlain.Add(1) diff --git a/pkg/network/protocols/http/types.go b/pkg/network/protocols/http/types.go index 05a97f01ea2ced..92fd6d36c231b1 100644 --- a/pkg/network/protocols/http/types.go +++ b/pkg/network/protocols/http/types.go @@ -8,7 +8,6 @@ package http /* -#include "../../ebpf/c/protocols/tls/tags-types.h" #include "../../ebpf/c/protocols/http/types.h" #include "../../ebpf/c/protocols/classification/defs.h" */ @@ -27,25 +26,3 @@ type EbpfTx C.http_transaction_t const ( BufferSize = C.HTTP_BUFFER_SIZE ) - -type ConnTag = uint64 - -const ( - GnuTLS ConnTag = C.LIBGNUTLS - OpenSSL ConnTag = C.LIBSSL - Go ConnTag = C.GO - TLS ConnTag = C.CONN_TLS - Istio ConnTag = C.ISTIO - NodeJS ConnTag = C.NODEJS -) - -var ( - StaticTags = map[ConnTag]string{ - GnuTLS: "tls.library:gnutls", - OpenSSL: "tls.library:openssl", - Go: "tls.library:go", - TLS: "tls.connection:encrypted", - Istio: "tls.library:istio", - NodeJS: "tls.library:nodejs", - } -) diff --git a/pkg/network/protocols/http/types_linux.go b/pkg/network/protocols/http/types_linux.go index 19fa6e778dd1be..d52db53dc234bc 100644 --- a/pkg/network/protocols/http/types_linux.go +++ b/pkg/network/protocols/http/types_linux.go @@ -56,25 +56,3 @@ type EbpfTx struct { const ( BufferSize = 0xd0 ) - -type ConnTag = uint64 - -const ( - GnuTLS ConnTag = 0x1 - OpenSSL ConnTag = 0x2 - Go ConnTag = 0x4 - TLS ConnTag = 0x8 - Istio ConnTag = 0x10 - NodeJS ConnTag = 0x20 -) - -var ( - StaticTags = map[ConnTag]string{ - GnuTLS: "tls.library:gnutls", - OpenSSL: "tls.library:openssl", - Go: "tls.library:go", - TLS: "tls.connection:encrypted", - Istio: "tls.library:istio", - NodeJS: "tls.library:nodejs", - } -) diff --git a/pkg/network/protocols/tls/tags.go b/pkg/network/protocols/tls/tags.go new file mode 100644 index 00000000000000..c3014c3f65f3e5 --- /dev/null +++ b/pkg/network/protocols/tls/tags.go @@ -0,0 +1,135 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2024-present Datadog, Inc. + +// Package tls contains definitions and methods related to tags parsed from the TLS handshake +package tls + +import ( + "crypto/tls" + "fmt" +) + +// Constants for tag keys +const ( + TagTLSVersion = "tls.version:" + TagTLSCipherSuiteID = "tls.cipher_suite_id:" + TagTLSClientVersion = "tls.client_version:" + version10 = "tls_1.0" + version11 = "tls_1.1" + version12 = "tls_1.2" + version13 = "tls_1.3" +) + +// Bitmask constants for Offered_versions matching kernelspace definitions +const ( + OfferedTLSVersion10 uint8 = 0x01 + OfferedTLSVersion11 uint8 = 0x02 + OfferedTLSVersion12 uint8 = 0x04 + OfferedTLSVersion13 uint8 = 0x08 +) + +// VersionTags maps TLS versions to tag names for server chosen version (exported for testing) +var VersionTags = map[uint16]string{ + tls.VersionTLS10: TagTLSVersion + version10, + tls.VersionTLS11: TagTLSVersion + version11, + tls.VersionTLS12: TagTLSVersion + version12, + tls.VersionTLS13: TagTLSVersion + version13, +} + +// ClientVersionTags maps TLS versions to tag names for client offered versions (exported for testing) +var ClientVersionTags = map[uint16]string{ + tls.VersionTLS10: TagTLSClientVersion + version10, + tls.VersionTLS11: TagTLSClientVersion + version11, + tls.VersionTLS12: TagTLSClientVersion + version12, + tls.VersionTLS13: TagTLSClientVersion + version13, +} + +// Mapping of offered version bitmasks to version constants +var offeredVersionBitmask = []struct { + bitMask uint8 + version uint16 +}{ + {OfferedTLSVersion10, tls.VersionTLS10}, + {OfferedTLSVersion11, tls.VersionTLS11}, + {OfferedTLSVersion12, tls.VersionTLS12}, + {OfferedTLSVersion13, tls.VersionTLS13}, +} + +// Tags holds the TLS tags. It is used to store the TLS version, cipher suite and offered versions. +// We can't use the struct from eBPF as the definition is shared with windows. +type Tags struct { + ChosenVersion uint16 + CipherSuite uint16 + OfferedVersions uint8 +} + +// MergeWith merges the tags from another Tags struct into this one +func (t *Tags) MergeWith(that Tags) { + if t.ChosenVersion == 0 { + t.ChosenVersion = that.ChosenVersion + } + if t.CipherSuite == 0 { + t.CipherSuite = that.CipherSuite + } + if t.OfferedVersions == 0 { + t.OfferedVersions = that.OfferedVersions + } + +} + +// IsEmpty returns true if all fields are zero +func (t *Tags) IsEmpty() bool { + if t == nil { + return true + } + return t.ChosenVersion == 0 && t.CipherSuite == 0 && t.OfferedVersions == 0 +} + +// String returns a string representation of the Tags struct +func (t *Tags) String() string { + return fmt.Sprintf("ChosenVersion: %d, CipherSuite: %d, OfferedVersions: %d", t.ChosenVersion, t.CipherSuite, t.OfferedVersions) +} + +// parseOfferedVersions parses the Offered_versions bitmask into a slice of version strings +func parseOfferedVersions(offeredVersions uint8) []string { + versions := make([]string, 0, len(offeredVersionBitmask)) + for _, ov := range offeredVersionBitmask { + if (offeredVersions & ov.bitMask) != 0 { + if name := ClientVersionTags[ov.version]; name != "" { + versions = append(versions, name) + } + } + } + return versions +} + +func hexCipherSuiteTag(cipherSuite uint16) string { + return fmt.Sprintf("%s0x%04X", TagTLSCipherSuiteID, cipherSuite) +} + +// GetDynamicTags generates dynamic tags based on TLS information +func (t *Tags) GetDynamicTags() map[string]struct{} { + if t.IsEmpty() { + return nil + } + tags := make(map[string]struct{}) + + // Server chosen version + if tag, ok := VersionTags[t.ChosenVersion]; ok { + tags[tag] = struct{}{} + } + + // Client offered versions + for _, versionName := range parseOfferedVersions(t.OfferedVersions) { + tags[versionName] = struct{}{} + } + + // Cipher suite ID as hex string + if t.CipherSuite != 0 { + tags[hexCipherSuiteTag(t.CipherSuite)] = struct{}{} + } + + return tags +} diff --git a/pkg/network/tags_linux.go b/pkg/network/protocols/tls/tags_linux.go similarity index 77% rename from pkg/network/tags_linux.go rename to pkg/network/protocols/tls/tags_linux.go index 4f81692cfc31a5..b20beffa12b8db 100644 --- a/pkg/network/tags_linux.go +++ b/pkg/network/protocols/tls/tags_linux.go @@ -5,30 +5,26 @@ //go:build linux -package network - -import ( - "github.com/DataDog/datadog-agent/pkg/network/protocols/http" -) +package tls const ( // ConnTagGnuTLS is the tag for GnuTLS connections - ConnTagGnuTLS = http.GnuTLS + ConnTagGnuTLS = GnuTLS // ConnTagOpenSSL is the tag for OpenSSL connections - ConnTagOpenSSL = http.OpenSSL + ConnTagOpenSSL = OpenSSL // ConnTagGo is the tag for GO TLS connections - ConnTagGo = http.Go + ConnTagGo = Go // ConnTagTLS is the tag for TLS connections in general - ConnTagTLS = http.TLS + ConnTagTLS = TLS // ConnTagIstio is the tag for Istio TLS connections - ConnTagIstio = http.Istio + ConnTagIstio = Istio // ConnTagNodeJS is the tag for NodeJS TLS connections - ConnTagNodeJS = http.NodeJS + ConnTagNodeJS = NodeJS ) // GetStaticTags return the string list of static tags from network.ConnectionStats.Tags func GetStaticTags(staticTags uint64) (tags []string) { - for tag, str := range http.StaticTags { + for tag, str := range StaticTags { if (staticTags & tag) > 0 { tags = append(tags, str) } diff --git a/pkg/network/tags_nolinux.go b/pkg/network/protocols/tls/tags_nolinux.go similarity index 82% rename from pkg/network/tags_nolinux.go rename to pkg/network/protocols/tls/tags_nolinux.go index 965ddb1b5b11e7..7954c47ca01503 100644 --- a/pkg/network/tags_nolinux.go +++ b/pkg/network/protocols/tls/tags_nolinux.go @@ -5,14 +5,14 @@ //go:build !linux -package network +package tls // GetStaticTags return the string list of static tags from network.ConnectionStats.Tags -func GetStaticTags(_ uint64) (tags []string) { +func GetStaticTags(uint64) (tags []string) { return tags } // IsTLSTag return if the tag is a TLS tag -func IsTLSTag(_ uint64) bool { +func IsTLSTag(uint64) bool { return false } diff --git a/pkg/network/protocols/tls/types.go b/pkg/network/protocols/tls/types.go index c3014c3f65f3e5..89c565451eebfd 100644 --- a/pkg/network/protocols/tls/types.go +++ b/pkg/network/protocols/tls/types.go @@ -1,135 +1,35 @@ // Unless explicitly stated otherwise all files in this repository are licensed // under the Apache License Version 2.0. // This product includes software developed at Datadog (https://www.datadoghq.com/). -// Copyright 2024-present Datadog, Inc. +// Copyright 2025-present Datadog, Inc. + +//go:build ignore -// Package tls contains definitions and methods related to tags parsed from the TLS handshake package tls -import ( - "crypto/tls" - "fmt" -) +/* +#include "../../ebpf/c/protocols/tls/tags-types.h" +*/ +import "C" -// Constants for tag keys -const ( - TagTLSVersion = "tls.version:" - TagTLSCipherSuiteID = "tls.cipher_suite_id:" - TagTLSClientVersion = "tls.client_version:" - version10 = "tls_1.0" - version11 = "tls_1.1" - version12 = "tls_1.2" - version13 = "tls_1.3" -) +type ConnTag = uint64 -// Bitmask constants for Offered_versions matching kernelspace definitions const ( - OfferedTLSVersion10 uint8 = 0x01 - OfferedTLSVersion11 uint8 = 0x02 - OfferedTLSVersion12 uint8 = 0x04 - OfferedTLSVersion13 uint8 = 0x08 + GnuTLS ConnTag = C.LIBGNUTLS + OpenSSL ConnTag = C.LIBSSL + Go ConnTag = C.GO + TLS ConnTag = C.CONN_TLS + Istio ConnTag = C.ISTIO + NodeJS ConnTag = C.NODEJS ) -// VersionTags maps TLS versions to tag names for server chosen version (exported for testing) -var VersionTags = map[uint16]string{ - tls.VersionTLS10: TagTLSVersion + version10, - tls.VersionTLS11: TagTLSVersion + version11, - tls.VersionTLS12: TagTLSVersion + version12, - tls.VersionTLS13: TagTLSVersion + version13, -} - -// ClientVersionTags maps TLS versions to tag names for client offered versions (exported for testing) -var ClientVersionTags = map[uint16]string{ - tls.VersionTLS10: TagTLSClientVersion + version10, - tls.VersionTLS11: TagTLSClientVersion + version11, - tls.VersionTLS12: TagTLSClientVersion + version12, - tls.VersionTLS13: TagTLSClientVersion + version13, -} - -// Mapping of offered version bitmasks to version constants -var offeredVersionBitmask = []struct { - bitMask uint8 - version uint16 -}{ - {OfferedTLSVersion10, tls.VersionTLS10}, - {OfferedTLSVersion11, tls.VersionTLS11}, - {OfferedTLSVersion12, tls.VersionTLS12}, - {OfferedTLSVersion13, tls.VersionTLS13}, -} - -// Tags holds the TLS tags. It is used to store the TLS version, cipher suite and offered versions. -// We can't use the struct from eBPF as the definition is shared with windows. -type Tags struct { - ChosenVersion uint16 - CipherSuite uint16 - OfferedVersions uint8 -} - -// MergeWith merges the tags from another Tags struct into this one -func (t *Tags) MergeWith(that Tags) { - if t.ChosenVersion == 0 { - t.ChosenVersion = that.ChosenVersion - } - if t.CipherSuite == 0 { - t.CipherSuite = that.CipherSuite +var ( + StaticTags = map[ConnTag]string{ + GnuTLS: "tls.library:gnutls", + OpenSSL: "tls.library:openssl", + Go: "tls.library:go", + TLS: "tls.connection:encrypted", + Istio: "tls.library:istio", + NodeJS: "tls.library:nodejs", } - if t.OfferedVersions == 0 { - t.OfferedVersions = that.OfferedVersions - } - -} - -// IsEmpty returns true if all fields are zero -func (t *Tags) IsEmpty() bool { - if t == nil { - return true - } - return t.ChosenVersion == 0 && t.CipherSuite == 0 && t.OfferedVersions == 0 -} - -// String returns a string representation of the Tags struct -func (t *Tags) String() string { - return fmt.Sprintf("ChosenVersion: %d, CipherSuite: %d, OfferedVersions: %d", t.ChosenVersion, t.CipherSuite, t.OfferedVersions) -} - -// parseOfferedVersions parses the Offered_versions bitmask into a slice of version strings -func parseOfferedVersions(offeredVersions uint8) []string { - versions := make([]string, 0, len(offeredVersionBitmask)) - for _, ov := range offeredVersionBitmask { - if (offeredVersions & ov.bitMask) != 0 { - if name := ClientVersionTags[ov.version]; name != "" { - versions = append(versions, name) - } - } - } - return versions -} - -func hexCipherSuiteTag(cipherSuite uint16) string { - return fmt.Sprintf("%s0x%04X", TagTLSCipherSuiteID, cipherSuite) -} - -// GetDynamicTags generates dynamic tags based on TLS information -func (t *Tags) GetDynamicTags() map[string]struct{} { - if t.IsEmpty() { - return nil - } - tags := make(map[string]struct{}) - - // Server chosen version - if tag, ok := VersionTags[t.ChosenVersion]; ok { - tags[tag] = struct{}{} - } - - // Client offered versions - for _, versionName := range parseOfferedVersions(t.OfferedVersions) { - tags[versionName] = struct{}{} - } - - // Cipher suite ID as hex string - if t.CipherSuite != 0 { - tags[hexCipherSuiteTag(t.CipherSuite)] = struct{}{} - } - - return tags -} +) diff --git a/pkg/network/protocols/tls/types_linux.go b/pkg/network/protocols/tls/types_linux.go new file mode 100644 index 00000000000000..173f67981d1cf3 --- /dev/null +++ b/pkg/network/protocols/tls/types_linux.go @@ -0,0 +1,26 @@ +// Code generated by cmd/cgo -godefs; DO NOT EDIT. +// cgo -godefs -- -I ../../ebpf/c -I ../../../ebpf/c -fsigned-char types.go + +package tls + +type ConnTag = uint64 + +const ( + GnuTLS ConnTag = 0x1 + OpenSSL ConnTag = 0x2 + Go ConnTag = 0x4 + TLS ConnTag = 0x8 + Istio ConnTag = 0x10 + NodeJS ConnTag = 0x20 +) + +var ( + StaticTags = map[ConnTag]string{ + GnuTLS: "tls.library:gnutls", + OpenSSL: "tls.library:openssl", + Go: "tls.library:go", + TLS: "tls.connection:encrypted", + Istio: "tls.library:istio", + NodeJS: "tls.library:nodejs", + } +) diff --git a/pkg/network/usm/kafka_monitor_test.go b/pkg/network/usm/kafka_monitor_test.go index 238844992992fa..79c7bcf5b4e7af 100644 --- a/pkg/network/usm/kafka_monitor_test.go +++ b/pkg/network/usm/kafka_monitor_test.go @@ -34,12 +34,12 @@ import ( ddebpf "github.com/DataDog/datadog-agent/pkg/ebpf" "github.com/DataDog/datadog-agent/pkg/ebpf/ebpftest" - "github.com/DataDog/datadog-agent/pkg/network" "github.com/DataDog/datadog-agent/pkg/network/config" "github.com/DataDog/datadog-agent/pkg/network/protocols" "github.com/DataDog/datadog-agent/pkg/network/protocols/http/testutil" "github.com/DataDog/datadog-agent/pkg/network/protocols/kafka" "github.com/DataDog/datadog-agent/pkg/network/protocols/telemetry" + ebpftls "github.com/DataDog/datadog-agent/pkg/network/protocols/tls" gotlsutils "github.com/DataDog/datadog-agent/pkg/network/protocols/tls/gotls/testutil" "github.com/DataDog/datadog-agent/pkg/network/tracer/testutil/proxy" usmconfig "github.com/DataDog/datadog-agent/pkg/network/usm/config" @@ -1704,7 +1704,7 @@ func validateProduceFetchCount(t *assert.CollectT, kafkaStats map[kafka.Key]*kaf if !exists { return } - hasTLSTag := requestStats.StaticTags&network.ConnTagGo != 0 + hasTLSTag := requestStats.StaticTags&ebpftls.ConnTagGo != 0 if hasTLSTag != validation.tlsEnabled { continue } diff --git a/pkg/network/usm/monitor_tls_test.go b/pkg/network/usm/monitor_tls_test.go index 0145f2e3f08ce0..7c9415c303ea5b 100644 --- a/pkg/network/usm/monitor_tls_test.go +++ b/pkg/network/usm/monitor_tls_test.go @@ -33,12 +33,12 @@ import ( "github.com/DataDog/datadog-agent/pkg/ebpf/ebpftest" "github.com/DataDog/datadog-agent/pkg/eventmonitor/consumers" consumerstestutil "github.com/DataDog/datadog-agent/pkg/eventmonitor/consumers/testutil" - "github.com/DataDog/datadog-agent/pkg/network" "github.com/DataDog/datadog-agent/pkg/network/config" "github.com/DataDog/datadog-agent/pkg/network/protocols" "github.com/DataDog/datadog-agent/pkg/network/protocols/http" "github.com/DataDog/datadog-agent/pkg/network/protocols/http/testutil" "github.com/DataDog/datadog-agent/pkg/network/protocols/http2" + ebpftls "github.com/DataDog/datadog-agent/pkg/network/protocols/tls" gotlstestutil "github.com/DataDog/datadog-agent/pkg/network/protocols/tls/gotls/testutil" "github.com/DataDog/datadog-agent/pkg/network/protocols/tls/nodejs" usmconfig "github.com/DataDog/datadog-agent/pkg/network/usm/config" @@ -237,8 +237,8 @@ func testHTTPSLibrary(t *testing.T, cfg *config.Config, fetchCmd, prefetchLibs [ statsTags := req.StaticTags // debian 10 have curl binary linked with openssl and gnutls but use only openssl during tls query (there no runtime flag available) // this make harder to map lib and tags, one set of tag should match but not both - if statsTags == network.ConnTagGnuTLS || statsTags == network.ConnTagOpenSSL { - t.Logf("found tag 0x%x %s", statsTags, network.GetStaticTags(statsTags)) + if statsTags == ebpftls.ConnTagGnuTLS || statsTags == ebpftls.ConnTagOpenSSL { + t.Logf("found tag 0x%x %s", statsTags, ebpftls.GetStaticTags(statsTags)) return true } t.Logf("HTTP stat didn't match criteria %v tags 0x%x\n", key, statsTags) diff --git a/pkg/network/usm/postgres_monitor_test.go b/pkg/network/usm/postgres_monitor_test.go index 150065460b8195..2e0da863e3e6fb 100644 --- a/pkg/network/usm/postgres_monitor_test.go +++ b/pkg/network/usm/postgres_monitor_test.go @@ -24,13 +24,13 @@ import ( "github.com/stretchr/testify/suite" "github.com/DataDog/datadog-agent/pkg/ebpf/ebpftest" - "github.com/DataDog/datadog-agent/pkg/network" "github.com/DataDog/datadog-agent/pkg/network/config" "github.com/DataDog/datadog-agent/pkg/network/protocols" "github.com/DataDog/datadog-agent/pkg/network/protocols/http/testutil" "github.com/DataDog/datadog-agent/pkg/network/protocols/postgres" "github.com/DataDog/datadog-agent/pkg/network/protocols/postgres/ebpf" protocolsUtils "github.com/DataDog/datadog-agent/pkg/network/protocols/testutil" + ebpftls "github.com/DataDog/datadog-agent/pkg/network/protocols/tls" gotlstestutil "github.com/DataDog/datadog-agent/pkg/network/protocols/tls/gotls/testutil" "github.com/DataDog/datadog-agent/pkg/network/usm/consts" usmtestutil "github.com/DataDog/datadog-agent/pkg/network/usm/testutil" @@ -782,7 +782,7 @@ func validatePostgres(t *testing.T, monitor *Monitor, expectedStats map[string]m // We might not have postgres stats, and it might be the expected case (to capture 0). currentStats := postgresProtocolStats.(map[postgres.Key]*postgres.RequestStat) for key, stats := range currentStats { - hasTLSTag := stats.StaticTags&network.ConnTagGo != 0 + hasTLSTag := stats.StaticTags&ebpftls.ConnTagGo != 0 if hasTLSTag != tls { continue } diff --git a/pkg/network/usm/redis_monitor_test.go b/pkg/network/usm/redis_monitor_test.go index 27f8afc5554e46..9dd2047b3d1d35 100644 --- a/pkg/network/usm/redis_monitor_test.go +++ b/pkg/network/usm/redis_monitor_test.go @@ -19,11 +19,11 @@ import ( "github.com/stretchr/testify/suite" "github.com/DataDog/datadog-agent/pkg/ebpf/ebpftest" - "github.com/DataDog/datadog-agent/pkg/network" "github.com/DataDog/datadog-agent/pkg/network/config" "github.com/DataDog/datadog-agent/pkg/network/protocols" "github.com/DataDog/datadog-agent/pkg/network/protocols/redis" protocolsUtils "github.com/DataDog/datadog-agent/pkg/network/protocols/testutil" + ebpftls "github.com/DataDog/datadog-agent/pkg/network/protocols/tls" gotlstestutil "github.com/DataDog/datadog-agent/pkg/network/protocols/tls/gotls/testutil" "github.com/DataDog/datadog-agent/pkg/network/usm/consts" usmtestutil "github.com/DataDog/datadog-agent/pkg/network/usm/testutil" @@ -233,7 +233,7 @@ func validateRedis(t *testing.T, monitor *Monitor, expectedStats map[string]map[ // Check all error states for TLS tag and sum counts var hasTLSTag bool for _, stat := range stats.ErrorToStats { - if stat.StaticTags&network.ConnTagGo != 0 { + if stat.StaticTags&ebpftls.ConnTagGo != 0 { hasTLSTag = true break } diff --git a/pkg/network/usm/usm_http2_monitor_test.go b/pkg/network/usm/usm_http2_monitor_test.go index 8907ce19515c40..b901da85ec9892 100644 --- a/pkg/network/usm/usm_http2_monitor_test.go +++ b/pkg/network/usm/usm_http2_monitor_test.go @@ -35,12 +35,12 @@ import ( ddebpf "github.com/DataDog/datadog-agent/pkg/ebpf" "github.com/DataDog/datadog-agent/pkg/ebpf/ebpftest" - "github.com/DataDog/datadog-agent/pkg/network" "github.com/DataDog/datadog-agent/pkg/network/config" "github.com/DataDog/datadog-agent/pkg/network/protocols" usmhttp "github.com/DataDog/datadog-agent/pkg/network/protocols/http" "github.com/DataDog/datadog-agent/pkg/network/protocols/http/testutil" usmhttp2 "github.com/DataDog/datadog-agent/pkg/network/protocols/http2" + ebpftls "github.com/DataDog/datadog-agent/pkg/network/protocols/tls" gotlsutils "github.com/DataDog/datadog-agent/pkg/network/protocols/tls/gotls/testutil" "github.com/DataDog/datadog-agent/pkg/network/tracer/testutil/proxy" "github.com/DataDog/datadog-agent/pkg/network/usm/consts" @@ -1624,7 +1624,7 @@ func validateStats(t *testing.T, usmMonitor *Monitor, res, expectedEndpoints map if statusCode == 0 { statusCode = 200 } - hasTag := stat.Data[statusCode].StaticTags == network.ConnTagGo + hasTag := stat.Data[statusCode].StaticTags == ebpftls.ConnTagGo if hasTag != isTLS { continue } diff --git a/tasks/system_probe.py b/tasks/system_probe.py index 636bd08dcc7174..abba2eefdcf2f9 100644 --- a/tasks/system_probe.py +++ b/tasks/system_probe.py @@ -504,7 +504,6 @@ def ninja_cgo_type_files(nw: NinjaWriter): ], "pkg/network/protocols/http/types.go": [ "pkg/network/ebpf/c/tracer/tracer.h", - "pkg/network/ebpf/c/protocols/tls/tags-types.h", "pkg/network/ebpf/c/protocols/http/types.h", "pkg/network/ebpf/c/protocols/classification/defs.h", ], @@ -523,6 +522,9 @@ def ninja_cgo_type_files(nw: NinjaWriter): "pkg/network/protocols/redis/types.go": [ "pkg/network/ebpf/c/protocols/redis/types.h", ], + "pkg/network/protocols/tls/types.go": [ + "pkg/network/ebpf/c/protocols/tls/tags-types.h", + ], "pkg/ebpf/telemetry/types.go": [ "pkg/ebpf/c/telemetry_types.h", ],