Update the connection tracker state machine to support tracing wrapped protocols #2095
Labels
area/datacollector
Issues related to Stirling (datacollector)
Comments
ddelnano
added a commit
that referenced
this issue
Feb 18, 2025
Summary: Add support for TLS protocol tracing This is the final change to wire up the tls protocol parser and stitcher into stirling. I've also filed #2095 to track supporting tracing TLS handshakes and the application data. Relevant Issues: N/A Type of change: /kind feature Test Plan: New tests verify functionality works end to end Changelog Message: Added support for tracing TLS handshakes. This can be enabled with `--stirling_enable_tls_tracing=1` or through the `PX_STIRLING_ENABLE_TLS_TRACING` environment variable. Until #2095 is addressed, this will disable tracing the plaintext within encrypted connections. --------- Signed-off-by: Dom Del Nano <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current connection tracker model only supports tracing one protocol for the lifetime of the connection. Pixie was recently extended to support tracing TLS handshakes (#2050, #2058, etc). Due to this connection tracker model, this means users must pick tracing the TLS handshake or the inner (plaintext) application protocol. For the time being, the TLS handshake tracing is opt in, but it would be great to have Pixie be able to trace both the TLS handshake and the inner protocol.
This would permit tracing protocols that have L5-L7 layers. For example, web socket traffic starts out as HTTP, but is later upgraded to a different protocol. Or cases like finagle's thriftmux, which is Apache thrift contained inside a mux protocol session layer.
The text was updated successfully, but these errors were encountered: