Hacker News new | past | comments | ask | show | jobs | submit login

What do you do for HTTPS which would be encrypted as it passes through the kernel and is only decrypted in the application process?



Great question. You're right that tracing in the kernel doesn't work for encrypted traffic (that means anything over TLS, including HTTPS). For encrypted connections, we still want to give the no-manual-instrumentation-required experience to our users, so what we do is trace the SSL/TLS library to capture the traffic. Right now, for example, we trace traffic going through OpenSSL. This has the benefit of covering a wide array of programs in different languages, including any dynamic languages that use OpenSSL. And we plan on adding more TLS libraries soon (e.g. GoTLS) to fill in the gaps.

We'll be publishing a blog post on this soon, so please stay tuned. In the meanwhile, this other post (https://docs.pixielabs.ai/tutorials/simple-go-tracing/) gives an idea of how one can use EBPF user-space probes to trace applications and system libraries.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: