coroot
diff --git a/‎containers/container.go‎
Lines changed: 13 additions & 0 deletions b/‎containers/container.go‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎containers/process.go‎
Lines changed: 1 addition & 0 deletions b/‎containers/process.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎ebpftracer/ebpf.go‎
Lines changed: 10 additions & 10 deletions b/‎ebpftracer/ebpf.go‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎ebpftracer/ebpf/ebpf.c‎
Lines changed: 1 addition & 0 deletions b/‎ebpftracer/ebpf/ebpf.c‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎ebpftracer/ebpf/l7/java_tls.c‎
Lines changed: 39 additions & 0 deletions b/‎ebpftracer/ebpf/l7/java_tls.c‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎ebpftracer/ebpf/l7/l7.c‎
Lines changed: 10 additions & 0 deletions b/‎ebpftracer/ebpf/l7/l7.c‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎ebpftracer/ebpf/proc.c‎
Lines changed: 8 additions & 0 deletions b/‎ebpftracer/ebpf/proc.c‎
Lines changed: 8 additions & 0 deletions
@@ -12,6 +12,7 @@ import (
 	"github.com/coroot/coroot-node-agent/ebpftracer"
 	"github.com/coroot/coroot-node-agent/ebpftracer/l7"
 	"github.com/coroot/coroot-node-agent/flags"
+	"github.com/coroot/coroot-node-agent/jvm"
 	"github.com/coroot/coroot-node-agent/logs"
 	"github.com/coroot/coroot-node-agent/node"
 	"github.com/coroot/coroot-node-agent/pinger"
@@ -1262,6 +1263,18 @@ func (c *Container) attachTlsUprobes(tracer *ebpftracer.Tracer, pid uint32) {
 		}
 		p.rustlsUprobesChecked = true
 	}
+	if !p.javaTlsUprobesChecked {
+		p.javaTlsUprobesChecked = true
+		if jvm.IsJavaProcess(pid) {
+			if !*flags.EnableJavaTls {
+				klog.Infof("pid=%d: Java process detected, but Java TLS instrumentation is disabled (use --enable-java-tls to enable)", pid)
+			} else if nativeLibPath := jvm.EnsureTlsAgentLoaded(pid); nativeLibPath != "" {
+				if key := tracer.AttachJavaTlsUprobes(pid, nativeLibPath); key != nil {
+					p.uprobeKeys = append(p.uprobeKeys, *key)
+				}
+			}
+		}
+	}
 }
 
 func resolveFd(pid uint32, fd uint64) (mntId string, logPath string) {
 
@@ -43,6 +43,7 @@ type Process struct {
 	goTlsUprobesChecked   bool
 	openSslUprobesChecked bool
 	rustlsUprobesChecked  bool
+	javaTlsUprobesChecked bool
 	pythonGilChecked      bool
 	nodejsChecked         bool
 	nodejsPrevStats       *ebpftracer.NodejsStats
 
@@ -50,5 +50,6 @@ struct trace_event_raw_sys_exit__stub {
 #include "l7/gotls.c"
 #include "l7/openssl.c"
 #include "l7/rustls.c"
+#include "l7/java_tls.c"
 
 char _license[] SEC("license") = "GPL";
@@ -0,0 +1,39 @@
+SEC("uprobe/java_tls_write_enter")
+int java_tls_write_enter(struct pt_regs *ctx) {
+    __u64 tid = bpf_get_current_pid_tgid();
+    __u32 pid = tid >> 32;
+
+    __u8 dummy = 1;
+    bpf_map_update_elem(&java_tls_pids, &pid, &dummy, BPF_ANY);
+
+    struct ssl_args args = {};
+    args.buf = (char *)PT_REGS_PARM1(ctx);
+    args.size = PT_REGS_PARM2(ctx);
+    args.is_read = 0;
+    bpf_map_update_elem(&ssl_pending, &tid, &args, BPF_ANY);
+    return 0;
+}
+
+SEC("uprobe/java_tls_read_exit")
+int java_tls_read_exit(struct pt_regs *ctx) {
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+
+    __u64 *fd_ptr = bpf_map_lookup_elem(&java_tls_last_read_fd, &pid_tgid);
+    if (!fd_ptr) {
+        return 0;
+    }
+    __u64 fd = *fd_ptr;
+    bpf_map_delete_elem(&java_tls_last_read_fd, &pid_tgid);
+
+    char *buf = (char *)PT_REGS_PARM1(ctx);
+    __s64 size = (__s64)PT_REGS_PARM2(ctx);
+
+    if (size <= 0) {
+        return 0;
+    }
+
+    __u32 pid = pid_tgid >> 32;
+    __u64 id = pid_tgid | IS_TLS_READ_ID;
+    trace_enter_read(id, pid, fd, buf, 0, 0);
+    return trace_exit_read(ctx, id, pid, 1, size);
+}
@@ -122,6 +122,13 @@ struct {
     __uint(max_entries, 10240);
 } rustls_last_read_fd SEC(".maps");
 
+struct {
+    __uint(type, BPF_MAP_TYPE_LRU_HASH);
+    __uint(key_size, sizeof(__u64));
+    __uint(value_size, sizeof(__u64));
+    __uint(max_entries, 10240);
+} java_tls_last_read_fd SEC(".maps");
+
 struct {
     __uint(type, BPF_MAP_TYPE_LRU_HASH);
     __uint(key_size, sizeof(__u64));
@@ -377,6 +384,9 @@ int trace_enter_read(__u64 id, __u32 pid, __u64 fd, char *buf, __u64 *ret, __u64
     if (bpf_map_lookup_elem(&rustls_pids, &pid)) {
         bpf_map_update_elem(&rustls_last_read_fd, &id, &fd, BPF_ANY);
     }
+    if (bpf_map_lookup_elem(&java_tls_pids, &pid)) {
+        bpf_map_update_elem(&java_tls_last_read_fd, &id, &fd, BPF_ANY);
+    }
 
     struct connection_id cid = {};
     cid.pid = pid;
 
@@ -27,6 +27,13 @@ struct {
     __uint(max_entries, 1024);
 } rustls_pids SEC(".maps");
 
+struct {
+    __uint(type, BPF_MAP_TYPE_LRU_HASH);
+    __uint(key_size, sizeof(__u32));
+    __uint(value_size, sizeof(__u8));
+    __uint(max_entries, 1024);
+} java_tls_pids SEC(".maps");
+
 struct trace_event_raw_task_newtask__stub {
     __u64 unused;
 #if defined(__CTX_EXTRA_PADDING)
@@ -74,6 +81,7 @@ int sched_process_exit(struct trace_event_raw_sched_process_template__stub *args
     bpf_map_delete_elem(&nodejs_prev_event_loop_iter, &pid);
     bpf_map_delete_elem(&nodejs_current_io_cb, &pid);
     bpf_map_delete_elem(&rustls_pids, &pid);
+    bpf_map_delete_elem(&java_tls_pids, &pid);
 
     struct proc_event e = {
         .type = EVENT_TYPE_PROCESS_EXIT,