feat: implement OpenSSL version downgrade logic and improve logging #819
Conversation
fix:#818 Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
There was a problem hiding this comment.
Pull Request Overview
This pull request refactors the OpenSSL version detection and BPF bytecode selection logic to improve compatibility when exact OpenSSL/BoringSSL versions are not found. The changes introduce a smart downgrade mechanism that attempts to find the closest lower matching version before falling back to defaults.
- Implements a downgrade algorithm that searches for the best matching version by progressively truncating the version string
- Replaces hardcoded default selection with an intelligent auto-detection method
- Improves logging clarity by providing more specific feedback about version matching, downgrading, and fallback behavior
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| user/module/probe_openssl_lib.go | Adds downgrade version matching logic and refactors bytecode auto-detection method |
| user/module/probe_openssl.go | Updates BPF file selection flow and improves logging organization |
|
|
||
| func (m *MOpenSSLProbe) downgradeOpensslVersion(ver string, soPath string) (string, bool) { | ||
| var candidates []string | ||
| // 未找到时,逐步截取ver查找最相近的 |
There was a problem hiding this comment.
The comment is in Chinese and should be in English for consistency with the rest of the codebase. Consider: '// When not found, progressively truncate ver to find the closest match'
| // 未找到时,逐步截取ver查找最相近的 | |
| // When not found, progressively truncate ver to find the closest match |
Copilot uses AI. Check for mistakes.
| for i := len(ver) - 1; i > 0; i-- { | ||
| prefix := ver[:i] | ||
|
|
||
| // 找到所有匹配前缀的key |
There was a problem hiding this comment.
The comment is in Chinese and should be in English for consistency with the rest of the codebase. Consider: '// Find all keys matching the prefix'
| // 找到所有匹配前缀的key | |
| // Find all keys matching the prefix |
Copilot uses AI. Check for mistakes.
| } | ||
|
|
||
| if len(candidates) > 0 { | ||
| // 按ASCII顺序排序,取最大的 |
There was a problem hiding this comment.
The comment is in Chinese and should be in English for consistency with the rest of the codebase. Consider: '// Sort in ASCII order and take the largest'
| // 按ASCII顺序排序,取最大的 | |
| // Sort in ASCII order and take the largest |
Copilot uses AI. Check for mistakes.
user/module/probe_openssl_lib.go
Outdated
|
|
||
| // 找到所有匹配前缀的key | ||
| for libKey := range m.sslVersionBpfMap { | ||
| if strings.HasPrefix(libKey, prefix) && libKey <= ver { |
There was a problem hiding this comment.
String comparison using '<=' for version comparison may not work correctly for semantic versions. For example, '1.1.10' would be considered less than '1.1.2' due to lexicographic ordering. Consider using proper version comparison logic or document this limitation.
Copilot uses AI. Check for mistakes.
| var isDowngrade bool | ||
| bpfFile, isDowngrade = m.downgradeOpensslVersion(ver, soPath) | ||
| if isDowngrade { | ||
| m.logger.Error().Str("OpenSSL Version", ver).Str("bpfFile", bpfFile).Msgf("OpenSSL/BoringSSL version not found, used downgrade version. %s", fmt.Sprintf(OpensslNoticeUsedDefault, OpensslNoticeVersionGuideLinux)) |
There was a problem hiding this comment.
[nitpick] Using Error level for a successful downgrade operation may be misleading. Consider using Warn level instead, as this represents a fallback behavior rather than an actual error condition.
| m.logger.Error().Str("OpenSSL Version", ver).Str("bpfFile", bpfFile).Msgf("OpenSSL/BoringSSL version not found, used downgrade version. %s", fmt.Sprintf(OpensslNoticeUsedDefault, OpensslNoticeVersionGuideLinux)) | |
| m.logger.Warn().Str("OpenSSL Version", ver).Str("bpfFile", bpfFile).Msgf("OpenSSL/BoringSSL version not found, used downgrade version. %s", fmt.Sprintf(OpensslNoticeUsedDefault, OpensslNoticeVersionGuideLinux)) |
Copilot uses AI. Check for mistakes.
|
🔧 Debug Build Complete 📦 Download Links: ⏰ Files will be retained for 7 days, please download and test promptly. |
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
|
🔧 Debug Build Complete 📦 Download Links: ⏰ Files will be retained for 7 days, please download and test promptly. |
This pull request refactors and enhances the OpenSSL probe's logic for selecting the appropriate BPF bytecode file when the exact OpenSSL/BoringSSL version is not found. The changes improve the robustness of version matching by introducing a downgrade mechanism and clarifying logging. The most important changes are:
Improved version matching and fallback logic
downgradeOpensslVersionmethod to attempt to find the closest lower matching version when the exact version is not available, improving compatibility with unknown or newer OpenSSL versions. (user/module/probe_openssl_lib.go)autoDetectBytecodemethod that incorporates the downgrade logic and provides more informative logging when downgrading or defaulting. (user/module/probe_openssl_lib.go) [1] [2]Logging and error handling improvements
user/module/probe_openssl.go,user/module/probe_openssl_lib.go) [1] [2] [3]Code organization and clarity
getSoDefaultBytecodetoautoDetectBytecode, and added a missing assignment for thebpfFileKey. (user/module/probe_openssl.go,user/module/probe_openssl_lib.go) [1] [2]sortpackage import to support candidate version sorting in the downgrade logic. (user/module/probe_openssl_lib.go)fix:#818