NETOBSERV-2471: TLS usage tracking (bump agent)

[jotak]

Agent PR: netobserv/netobserv-ebpf-agent#815
Operator: netobserv/netobserv-operator#2124

Summary by CodeRabbit

• New Features

  • Added TLS/SSL metrics tracking to flow telemetry, including cipher suite and protocol version identification.
  • Introduced uprobe session trace support for enhanced runtime monitoring.
  • Added program compatibility verification for improved kernel version handling.

• Improvements

  • Enhanced BTF type deduplication for better memory efficiency.
  • Expanded Windows eBPF builtin function support.

[openshift-ci-robot]

@jotak: This pull request references NETOBSERV-2471 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jotak: This pull request references NETOBSERV-2471 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Agent PR: netobserv/netobserv-ebpf-agent#815

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[github-actions]

New image:
quay.io/netobserv/flowlogs-pipeline:014a99d

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=014a99d make set-flp-image

[openshift-ci-robot]

@jotak: This pull request references NETOBSERV-2471 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.21.0" version, but no target version was set.

Details

In response to this:

Agent PR: netobserv/netobserv-ebpf-agent#815
Operator: netobserv/netobserv-operator#2124

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[github-actions]

New image:
quay.io/netobserv/flowlogs-pipeline:2798ef8

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=2798ef8 make set-flp-image

[openshift-merge-robot]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign stleerh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

New image:

quay.io/netobserv/flowlogs-pipeline:8f976f0

It will expire in two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=8f976f0 make set-flp-image

[Amoghrd]

/label qe-approved

[openshift-ci-robot]

@jotak: This pull request references NETOBSERV-2471 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Agent PR: netobserv/netobserv-ebpf-agent#815
Operator: netobserv/netobserv-operator#2124

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[Amoghrd]

/test qe-e2e-tests

[openshift-ci]

@jotak: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/qe-e2e-tests	bff214f	link	false	/test qe-e2e-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

Vendor update for cilium/ebpf (v0.20 → v0.21), golang.org/x/sys (v0.41 → v0.42), and netobserv-ebpf-agent (new commit). Major changes include BTF deduplication, variable spec refactoring, ELF struct_ops support, removal of deprecated instruction APIs, TLS tracking extensions, and expanded Darwin ARM64 CPU detection.

Changes

Cohort / File(s)	Summary
Module versions go.mod, vendor/modules.txt	Updated cilium/ebpf from v0.20.0 to v0.21.0; golang.org/x/sys from v0.41.0 to v0.42.0; netobserv-ebpf-agent to new pseudo-version.
cilium/ebpf: ASM and instruction updates vendor/github.com/cilium/ebpf/asm/func_string.go, asm/func_win.go, asm/instruction.go	Windows builtin function renames (Memcpy→MemcpyS, etc); added three new Windows builtins; added Width() method; removed deprecated MapPtr/RewriteMapPtr APIs; refactored tag computation with SHA-256/SHA-1 support via HasTag().
cilium/ebpf: BTF type system vendor/github.com/cilium/ebpf/btf/dedup.go, btf/ext_info.go, btf/feature.go, btf/marshal.go, btf/types.go	New BTF deduplication engine (dedup.go); exposed ExtInfos metadata (Funcs, Lines, CORERelos) as public maps; refactored CO-RE relocation handling; added deduplication option to Builder; updated NewBuilder signature to accept BuilderOptions.
cilium/ebpf: Build system vendor/github.com/cilium/ebpf/Makefile, CODEOWNERS, staticcheck.conf	Makefile refactored container execution, changed all target flow, added testdata/struct_ops targets and loader_nobtf variants, replaced update-kernel-deps with update-external-deps; CODEOWNERS extended for Windows support; staticcheck.conf removed.
cilium/ebpf: Variable and collection handling vendor/github.com/cilium/ebpf/variable.go, collection.go, collection_windows.go, map.go	VariableSpec refactored to self-contained (Name, SectionName, Offset/uint32, Value/[]byte); removed RewriteMaps/RewriteConstants APIs; added mapSpec.updateDataSection() for variable population; increased preallocated FD slices on Windows.
cilium/ebpf: ELF loading and struct_ops vendor/github.com/cilium/ebpf/elf_reader.go, elf_sections.go, prog.go, struct_ops.go, linker.go	Major elf_reader refactor: struct_ops relocation processing, per-symbol instruction decoding, per-instruction metadata assignment, per-symbol map loading with BTF variables; added uprobe.session section types; added Compatible() method and ErrProgIncompatible; removed splitSymbols helper; struct_ops relocation setup and AttachTo assignment.
cilium/ebpf: Memory and program info vendor/github.com/cilium/ebpf/memory.go, memory_unsafe.go, info.go	Changed Size() return to uint32; updated offset parameters from uint64 to uint32; refactored ProgramInfo to track numInsns separately, added automatic program name expansion from BTF, removed restricted-kernel guards, changed metadata assignment to per-instruction calls.
cilium/ebpf: System types and syscalls vendor/github.com/cilium/ebpf/internal/sys/syscall.go, types.go	Added info() methods for link info types; extended types with new constants (BPF_F_IPV6, BPF_TRACE_UPROBE_SESSION, stream/netfilter support); added NetfilterInetHook and NetfilterProtocolFamily enums; new link-info structs (EventLinkInfo, TracepointLinkInfo, UprobeLinkInfo, UprobeMultiLinkInfo); updated MapInfo, MapCreateAttr, ProgLoadAttr with new fields.
netobserv-ebpf-agent: TLS tracking vendor/github.com/netobserv/netobserv-ebpf-agent/pkg/ebpf/bpf_*.go, model/record.go, model/tls_types.go, pbflow/proto.go, decode/decode_protobuf.go	Added TLS metric fields (SslVersion, TlsCipherSuite, TlsKeyShare, TlsTypes) to BpfFlowMetricsT across all architectures; added EnableTlsUsageTracking global variable; new TLS helpers (SSLVersionToString, TLSTypesToStrings, HasSSLMismatch); extended record/protobuf mapping for TLS fields.
golang.org/x/sys: Darwin/ARM64 CPU detection vendor/golang.org/x/sys/cpu/asm_darwin_arm64_gc.s, cpu_darwin_arm64.go, cpu_darwin_arm64_other.go, cpu_gccgo_arm64.go, cpu_other_arm64.go, syscall_darwin_arm64_gc.go	New Darwin/ARM64 support: assembly trampoline for sysctlbyname, doinit functions for gc and non-gc builds with sysctl-based feature detection, darwinSysctlEnabled helper; refactored cpu_other_arm64 build constraints and init logic.
golang.org/x/sys: Unix and Windows types vendor/golang.org/x/sys/unix/ztypes_linux.go, windows/aliases.go, windows/syscall_windows.go, windows/registry/key.go, plan9/syscall_plan9.go	Added PREFIX_* netlink constants and Prefixmsg/PrefixCacheinfo structs; added Signal type alias in Windows; removed local Signal type from syscall_windows.go; refactored ModTime() computation in registry key.go; replaced Note type with alias in plan9.
golang.org/x/sys: Unix capability functions vendor/golang.org/x/sys/internal/unix/types_linux.go, types_other.go	Added Unshare, Setns, Capget, Capset syscall wrappers; added CapUserData/CapUserHeader types; introduced O_RDONLY, CLONE_NEWNET, LINUX_CAPABILITY_VERSION_3 constants; non-Linux stubs for capability functions returning errNonLinux.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is minimal, containing only two links to related PRs without addressing required template sections like testing setup, unit tests, or QE requirements.	Complete the PR description using the template: add meaningful description, confirm testing setup (if needed), verify unit tests added, and check one QE requirement option.
Docstring Coverage	⚠️ Warning	Docstring coverage is 38.10% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly identifies the main change: bumping the netobserv-ebpf-agent dependency to enable TLS usage tracking, tied to NETOBSERV-2471.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@jotak: This pull request references NETOBSERV-2471 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Agent PR: netobserv/netobserv-ebpf-agent#815
Operator: netobserv/netobserv-operator#2124

Summary by CodeRabbit

• New Features

• Added TLS/SSL metrics tracking to flow telemetry, including cipher suite and protocol version identification.

• Introduced uprobe session trace support for enhanced runtime monitoring.

• Added program compatibility verification for improved kernel version handling.

• Improvements

• Enhanced BTF type deduplication for better memory efficiency.

• Expanded Windows eBPF builtin function support.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.