fix(sight): improve SSL capture robustness and SSE large payload handling#1356
fix(sight): improve SSL capture robustness and SSE large payload handling#1356Daydreamer-Li wants to merge 1 commit into
Conversation
|
Reviewed the diff (head de13a8e), grouped by severity. I verified the code-level items locally against this branch and have explicitly flagged the two that depend on runtime/environment I couldn't exercise. BlockingUTF-8 slice panic —
Both are eager and with a >2000 B multibyte HighScan-miss log escalated to WARN with LLM payload — MediumAdded SSE tests aren't discriminating — Low / notesSSE termination for oversized Runloop rule position-anchoring —
Contradictory attach logs — Separate (pre-existing, not this PR)The Thanks for the fixes — the SSL graceful-degrade and continuation-buffer direction look right. The panic at |
|
Thanks for the thorough review @jfeng18! All issues are addressed in Blocking — UTF-8 slice panic ✅ FixedRemoved the raw byte-offset slicing entirely. The scan-miss diagnostic now uses a concise log::debug!(
"[extract_token_from_sse] continuation buffer scan miss: len={} reassembled_events={} remaining_len={}",
extra.len(), reassembled.events.len(), reassembled.remaining.len(),
);High — Scan-miss log escalated to WARN ✅ FixedDowngraded from Medium — Tests not discriminating + missing is_done tests ✅ Fixed
Low — is_done doc comment ✅ FixedUpdated the doc comment to match the actual termination semantics (no longer terminates on event-field alone; relies on complete JSON parse or HTTP chunked terminator). Low — Contradictory attach logs ✅ FixedThe caller ( Low — Runloop rule positional anchoringAcknowledged. The rule matches Runloop's observed real invocation ( Separate — inode dedupGood observation. The new commit adds |
|
Thanks for the quick turnaround @Daydreamer-Li. The analyzer/SSE fixes look solid — I took a closer look at the inode changes and have a few points there. Genuinely fixed (confirmed on
On the inode dedup change — I think it works the opposite way from the stated goal. Comparing the two trees:
Net effect: on main a shared inode X is removed only when the pid that inserted it exits; on this branch X is removed as soon as any referencing pid exits (trigger set grows from On the "libbpf link deduplication handles it gracefully" comment: I don't think libbpf dedups here. In libbpf-rs 0.23.3, Two smaller things:
The analyzer/SSE half looks good to me; the inode rework is the part I'd revisit. |
BoringSSL (codex) uses /proc/<pid>/exe for uprobe attach path because overlayfs containers resolve /proc/<pid>/root/<path> to a different inode than the kernel uses for uprobe matching. BoringSSL inodes are tracked separately from shared library inodes: detached on process exit to allow re-attach for new processes, while shared libraries keep the still_used check to avoid duplicate uprobe fds. The HTTP chunked terminator (0\r\n\r\n) detection now checks if the buffer ends with the terminator rather than requiring an exact 5-byte match. The terminator is typically appended to the last SSE data chunk, not a standalone read. is_done() no longer terminates the SSE stream on the event field alone for OpenAI Responses API. The response.completed data field routinely exceeds 16 KB and spans multiple TLS records; terminating early causes the usage-bearing tail to be lost. The stream now terminates via the chunked terminator or when the full JSON is parseable. The done event's source chunk is always appended to the continuation buffer, bypassing the source_event pointer dedup, so usage data in the final chunk is not lost. SSEParser's remaining field is also checked for partial events that lack a trailing \n\n. attach_process registers the pid in the BPF traced map even when SSL attach fails, so global uprobe events are not silently dropped. Signed-off-by: liyuqing <liyuqing@alibaba-inc.com>
308c3b4 to
c7256fc
Compare
|
Round-3 follow-up on v3 ( BoringSSL re-attach creates duplicate uprobe consumers (sslsniff.rs:329-340) The v3 split treats BoringSSL differently: when
I checked this against the kernel source ( This means each BoringSSL re-attach for a new process creates an additional Four non-blocking notes:
|
Description
Improve AgentSight's SSL/TLS traffic capture robustness and fix SSE large payload parsing for the OpenAI Responses API.
SSL capture fixes:
/proc/<pid>/mapsis unreadable (privilege-drop scenarios, e.g. runloop/codex)SSE parsing fixes:
response.completed/response.failed/response.incompleteevent-type headers — these data payloads routinely exceed 16KB; stream stays open until HTTP chunked end markerConfig:
agentsight.jsonRelated Issue
closes #1355
Type of Change
Scope
cosh(copilot-shell)cosh-ng(cosh-ng)sec-core(agent-sec-core)skill(os-skills)sight(agentsight)tokenless(tokenless)ckpt(ws-ckpt)memory(agent-memory)anolisa(anolisa-cli)skillfs(SkillFS)Checklist
sight:cargo clippy -- -D warningsandcargo fmt --checkpassTesting
response.completedevents (>16KB payload)Additional Notes
N/A