WIP: Initial implementation for user space uprobe for SSL

[msherif1234]

Description

This PR adds support to probe/uretprobe to track openSSL write function call to read the packets before being encrypted and generate events using ringbuffer to userspace

I was able to bring up ebpf agent with SSL_enable on kind cluster

./examples/test-ssl-host.sh
=== Testing SSL with Host Process ===

This will run curl on each cluster node directly on the host
This should trigger the SSL uprobes since the host process uses
the same libssl.so that the agent attached to.

=========================================
Testing node: kind-control-plane
=========================================
Warning: No agent pod found on node kind-control-plane, skipping...
=========================================
Testing node: kind-worker
=========================================
Agent pod: netobserv-ebpf-agent-lglkp
Running curl with HTTP/1.1 (--http1.1) on host...
HTTP Request completed successfully
Checking logs for SSL events:
time="2025-10-23T17:24:10Z" level=info msg="SSL EVENT: pid=2449200806146953, timestamp=51258572899030, data_len=78, ssl_type=3" component=flow.RingBufTracer
=========================================
Testing node: kind-worker2
=========================================
Agent pod: netobserv-ebpf-agent-2wp7h
Running curl with HTTP/1.1 (--http1.1) on host...
HTTP Request completed successfully
Checking logs for SSL events:
time="2025-10-23T17:24:10Z" level=info msg="SSL EVENT: pid=2449200806146953, timestamp=51258572913197, data_len=78, ssl_type=3" component=flow.RingBufTracer
time="2025-10-23T17:24:10Z" level=info msg="SSL EVENT: pid=2449282410525596, timestamp=51258737434405, data_len=78, ssl_type=3" component=flow.RingBufTracer
=========================================
Test completed for all nodes
=========================================

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Will this change affect NetObserv / Network Observability operator? If not, you can ignore the rest of this checklist.
• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

To run a perfscale test, comment with: /test ebpf-node-density-heavy-25nodes

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jotak for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment