From 00198b93a9481afbaa9566e8ba679c59c9a7b183 Mon Sep 17 00:00:00 2001 From: Huang Huang Date: Sat, 28 Sep 2024 15:01:08 +0800 Subject: [PATCH] feat(experimental/gotls): support environment variable `SSLKEYLOGFILE` (#151) Support setting environment variable SSLKEYLOGFILE to save tls key logs to file. closes #145 --- .circleci/config.yml | 8 +++--- .github/workflows/test.yml | 8 +++--- cmd/gotls.go | 12 +++++---- cmd/options.go | 18 ++++++++++++++ testdata/test_gotls_keylog.sh | 10 +++++--- testdata/test_gotls_keylog_pie.sh | 29 ---------------------- testdata/test_gotls_keylog_stripped.sh | 29 ---------------------- testdata/test_gotls_keylog_stripped_pie.sh | 29 ---------------------- 8 files changed, 39 insertions(+), 104 deletions(-) delete mode 100644 testdata/test_gotls_keylog_pie.sh delete mode 100644 testdata/test_gotls_keylog_stripped.sh delete mode 100644 testdata/test_gotls_keylog_stripped_pie.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 2aec473b..09210d03 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -91,7 +91,7 @@ jobs: make -C testdata/gohttpapp build for i in {1..10}; do - sudo bash testdata/test_gotls_keylog.sh ./ptcpdump && exit 0 || sleep 1 + sudo bash testdata/test_gotls_keylog.sh ./ptcpdump gohttpapp && exit 0 || sleep 1 done exit 1 @@ -105,7 +105,7 @@ jobs: make -C testdata/gohttpapp build for i in {1..10}; do - sudo bash testdata/test_gotls_keylog_pie.sh ./ptcpdump && exit 0 || sleep 1 + sudo bash testdata/test_gotls_keylog.sh ./ptcpdump gohttpapp_pie && exit 0 || sleep 1 done exit 1 @@ -119,7 +119,7 @@ jobs: make -C testdata/gohttpapp build for i in {1..10}; do - sudo bash testdata/test_gotls_keylog_stripped.sh ./ptcpdump && exit 0 || sleep 1 + sudo bash testdata/test_gotls_keylog.sh ./ptcpdump gohttpapp_stripped && exit 0 || sleep 1 done exit 1 @@ -133,7 +133,7 @@ jobs: make -C testdata/gohttpapp build for i in {1..10}; do - sudo bash testdata/test_gotls_keylog_stripped_pie.sh ./ptcpdump && exit 0 || sleep 1 + sudo bash testdata/test_gotls_keylog.sh ./ptcpdump gohttpapp_stripped_pie && exit 0 || sleep 1 done exit 1 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ba5f889d..e503ae1f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -265,7 +265,7 @@ jobs: apt update && yes | apt install -y tshark for i in {1..10}; do - bash /host/testdata/test_gotls_keylog.sh /host/ptcpdump/ptcpdump && exit 0 || sleep 1 + bash /host/testdata/test_gotls_keylog.sh /host/ptcpdump/ptcpdump gohttpapp && exit 0 || sleep 1 done exit 1 @@ -283,7 +283,7 @@ jobs: apt update && yes | apt install -y tshark for i in {1..10}; do - bash /host/testdata/test_gotls_keylog_pie.sh /host/ptcpdump/ptcpdump && exit 0 || sleep 1 + bash /host/testdata/test_gotls_keylog.sh /host/ptcpdump/ptcpdump gohttpapp_pie && exit 0 || sleep 1 done exit 1 @@ -301,7 +301,7 @@ jobs: apt update && yes | apt install -y tshark for i in {1..10}; do - bash /host/testdata/test_gotls_keylog_stripped.sh /host/ptcpdump/ptcpdump && exit 0 || sleep 1 + bash /host/testdata/test_gotls_keylog.sh /host/ptcpdump/ptcpdump gohttpapp_stripped && exit 0 || sleep 1 done exit 1 @@ -319,6 +319,6 @@ jobs: apt update && yes | apt install -y tshark for i in {1..10}; do - bash /host/testdata/test_gotls_keylog_stripped_pie.sh /host/ptcpdump/ptcpdump && exit 0 || sleep 1 + bash /host/testdata/test_gotls_keylog.sh /host/ptcpdump/ptcpdump gohttpapp_stripped_pie && exit 0 || sleep 1 done exit 1 diff --git a/cmd/gotls.go b/cmd/gotls.go index 7bae3459..22743afe 100644 --- a/cmd/gotls.go +++ b/cmd/gotls.go @@ -32,8 +32,8 @@ func getGoKeyLogEventConsumer(opts *Options, packetWriters []writer.PacketWriter } } } - if opts.writeTLSKeyLogPath != "" { - w, err := writer.NewKeyLogFileWriter(opts.writeTLSKeyLogPath) + if opts.getWriteTLSKeyLogPath() != "" { + w, err := writer.NewKeyLogFileWriter(opts.getWriteTLSKeyLogPath()) if err != nil { return nil, err } @@ -45,20 +45,22 @@ func getGoKeyLogEventConsumer(opts *Options, packetWriters []writer.PacketWriter } func attachGoTLSHooks(opts Options, bf *bpf.BPF) error { - if len(opts.subProgArgs) == 0 { + if !opts.shouldEnableGoTLSHooks() { + log.Info("skip go tls hooks") return nil } + path, err := exec.LookPath(opts.subProgArgs[0]) if err != nil { return fmt.Errorf("could not find %s in PATH", opts.subProgArgs[0]) } if _, err := buildinfo.ReadFile(path); err != nil { - log.Debugf("skip go TLS related logics due to %+v", err) + log.Infof("skip go TLS related logics due to %+v", err) return nil } elff, err := elf.Open(path) if err != nil { - log.Debugf("skip go TLS related logics due to %+v", err) + log.Infof("skip go TLS related logics due to %+v", err) return nil } diff --git a/cmd/options.go b/cmd/options.go index 275915d4..2037ed01 100644 --- a/cmd/options.go +++ b/cmd/options.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/mozillazg/ptcpdump/internal/writer" "github.com/x-way/pktdump" + "os" "strings" "time" @@ -176,3 +177,20 @@ func (o Options) applyToStdoutWriter(w *writer.StdoutWriter) { break } } + +func (o Options) shouldEnableGoTLSHooks() bool { + if len(o.subProgArgs) == 0 { + return false + } + if o.getWriteTLSKeyLogPath() != "" || o.embedTLSKeyLogToPcapng { + return true + } + return false +} + +func (o Options) getWriteTLSKeyLogPath() string { + if o.writeTLSKeyLogPath != "" { + return o.writeTLSKeyLogPath + } + return os.Getenv("SSLKEYLOGFILE") +} diff --git a/testdata/test_gotls_keylog.sh b/testdata/test_gotls_keylog.sh index 940aa35e..8332cf11 100644 --- a/testdata/test_gotls_keylog.sh +++ b/testdata/test_gotls_keylog.sh @@ -4,11 +4,13 @@ set -xe SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" > /dev/null && pwd )" CMD="$1" -APP="${SCRIPT_DIR}/gohttpapp/gohttpapp" +APP_NAME="$(basename $2)" +APP="${SCRIPT_DIR}/gohttpapp/${APP_NAME}" FILE_PREFIX="/tmp/ptcpdump" -KEYLOG_PATH="${FILE_PREFIX}_keylog.txt" -PCAP_FILE="${FILE_PREFIX}_keylog_01.pcap" -PCAPNG_FILE="${FILE_PREFIX}_keylog_01.pcapng" +FILE_SUFFIX="${APP_NAME}" +KEYLOG_PATH="${FILE_PREFIX}_keylog_${FILE_SUFFIX}.txt" +PCAP_FILE="${FILE_PREFIX}_keylog_${FILE_SUFFIX}.pcap" +PCAPNG_FILE="${FILE_PREFIX}_keylog_${FILE_SUFFIX}.pcapng" function test_keylog_to_file() { ${CMD} -i any --write-keylog-file ${KEYLOG_PATH} -w ${PCAP_FILE} -- ${APP} diff --git a/testdata/test_gotls_keylog_pie.sh b/testdata/test_gotls_keylog_pie.sh deleted file mode 100644 index b1c9978d..00000000 --- a/testdata/test_gotls_keylog_pie.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash - -set -xe - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" > /dev/null && pwd )" -CMD="$1" -APP="${SCRIPT_DIR}/gohttpapp/gohttpapp_pie" -FILE_PREFIX="/tmp/ptcpdump" -KEYLOG_PATH="${FILE_PREFIX}_keylog_pie.txt" -PCAP_FILE="${FILE_PREFIX}_keylog_pie.pcap" -PCAPNG_FILE="${FILE_PREFIX}_keylog_pie.pcapng" - -function test_keylog_to_file() { - ${CMD} -i any --write-keylog-file ${KEYLOG_PATH} -w ${PCAP_FILE} -- ${APP} - cat ${KEYLOG_PATH} - tshark -r ${PCAP_FILE} -o tls.keylog_file:${KEYLOG_PATH} | grep "GET /foo/bar HTTP/1.1" -} - -function test_keylog_to_pcapng() { - ${CMD} -i any --embed-keylog-to-pcapng -w ${PCAPNG_FILE} -- ${APP} - tshark -r ${PCAPNG_FILE} | grep "GET /foo/bar HTTP/1.1" -} - -function main() { - test_keylog_to_file - test_keylog_to_pcapng -} - -main diff --git a/testdata/test_gotls_keylog_stripped.sh b/testdata/test_gotls_keylog_stripped.sh deleted file mode 100644 index 92c7fbee..00000000 --- a/testdata/test_gotls_keylog_stripped.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash - -set -xe - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" > /dev/null && pwd )" -CMD="$1" -APP="${SCRIPT_DIR}/gohttpapp/gohttpapp_stripped" -FILE_PREFIX="/tmp/ptcpdump" -KEYLOG_PATH="${FILE_PREFIX}_keylog_stripped.txt" -PCAP_FILE="${FILE_PREFIX}_keylog_stripped.pcap" -PCAPNG_FILE="${FILE_PREFIX}_keylog_stripped.pcapng" - -function test_keylog_to_file() { - ${CMD} -i any --write-keylog-file ${KEYLOG_PATH} -w ${PCAP_FILE} -- ${APP} - cat ${KEYLOG_PATH} - tshark -r ${PCAP_FILE} -o tls.keylog_file:${KEYLOG_PATH} | grep "GET /foo/bar HTTP/1.1" -} - -function test_keylog_to_pcapng() { - ${CMD} -i any --embed-keylog-to-pcapng -w ${PCAPNG_FILE} -- ${APP} - tshark -r ${PCAPNG_FILE} | grep "GET /foo/bar HTTP/1.1" -} - -function main() { - test_keylog_to_file - test_keylog_to_pcapng -} - -main diff --git a/testdata/test_gotls_keylog_stripped_pie.sh b/testdata/test_gotls_keylog_stripped_pie.sh deleted file mode 100644 index fa1f2fea..00000000 --- a/testdata/test_gotls_keylog_stripped_pie.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash - -set -xe - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" > /dev/null && pwd )" -CMD="$1" -APP="${SCRIPT_DIR}/gohttpapp/gohttpapp_stripped_pie" -FILE_PREFIX="/tmp/ptcpdump" -KEYLOG_PATH="${FILE_PREFIX}_keylog_stripped_pie.txt" -PCAP_FILE="${FILE_PREFIX}_keylog_stripped_pie.pcap" -PCAPNG_FILE="${FILE_PREFIX}_keylog_stripped_pie.pcapng" - -function test_keylog_to_file() { - ${CMD} -i any --write-keylog-file ${KEYLOG_PATH} -w ${PCAP_FILE} -- ${APP} - cat ${KEYLOG_PATH} - tshark -r ${PCAP_FILE} -o tls.keylog_file:${KEYLOG_PATH} | grep "GET /foo/bar HTTP/1.1" -} - -function test_keylog_to_pcapng() { - ${CMD} -i any --embed-keylog-to-pcapng -w ${PCAPNG_FILE} -- ${APP} - tshark -r ${PCAPNG_FILE} | grep "GET /foo/bar HTTP/1.1" -} - -function main() { - test_keylog_to_file - test_keylog_to_pcapng -} - -main