feat(experimental/gotls): support environment variable SSLKEYLOGFILE (

#151)

Support setting environment variable SSLKEYLOGFILE to save tls key logs to file.
closes #145

.circleci/config.yml

@@ -91,7 +91,7 @@ jobs:
             make -C testdata/gohttpapp build
 
             for i in {1..10}; do
-              sudo bash testdata/test_gotls_keylog.sh ./ptcpdump && exit 0 || sleep 1
+              sudo bash testdata/test_gotls_keylog.sh ./ptcpdump gohttpapp && exit 0 || sleep 1
             done
             exit 1
 
@@ -105,7 +105,7 @@ jobs:
             make -C testdata/gohttpapp build
 
             for i in {1..10}; do
-              sudo bash testdata/test_gotls_keylog_pie.sh ./ptcpdump && exit 0 || sleep 1
+              sudo bash testdata/test_gotls_keylog.sh ./ptcpdump gohttpapp_pie && exit 0 || sleep 1
             done
             exit 1
 
@@ -119,7 +119,7 @@ jobs:
             make -C testdata/gohttpapp build
 
             for i in {1..10}; do
-              sudo bash testdata/test_gotls_keylog_stripped.sh ./ptcpdump && exit 0 || sleep 1
+              sudo bash testdata/test_gotls_keylog.sh ./ptcpdump gohttpapp_stripped && exit 0 || sleep 1
             done
             exit 1
 
@@ -133,7 +133,7 @@ jobs:
             make -C testdata/gohttpapp build
 
             for i in {1..10}; do
-              sudo bash testdata/test_gotls_keylog_stripped_pie.sh ./ptcpdump && exit 0 || sleep 1
+              sudo bash testdata/test_gotls_keylog.sh ./ptcpdump gohttpapp_stripped_pie && exit 0 || sleep 1
             done
             exit 1
 

.github/workflows/test.yml

@@ -265,7 +265,7 @@ jobs:
             apt update && yes | apt install -y tshark
 
             for i in {1..10}; do
-              bash /host/testdata/test_gotls_keylog.sh /host/ptcpdump/ptcpdump && exit 0 || sleep 1
+              bash /host/testdata/test_gotls_keylog.sh /host/ptcpdump/ptcpdump gohttpapp && exit 0 || sleep 1
             done
             exit 1
 
@@ -283,7 +283,7 @@ jobs:
             apt update && yes | apt install -y tshark
 
             for i in {1..10}; do
-              bash /host/testdata/test_gotls_keylog_pie.sh /host/ptcpdump/ptcpdump && exit 0 || sleep 1
+              bash /host/testdata/test_gotls_keylog.sh /host/ptcpdump/ptcpdump gohttpapp_pie && exit 0 || sleep 1
             done
             exit 1
 
@@ -301,7 +301,7 @@ jobs:
             apt update && yes | apt install -y tshark
 
             for i in {1..10}; do
-              bash /host/testdata/test_gotls_keylog_stripped.sh /host/ptcpdump/ptcpdump && exit 0 || sleep 1
+              bash /host/testdata/test_gotls_keylog.sh /host/ptcpdump/ptcpdump gohttpapp_stripped && exit 0 || sleep 1
             done
             exit 1
 
@@ -319,6 +319,6 @@ jobs:
             apt update && yes | apt install -y tshark
 
             for i in {1..10}; do
-              bash /host/testdata/test_gotls_keylog_stripped_pie.sh /host/ptcpdump/ptcpdump && exit 0 || sleep 1
+              bash /host/testdata/test_gotls_keylog.sh /host/ptcpdump/ptcpdump gohttpapp_stripped_pie && exit 0 || sleep 1
             done
             exit 1

cmd/gotls.go

@@ -32,8 +32,8 @@ func getGoKeyLogEventConsumer(opts *Options, packetWriters []writer.PacketWriter
 			}
 		}
 	}
-	if opts.writeTLSKeyLogPath != "" {
-		w, err := writer.NewKeyLogFileWriter(opts.writeTLSKeyLogPath)
+	if opts.getWriteTLSKeyLogPath() != "" {
+		w, err := writer.NewKeyLogFileWriter(opts.getWriteTLSKeyLogPath())
 		if err != nil {
 			return nil, err
 		}
@@ -45,20 +45,22 @@ func getGoKeyLogEventConsumer(opts *Options, packetWriters []writer.PacketWriter
 }
 
 func attachGoTLSHooks(opts Options, bf *bpf.BPF) error {
-	if len(opts.subProgArgs) == 0 {
+	if !opts.shouldEnableGoTLSHooks() {
+		log.Info("skip go tls hooks")
 		return nil
 	}
+
 	path, err := exec.LookPath(opts.subProgArgs[0])
 	if err != nil {
 		return fmt.Errorf("could not find %s in PATH", opts.subProgArgs[0])
 	}
 	if _, err := buildinfo.ReadFile(path); err != nil {
-		log.Debugf("skip go TLS related logics due to %+v", err)
+		log.Infof("skip go TLS related logics due to %+v", err)
 		return nil
 	}
 	elff, err := elf.Open(path)
 	if err != nil {
-		log.Debugf("skip go TLS related logics due to %+v", err)
+		log.Infof("skip go TLS related logics due to %+v", err)
 		return nil
 	}
 

cmd/options.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"github.com/mozillazg/ptcpdump/internal/writer"
 	"github.com/x-way/pktdump"
+	"os"
 	"strings"
 	"time"
 
@@ -176,3 +177,20 @@ func (o Options) applyToStdoutWriter(w *writer.StdoutWriter) {
 		break
 	}
 }
+
+func (o Options) shouldEnableGoTLSHooks() bool {
+	if len(o.subProgArgs) == 0 {
+		return false
+	}
+	if o.getWriteTLSKeyLogPath() != "" || o.embedTLSKeyLogToPcapng {
+		return true
+	}
+	return false
+}
+
+func (o Options) getWriteTLSKeyLogPath() string {
+	if o.writeTLSKeyLogPath != "" {
+		return o.writeTLSKeyLogPath
+	}
+	return os.Getenv("SSLKEYLOGFILE")
+}

testdata/test_gotls_keylog.sh

@@ -4,11 +4,13 @@ set -xe
 
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" > /dev/null && pwd )"
 CMD="$1"
-APP="${SCRIPT_DIR}/gohttpapp/gohttpapp"
+APP_NAME="$(basename $2)"
+APP="${SCRIPT_DIR}/gohttpapp/${APP_NAME}"
 FILE_PREFIX="/tmp/ptcpdump"
-KEYLOG_PATH="${FILE_PREFIX}_keylog.txt"
-PCAP_FILE="${FILE_PREFIX}_keylog_01.pcap"
-PCAPNG_FILE="${FILE_PREFIX}_keylog_01.pcapng"
+FILE_SUFFIX="${APP_NAME}"
+KEYLOG_PATH="${FILE_PREFIX}_keylog_${FILE_SUFFIX}.txt"
+PCAP_FILE="${FILE_PREFIX}_keylog_${FILE_SUFFIX}.pcap"
+PCAPNG_FILE="${FILE_PREFIX}_keylog_${FILE_SUFFIX}.pcapng"
 
 function test_keylog_to_file() {
     ${CMD} -i any --write-keylog-file ${KEYLOG_PATH} -w ${PCAP_FILE} -- ${APP}