Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: allow capture ipv6 packet #586

Merged
merged 3 commits into from
Aug 11, 2024
Merged

feat: allow capture ipv6 packet #586

merged 3 commits into from
Aug 11, 2024

Conversation

yuweizzz
Copy link
Contributor

@yuweizzz yuweizzz commented Aug 7, 2024

allow capture ipv6 packet.

@cfc4n cfc4n added the enhancement New feature or request label Aug 7, 2024
@cfc4n
Copy link
Member

cfc4n commented Aug 7, 2024

Thank you for your contribution. I will verify it later. However, I lack an IPv6 environment; could you assist me with that?

PS:可以加VX沟通吗? 可以在「榫卯江湖」公众号里留言,告诉我你的ID,我加你。

@yuweizzz
Copy link
Contributor Author

yuweizzz commented Aug 8, 2024

ok

kern/ecapture.h Show resolved Hide resolved
Copy link
Member

@cfc4n cfc4n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks.

@cfc4n cfc4n merged commit 37ef9f4 into gojue:master Aug 11, 2024
6 of 7 checks passed
@cfc4n
Copy link
Member

cfc4n commented Aug 11, 2024

cc_snip_2024-08-11_14-28-24 cc_snip_2024-08-11_14-26-49

看上去,在tls 1.3下,捕获的包含密钥的网络包才能被wireshark正常解析。

即使使用SSLKEYLOGFILE导出密钥,使用tcpdump捕获网络包,再用wireshark设置sslkey的方式,wireshark依旧无法解密tls 1.2的包。

It appears that under TLS 1.3, only network packets containing keys can be properly decoded by Wireshark. Even with the export of keys using SSLKEYLOGFILE, capturing network packets with tcpdump, and setting up sslkey in Wireshark for decryption, Wireshark still cannot decrypt TLS 1.2 packets.

这看上去不是eCapture的bug,更像是wireshark的bug,也就是说wireshark无法正常解密IPv6 + 非tls 1.3 的网络包。

This does not appear to be a bug with eCapture; it seems more like an issue with Wireshark, meaning that Wireshark is unable to properly decrypt IPv6 network packets that are not using TLS 1.3.

@yuweizzz yuweizzz deleted the ipv6 branch September 23, 2024 08:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants