-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new handshake handler and keylog writer #56
base: master
Are you sure you want to change the base?
Conversation
This change adds support for a new environment variable 'WG_KEYLOGFILE' in resemblance to the 'SSLKEYLOGFILE' environment variable used by curl, Chrome & Firefox to log ephemeral TLS encryption keys When set, wireguard-go will log ephemeral keys generated during each handshake to a file specified by the environment variable in the WireGuard key log format. The format used is the same as then one generated by the extract-handshakes.sh script. See also: - https://git.zx2c4.com/wireguard-tools/tree/contrib/extract-handshakes - https://wiki.wireshark.org/WireGuard#key-log-format - https://everything.curl.dev/usingcurl/tls/sslkeylogfile Signed-off-by: Steffen Vogel <[email protected]>
Any chance to get this reviewed? I've also posted it on the mailing list. |
I'm slightly worried about baking this in directly... For the kernel, it's just extracted from memory using a kprobe. Wonder if a similar kludge would work here? Wondering what you want this for, by the way. |
Hi @zx2c4, I am using for debugging purposes of my WireGuard-based P2P VPN agent cunīcu. To debug all of this, I wrote Gont a network testing toolkit written in Go. Gont also includes a feature to automatically record PCAP files of all network links between the namespaces. This is why I need this feature: I would like to dump wireguard-go's ephemeral keys to a PCAP file for subsequent analysis in WireShark for debugging purposes. |
@zx2c4 How would you feel, if I remove the setup of the key log writer from |
This change adds support for a new environment variable 'WG_KEYLOGFILE'
in resemblance to the 'SSLKEYLOGFILE' environment variable used by
curl, Chrome & Firefox to log ephemeral TLS encryption keys
When set, wireguard-go will log ephemeral keys generated during
each handshake to a file specified by the environment variable in the
WireGuard key log format.
The format used is the same as then one generated by the
extract-handshakes.sh script.
See also:
Signed-off-by: Steffen Vogel [email protected]