Support for hooking GNUTLS #3
Comments
|
looks like GNUTLS is a bit "too flexible" to trivially hook the actual packet-IO portion. the existing streams mechanism uses FDs as the keys, but gnuTLS doesn't mandate berkley sockets. Of course, an easy workaround is to simply make sure that stream->fd is always large enough to fit a pointer, and just use the session pointer as the key, but that would also require reworking the entire streams mechanism in generally, really... Or just provide the warning that gnutls support will likely "behave in an unexpected manner" if whatever is being hooked tries to set custom transport hooks... |
|
Hi! Do you have an application in mind that uses GNUTLS? I can try to take a look. |
|
I have a somewhat-working implementation over at https://github.com/baconwaifu/netintercept but it has quite a few "horrible bodges" to make it work, as the implementation I was testing against uses custom transport hooks rather than the default send/recv hooks; there's no "generic" way to reliably get an fd out of it. I made it work by just using the lower bits of the session pointer as the "fd" in the stream list and giving it just enough dummy configuration to output something to the pcap, albeit without useful things like "port number" and "IP address". As for applications to test against, I was testing it against |
Currently GNUTLS traffic is recorded as encrypted TLS traffic as there aren't any hooks to capture the decrypted form. PR coming shortly.
The text was updated successfully, but these errors were encountered: