Skip to content

Instantly share code, notes, and snippets.

@ddelnano

ddelnano/Output of stirling_wrapper with tls support

Last active November 21, 2024 19:52
Download ZIP
Pixie initial TLS tracing support
Raw
Output of stirling_wrapper with tls support
sudo ./stirling_wrapper_tls_support --stirling_enable_tls_tracing=1 --stirling_enable_dns_tracing=0 --stirling_enable_http_tracing=0 --print_record_batches=tls_events
[ ... ]
[tls_events] time_:[2024-11-21 19:24:00] upid:[{0:153944:7802244}] remote_addr:[74.125.195.102] remote_port:[443] local_addr:[10.129.0.8] local_port:[58682] trace_role:[1] req_type:[22] version:[769] extensions:[{"server_name":"[\"google.com\"]"}] latency:[0.0377938 seconds] px_info_:[conn_tracker=conn_id=[upid=153944:7802244 fd=5 gen=78022461370903] state=kTransferring remote_addr=74.125.195.102:443 role=kRoleClient protocol=kProtocolTLS ssl=true record=req=[TLS Frame [len=216 content_type=22 legacy_version=769 handshake_version=771 handshake_type=1 extensions={"server_name":"[\"google.com\"]"}]] resp=[TLS Frame [len=100 content_type=22 legacy_version=771 handshake_version=771 handshake_type=2 extensions={}]]]
[tls_events] time_:[2024-11-21 19:24:03] upid:[{0:153949:7802459}] remote_addr:[74.125.195.138] remote_port:[443] local_addr:[10.129.0.8] local_port:[39456] trace_role:[1] req_type:[22] version:[769] extensions:[{"server_name":"[\"google.com\"]"}] latency:[0.037208 seconds] px_info_:[conn_tracker=conn_id=[upid=153949:7802459 fd=5 gen=78024610261102] state=kTransferring remote_addr=74.125.195.138:443 role=kRoleClient protocol=kProtocolTLS ssl=true record=req=[TLS Frame [len=216 content_type=22 legacy_version=769 handshake_version=771 handshake_type=1 extensions={"server_name":"[\"google.com\"]"}]] resp=[TLS Frame [len=100 content_type=22 legacy_version=771 handshake_version=771 handshake_type=2 extensions={}]]]
[tls_events] time_:[2024-11-21 19:24:04] upid:[{0:3077:3917}] remote_addr:[127.0.0.1] remote_port:[56064] local_addr:[127.0.0.1] local_port:[10257] trace_role:[2] req_type:[22] version:[769] extensions:[{}] latency:[0.00230089 seconds] px_info_:[conn_tracker=conn_id=[upid=3077:3917 fd=16 gen=78025741104850] state=kTransferring remote_addr=127.0.0.1:56064 role=kRoleServer protocol=kProtocolTLS ssl=false record=req=[TLS Frame [len=246 content_type=22 legacy_version=769 handshake_version=771 handshake_type=1 extensions={}]] resp=[TLS Frame [len=122 content_type=22 legacy_version=771 handshake_version=771 handshake_type=2 extensions={}]]]
[tls_events] time_:[2024-11-21 19:24:04] upid:[{0:153954:7802582}] remote_addr:[74.125.195.101] remote_port:[443] local_addr:[10.129.0.8] local_port:[48314] trace_role:[1] req_type:[22] version:[769] extensions:[{"server_name":"[\"google.com\"]"}] latency:[0.0377552 seconds] px_info_:[conn_tracker=conn_id=[upid=153954:7802582 fd=5 gen=78025839457350] state=kTransferring remote_addr=74.125.195.101:443 role=kRoleClient protocol=kProtocolTLS ssl=true record=req=[TLS Frame [len=216 content_type=22 legacy_version=769 handshake_version=771 handshake_type=1 extensions={"server_name":"[\"google.com\"]"}]] resp=[TLS Frame [len=100 content_type=22 legacy_version=771 handshake_version=771 handshake_type=2 extensions={}]]]
[tls_events] time_:[2024-11-21 19:24:08] upid:[{0:153961:7802992}] remote_addr:[157.240.3.35] remote_port:[443] local_addr:[10.129.0.8] local_port:[46932] trace_role:[1] req_type:[22] version:[769] extensions:[{"server_name":"[\"facebook.com\"]"}] latency:[0.0367227 seconds] px_info_:[conn_tracker=conn_id=[upid=153961:7802992 fd=5 gen=78029949636451] state=kTransferring remote_addr=157.240.3.35:443 role=kRoleClient protocol=kProtocolTLS ssl=true record=req=[TLS Frame [len=218 content_type=22 legacy_version=769 handshake_version=771 handshake_type=1 extensions={"server_name":"[\"facebook.com\"]"}]] resp=[TLS Frame [len=102 content_type=22 legacy_version=771 handshake_version=771 handshake_type=2 extensions={}]]]
@ddelnano
Copy link
Author

ddelnano commented Nov 21, 2024
edited
Loading

This shows Pixie's TLS protocol tracing output from its command line interface and is the result of the changes on this branch.

The record key of each log line shows the req/resp details and shows the TLS extensions (SNI is the first supported at this time).

record=[
 req=[TLS Frame [len=216 content_type=22 legacy_version=769 handshake_version=771 handshake_type=1 extensions={"server_name":"[\"google.com\"]"}]
 resp=[TLS Frame [len=100 content_type=22 legacy_version=771 handshake_version=771 handshake_type=2 extensions={}]
]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment