feature: 希望gotls能够支持打印请求报文并和响应报文关联起来

[ezxfv]

Describe the bug
查看了下目前gotls的实现，貌似只能获取tls应答包，不能获取tls请求数据(没看到相关的hook)，应该可以attach到tls.(*halfConn).decrypt函数？解密后的数据是在return value，入参是加密数据，不过我看前面有拦截秘钥，可以在用户态程序去做解密？golang程序暂不支持uretprobe，不然就可以直接attach tls.Read了，以下是另一种折中的方案: https://github.com/iovisor/bcc/issues/1320#issuecomment-407927542

To Reproduce
Steps to reproduce the behavior:
测试gotls功能，curl请求到本地的go https服务

Expected behavior
能够同时截获tls请求和响应

• Env: [run make env to get the environment variables]
• OS: [Ubuntu 22.04]
• Arch: [amd64]
• Kernel Version: [5.15]

[cfc4n]

1，确实，gotls的text模式，是只能取到response数据，拿不到request的数据。
https://github.com/gojue/ecapture/blob/master/user/module/probe_gotls.go#L187-L207

2，uretprobe模式，确实难以实现，是go语言的栈机制问题导致的。 您发的bcc的issue我之前阅读过，里面也没更好地解决这个问题。没有特别好的方案。

3，你可以使用pcapng模式，可以完整的拿到解密后的request、response数据内容，并可以很好的关联起来。

---

1. The text mode of gotls can only retrieve data from the request and cannot obtain data from the response.
   https://github.com/gojue/ecapture/blob/master/user/module/probe_gotls.go#L187-L207

2. The uretprobe mode is indeed difficult to implement due to Go's stack mechanism. I have read the issue you posted on bcc before, but there is no better solution to this problem. There are no particularly good options.

3. You can use pcapng mode, which allows you to fully access decrypted request and response data content and associate them well.

[cfc4n]

已解决，欢迎试用。
测试的go https 客户端是 ./tests/golang_https.go这个文件。

root@vm-server-2004:/home/cfc4n/project/ecapture# ./bin/ecapture gotls --elfpath=./tests/tests
tls_2023/05/01 08:42:30 ECAPTURE :: ecapture Version : linux_x86_64:0.4.11-20230205-09197fd:5.4.0-131-generic
tls_2023/05/01 08:42:30 ECAPTURE :: Pid Info : 172874
tls_2023/05/01 08:42:30 ECAPTURE :: Kernel Info : 5.4.210
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	module initialization
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	master key keylogger: ecapture_masterkey.log
tls_2023/05/01 08:42:30 ECAPTURE ::	Module.Run()
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	UPROBE MODEL
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	eBPF Function Name:gotls_write_register, isRegisterABI:true
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	add uretprobe function :crypto/tls.(*Conn).Read, offset:0x104
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	add uretprobe function :crypto/tls.(*Conn).Read, offset:0x131
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	add uretprobe function :crypto/tls.(*Conn).Read, offset:0x1B2
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	add uretprobe function :crypto/tls.(*Conn).Read, offset:0x2FD
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	add uretprobe function :crypto/tls.(*Conn).Read, offset:0x330
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	add uretprobe function :crypto/tls.(*Conn).Read, offset:0x3AD
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	add uretprobe function :crypto/tls.(*Conn).Read, offset:0x3CB
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	target all process.
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	target all users.
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	BPF bytecode filename:user/bytecode/gotls_kern.o
tls_2023/05/01 08:42:30 EBPFProbeGoTLS	module started successfully.
tls_2023/05/01 08:42:33 CLIENT_RANDOM: save CLIENT_RANDOM 9a13f714e7c724784fc2b06bcf6ff63543fe9bfb337a8e66b57bb5a76e2da2ff to file success, 176 bytes
tls_2023/05/01 08:42:33 PID: 172899, Comm: tests, TID: 172903, PayloadType:0, Payload: GET / HTTP/1.1
Host: baidu.com
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip



tls_2023/05/01 08:42:33 PID: 172899, Comm: tests, TID: 172899, PayloadType:1, Payload: HTTP/1.1 302 Moved Temporarily
Server: bfe/1.0.8.18
Date: Mon, 01 May 2023 08:42:33 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location: http://www.baidu.com/

<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>bfe/1.0.8.18</center>
</body>
</html>

[ezxfv]

@cfc4n 你好，我测试的时候print payload打印的内容好像滚动了，还没来得及分析是啥问题