release: v0.7.4

Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
gojue · Feb 24, 2024 · cad79db · cad79db
1 parent 627cc90
commit cad79db
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,7 +1,37 @@
+# v0.7.4 (2024-02-24)
+## 🚀 Breaking Changes
+eCapture supports [Pcap Filter Syntax] (https://www.tcpdump.org/manpages/pcap-filter.7.html), and you can use the pcap filter expression to filter network packets like tcpdump.
+
+In the tls\gotls module, when the running mode is 'pcap', the pcap filter expression is supported, which can be set in the last parameter of the command line, for example:
+
+------
+eCapture支持[Pcap Filter Syntax](https://www.tcpdump.org/manpages/pcap-filter.7.html)，你可以像tcpdump一样使用pcap filter表达式来过滤网络包。
+
+在tls\gotls模块中，当运行模式为`pcap`时，支持pcap filter表达式，在命令行最后的参数中设定，例如：
+```shell
+ecapture tls -m pcap -i wlan0 -w save.pcapng host 192.168.1.1 and tcp port 443
+```
+
+## What's Changed
+
+## New Contributors
+
+**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.7.3...v0.7.4
+<hr>
+
 # v0.7.3 (2024-01-28)
 ## What's Changed
+* makefile: Optimize the feature list for the Android version by @cfc4n in https://github.com/gojue/ecapture/pull/457
+* user: support event processor by @cfc4n in https://github.com/gojue/ecapture/pull/462
+* chore: remove refs to deprecated io/ioutil by @testwill in https://github.com/gojue/ecapture/pull/465
+* user: fix concurrent map read and map write #467 by @cfc4n in https://github.com/gojue/ecapture/pull/468
+* utils: support openssl 3.1.0-3.1.4 and 3.0.9-3.0.12 by @cfc4n in https://github.com/gojue/ecapture/pull/469
+* user: imporve dynamic link library path loading logic on aarch64 ubuntu by @cfc4n in https://github.com/gojue/ecapture/pull/470
+* user: imporve #463, impact on the performance of the tested program by @cfc4n in https://github.com/gojue/ecapture/pull/471
+* kern: support openssl 3.2.x , change ssl_st to ssl_connection_st by @cfc4n in https://github.com/gojue/ecapture/pull/472
 
 ## New Contributors
+* @testwill made their first contribution in https://github.com/gojue/ecapture/pull/465
 
 **Full Changelog**: https://github.com/gojue/ecapture/compare/v0.7.2...v0.7.3
 <hr>

diff --git a/cli/cmd/tls.go b/cli/cmd/tls.go
@@ -38,8 +38,9 @@ var opensslCmd = &cobra.Command{
 	Aliases: []string{"openssl"},
 	Short:   "use to capture tls/ssl text content without CA cert. (Support openssl 1.0.x/1.1.x/3.0.x or newer).",
 	Long: `use eBPF uprobe/TC to capture process event data and network data.also support pcap-NG format.
-ecapture tls
-ecapture tls --hex --pid=3423
+
+ecapture tls -m [text|keylog|pcap] [flags] [pcap filter expression (for pcap mode)]
+ecapture tls -m pcap -i wlan0 -w save.pcapng host 192.168.1.1 and tcp port 443
 ecapture tls -l save.log --pid=3423
 ecapture tls --libssl=/lib/x86_64-linux-gnu/libssl.so.1.1
 ecapture tls -m keylog --pcapfile save_3_0_5.pcapng --ssl_version="openssl 3.0.5" --libssl=/lib/x86_64-linux-gnu/libssl.so.3
@@ -55,7 +56,7 @@ func init() {
 	opensslCmd.PersistentFlags().StringVar(&oc.Pthread, "pthread", "", "libpthread.so file path, use to hook connect to capture socket FD.will automatically find it from curl.")
 	opensslCmd.PersistentFlags().StringVarP(&oc.Model, "model", "m", "text", "capture model, such as : text, pcap/pcapng, key/keylog")
 	opensslCmd.PersistentFlags().StringVarP(&oc.KeylogFile, "keylogfile", "k", "ecapture_openssl_key.og", "The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file.")
-	opensslCmd.PersistentFlags().StringVarP(&oc.PcapFile, "pcapfile", "w", "ecapture_openssl.pcapng", "write the raw packets to file as pcapng format.")
+	opensslCmd.PersistentFlags().StringVarP(&oc.PcapFile, "pcapfile", "w", "save.pcapng", "write the raw packets to file as pcapng format.")
 	opensslCmd.PersistentFlags().StringVarP(&oc.Ifname, "ifname", "i", "", "(TC Classifier) Interface name on which the probe will be attached.")
 	opensslCmd.PersistentFlags().StringVar(&oc.SslVersion, "ssl_version", "", "openssl/boringssl version， e.g: --ssl_version=\"openssl 1.1.1g\" or  --ssl_version=\"boringssl 1.1.1\"")
 

diff --git a/utils/openssl_3_2_0_offset.c b/utils/openssl_3_2_0_offset.c
@@ -5,27 +5,26 @@
 #include <stddef.h>
 #include <stdio.h>
 
-#define SSL_STRUCT_OFFSETS               \
-    X(ssl_st, type)                   \
+#define SSL_STRUCT_OFFSETS                          \
+    X(ssl_st, type)                                 \
     X(ssl_connection_st, version)                   \
     X(ssl_connection_st, session)                   \
     X(ssl_connection_st, s3)                        \
     X(ssl_connection_st, rbio)                      \
     X(ssl_connection_st, wbio)                      \
-    X(ssl_session_st, master_key)        \
+    X(ssl_session_st, master_key)                   \
     X(ssl_connection_st, s3.client_random)          \
-    X(ssl_session_st, cipher)            \
-    X(ssl_session_st, cipher_id)         \
-    X(ssl_cipher_st, id)                 \
+    X(ssl_session_st, cipher)                       \
+    X(ssl_session_st, cipher_id)                    \
+    X(ssl_cipher_st, id)                            \
     X(ssl_connection_st, handshake_secret)          \
     X(ssl_connection_st, handshake_traffic_hash)    \
     X(ssl_connection_st, client_app_traffic_secret) \
     X(ssl_connection_st, server_app_traffic_secret) \
     X(ssl_connection_st, exporter_master_secret)    \
-    X(bio_st, num)                  \
+    X(bio_st, num)                                  \
     X(quic_conn_st, tls)
 
-
 void toUpper(char *s) {
     int i = 0;
     while (s[i] != '\0') {