Open calee0219 opened 4 years ago
If it can be done via tshark, then it would be easy to implement. The applicaiton does not parse the packets, rather generates a call to tshark, which dissects the packets and generates an XML file (PDML file) that is used for creating the diagram. If you can send me an example including traces and the tshark command you use, it can be added. We did not have the issue (yet), so we did not need that yet.
Here is the TLS version pcap file and keylog free5gc_tls.zip keylog.zip
I think tshark also support decrypt TLS as following link. https://minnmyatsoe.com/2016/01/26/using-tshark-to-decrypt-ssl-tls-packets/ But I didn't test it, so I'm not for sure.
From what I can see, the application would not have enough information to do anything with those logs (to what connection should that apply to?). The website you pointed to also uses the certificates additionally to the logged secrets.
For me, it would be quite difficult to implement a solution given that I cannot test it and I have no idea how to do this for a trace containing multiple TLS connections.
What I can offer you is that if you can provide me a working decoding using tshark, I can add those steps to the application. The application is in the end little more than an automated call to tshark and then to PlantUML, so that should work.
For wireshark, it provide an option to decode TLS on HTTP2 if we provide the key file. https://github.com/free5gc/free5gc/wiki/Trouble_Shooting#6-decode-http2-packet-in-wireshark
I'm wondering if 5g-trace-visualizer is consider to support decoding encrypting SBI maybe using this feature in wireshark.