kern: Adjust the timing of key acquisition to distinguish between TLS

[cfc4n]

最好的办法是先判断当前SSL的模式，是server还是client。 目前ssl->server 字段是bool类型，offsetof方法不太好读取，暂时使用state的最小值代替， 下面 TLS 1.3的判断机制也是这样。

The best way is to first determine the current SSL mode, whether it is server or client. Currently, the ssl->server field is of bool type, and using the offsetof method is not very readable. Therefore, the minimum value of the state is temporarily used instead. The judgment mechanism for TLS 1.3 follows the same approach.

[github-actions]

Qodana for Go

It seems all right 👌

No new problems were found according to the checks applied

💡 Qodana analysis was run in the pull request mode: only the changed files were checked
☁️ View the detailed Qodana report

Detected 82 dependencies

Third-party software list

This page lists the third-party software dependencies used in project

Dependency	Version	Licenses
github.com/avast/retry-go	v3.0.0+incompatible	MIT
github.com/bytedance/sonic/loader	v0.1.1	Apache-2.0
github.com/bytedance/sonic	v1.11.6	Apache-2.0
github.com/cilium/ebpf	v0.12.3	MIT
github.com/cloudflare/cbpfc	v0.0.0-20230809125630-31aa294050ff	BSD-3-Clause
github.com/cloudwego/base64x	v0.1.4	Apache-2.0
github.com/cloudwego/iasm	v0.2.0	Apache-2.0
github.com/coreos/go-systemd/v22	v22.5.0	Apache-2.0
github.com/cpuguy83/go-md2man/v2	v2.0.3	MIT
github.com/creack/pty	v1.1.9	MIT
github.com/davecgh/go-spew	v1.1.1	ISC
github.com/florianl/go-tc	v0.4.3	MIT
github.com/frankban/quicktest	v1.14.5	MIT
github.com/gabriel-vasile/mimetype	v1.4.3	MIT
github.com/gin-contrib/sse	v0.1.0	MIT
github.com/gin-gonic/gin	v1.10.0	MIT
github.com/go-playground/assert/v2	v2.2.0	MIT
github.com/go-playground/locales	v0.14.1	MIT
github.com/go-playground/universal-translator	v0.18.1	MIT
github.com/go-playground/validator/v10	v10.20.0	MIT
github.com/goccy/go-json	v0.10.2	MIT
github.com/godbus/dbus/v5	v5.0.4	BSD-2-Clause
github.com/gojue/ebpfmanager	v0.4.5	AGPL-3.0-or-later
github.com/golang/protobuf	v1.5.0	BSD-3-Clause
github.com/google/go-cmp	v0.6.0	BSD-3-Clause
github.com/google/gofuzz	v1.0.0	Apache-2.0
github.com/google/gopacket	v1.1.20	BSD-3-Clause
github.com/hashicorp/errwrap	v1.0.0	MPL-2.0
github.com/hashicorp/go-multierror	v1.1.1	MPL-2.0
github.com/inconshreveable/mousetrap	v1.1.0	Apache-2.0
github.com/josharian/native	v1.1.0	MIT
github.com/jsimonetti/rtnetlink	v0.0.0-20211022192332-93da33804786	MIT
github.com/json-iterator/go	v1.1.12	MIT
github.com/klauspost/cpuid/v2	v2.2.7	MIT
github.com/knz/go-libedit	v1.10.1	Apache-2.0
github.com/kr/pretty	v0.3.1	MIT
github.com/kr/pty	v1.1.1	MIT
github.com/kr/text	v0.2.0	MIT
github.com/leodido/go-urn	v1.4.0	MIT
github.com/mattn/go-colorable	v0.1.13	MIT
github.com/mattn/go-isatty	v0.0.20	MIT
github.com/mdlayher/ethtool	v0.0.0-20210210192532-2b88debcdd43	MIT
github.com/mdlayher/genetlink	v1.0.0	MIT
github.com/mdlayher/netlink	v1.7.1	MIT
github.com/mdlayher/socket	v0.4.0	MIT
github.com/modern-go/concurrent	v0.0.0-20180306012644-bacd9c7ef1dd	Apache-2.0
github.com/modern-go/reflect2	v1.0.2	Apache-2.0
github.com/pelletier/go-toml/v2	v2.2.2	MIT
github.com/pkg/errors	v0.9.1	BSD-2-Clause
github.com/pmezard/go-difflib	v1.0.0	BSD-3-Clause
github.com/rogpeppe/go-internal	v1.9.0	BSD-3-Clause
github.com/rs/xid	v1.5.0	MIT
github.com/rs/zerolog	v1.32.0	MIT
github.com/russross/blackfriday/v2	v2.1.0	BSD-2-Clause
github.com/shuLhan/go-bindata	v4.0.0+incompatible	CC0-1.0
github.com/sirupsen/logrus	v1.8.1	MIT
github.com/spf13/cobra	v1.8.0	Apache-2.0
github.com/spf13/pflag	v1.0.5	BSD-3-Clause
github.com/stretchr/objx	v0.5.2	MIT
github.com/stretchr/testify	v1.9.0	MIT
github.com/twitchyliquid64/golang-asm	v0.15.1	BSD-3-Clause
github.com/ugorji/go/codec	v1.2.12	MIT
github.com/vishvananda/netlink	v1.1.0	Apache-2.0
github.com/vishvananda/netns	v0.0.0-20210104183010-2eb08e3e575f	Apache-2.0
golang.org/x/arch	v0.8.0	BSD-3-Clause
golang.org/x/crypto	v0.23.0	BSD-3-Clause
golang.org/x/exp	v0.0.0-20230224173230-c95f2b4c22f2	BSD-3-Clause
golang.org/x/lint	v0.0.0-20200302205851-738671d3881b	BSD-3-Clause
golang.org/x/mod	v0.8.0	BSD-3-Clause
golang.org/x/net	v0.25.0	BSD-3-Clause
golang.org/x/sync	v0.1.0	BSD-3-Clause
golang.org/x/sys	v0.20.0	BSD-3-Clause
golang.org/x/term	v0.20.0	BSD-3-Clause
golang.org/x/text	v0.15.0	BSD-3-Clause
golang.org/x/tools	v0.6.0	BSD-3-Clause
golang.org/x/xerrors	v0.0.0-20200804184101-5ec99f83aff1	BSD-3-Clause
google.golang.org/protobuf	v1.34.1	BSD-3-Clause
gopkg.in/check.v1	v1.0.0-20180628173108-788fd7840127	BSD-2-Clause
gopkg.in/errgo.v2	v2.1.0	BSD-3-Clause
gopkg.in/yaml.v3	v3.0.1	Apache-2.0 MIT
nullprogram.com/x/optparse	v1.0.0	Unlicense
rsc.io/pdf	v0.1.1	BSD-3-Clause

Contact Qodana team

Contact us at [email protected]

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions

[cfc4n]

@boost2020

你可以帮忙测试一下吗？使用非Android的boringssl类库，测试一下这个PR是否能正常捕获密钥。

分别以Server\Client两种模式，测试TLS 1.2、1.3的情况，谢谢。

Can you help test this? Using the non-Android boringssl library, check if this PR can properly capture the key.

Test in both Server and Client modes for TLS 1.2 and 1.3 scenarios, thank you.

Mode	<= TLS 1.2	>= TLS 1.3
Server Mode	❓	❓
Client Mode	❓	❓

[boost2020]

辛苦了，我这周来搭环境验证

[boost2020]

验证情况如下：

[boost2020]

上述4种场景都验证了，都可以取到key了

All four scenarios have been verified and the key can be obtained.

[cfc4n]

上述4种场景都验证了，都可以取到key了

All four scenarios have been verified and the key can be obtained.

pcapng包里，可以正常看到解密后的明文文本吗？

In the pcapng file, can you normally see the plaintext text after decryption?

[boost2020]

pcap的包 4种情况也都验证通过

The pcap packets have successfully passed all four tests.