Are there any official APIs I can use to hook into the network stack to log both transmitted and received packets at the IP layer?
My use case is that I want to record network traffic from the ESP32's point-of-view for debugging its communication behavior. Normally I would do an external packet capture, but since my application uses TLS (and I only control the device side, not the server), I need to dump the session keys in order to decode the traffic. I could create some ad-hoc means of dumping the session keys (every time the ESP32 establishes a new TLS session) and storing that into a file so that I can use it with Wireshark, but it involves a lot of moving parts.
My preferred approach, which I've implemented by adding hooks myself, is to have the ESP32 generate a PCAPNG file where it embeds the session keys into the file directly. Then I can either stream the file via semihosting/app-trace/what-have-you or dump it afterwards and I don't have to worry about figuring out which set of session keys belong with which packet capture.
From my first look over the IDF, I don't see a good place to get both received and transmitted packets:
- LWIP has its LWIP_HOOK_IP4_INPUT mechanism, but that would only cover received packets, which would be missing half of the conversation that I'm trying to debug. Also, I'm not sure if I can actually provide a hook without modifying the LWIP component, since it operates by adding a new header file include to the LWIP stack.
- There's also the promiscuous rx callback, which I haven't tried. It's a little lower level than I would like and I assume it has the same issue of only letting me capture received packets, not transmitted packets.
- When I first looked at the netif API, I thought I would be able to create a wrapper netif that would let me log the packets before passing them through to the real LWIP netif implementation. I wasn't able to make any progress without modifying the LWIP component since the LWIP netif structures/functions are all hidden behind a private implementation such that I can't find a way to make a wrapper without duplicating the LWIP netif definitions entirely.
While it works great for me as a one-off debugging test, the long-term maintainability is iffy, since I will have to reapply patches whenever the LWIP component is updated.
Does anybody know of any APIs that I could hook into to do this without modifying any of the ESP-IDF components, or if there are any plans to add any APIs in the future?