I have a simple Golang proxy, using the std libs httputil.ReverseProxy[1]. I am trying to correlate its connections / bind port before the outbound tcp connection is made (i.e. the connect syscall, if I understand correctly).
E.g. a request is made from client 1.2.3.4:3333 to destination 5.6.7.8:4444. The proxy will make a new connection by binding first to some <port> and than creating the connection from localhost:<port> to 5.6.7.8:444 proxying requests and responses.
Can I catch the four-tuple describing the second connection, or at the very least the bind on the localhost before the connection / tcp handshake is made? Perhaps using eBPF tracing?
I have an eBPF program that tries to sniff the outbound connections
packets but I can't get the information fast enough before the tcp handshake, I've tried using httptrace callbacks to provide this information to my sniffer but the callback (i.e. GotConn) provides
the connections information only after the handshake is made.