Documentation
¶
Overview ¶
Package offset guess c struct offset
Index ¶
- Constants
- func BpfMapGuessHTTPInit(m *manager.Manager) (*ebpf.Map, error)
- func BpfMapGuessInit(m *manager.Manager) (*ebpf.Map, error)
- func DumpOffset(offsetC OffsetGuessC) (string, error)
- func GuessOffsetHTTPFlow(status *OffsetGuessC) ([]manager.ConstantEditor, error)
- func NewConstEditor(offsetGuess *OffsetGuessC) []manager.ConstantEditor
- func NewConstEditorTCPSeq(offset *OffsetTCPSeqC) []manager.ConstantEditor
- func NewConstHTTPEditor(offsetHTTP *OffsetHTTPFlowC) []manager.ConstantEditor
- func NewGuessManger() (*manager.Manager, error)
- func NewOffsetHTTPFlow() (*manager.Manager, error)
- func SetLogger(nl *logger.Logger)
- func SetTCPSeqOffset(dst *OffsetGuessC, src *OffsetTCPSeqC)
- type CTConnC
- type Conninfo
- type OffsetCheck
- type OffsetConntrackC
- type OffsetGuessC
- type OffsetHTTPFlowC
- type OffsetTCPSeqC
- type OffsetTmp
Constants ¶
View Source
const ( ConnL3Mask = 0xFF // 0xFF ConnL3IPv4 = 0x00 // 0x00 ConnL3IPv6 = 0x01 // 0x01 ConnL4Mask = 0xFF00 // 0xFF00 ConnL4TCP = 0x0000 // 0x00 << 8 ConnL4UDP = 0x0100 // 0x01 << 8 MAXOFFSET = 2048 MINSUCCESS = 5 )
View Source
const ( GUESS_SK_NUM = iota + 1 GUESS_INET_SPORT GUESS_SK_FAMILY GUESS_SK_RCV_SADDR GUESS_SK_DADDR GUESS_SK_V6_RCV_SADDR GUESS_SK_V6_DADDR GUESS_SK_DPORT GUESS_TCP_SK_SRTT_US GUESS_TCP_SK_MDEV_US GUESS_FLOWI4_SADDR GUESS_FLOWI4_DADDR GUESS_FLOWI4_SPORT GUESS_FLOWI4_DPORT GUESS_FLOWI6_SADDR GUESS_FLOWI6_DADDR GUESS_FLOWI6_SPORT GUESS_FLOWI6_DPORT GUESS_SKADDR_SIN_PORT GUESS_SKADRR6_SIN6_PORT GUESS_SK_NET GUESS_NS_COMMON_INUM GUESS_SOCKET_SK GUESS_CONNTRACK_TUPLE_ORIGIN GUESS_CONNTRACK_TUPLE_REPLY )
View Source
const ( ERR_G_NOERROR = 0 ERR_G_SK_NET = 19 )
View Source
const KernelTaskCommLen = 16 // Maximum length of process(thread task) name
Variables ¶
This section is empty.
Functions ¶
func DumpOffset ¶
func DumpOffset(offsetC OffsetGuessC) (string, error)
func GuessOffsetHTTPFlow ¶
func GuessOffsetHTTPFlow(status *OffsetGuessC) ([]manager.ConstantEditor, error)
func NewConstEditor ¶
func NewConstEditor(offsetGuess *OffsetGuessC) []manager.ConstantEditor
func NewConstEditorTCPSeq ¶
func NewConstEditorTCPSeq(offset *OffsetTCPSeqC) []manager.ConstantEditor
func NewConstHTTPEditor ¶
func NewConstHTTPEditor(offsetHTTP *OffsetHTTPFlowC) []manager.ConstantEditor
func NewGuessManger ¶
func NewOffsetHTTPFlow ¶
func SetTCPSeqOffset ¶
func SetTCPSeqOffset(dst *OffsetGuessC, src *OffsetTCPSeqC)
Types ¶
type CTConnC ¶
type CTConnC C.struct_nf_conn_tuple
type OffsetCheck ¶
type OffsetCheck struct {
// contains filtered or unexported fields
}
type OffsetConntrackC ¶
type OffsetConntrackC C.struct_offset_conntrack
func GuessOffsetConntrack ¶
func GuessOffsetConntrack(guessed *OffsetConntrackC) ([]manager.ConstantEditor, *OffsetConntrackC, error)
type OffsetGuessC ¶
type OffsetGuessC C.struct_offset_guess
func GuessOffset ¶
func GuessOffset(bpfManager *manager.Manager, guessed *OffsetGuessC, ipv6Disabled bool) (*OffsetGuessC, error)
GuessOffset guess the offset of the structure field, such as tcp_sock.srtt_us.
func LoadOffset ¶
func LoadOffset(str string) (OffsetGuessC, error)
type OffsetHTTPFlowC ¶
type OffsetHTTPFlowC C.struct_offset_httpflow
type OffsetTCPSeqC ¶
type OffsetTCPSeqC C.struct_offset_tcp_seq
func GetTCPSeqOffset ¶
func GetTCPSeqOffset(offset *OffsetGuessC) *OffsetTCPSeqC
func GuessOffsetTCPSeq ¶
func GuessOffsetTCPSeq(netflowOffset []manager.ConstantEditor) ([]manager.ConstantEditor, *OffsetTCPSeqC, error)
type OffsetTmp ¶
type OffsetTmp struct {
// meta
Version string `json:"version"`
KernelVersion string `json:"kernel_version"`
// netflow
SkNum uint64 `json:"offset_sk_num"` // netflow
InetSport uint64 `json:"offset_inet_sport"`
SkFamily uint64 `json:"offset_sk_family"`
SkRcvSaddr uint64 `json:"offset_sk_rcv_saddr"`
SkDaddr uint64 `json:"offset_sk_daddr"`
SkV6RcvSaddr uint64 `json:"offset_sk_v6_rcv_saddr"`
SkV6Daddr uint64 `json:"offset_sk_v6_daddr"`
SkDport uint64 `json:"offset_sk_dport"`
TCPSkSrttUs uint64 `json:"offset_tcp_sk_srtt_us"`
TCPSkMdevUs uint64 `json:"offset_tcp_sk_mdev_us"`
Flowi4Saddr uint64 `json:"offset_flowi4_saddr"`
Flowi4Daddr uint64 `json:"offset_flowi4_daddr"`
Flowi4SPort uint64 `json:"offset_flowi4_sport"`
Flowi4DPort uint64 `json:"offset_flowi4_dport"`
Flowi6SAddr uint64 `json:"offset_flowi6_saddr"`
Flowi6DAddr uint64 `json:"offset_flowi6_daddr"`
Flowi6SPort uint64 `json:"offset_flowi6_sport"`
Flowi6Dport uint64 `json:"offset_flowi6_dport"`
SkAddrSinPort uint64 `json:"offset_skaddr_sin_port"`
SkAddr6Sin6Port uint64 `json:"offset_skaddr6_sin6_port"`
SkNet uint64 `json:"offset_sk_net"`
NsCommonInum uint64 `json:"offset_ns_common_inum"` // +conntrack
SocketSk uint64 `json:"offset_socket_sk"`
// tcp seq
CopiedSeq uint64 `json:"offset_copied_seq"`
WriteSeq uint64 `json:"offset_write_seq"`
// apiflow
TaskFiles uint64 `json:"offset_task_struct_files"` // httpflow
FileFDT uint64 `json:"offset_files_struct_fdt"`
SocketFile uint64 `json:"offset_socket_file"`
FilePrivateData uint64 `json:"offset_file_private_data"`
// contrack
CTNet uint64 `json:"offset_ct_net"` // conntrack
CTOriginTuple uint64 `json:"offset_origin_tuple"`
CTReplyTuple uint64 `json:"offset_reply_tuple"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.