config

package
v0.8.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 16, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Copyright © 2022 Hengqi Chen

Index

Constants

View Source 
const (
	LdLoadPath       = "/etc/ld.so.conf"
	ElfArchIsandroid = false
)
View Source 
const (
	GoTlsReadFunc         = "crypto/tls.(*Conn).Read"
	GoTlsWriteFunc        = "crypto/tls.(*Conn).writeRecordLocked"
	GoTlsMasterSecretFunc = "crypto/tls.(*Config).writeKeyLog"
)
View Source 
const (
	ElfTypeBin uint8 = 1
	ElfTypeSo  uint8 = 2
)
View Source 
const (
	TlsCaptureModelText   = "text"
	TlsCaptureModelPcap   = "pcap"
	TlsCaptureModelPcapng = "pcapng"
	TlsCaptureModelKey    = "key"
	TlsCaptureModelKeylog = "keylog"
)
View Source 
const (
	BTFModeAutoDetect = 0
	BTFModeCore       = 1
	BTFModeNonCore    = 2
)
View Source 
const (
	DefaultIfname = "eth0"
)
View Source 
const DefaultNsprNssPath = "/usr/lib/firefox/libnspr4.so"

Variables

View Source 
var (
	ErrorGoBINNotFound            = errors.New("The executable program (compiled by Golang) was not found")
	ErrorSymbolEmpty              = errors.New("symbol is empty")
	ErrorSymbolNotFound           = errors.New("symbol not found")
	ErrorSymbolNotFoundFromTable  = errors.New("symbol not found from table")
	ErrorNoRetFound               = errors.New("no RET instructions found")
	ErrorNoFuncFoundFromSymTabFun = errors.New("no function found from golang symbol table with Func Name")
)
View Source 
var (

	// DefaultMapSizePerCpu default: 4MB
	DefaultMapSizePerCpu = os.Getpagesize() * 1024
)

1, the RPATH binary header (set at build-time) of the library causing the lookup (if any) 2, the RPATH binary header (set at build-time) of the executable 3, the LD_LIBRARY_PATH environment variable (set at run-time) 4, the RUNPATH binary header (set at build-time) of the executable 5, /etc/ld.so.cache 6, base library directories (/lib and /usr/lib) ref: http://blog.tremily.us/posts/rpath/

Functions

func GetDynLibDirs 

func GetDynLibDirs() []string

func GlobMany 

func GlobMany(targets []string, onErr func(string, error)) []string

func ParseDynLibConf 

func ParseDynLibConf(pattern string) (dirs []string, err error)

ParseDynLibConf reads/parses DL config files defined as a pattern and returns a list of directories found in there (or an error).

Types

type BaseConfig added in v0.8.1 

type BaseConfig struct {
	Pid    uint64 `json:"pid"`
	Uid    uint64 `json:"uid"`
	Listen string `json:"listen"` // listen address, default: 127.0.0.1:28256

	// mapSizeKB
	PerCpuMapSize      int    `json:"per_cpu_map_size"` // ebpf map size for per Cpu.   see https://github.com/gojue/ecapture/issues/433 .
	IsHex              bool   `json:"is_hex"`
	Debug              bool   `json:"debug"`
	BtfMode            uint8  `json:"btf_mode"`
	LoggerAddr         string `json:"logger_addr"`          // logger address
	LoggerType         uint8  `json:"logger_type"`          // 0:stdout, 1:file, 2:tcp
	EventCollectorAddr string `json:"event_collector_addr"` // the server address that receives the captured event
}

func (*BaseConfig) Bytes added in v0.8.1 

func (c *BaseConfig) Bytes() []byte

func (*BaseConfig) EnableGlobalVar added in v0.8.1 

func (c *BaseConfig) EnableGlobalVar() bool

func (*BaseConfig) GetBTF added in v0.8.1 

func (c *BaseConfig) GetBTF() uint8

func (*BaseConfig) GetDebug added in v0.8.1 

func (c *BaseConfig) GetDebug() bool

func (*BaseConfig) GetEventCollectorAddr added in v0.8.5 

func (c *BaseConfig) GetEventCollectorAddr() string

func (*BaseConfig) GetHex added in v0.8.1 

func (c *BaseConfig) GetHex() bool

func (*BaseConfig) GetPerCpuMapSize added in v0.8.1 

func (c *BaseConfig) GetPerCpuMapSize() int

func (*BaseConfig) GetPid added in v0.8.1 

func (c *BaseConfig) GetPid() uint64

func (*BaseConfig) GetUid added in v0.8.1 

func (c *BaseConfig) GetUid() uint64

func (*BaseConfig) SetAddrType added in v0.8.1 

func (c *BaseConfig) SetAddrType(t uint8)

func (*BaseConfig) SetBTF added in v0.8.1 

func (c *BaseConfig) SetBTF(BtfMode uint8)

func (*BaseConfig) SetDebug added in v0.8.1 

func (c *BaseConfig) SetDebug(b bool)

func (*BaseConfig) SetEventCollectorAddr added in v0.8.5 

func (c *BaseConfig) SetEventCollectorAddr(addr string)

func (*BaseConfig) SetHex added in v0.8.1 

func (c *BaseConfig) SetHex(isHex bool)

func (*BaseConfig) SetPerCpuMapSize added in v0.8.1 

func (c *BaseConfig) SetPerCpuMapSize(size int)

func (*BaseConfig) SetPid added in v0.8.1 

func (c *BaseConfig) SetPid(pid uint64)

func (*BaseConfig) SetUid added in v0.8.1 

func (c *BaseConfig) SetUid(uid uint64)

type BashConfig 

type BashConfig struct {
	BaseConfig
	Bashpath         string `json:"bashpath"` //bash的文件路径
	Readline         string `json:"readline"`
	ErrNo            int
	ElfType          uint8 //
	ReadlineFuncName string
}

BashConfig Bashpath 与 readline 两个参数,使用时二选一

func NewBashConfig 

func NewBashConfig() *BashConfig

func (*BashConfig) Bytes added in v0.8.1 

func (bc *BashConfig) Bytes() []byte

func (*BashConfig) Check 

func (bc *BashConfig) Check() error

type FuncOffsets 

type FuncOffsets struct {
	Start   uint64
	Returns []uint64
}

type GnutlsConfig 

type GnutlsConfig struct {
	BaseConfig
	//Curl path string `json:"curlpath"` //curl的文件路径
	Gnutls     string `json:"gnutls"`
	Model      string `json:"model"`
	PcapFile   string `json:"pcapfile"`
	KeylogFile string `json:"keylog"`
	Ifname     string `json:"ifname"`
	PcapFilter string `json:"pcapfilter"`
	SslVersion string `json:"sslversion"`
	ElfType    uint8
}

GnutlsConfig 最终使用openssl参数

func NewGnutlsConfig 

func NewGnutlsConfig() *GnutlsConfig

func (*GnutlsConfig) Bytes added in v0.8.1 

func (gc *GnutlsConfig) Bytes() []byte

func (*GnutlsConfig) Check 

func (gc *GnutlsConfig) Check() error

type GoTLSConfig 

type GoTLSConfig struct {
	BaseConfig
	Path       string `json:"path"`       // golang application path to binary built with Go toolchain.
	PcapFile   string `json:"pcapFile"`   // pcapFile  the  raw  packets  to file rather than parsing and printing them out.
	KeylogFile string `json:"keylogFile"` // keylogFile  The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file.
	Model      string `json:"model"`      // model  such as : text, pcapng/pcap, key/keylog.
	Ifname     string `json:"ifName"`     // (TC Classifier) Interface name on which the probe will be attached.
	PcapFilter string `json:"pcapFilter"` // pcap filter

	Buildinfo             *buildinfo.BuildInfo
	ReadTlsAddrs          []int
	GoTlsWriteAddr        uint64
	GoTlsMasterSecretAddr uint64
	IsPieBuildMode        bool
	// contains filtered or unexported fields
}

GoTLSConfig represents configuration for Go SSL probe

func NewGoTLSConfig 

func NewGoTLSConfig() *GoTLSConfig

NewGoTLSConfig creates a new config for Go SSL

func (*GoTLSConfig) Bytes added in v0.8.1 

func (gc *GoTLSConfig) Bytes() []byte

func (*GoTLSConfig) Check 

func (gc *GoTLSConfig) Check() error

func (*GoTLSConfig) ReadTable 

func (gc *GoTLSConfig) ReadTable() (*gosym.Table, error)

type IConfig 

type IConfig interface {
	Check() error //检测配置合法性
	GetPid() uint64
	GetUid() uint64
	GetHex() bool
	GetBTF() uint8
	GetDebug() bool
	SetPid(uint64)
	SetUid(uint64)
	SetHex(bool)
	SetBTF(uint8)
	SetDebug(bool)
	SetAddrType(uint8)
	SetEventCollectorAddr(string)
	GetEventCollectorAddr() string
	GetPerCpuMapSize() int
	SetPerCpuMapSize(int)
	EnableGlobalVar() bool //
	Bytes() []byte
}

type MysqldConfig 

type MysqldConfig struct {
	BaseConfig
	Mysqldpath  string     `json:"mysqldPath"` //curl的文件路径
	FuncName    string     `json:"funcName"`
	Offset      uint64     `json:"offset"`
	ElfType     uint8      //
	Version     MysqldType //
	VersionInfo string     // info
}

最终使用mysqld参数

func NewMysqldConfig 

func NewMysqldConfig() *MysqldConfig

func (*MysqldConfig) Bytes added in v0.8.1 

func (mc *MysqldConfig) Bytes() []byte

func (*MysqldConfig) Check 

func (mc *MysqldConfig) Check() error

type MysqldType 

type MysqldType uint8
const (
	MysqldTypeUnknow MysqldType = iota
	MysqldType56
	MysqldType57
	MysqldType80
)

type NsprConfig 

type NsprConfig struct {
	BaseConfig
	//Firefoxpath string `json:"firefoxpath"` //curl的文件路径
	Nsprpath string `json:"nsprpath"`
	ElfType  uint8  //
}

最终使用openssl参数

func NewNsprConfig 

func NewNsprConfig() *NsprConfig

func (*NsprConfig) Bytes added in v0.8.1 

func (nc *NsprConfig) Bytes() []byte

func (*NsprConfig) Check 

func (nc *NsprConfig) Check() error

type OpensslConfig 

type OpensslConfig struct {
	BaseConfig
	// Curlpath   string `json:"curlPath"` //curl的文件路径
	Openssl    string `json:"openssl"`
	Model      string `json:"model"`      // eCapture Openssl capture model. text:pcap:keylog
	PcapFile   string `json:"pcapfile"`   // pcapFile  the  raw  packets  to file rather than parsing and printing them out.
	KeylogFile string `json:"keylog"`     // Keylog  The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file.
	Ifname     string `json:"ifname"`     // (TC Classifier) Interface name on which the probe will be attached.
	PcapFilter string `json:"pcapfilter"` // pcap filter
	SslVersion string `json:"sslversion"` // openssl version like 1.1.1a/1.1.1f/boringssl_1.1.1
	CGroupPath string `json:"cgrouppath"` // cgroup path, used for filter process
	ElfType    uint8  //
	IsAndroid  bool   //	is Android OS ?
	AndroidVer string // Android OS version
}

最终使用openssl参数

func NewOpensslConfig 

func NewOpensslConfig() *OpensslConfig

func (*OpensslConfig) Bytes added in v0.8.1 

func (oc *OpensslConfig) Bytes() []byte

func (*OpensslConfig) Check 

func (oc *OpensslConfig) Check() error

type PostgresConfig 

type PostgresConfig struct {
	BaseConfig
	PostgresPath string `json:"postgresPath"`
	FuncName     string `json:"funcName"`
}

func NewPostgresConfig 

func NewPostgresConfig() *PostgresConfig

func (*PostgresConfig) Bytes added in v0.8.1 

func (pc *PostgresConfig) Bytes() []byte

func (*PostgresConfig) Check 

func (pc *PostgresConfig) Check() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.