Documentation
¶
Overview ¶
Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Copyright © 2022 Hengqi Chen
Index ¶
- Constants
- Variables
- func GetDynLibDirs() []string
- func GlobMany(targets []string, onErr func(string, error)) []string
- func ParseDynLibConf(pattern string) (dirs []string, err error)
- type BaseConfig
- func (c *BaseConfig) Bytes() []byte
- func (c *BaseConfig) EnableGlobalVar() bool
- func (c *BaseConfig) GetBTF() uint8
- func (c *BaseConfig) GetDebug() bool
- func (c *BaseConfig) GetEventCollectorAddr() string
- func (c *BaseConfig) GetHex() bool
- func (c *BaseConfig) GetPerCpuMapSize() int
- func (c *BaseConfig) GetPid() uint64
- func (c *BaseConfig) GetUid() uint64
- func (c *BaseConfig) SetAddrType(t uint8)
- func (c *BaseConfig) SetBTF(BtfMode uint8)
- func (c *BaseConfig) SetDebug(b bool)
- func (c *BaseConfig) SetEventCollectorAddr(addr string)
- func (c *BaseConfig) SetHex(isHex bool)
- func (c *BaseConfig) SetPerCpuMapSize(size int)
- func (c *BaseConfig) SetPid(pid uint64)
- func (c *BaseConfig) SetUid(uid uint64)
- type BashConfig
- type FuncOffsets
- type GnutlsConfig
- type GoTLSConfig
- type IConfig
- type MysqldConfig
- type MysqldType
- type NsprConfig
- type OpensslConfig
- type PostgresConfig
Constants ¶
View Source
const ( LdLoadPath = "/etc/ld.so.conf" ElfArchIsandroid = false )
View Source
const ( GoTlsReadFunc = "crypto/tls.(*Conn).Read" GoTlsWriteFunc = "crypto/tls.(*Conn).writeRecordLocked" GoTlsMasterSecretFunc = "crypto/tls.(*Config).writeKeyLog" )
View Source
const ( ElfTypeBin uint8 = 1 ElfTypeSo uint8 = 2 )
View Source
const ( TlsCaptureModelText = "text" TlsCaptureModelPcap = "pcap" TlsCaptureModelPcapng = "pcapng" TlsCaptureModelKey = "key" TlsCaptureModelKeylog = "keylog" )
View Source
const ( BTFModeAutoDetect = 0 BTFModeCore = 1 BTFModeNonCore = 2 )
View Source
const (
DefaultIfname = "eth0"
)
View Source
const DefaultNsprNssPath = "/usr/lib/firefox/libnspr4.so"
Variables ¶
View Source
var ( ErrorGoBINNotFound = errors.New("The executable program (compiled by Golang) was not found") ErrorSymbolEmpty = errors.New("symbol is empty") ErrorSymbolNotFound = errors.New("symbol not found") ErrorSymbolNotFoundFromTable = errors.New("symbol not found from table") ErrorNoRetFound = errors.New("no RET instructions found") ErrorNoFuncFoundFromSymTabFun = errors.New("no function found from golang symbol table with Func Name") )
View Source
var ( // DefaultMapSizePerCpu default: 4MB DefaultMapSizePerCpu = os.Getpagesize() * 1024 )
1, the RPATH binary header (set at build-time) of the library causing the lookup (if any) 2, the RPATH binary header (set at build-time) of the executable 3, the LD_LIBRARY_PATH environment variable (set at run-time) 4, the RUNPATH binary header (set at build-time) of the executable 5, /etc/ld.so.cache 6, base library directories (/lib and /usr/lib) ref: http://blog.tremily.us/posts/rpath/
Functions ¶
func GetDynLibDirs ¶
func GetDynLibDirs() []string
func ParseDynLibConf ¶
ParseDynLibConf reads/parses DL config files defined as a pattern and returns a list of directories found in there (or an error).
Types ¶
type BaseConfig ¶ added in v0.8.1
type BaseConfig struct {
Pid uint64 `json:"pid"`
Uid uint64 `json:"uid"`
Listen string `json:"listen"` // listen address, default: 127.0.0.1:28256
// mapSizeKB
PerCpuMapSize int `json:"per_cpu_map_size"` // ebpf map size for per Cpu. see https://github.com/gojue/ecapture/issues/433 .
IsHex bool `json:"is_hex"`
Debug bool `json:"debug"`
BtfMode uint8 `json:"btf_mode"`
LoggerAddr string `json:"logger_addr"` // logger address
LoggerType uint8 `json:"logger_type"` // 0:stdout, 1:file, 2:tcp
EventCollectorAddr string `json:"event_collector_addr"` // the server address that receives the captured event
}
func (*BaseConfig) Bytes ¶ added in v0.8.1
func (c *BaseConfig) Bytes() []byte
func (*BaseConfig) EnableGlobalVar ¶ added in v0.8.1
func (c *BaseConfig) EnableGlobalVar() bool
func (*BaseConfig) GetBTF ¶ added in v0.8.1
func (c *BaseConfig) GetBTF() uint8
func (*BaseConfig) GetDebug ¶ added in v0.8.1
func (c *BaseConfig) GetDebug() bool
func (*BaseConfig) GetEventCollectorAddr ¶ added in v0.8.5
func (c *BaseConfig) GetEventCollectorAddr() string
func (*BaseConfig) GetHex ¶ added in v0.8.1
func (c *BaseConfig) GetHex() bool
func (*BaseConfig) GetPerCpuMapSize ¶ added in v0.8.1
func (c *BaseConfig) GetPerCpuMapSize() int
func (*BaseConfig) GetPid ¶ added in v0.8.1
func (c *BaseConfig) GetPid() uint64
func (*BaseConfig) GetUid ¶ added in v0.8.1
func (c *BaseConfig) GetUid() uint64
func (*BaseConfig) SetAddrType ¶ added in v0.8.1
func (c *BaseConfig) SetAddrType(t uint8)
func (*BaseConfig) SetBTF ¶ added in v0.8.1
func (c *BaseConfig) SetBTF(BtfMode uint8)
func (*BaseConfig) SetDebug ¶ added in v0.8.1
func (c *BaseConfig) SetDebug(b bool)
func (*BaseConfig) SetEventCollectorAddr ¶ added in v0.8.5
func (c *BaseConfig) SetEventCollectorAddr(addr string)
func (*BaseConfig) SetHex ¶ added in v0.8.1
func (c *BaseConfig) SetHex(isHex bool)
func (*BaseConfig) SetPerCpuMapSize ¶ added in v0.8.1
func (c *BaseConfig) SetPerCpuMapSize(size int)
func (*BaseConfig) SetPid ¶ added in v0.8.1
func (c *BaseConfig) SetPid(pid uint64)
func (*BaseConfig) SetUid ¶ added in v0.8.1
func (c *BaseConfig) SetUid(uid uint64)
type BashConfig ¶
type BashConfig struct {
BaseConfig
Bashpath string `json:"bashpath"` //bash的文件路径
Readline string `json:"readline"`
ErrNo int
ElfType uint8 //
ReadlineFuncName string
}
BashConfig Bashpath 与 readline 两个参数,使用时二选一
func NewBashConfig ¶
func NewBashConfig() *BashConfig
func (*BashConfig) Bytes ¶ added in v0.8.1
func (bc *BashConfig) Bytes() []byte
func (*BashConfig) Check ¶
func (bc *BashConfig) Check() error
type FuncOffsets ¶
type GnutlsConfig ¶
type GnutlsConfig struct {
BaseConfig
//Curl path string `json:"curlpath"` //curl的文件路径
Gnutls string `json:"gnutls"`
ElfType uint8 //
}
GnutlsConfig 最终使用openssl参数
func NewGnutlsConfig ¶
func NewGnutlsConfig() *GnutlsConfig
func (*GnutlsConfig) Bytes ¶ added in v0.8.1
func (gc *GnutlsConfig) Bytes() []byte
func (*GnutlsConfig) Check ¶
func (gc *GnutlsConfig) Check() error
type GoTLSConfig ¶
type GoTLSConfig struct {
BaseConfig
Path string `json:"path"` // golang application path to binary built with Go toolchain.
PcapFile string `json:"pcapFile"` // pcapFile the raw packets to file rather than parsing and printing them out.
KeylogFile string `json:"keylogFile"` // keylogFile The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file.
Model string `json:"model"` // model such as : text, pcapng/pcap, key/keylog.
Ifname string `json:"ifName"` // (TC Classifier) Interface name on which the probe will be attached.
PcapFilter string `json:"pcapFilter"` // pcap filter
Buildinfo *buildinfo.BuildInfo
ReadTlsAddrs []int
GoTlsWriteAddr uint64
GoTlsMasterSecretAddr uint64
IsPieBuildMode bool
// contains filtered or unexported fields
}
GoTLSConfig represents configuration for Go SSL probe
func NewGoTLSConfig ¶
func NewGoTLSConfig() *GoTLSConfig
NewGoTLSConfig creates a new config for Go SSL
func (*GoTLSConfig) Bytes ¶ added in v0.8.1
func (gc *GoTLSConfig) Bytes() []byte
func (*GoTLSConfig) Check ¶
func (gc *GoTLSConfig) Check() error
type IConfig ¶
type IConfig interface {
Check() error //检测配置合法性
GetPid() uint64
GetUid() uint64
GetHex() bool
GetBTF() uint8
GetDebug() bool
SetPid(uint64)
SetUid(uint64)
SetHex(bool)
SetBTF(uint8)
SetDebug(bool)
SetAddrType(uint8)
SetEventCollectorAddr(string)
GetEventCollectorAddr() string
GetPerCpuMapSize() int
SetPerCpuMapSize(int)
EnableGlobalVar() bool //
Bytes() []byte
}
type MysqldConfig ¶
type MysqldConfig struct {
BaseConfig
Mysqldpath string `json:"mysqldPath"` //curl的文件路径
FuncName string `json:"funcName"`
Offset uint64 `json:"offset"`
ElfType uint8 //
Version MysqldType //
VersionInfo string // info
}
最终使用mysqld参数
func NewMysqldConfig ¶
func NewMysqldConfig() *MysqldConfig
func (*MysqldConfig) Bytes ¶ added in v0.8.1
func (mc *MysqldConfig) Bytes() []byte
func (*MysqldConfig) Check ¶
func (mc *MysqldConfig) Check() error
type MysqldType ¶
type MysqldType uint8
const ( MysqldTypeUnknow MysqldType = iota MysqldType56 MysqldType57 MysqldType80 )
type NsprConfig ¶
type NsprConfig struct {
BaseConfig
//Firefoxpath string `json:"firefoxpath"` //curl的文件路径
Nsprpath string `json:"nsprpath"`
ElfType uint8 //
}
最终使用openssl参数
func NewNsprConfig ¶
func NewNsprConfig() *NsprConfig
func (*NsprConfig) Bytes ¶ added in v0.8.1
func (nc *NsprConfig) Bytes() []byte
func (*NsprConfig) Check ¶
func (nc *NsprConfig) Check() error
type OpensslConfig ¶
type OpensslConfig struct {
BaseConfig
// Curlpath string `json:"curlPath"` //curl的文件路径
Openssl string `json:"openssl"`
Model string `json:"model"` // eCapture Openssl capture model. text:pcap:keylog
PcapFile string `json:"pcapfile"` // pcapFile the raw packets to file rather than parsing and printing them out.
KeylogFile string `json:"keylog"` // Keylog The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file.
Ifname string `json:"ifname"` // (TC Classifier) Interface name on which the probe will be attached.
PcapFilter string `json:"pcapfilter"` // pcap filter
SslVersion string `json:"sslversion"` // openssl version like 1.1.1a/1.1.1f/boringssl_1.1.1
CGroupPath string `json:"cgrouppath"` // cgroup path, used for filter process
ElfType uint8 //
IsAndroid bool // is Android OS ?
AndroidVer string // Android OS version
}
最终使用openssl参数
func NewOpensslConfig ¶
func NewOpensslConfig() *OpensslConfig
func (*OpensslConfig) Bytes ¶ added in v0.8.1
func (oc *OpensslConfig) Bytes() []byte
func (*OpensslConfig) Check ¶
func (oc *OpensslConfig) Check() error
type PostgresConfig ¶
type PostgresConfig struct {
BaseConfig
PostgresPath string `json:"postgresPath"`
FuncName string `json:"funcName"`
}
func NewPostgresConfig ¶
func NewPostgresConfig() *PostgresConfig
func (*PostgresConfig) Bytes ¶ added in v0.8.1
func (pc *PostgresConfig) Bytes() []byte
func (*PostgresConfig) Check ¶
func (pc *PostgresConfig) Check() error
Source Files
Click to show internal directories.
Click to hide internal directories.