event

package
v0.8.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 9, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Copyright © 2022 Hengqi Chen

Index

Constants

View Source 
const (
	Ssl3RandomSize     = 32
	MasterSecretMaxLen = 48
	EvpMaxMdSize       = 64
)
View Source 
const (
	GotlsRandomSize    = 32
	MasterSecretKeyLen = 32
)
View Source 
const (
	//dispatch_command_return
	DispatchCommandV57Failed       = -2
	DispatchCommandNotCaptured     = -1
	DispatchCommandSuccess         = 0
	DispatchCommandCloseConnection = 1
	DispatchCommandWouldblock      = 2
)
View Source 
const (
	Ssl2Version   = 0x0002
	Ssl3Version   = 0x0300
	Tls1Version   = 0x0301
	Tls11Version  = 0x0302
	Tls12Version  = 0x0303
	Tls13Version  = 0x0304
	Dtls1Version  = 0xFEFF
	Dtls12Version = 0xFEFD
)
View Source 
const (
	TaskCommLen = 16
	CmdlineLen  = 256
)
View Source 
const (
	COLORRESET  = "\033[0m"
	COLORRED    = "\033[31m"
	COLORGREEN  = "\033[32m"
	COLORYELLOW = "\033[33m"
	COLORBLUE   = "\033[34m"
	COLORPURPLE = "\033[35m"
	COLORCYAN   = "\033[36m"
	COLORWHITE  = "\033[37m"
)
View Source 
const ChunkSize = 16
View Source 
const ChunkSizeHalf = ChunkSize / 2
View Source 
const MaxDataSize = 1024 * 4
View Source 
const MaxDataSizeBash = 256
View Source 
const MysqldMaxDataSize = 256

u64 pid; u64 timestamp; char Query[MAX_DATA_SIZE]; u64 Alllen; u64 Len; char Comm[TASK_COMM_LEN];

View Source 
const PostgresMaxDataSize = 256

u64 pid; u64 timestamp; char Query[MAX_DATA_SIZE]; char Comm[TASK_COMM_LEN];

View Source 
const SaDataLen = 14

Variables

This section is empty.

Functions

func CToGoString 

func CToGoString(c []byte) string

func DecodeKtime 

func DecodeKtime(ktime int64, monotonic bool) (time.Time, error)

Types

type AttachType 

type AttachType int64
const (
	ProbeEntry AttachType = iota
	ProbeRet
)

type BashEvent 

type BashEvent struct {
	BashType    uint32                 `json:"bash_type"`
	Pid         uint32                 `json:"pid"`
	Uid         uint32                 `json:"uid"`
	Line        [MaxDataSizeBash]uint8 `json:"line"`
	ReturnValue uint32                 `json:"ret_val"`
	Comm        [16]byte               `json:"Comm"`
	AllLines    string
	// contains filtered or unexported fields
}

func (*BashEvent) Clone 

func (be *BashEvent) Clone() IEventStruct

func (*BashEvent) Decode 

func (be *BashEvent) Decode(payload []byte) (err error)

func (*BashEvent) EventType 

func (be *BashEvent) EventType() EventType

func (*BashEvent) GetUUID 

func (be *BashEvent) GetUUID() string

func (*BashEvent) Payload 

func (be *BashEvent) Payload() []byte

func (*BashEvent) PayloadLen 

func (be *BashEvent) PayloadLen() int

func (*BashEvent) String 

func (be *BashEvent) String() string

func (*BashEvent) StringHex 

func (be *BashEvent) StringHex() string

type ConnDataEvent 

type ConnDataEvent struct {
	TimestampNs uint64          `json:"timestampNs"`
	Pid         uint32          `json:"pid"`
	Tid         uint32          `json:"tid"`
	Fd          uint32          `json:"fd"`
	SaData      [SaDataLen]byte `json:"saData"`
	Comm        [16]byte        `json:"Comm"`
	Addr        string          `json:"addr"`
	// contains filtered or unexported fields
}
connect_events map

uint64_t timestamp_ns; 

uint32_t pid;
uint32_t tid;
uint32_t fd;
char sa_data[SA_DATA_LEN];
char Comm[TASK_COMM_LEN];

func (*ConnDataEvent) Clone 

func (ce *ConnDataEvent) Clone() IEventStruct

func (*ConnDataEvent) Decode 

func (ce *ConnDataEvent) Decode(payload []byte) (err error)

func (*ConnDataEvent) EventType 

func (ce *ConnDataEvent) EventType() EventType

func (*ConnDataEvent) GetUUID 

func (ce *ConnDataEvent) GetUUID() string

func (*ConnDataEvent) Payload 

func (ce *ConnDataEvent) Payload() []byte

func (*ConnDataEvent) PayloadLen 

func (ce *ConnDataEvent) PayloadLen() int

func (*ConnDataEvent) String 

func (ce *ConnDataEvent) String() string

func (*ConnDataEvent) StringHex 

func (ce *ConnDataEvent) StringHex() string

type EventType 

type EventType uint8
const (
	// EventTypeOutput upload to server or write to logfile.
	EventTypeOutput EventType = iota

	// EventTypeModuleData set as module cache data
	EventTypeModuleData

	// EventTypeEventProcessor display by event_processor.
	EventTypeEventProcessor
)

type GnutlsDataEvent 

type GnutlsDataEvent struct {
	DataType  int64             `json:"dataType"`
	Timestamp uint64            `json:"timestamp"`
	Pid       uint32            `json:"pid"`
	Tid       uint32            `json:"tid"`
	Data      [MaxDataSize]byte `json:"data"`
	DataLen   int32             `json:"data_len"`
	Comm      [16]byte          `json:"Comm"`
	// contains filtered or unexported fields
}

func (*GnutlsDataEvent) Clone 

func (ge *GnutlsDataEvent) Clone() IEventStruct

func (*GnutlsDataEvent) Decode 

func (ge *GnutlsDataEvent) Decode(payload []byte) (err error)

func (*GnutlsDataEvent) EventType 

func (ge *GnutlsDataEvent) EventType() EventType

func (*GnutlsDataEvent) GetUUID 

func (ge *GnutlsDataEvent) GetUUID() string

func (*GnutlsDataEvent) Payload 

func (ge *GnutlsDataEvent) Payload() []byte

func (*GnutlsDataEvent) PayloadLen 

func (ge *GnutlsDataEvent) PayloadLen() int

func (*GnutlsDataEvent) String 

func (ge *GnutlsDataEvent) String() string

func (*GnutlsDataEvent) StringHex 

func (ge *GnutlsDataEvent) StringHex() string

type GoTLSEvent 

type GoTLSEvent struct {
	Data []byte `json:"data"`
	// contains filtered or unexported fields
}

func (*GoTLSEvent) Clone 

func (ge *GoTLSEvent) Clone() IEventStruct

func (*GoTLSEvent) Decode 

func (ge *GoTLSEvent) Decode(payload []byte) error

func (*GoTLSEvent) EventType 

func (ge *GoTLSEvent) EventType() EventType

func (*GoTLSEvent) GetUUID 

func (ge *GoTLSEvent) GetUUID() string

func (*GoTLSEvent) Payload 

func (ge *GoTLSEvent) Payload() []byte

func (*GoTLSEvent) PayloadLen 

func (ge *GoTLSEvent) PayloadLen() int

func (*GoTLSEvent) String 

func (ge *GoTLSEvent) String() string

func (*GoTLSEvent) StringHex 

func (ge *GoTLSEvent) StringHex() string

type IEventStruct 

type IEventStruct interface {
	Decode(payload []byte) (err error)
	Payload() []byte
	PayloadLen() int
	String() string
	StringHex() string
	Clone() IEventStruct
	//Module() IModule
	//SetModule(IModule)
	EventType() EventType
	GetUUID() string
}

type MasterSecretBSSLEvent 

type MasterSecretBSSLEvent struct {
	Version int32 `json:"version"` // TLS Version

	// TLS 1.2 or older
	ClientRandom [Ssl3RandomSize]byte     `json:"clientRandom"` // Client Random
	Secret       [MasterSecretMaxLen]byte `json:"secret"`       // secret Key

	// TLS 1.3
	HashLen               uint32             `json:"hashLen"`               // hashLen
	EarlyTrafficSecret    [EvpMaxMdSize]byte `json:"earlyTrafficSecret"`    // CLIENT_EARLY_TRAFFIC_SECRET
	ClientHandshakeSecret [EvpMaxMdSize]byte `json:"clientHandshakeSecret"` // CLIENT_HANDSHAKE_TRAFFIC_SECRET
	ServerHandshakeSecret [EvpMaxMdSize]byte `json:"serverHandshakeSecret"` // SERVER_HANDSHAKE_TRAFFIC_SECRET
	ClientTrafficSecret0  [EvpMaxMdSize]byte `json:"clientTrafficSecret0"`  // SSL_HANDSHAKE_CLIENT_TRAFFIC_SECRET_0_
	ServerTrafficSecret0  [EvpMaxMdSize]byte `json:"serverTrafficSecret0"`  // SERVER_TRAFFIC_SECRET_0
	ExporterSecret        [EvpMaxMdSize]byte `json:"exporterSecret"`        // EXPORTER_SECRET
	// contains filtered or unexported fields
}

MasterSecretBSSLEvent for BoringSSL TLS 1.3

func (*MasterSecretBSSLEvent) Clone 

func (msbe *MasterSecretBSSLEvent) Clone() IEventStruct

func (*MasterSecretBSSLEvent) Decode 

func (msbe *MasterSecretBSSLEvent) Decode(payload []byte) (err error)

func (*MasterSecretBSSLEvent) EventType 

func (msbe *MasterSecretBSSLEvent) EventType() EventType

func (*MasterSecretBSSLEvent) GetUUID 

func (msbe *MasterSecretBSSLEvent) GetUUID() string

func (*MasterSecretBSSLEvent) Payload 

func (msbe *MasterSecretBSSLEvent) Payload() []byte

func (*MasterSecretBSSLEvent) PayloadLen 

func (msbe *MasterSecretBSSLEvent) PayloadLen() int

func (*MasterSecretBSSLEvent) String 

func (msbe *MasterSecretBSSLEvent) String() string

func (*MasterSecretBSSLEvent) StringHex 

func (msbe *MasterSecretBSSLEvent) StringHex() string

type MasterSecretEvent 

type MasterSecretEvent struct {
	Version int32 `json:"version"` // TLS Version

	// TLS 1.2 or older
	ClientRandom [Ssl3RandomSize]byte     `json:"clientRandom"` // Client Random
	MasterKey    [MasterSecretMaxLen]byte `json:"masterKey"`    // Master Key

	// TLS 1.3
	CipherId               uint32             `json:"cipherId"`               // Cipher ID
	HandshakeSecret        [EvpMaxMdSize]byte `json:"handshakeSecret"`        // Handshake Secret
	HandshakeTrafficHash   [EvpMaxMdSize]byte `json:"handshakeTrafficHash"`   // Handshake Traffic Hash
	ClientAppTrafficSecret [EvpMaxMdSize]byte `json:"clientAppTrafficSecret"` // Client App Traffic Secret
	ServerAppTrafficSecret [EvpMaxMdSize]byte `json:"serverAppTrafficSecret"` // Server App Traffic Secret
	ExporterMasterSecret   [EvpMaxMdSize]byte `json:"exporterMasterSecret"`   // Exporter Master Secret
	// contains filtered or unexported fields
}
	u8 client_random[SSL3_RANDOM_SIZE];
    u8 master_key[MASTER_SECRET_MAX_LEN];

func (*MasterSecretEvent) Clone 

func (mse *MasterSecretEvent) Clone() IEventStruct

func (*MasterSecretEvent) Decode 

func (mse *MasterSecretEvent) Decode(payload []byte) (err error)

func (*MasterSecretEvent) EventType 

func (mse *MasterSecretEvent) EventType() EventType

func (*MasterSecretEvent) GetUUID 

func (mse *MasterSecretEvent) GetUUID() string

func (*MasterSecretEvent) Payload 

func (mse *MasterSecretEvent) Payload() []byte

func (*MasterSecretEvent) PayloadLen 

func (mse *MasterSecretEvent) PayloadLen() int

func (*MasterSecretEvent) String 

func (mse *MasterSecretEvent) String() string

func (*MasterSecretEvent) StringHex 

func (mse *MasterSecretEvent) StringHex() string

type MasterSecretGotlsEvent 

type MasterSecretGotlsEvent struct {
	Label           [MasterSecretKeyLen]byte `json:"label"` // label name
	LabelLen        uint8                    `json:"labelLen"`
	ClientRandom    [EvpMaxMdSize]byte       `json:"clientRandom"` // Client Random
	ClientRandomLen uint8                    `json:"clientRandomLen"`
	MasterSecret    [EvpMaxMdSize]byte       `json:"masterSecret"` // Master Secret
	MasterSecretLen uint8                    `json:"masterSecretLen"`
	// contains filtered or unexported fields
}

func (*MasterSecretGotlsEvent) Clone 

func (mge *MasterSecretGotlsEvent) Clone() IEventStruct

func (*MasterSecretGotlsEvent) Decode 

func (mge *MasterSecretGotlsEvent) Decode(payload []byte) (err error)

func (*MasterSecretGotlsEvent) EventType 

func (mge *MasterSecretGotlsEvent) EventType() EventType

func (*MasterSecretGotlsEvent) GetUUID 

func (mge *MasterSecretGotlsEvent) GetUUID() string

func (*MasterSecretGotlsEvent) Payload 

func (mge *MasterSecretGotlsEvent) Payload() []byte

func (*MasterSecretGotlsEvent) PayloadLen 

func (mge *MasterSecretGotlsEvent) PayloadLen() int

func (*MasterSecretGotlsEvent) String 

func (mge *MasterSecretGotlsEvent) String() string

func (*MasterSecretGotlsEvent) StringHex 

func (mge *MasterSecretGotlsEvent) StringHex() string

type MysqldEvent 

type MysqldEvent struct {
	Pid       uint64                   `json:"pid"`
	Timestamp uint64                   `json:"timestamp"`
	Query     [MysqldMaxDataSize]uint8 `json:"Query"`
	Alllen    uint64                   `json:"Alllen"`
	Len       uint64                   `json:"Len"`
	Comm      [16]uint8                `json:"Comm"`
	Retval    dispatch_command_return  `json:"retval"`
	// contains filtered or unexported fields
}

func (*MysqldEvent) Clone 

func (me *MysqldEvent) Clone() IEventStruct

func (*MysqldEvent) Decode 

func (me *MysqldEvent) Decode(payload []byte) (err error)

func (*MysqldEvent) EventType 

func (me *MysqldEvent) EventType() EventType

func (*MysqldEvent) GetUUID 

func (me *MysqldEvent) GetUUID() string

func (*MysqldEvent) Payload 

func (me *MysqldEvent) Payload() []byte

func (*MysqldEvent) PayloadLen 

func (me *MysqldEvent) PayloadLen() int

func (*MysqldEvent) String 

func (me *MysqldEvent) String() string

func (*MysqldEvent) StringHex 

func (me *MysqldEvent) StringHex() string

type NsprDataEvent 

type NsprDataEvent struct {
	DataType  int64             `json:"dataType"`
	Timestamp uint64            `json:"timestamp"`
	Pid       uint32            `json:"pid"`
	Tid       uint32            `json:"tid"`
	Data      [MaxDataSize]byte `json:"data"`
	DataLen   int32             `json:"dataLen"`
	Comm      [16]byte          `json:"Comm"`
	// contains filtered or unexported fields
}

func (*NsprDataEvent) Clone 

func (ne *NsprDataEvent) Clone() IEventStruct

func (*NsprDataEvent) Decode 

func (ne *NsprDataEvent) Decode(payload []byte) (err error)

func (*NsprDataEvent) EventType 

func (ne *NsprDataEvent) EventType() EventType

func (*NsprDataEvent) GetUUID 

func (ne *NsprDataEvent) GetUUID() string

func (*NsprDataEvent) Payload 

func (ne *NsprDataEvent) Payload() []byte

func (*NsprDataEvent) PayloadLen 

func (ne *NsprDataEvent) PayloadLen() int

func (*NsprDataEvent) String 

func (ne *NsprDataEvent) String() string

func (*NsprDataEvent) StringHex 

func (ne *NsprDataEvent) StringHex() string

type PostgresEvent 

type PostgresEvent struct {
	Pid       uint64                     `json:"pid"`
	Timestamp uint64                     `json:"timestamp"`
	Query     [PostgresMaxDataSize]uint8 `json:"Query"`
	Comm      [16]uint8                  `json:"Comm"`
	// contains filtered or unexported fields
}

func (*PostgresEvent) Clone 

func (pe *PostgresEvent) Clone() IEventStruct

func (*PostgresEvent) Decode 

func (pe *PostgresEvent) Decode(payload []byte) (err error)

func (*PostgresEvent) EventType 

func (pe *PostgresEvent) EventType() EventType

func (*PostgresEvent) GetUUID 

func (pe *PostgresEvent) GetUUID() string

func (*PostgresEvent) Payload 

func (pe *PostgresEvent) Payload() []byte

func (*PostgresEvent) PayloadLen 

func (pe *PostgresEvent) PayloadLen() int

func (*PostgresEvent) String 

func (pe *PostgresEvent) String() string

func (*PostgresEvent) StringHex 

func (pe *PostgresEvent) StringHex() string

type SSLDataEvent 

type SSLDataEvent struct {
	DataType  int64             `json:"dataType"`
	Timestamp uint64            `json:"timestamp"`
	Pid       uint32            `json:"pid"`
	Tid       uint32            `json:"tid"`
	Data      [MaxDataSize]byte `json:"data"`
	DataLen   int32             `json:"dataLen"`
	Comm      [16]byte          `json:"Comm"`
	Fd        uint32            `json:"fd"`
	Version   int32             `json:"version"`
	Addr      string
	// contains filtered or unexported fields
}

func (*SSLDataEvent) Clone 

func (se *SSLDataEvent) Clone() IEventStruct

func (*SSLDataEvent) Decode 

func (se *SSLDataEvent) Decode(payload []byte) (err error)

func (*SSLDataEvent) EventType 

func (se *SSLDataEvent) EventType() EventType

func (*SSLDataEvent) GetUUID 

func (se *SSLDataEvent) GetUUID() string

func (*SSLDataEvent) Payload 

func (se *SSLDataEvent) Payload() []byte

func (*SSLDataEvent) PayloadLen 

func (se *SSLDataEvent) PayloadLen() int

func (*SSLDataEvent) String 

func (se *SSLDataEvent) String() string

func (*SSLDataEvent) StringHex 

func (se *SSLDataEvent) StringHex() string

type TcSkbEvent 

type TcSkbEvent struct {
	Ts      uint64            `json:"ts"`
	Pid     uint32            `json:"pid"`
	Comm    [TaskCommLen]byte `json:"Comm"`
	Cmdline [CmdlineLen]byte  `json:"Cmdline"`
	Len     uint32            `json:"len"`
	Ifindex uint32            `json:"ifindex"`
	// contains filtered or unexported fields
}

func (*TcSkbEvent) Clone 

func (te *TcSkbEvent) Clone() IEventStruct

func (*TcSkbEvent) Decode 

func (te *TcSkbEvent) Decode(payload []byte) (err error)

func (*TcSkbEvent) EventType 

func (te *TcSkbEvent) EventType() EventType

func (*TcSkbEvent) GetUUID 

func (te *TcSkbEvent) GetUUID() string

func (*TcSkbEvent) Payload 

func (te *TcSkbEvent) Payload() []byte

func (*TcSkbEvent) PayloadLen 

func (te *TcSkbEvent) PayloadLen() int

func (*TcSkbEvent) String 

func (te *TcSkbEvent) String() string

func (*TcSkbEvent) StringHex 

func (te *TcSkbEvent) StringHex() string

type TlsVersion 

type TlsVersion struct {
	Version int32
}

func (TlsVersion) String 

func (t TlsVersion) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.