Documentation ¶
Overview ¶
Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Copyright © 2022 Hengqi Chen
Index ¶
- Constants
- Variables
- func GetDynLibDirs() []string
- func GlobMany(targets []string, onErr func(string, error)) []string
- func ParseDynLibConf(pattern string) (dirs []string, err error)
- type BashConfig
- func (bc *BashConfig) Check() error
- func (c *BashConfig) EnableGlobalVar() bool
- func (c *BashConfig) GetBTF() uint8
- func (c *BashConfig) GetDebug() bool
- func (c *BashConfig) GetHex() bool
- func (c *BashConfig) GetPerCpuMapSize() int
- func (c *BashConfig) GetPid() uint64
- func (c *BashConfig) GetUid() uint64
- func (c *BashConfig) SetBTF(BtfMode uint8)
- func (c *BashConfig) SetDebug(b bool)
- func (c *BashConfig) SetHex(isHex bool)
- func (c *BashConfig) SetPerCpuMapSize(size int)
- func (c *BashConfig) SetPid(pid uint64)
- func (c *BashConfig) SetUid(uid uint64)
- type FuncOffsets
- type GnutlsConfig
- func (gc *GnutlsConfig) Check() error
- func (c *GnutlsConfig) EnableGlobalVar() bool
- func (c *GnutlsConfig) GetBTF() uint8
- func (c *GnutlsConfig) GetDebug() bool
- func (c *GnutlsConfig) GetHex() bool
- func (c *GnutlsConfig) GetPerCpuMapSize() int
- func (c *GnutlsConfig) GetPid() uint64
- func (c *GnutlsConfig) GetUid() uint64
- func (c *GnutlsConfig) SetBTF(BtfMode uint8)
- func (c *GnutlsConfig) SetDebug(b bool)
- func (c *GnutlsConfig) SetHex(isHex bool)
- func (c *GnutlsConfig) SetPerCpuMapSize(size int)
- func (c *GnutlsConfig) SetPid(pid uint64)
- func (c *GnutlsConfig) SetUid(uid uint64)
- type GoTLSConfig
- func (gc *GoTLSConfig) Check() error
- func (c *GoTLSConfig) EnableGlobalVar() bool
- func (c *GoTLSConfig) GetBTF() uint8
- func (c *GoTLSConfig) GetDebug() bool
- func (c *GoTLSConfig) GetHex() bool
- func (c *GoTLSConfig) GetPerCpuMapSize() int
- func (c *GoTLSConfig) GetPid() uint64
- func (c *GoTLSConfig) GetUid() uint64
- func (gc *GoTLSConfig) ReadTable() (*gosym.Table, error)
- func (c *GoTLSConfig) SetBTF(BtfMode uint8)
- func (c *GoTLSConfig) SetDebug(b bool)
- func (c *GoTLSConfig) SetHex(isHex bool)
- func (c *GoTLSConfig) SetPerCpuMapSize(size int)
- func (c *GoTLSConfig) SetPid(pid uint64)
- func (c *GoTLSConfig) SetUid(uid uint64)
- type IConfig
- type MysqldConfig
- func (mc *MysqldConfig) Check() error
- func (c *MysqldConfig) EnableGlobalVar() bool
- func (c *MysqldConfig) GetBTF() uint8
- func (c *MysqldConfig) GetDebug() bool
- func (c *MysqldConfig) GetHex() bool
- func (c *MysqldConfig) GetPerCpuMapSize() int
- func (c *MysqldConfig) GetPid() uint64
- func (c *MysqldConfig) GetUid() uint64
- func (c *MysqldConfig) SetBTF(BtfMode uint8)
- func (c *MysqldConfig) SetDebug(b bool)
- func (c *MysqldConfig) SetHex(isHex bool)
- func (c *MysqldConfig) SetPerCpuMapSize(size int)
- func (c *MysqldConfig) SetPid(pid uint64)
- func (c *MysqldConfig) SetUid(uid uint64)
- type MysqldType
- type NsprConfig
- func (nc *NsprConfig) Check() error
- func (c *NsprConfig) EnableGlobalVar() bool
- func (c *NsprConfig) GetBTF() uint8
- func (c *NsprConfig) GetDebug() bool
- func (c *NsprConfig) GetHex() bool
- func (c *NsprConfig) GetPerCpuMapSize() int
- func (c *NsprConfig) GetPid() uint64
- func (c *NsprConfig) GetUid() uint64
- func (c *NsprConfig) SetBTF(BtfMode uint8)
- func (c *NsprConfig) SetDebug(b bool)
- func (c *NsprConfig) SetHex(isHex bool)
- func (c *NsprConfig) SetPerCpuMapSize(size int)
- func (c *NsprConfig) SetPid(pid uint64)
- func (c *NsprConfig) SetUid(uid uint64)
- type OpensslConfig
- func (oc *OpensslConfig) Check() error
- func (c *OpensslConfig) EnableGlobalVar() bool
- func (c *OpensslConfig) GetBTF() uint8
- func (c *OpensslConfig) GetDebug() bool
- func (c *OpensslConfig) GetHex() bool
- func (c *OpensslConfig) GetPerCpuMapSize() int
- func (c *OpensslConfig) GetPid() uint64
- func (c *OpensslConfig) GetUid() uint64
- func (c *OpensslConfig) SetBTF(BtfMode uint8)
- func (c *OpensslConfig) SetDebug(b bool)
- func (c *OpensslConfig) SetHex(isHex bool)
- func (c *OpensslConfig) SetPerCpuMapSize(size int)
- func (c *OpensslConfig) SetPid(pid uint64)
- func (c *OpensslConfig) SetUid(uid uint64)
- type PostgresConfig
- func (pc *PostgresConfig) Check() error
- func (c *PostgresConfig) EnableGlobalVar() bool
- func (c *PostgresConfig) GetBTF() uint8
- func (c *PostgresConfig) GetDebug() bool
- func (c *PostgresConfig) GetHex() bool
- func (c *PostgresConfig) GetPerCpuMapSize() int
- func (c *PostgresConfig) GetPid() uint64
- func (c *PostgresConfig) GetUid() uint64
- func (c *PostgresConfig) SetBTF(BtfMode uint8)
- func (c *PostgresConfig) SetDebug(b bool)
- func (c *PostgresConfig) SetHex(isHex bool)
- func (c *PostgresConfig) SetPerCpuMapSize(size int)
- func (c *PostgresConfig) SetPid(pid uint64)
- func (c *PostgresConfig) SetUid(uid uint64)
Constants ¶
const ( LdLoadPath = "/etc/ld.so.conf" ElfArchIsandroid = false )
const ( GoTlsReadFunc = "crypto/tls.(*Conn).Read" GoTlsWriteFunc = "crypto/tls.(*Conn).writeRecordLocked" GoTlsMasterSecretFunc = "crypto/tls.(*Config).writeKeyLog" )
const ( ElfTypeBin uint8 = 1 ElfTypeSo uint8 = 2 )
const ( TlsCaptureModelText = "text" TlsCaptureModelPcap = "pcap" TlsCaptureModelPcapng = "pcapng" TlsCaptureModelKey = "key" TlsCaptureModelKeylog = "keylog" )
const ( BTFModeAutoDetect = 0 BTFModeCore = 1 BTFModeNonCore = 2 )
const (
DefaultIfname = "eth0"
)
const DefaultNsprNssPath = "/usr/lib/firefox/libnspr4.so"
Variables ¶
var ( ErrorGoBINNotFound = errors.New("The executable program (compiled by Golang) was not found") ErrorSymbolEmpty = errors.New("symbol is empty") ErrorSymbolNotFound = errors.New("symbol not found") ErrorSymbolNotFoundFromTable = errors.New("symbol not found from table") ErrorNoRetFound = errors.New("no RET instructions found") ErrorNoFuncFoundFromSymTabFun = errors.New("no function found from golang symbol table with Func Name") )
var ( // default: 4MB DefaultMapSizePerCpu = os.Getpagesize() * 1024 )
1, the RPATH binary header (set at build-time) of the library causing the lookup (if any) 2, the RPATH binary header (set at build-time) of the executable 3, the LD_LIBRARY_PATH environment variable (set at run-time) 4, the RUNPATH binary header (set at build-time) of the executable 5, /etc/ld.so.cache 6, base library directories (/lib and /usr/lib) ref: http://blog.tremily.us/posts/rpath/
Functions ¶
func GetDynLibDirs ¶
func GetDynLibDirs() []string
func ParseDynLibConf ¶
ParseDynLibConf reads/parses DL config files defined as a pattern and returns a list of directories found in there (or an error).
Types ¶
type BashConfig ¶
type BashConfig struct { Bashpath string `json:"bashpath"` //bash的文件路径 Readline string `json:"readline"` ErrNo int ElfType uint8 // // contains filtered or unexported fields }
Bashpath 与 readline 两个参数,使用时二选一
func NewBashConfig ¶
func NewBashConfig() *BashConfig
func (*BashConfig) Check ¶
func (bc *BashConfig) Check() error
func (*BashConfig) EnableGlobalVar ¶
func (c *BashConfig) EnableGlobalVar() bool
func (*BashConfig) GetPerCpuMapSize ¶
func (c *BashConfig) GetPerCpuMapSize() int
func (*BashConfig) SetPerCpuMapSize ¶
func (c *BashConfig) SetPerCpuMapSize(size int)
type FuncOffsets ¶
type GnutlsConfig ¶
type GnutlsConfig struct { //Curlpath string `json:"curlpath"` //curl的文件路径 Gnutls string `json:"gnutls"` ElfType uint8 // // contains filtered or unexported fields }
最终使用openssl参数
func NewGnutlsConfig ¶
func NewGnutlsConfig() *GnutlsConfig
func (*GnutlsConfig) Check ¶
func (gc *GnutlsConfig) Check() error
func (*GnutlsConfig) EnableGlobalVar ¶
func (c *GnutlsConfig) EnableGlobalVar() bool
func (*GnutlsConfig) GetPerCpuMapSize ¶
func (c *GnutlsConfig) GetPerCpuMapSize() int
func (*GnutlsConfig) SetPerCpuMapSize ¶
func (c *GnutlsConfig) SetPerCpuMapSize(size int)
type GoTLSConfig ¶
type GoTLSConfig struct { Path string `json:"path"` // golang application path to binary built with Go toolchain. PcapFile string `json:"pcapFile"` // pcapFile the raw packets to file rather than parsing and printing them out. KeylogFile string `json:"keylogFile"` // keylogFile The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file. Model string `json:"model"` // model such as : text, pcapng/pcap, key/keylog. Ifname string `json:"ifName"` // (TC Classifier) Interface name on which the probe will be attached. PcapFilter string `json:"pcapFilter"` // pcap filter Buildinfo *buildinfo.BuildInfo ReadTlsAddrs []int GoTlsWriteAddr uint64 GoTlsMasterSecretAddr uint64 IsPieBuildMode bool // contains filtered or unexported fields }
GoTLSConfig represents configuration for Go SSL probe
func NewGoTLSConfig ¶
func NewGoTLSConfig() *GoTLSConfig
NewGoTLSConfig creates a new config for Go SSL
func (*GoTLSConfig) Check ¶
func (gc *GoTLSConfig) Check() error
func (*GoTLSConfig) EnableGlobalVar ¶
func (c *GoTLSConfig) EnableGlobalVar() bool
func (*GoTLSConfig) GetPerCpuMapSize ¶
func (c *GoTLSConfig) GetPerCpuMapSize() int
func (*GoTLSConfig) SetPerCpuMapSize ¶
func (c *GoTLSConfig) SetPerCpuMapSize(size int)
type MysqldConfig ¶
type MysqldConfig struct { Mysqldpath string `json:"mysqldPath"` //curl的文件路径 FuncName string `json:"funcName"` Offset uint64 `json:"offset"` ElfType uint8 // Version MysqldType // VersionInfo string // info // contains filtered or unexported fields }
最终使用mysqld参数
func NewMysqldConfig ¶
func NewMysqldConfig() *MysqldConfig
func (*MysqldConfig) Check ¶
func (mc *MysqldConfig) Check() error
func (*MysqldConfig) EnableGlobalVar ¶
func (c *MysqldConfig) EnableGlobalVar() bool
func (*MysqldConfig) GetPerCpuMapSize ¶
func (c *MysqldConfig) GetPerCpuMapSize() int
func (*MysqldConfig) SetPerCpuMapSize ¶
func (c *MysqldConfig) SetPerCpuMapSize(size int)
type MysqldType ¶
type MysqldType uint8
const ( MysqldTypeUnknow MysqldType = iota MysqldType56 MysqldType57 MysqldType80 )
type NsprConfig ¶
type NsprConfig struct { //Firefoxpath string `json:"firefoxpath"` //curl的文件路径 Nsprpath string `json:"nsprpath"` ElfType uint8 // // contains filtered or unexported fields }
最终使用openssl参数
func NewNsprConfig ¶
func NewNsprConfig() *NsprConfig
func (*NsprConfig) Check ¶
func (nc *NsprConfig) Check() error
func (*NsprConfig) EnableGlobalVar ¶
func (c *NsprConfig) EnableGlobalVar() bool
func (*NsprConfig) GetPerCpuMapSize ¶
func (c *NsprConfig) GetPerCpuMapSize() int
func (*NsprConfig) SetPerCpuMapSize ¶
func (c *NsprConfig) SetPerCpuMapSize(size int)
type OpensslConfig ¶
type OpensslConfig struct { // Curlpath string `json:"curlPath"` //curl的文件路径 Openssl string `json:"openssl"` Pthread string `json:"pThread"` // /lib/x86_64-linux-gnu/libpthread.so.0 Model string `json:"model"` // eCapture Openssl capture model. text:pcap:keylog PcapFile string `json:"pcapFile"` // pcapFile the raw packets to file rather than parsing and printing them out. KeylogFile string `json:"keylog"` // Keylog The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file. Ifname string `json:"ifName"` // (TC Classifier) Interface name on which the probe will be attached. PcapFilter string `json:"pcapFilter"` // pcap filter SslVersion string `json:"sslVersion"` // openssl version like 1.1.1a/1.1.1f/boringssl_1.1.1 CGroupPath string `json:"CGroupPath"` // cgroup path, used for filter process ElfType uint8 // IsAndroid bool // is Android OS ? AndroidVer string // Android OS version // contains filtered or unexported fields }
最终使用openssl参数
func NewOpensslConfig ¶
func NewOpensslConfig() *OpensslConfig
func (*OpensslConfig) Check ¶
func (oc *OpensslConfig) Check() error
func (*OpensslConfig) EnableGlobalVar ¶
func (c *OpensslConfig) EnableGlobalVar() bool
func (*OpensslConfig) GetPerCpuMapSize ¶
func (c *OpensslConfig) GetPerCpuMapSize() int
func (*OpensslConfig) SetPerCpuMapSize ¶
func (c *OpensslConfig) SetPerCpuMapSize(size int)
type PostgresConfig ¶
type PostgresConfig struct { PostgresPath string `json:"postgresPath"` FuncName string `json:"funcName"` // contains filtered or unexported fields }
func NewPostgresConfig ¶
func NewPostgresConfig() *PostgresConfig
func (*PostgresConfig) Check ¶
func (pc *PostgresConfig) Check() error
func (*PostgresConfig) EnableGlobalVar ¶
func (c *PostgresConfig) EnableGlobalVar() bool
func (*PostgresConfig) GetPerCpuMapSize ¶
func (c *PostgresConfig) GetPerCpuMapSize() int
func (*PostgresConfig) SetPerCpuMapSize ¶
func (c *PostgresConfig) SetPerCpuMapSize(size int)