config

package
v0.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 29, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Copyright © 2022 Hengqi Chen

Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	LdLoadPath       = "/etc/ld.so.conf"
	ElfArchIsandroid = false
)
View Source 
const (
	GoTlsReadFunc         = "crypto/tls.(*Conn).Read"
	GoTlsWriteFunc        = "crypto/tls.(*Conn).writeRecordLocked"
	GoTlsMasterSecretFunc = "crypto/tls.(*Config).writeKeyLog"
)
View Source 
const (
	ElfTypeBin uint8 = 1
	ElfTypeSo  uint8 = 2
)
View Source 
const (
	TlsCaptureModelText   = "text"   // Plain text output
	TlsCaptureModelPcap   = "pcap"   // PCAP format output
	TlsCaptureModelPcapng = "pcapng" // PCAPNG format output
	TlsCaptureModelKey    = "key"    // Key only output
	TlsCaptureModelKeylog = "keylog" // Key log format output
)

TLS capture mode constants defining different output formats

View Source 
const (
	BTFModeAutoDetect = 0 // Automatically detect BTF availability
	BTFModeCore       = 1 // Use kernel BTF
	BTFModeNonCore    = 2 // Use non-kernel BTF
)

BTF mode constants for BPF Type Format handling

View Source 
const (
	ByteCodeFileAll     = 0 // Use all bytecode files
	ByteCodeFileCore    = 1 // Use kernel bytecode file
	ByteCodeFileNonCore = 2 // Use non-kernel bytecode file
)

ByteCodeFileMode defines the mode for bytecode file selection

View Source 
const (
	DefaultIfname = "eth0"
)
View Source 
const DefaultNsprNssPath = "/usr/lib/firefox/libnspr4.so"

Variables

View Source 
var (
	ErrorGoBINNotFound            = errors.New("The executable program (compiled by Golang) was not found")
	ErrorSymbolEmpty              = errors.New("symbol is empty")
	ErrorSymbolNotFound           = errors.New("symbol not found")
	ErrorSymbolNotFoundFromTable  = errors.New("symbol not found from table")
	ErrorNoRetFound               = errors.New("no RET instructions found")
	ErrorNoFuncFoundFromSymTabFun = errors.New("no function found from golang symbol table with Func Name")
)
View Source 
var (

	// DefaultMapSizePerCpu default: 4MB
	DefaultMapSizePerCpu = os.Getpagesize() * 1024
)

1, the RPATH binary header (set at build-time) of the library causing the lookup (if any) 2, the RPATH binary header (set at build-time) of the executable 3, the LD_LIBRARY_PATH environment variable (set at run-time) 4, the RUNPATH binary header (set at build-time) of the executable 5, /etc/ld.so.cache 6, base library directories (/lib and /usr/lib) ref: http://blog.tremily.us/posts/rpath/

Functions

func GetDynLibDirs 

func GetDynLibDirs() []string

func GlobMany 

func GlobMany(targets []string, onErr func(string, error)) []string

func ParseDynLibConf 

func ParseDynLibConf(pattern string) (dirs []string, err error)

ParseDynLibConf reads/parses DL config files defined as a pattern and returns a list of directories found in there (or an error).

Types

type BaseConfig added in v0.8.1 

type BaseConfig struct {
	Pid    uint64 `json:"pid"`    // Process ID to monitor
	Uid    uint64 `json:"uid"`    // User ID to monitor
	Listen string `json:"listen"` // Listen address for the server (default: 127.0.0.1:28256)

	// eBPF map configuration
	PerCpuMapSize      int    `json:"per_cpu_map_size"`     // Size of eBPF map per CPU core
	IsHex              bool   `json:"is_hex"`               // Whether to display output in hexadecimal
	Debug              bool   `json:"debug"`                // Enable debug mode
	BtfMode            uint8  `json:"btf_mode"`             // BTF mode selection
	ByteCodeFileMode   uint8  `json:"byte_code_file_mode"`  // assets/* include bytecode file type
	LoggerAddr         string `json:"logger_addr"`          // Address for logger output
	LoggerType         uint8  `json:"logger_type"`          // Logger type (0:stdout, 1:file, 2:tcp)
	EventCollectorAddr string `json:"event_collector_addr"` // Address of the event collector server
}

BaseConfig implements the IConfig interface and holds the basic configuration settings

func (*BaseConfig) Bytes added in v0.8.1 

func (c *BaseConfig) Bytes() []byte

func (*BaseConfig) EnableGlobalVar added in v0.8.1 

func (c *BaseConfig) EnableGlobalVar() bool

func (*BaseConfig) GetBTF added in v0.8.1 

func (c *BaseConfig) GetBTF() uint8

func (*BaseConfig) GetByteCodeFileMode added in v0.9.2 

func (c *BaseConfig) GetByteCodeFileMode() uint8

func (*BaseConfig) GetDebug added in v0.8.1 

func (c *BaseConfig) GetDebug() bool

func (*BaseConfig) GetEventCollectorAddr added in v0.8.5 

func (c *BaseConfig) GetEventCollectorAddr() string

func (*BaseConfig) GetHex added in v0.8.1 

func (c *BaseConfig) GetHex() bool

func (*BaseConfig) GetPerCpuMapSize added in v0.8.1 

func (c *BaseConfig) GetPerCpuMapSize() int

func (*BaseConfig) GetPid added in v0.8.1 

func (c *BaseConfig) GetPid() uint64

func (*BaseConfig) GetUid added in v0.8.1 

func (c *BaseConfig) GetUid() uint64

func (*BaseConfig) SetAddrType added in v0.8.1 

func (c *BaseConfig) SetAddrType(t uint8)

func (*BaseConfig) SetBTF added in v0.8.1 

func (c *BaseConfig) SetBTF(BtfMode uint8)

func (*BaseConfig) SetByteCodeFileMode added in v0.9.2 

func (c *BaseConfig) SetByteCodeFileMode(mode uint8)

func (*BaseConfig) SetDebug added in v0.8.1 

func (c *BaseConfig) SetDebug(b bool)

func (*BaseConfig) SetEventCollectorAddr added in v0.8.5 

func (c *BaseConfig) SetEventCollectorAddr(addr string)

func (*BaseConfig) SetHex added in v0.8.1 

func (c *BaseConfig) SetHex(isHex bool)

func (*BaseConfig) SetPerCpuMapSize added in v0.8.1 

func (c *BaseConfig) SetPerCpuMapSize(size int)

func (*BaseConfig) SetPid added in v0.8.1 

func (c *BaseConfig) SetPid(pid uint64)

func (*BaseConfig) SetUid added in v0.8.1 

func (c *BaseConfig) SetUid(uid uint64)

type BashConfig 

type BashConfig struct {
	BaseConfig
	Bashpath         string `json:"bashpath"` //bash的文件路径
	Readline         string `json:"readline"`
	ErrNo            int
	ElfType          uint8 //
	ReadlineFuncName string
}

BashConfig Bashpath 与 readline 两个参数,使用时二选一

func NewBashConfig 

func NewBashConfig() *BashConfig

func (*BashConfig) Bytes added in v0.8.1 

func (bc *BashConfig) Bytes() []byte

func (*BashConfig) Check 

func (bc *BashConfig) Check() error

type FuncOffsets 

type FuncOffsets struct {
	Start   uint64
	Returns []uint64
}

type GnutlsConfig 

type GnutlsConfig struct {
	BaseConfig
	//Curl path string `json:"curlpath"` //curl的文件路径
	Gnutls     string `json:"gnutls"`
	Model      string `json:"model"`
	PcapFile   string `json:"pcapfile"`
	KeylogFile string `json:"keylog"`
	Ifname     string `json:"ifname"`
	PcapFilter string `json:"pcapfilter"`
	SslVersion string `json:"sslversion"`
	ElfType    uint8
}

GnutlsConfig 最终使用openssl参数

func NewGnutlsConfig 

func NewGnutlsConfig() *GnutlsConfig

func (*GnutlsConfig) Bytes added in v0.8.1 

func (gc *GnutlsConfig) Bytes() []byte

func (*GnutlsConfig) Check 

func (gc *GnutlsConfig) Check() error

type GoTLSConfig 

type GoTLSConfig struct {
	BaseConfig
	Path       string `json:"path"`       // golang application path to binary built with Go toolchain.
	PcapFile   string `json:"pcapFile"`   // pcapFile  the  raw  packets  to file rather than parsing and printing them out.
	KeylogFile string `json:"keylogFile"` // keylogFile  The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file.
	Model      string `json:"model"`      // model  such as : text, pcapng/pcap, key/keylog.
	Ifname     string `json:"ifName"`     // (TC Classifier) Interface name on which the probe will be attached.
	PcapFilter string `json:"pcapFilter"` // pcap filter

	Buildinfo             *buildinfo.BuildInfo
	ReadTlsAddrs          []int
	GoTlsWriteAddr        uint64
	GoTlsMasterSecretAddr uint64
	IsPieBuildMode        bool
	// contains filtered or unexported fields
}

GoTLSConfig represents configuration for Go SSL probe

func NewGoTLSConfig 

func NewGoTLSConfig() *GoTLSConfig

NewGoTLSConfig creates a new config for Go SSL

func (*GoTLSConfig) Bytes added in v0.8.1 

func (gc *GoTLSConfig) Bytes() []byte

func (*GoTLSConfig) Check 

func (gc *GoTLSConfig) Check() error

func (*GoTLSConfig) ReadTable 

func (gc *GoTLSConfig) ReadTable() (*gosym.Table, error)

type IConfig 

type IConfig interface {
	// Check validates the configuration settings
	Check() error
	// GetPid returns the process ID to monitor
	GetPid() uint64
	// GetUid returns the user ID to monitor
	GetUid() uint64
	// GetHex returns whether to display output in hexadecimal format
	GetHex() bool
	// GetBTF returns the BTF (BPF Type Format) mode
	GetBTF() uint8
	// GetDebug returns whether debug mode is enabled
	GetDebug() bool
	// GetByteCodeFileMode returns the bytecode file mode
	GetByteCodeFileMode() uint8
	// SetPid sets the process ID to monitor
	SetPid(uint64)
	// SetUid sets the user ID to monitor
	SetUid(uint64)
	// SetHex sets whether to display output in hexadecimal format
	SetHex(bool)
	// SetBTF sets the BTF (BPF Type Format) mode
	SetBTF(uint8)
	// SetByteCodeFileMode sets the bytecode file mode
	SetByteCodeFileMode(uint8)
	// SetDebug enables or disables debug mode
	SetDebug(bool)
	// SetAddrType sets the logger output type
	SetAddrType(uint8)
	// SetEventCollectorAddr sets the address for the event collector
	SetEventCollectorAddr(string)
	// GetEventCollectorAddr returns the event collector address
	GetEventCollectorAddr() string
	// GetPerCpuMapSize returns the eBPF map size per CPU
	GetPerCpuMapSize() int
	// SetPerCpuMapSize sets the eBPF map size per CPU
	SetPerCpuMapSize(int)
	// EnableGlobalVar checks if global variables are supported based on kernel version
	EnableGlobalVar() bool
	// Bytes serializes the configuration to JSON bytes
	Bytes() []byte
}

IConfig defines the interface for configuration management

type MysqldConfig 

type MysqldConfig struct {
	BaseConfig
	Mysqldpath  string     `json:"mysqldPath"` //curl的文件路径
	FuncName    string     `json:"funcName"`
	Offset      uint64     `json:"offset"`
	ElfType     uint8      //
	Version     MysqldType //
	VersionInfo string     // info
}

最终使用mysqld参数

func NewMysqldConfig 

func NewMysqldConfig() *MysqldConfig

func (*MysqldConfig) Bytes added in v0.8.1 

func (mc *MysqldConfig) Bytes() []byte

func (*MysqldConfig) Check 

func (mc *MysqldConfig) Check() error

type MysqldType 

type MysqldType uint8
const (
	MysqldTypeUnknow MysqldType = iota
	MysqldType56
	MysqldType57
	MysqldType80
)

type NsprConfig 

type NsprConfig struct {
	BaseConfig
	//Firefoxpath string `json:"firefoxpath"` //curl的文件路径
	Nsprpath string `json:"nsprpath"`
	ElfType  uint8  //
}

最终使用openssl参数

func NewNsprConfig 

func NewNsprConfig() *NsprConfig

func (*NsprConfig) Bytes added in v0.8.1 

func (nc *NsprConfig) Bytes() []byte

func (*NsprConfig) Check 

func (nc *NsprConfig) Check() error

type OpensslConfig 

type OpensslConfig struct {
	BaseConfig
	// Curlpath   string `json:"curlPath"` //curl的文件路径
	Openssl    string `json:"openssl"`
	Model      string `json:"model"`      // eCapture Openssl capture model. text:pcap:keylog
	PcapFile   string `json:"pcapfile"`   // pcapFile  the  raw  packets  to file rather than parsing and printing them out.
	KeylogFile string `json:"keylog"`     // Keylog  The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file.
	Ifname     string `json:"ifname"`     // (TC Classifier) Interface name on which the probe will be attached.
	PcapFilter string `json:"pcapfilter"` // pcap filter
	SslVersion string `json:"sslversion"` // openssl version like 1.1.1a/1.1.1f/boringssl_1.1.1
	CGroupPath string `json:"cgrouppath"` // cgroup path, used for filter process
	ElfType    uint8  //
	IsAndroid  bool   //	is Android OS ?
	AndroidVer string // Android OS version
}

最终使用openssl参数

func NewOpensslConfig 

func NewOpensslConfig() *OpensslConfig

func (*OpensslConfig) Bytes added in v0.8.1 

func (oc *OpensslConfig) Bytes() []byte

func (*OpensslConfig) Check 

func (oc *OpensslConfig) Check() error

type PostgresConfig 

type PostgresConfig struct {
	BaseConfig
	PostgresPath string `json:"postgresPath"`
	FuncName     string `json:"funcName"`
}

func NewPostgresConfig 

func NewPostgresConfig() *PostgresConfig

func (*PostgresConfig) Bytes added in v0.8.1 

func (pc *PostgresConfig) Bytes() []byte

func (*PostgresConfig) Check 

func (pc *PostgresConfig) Check() error

type ZshConfig added in v0.9.0 

type ZshConfig struct {
	BaseConfig
	Zshpath          string `json:"zshpath"` //zsh的文件路径
	ErrNo            int
	ElfType          uint8 //
	ReadlineFuncName string
}

ZshConfig

func NewZshConfig added in v0.9.0 

func NewZshConfig() *ZshConfig

func (*ZshConfig) Bytes added in v0.9.0 

func (zc *ZshConfig) Bytes() []byte

func (*ZshConfig) Check added in v0.9.0 

func (zc *ZshConfig) Check() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.