event

package
v0.9.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 18, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Copyright © 2022 Hengqi Chen

Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	Ssl3RandomSize     = 32
	MasterSecretMaxLen = 48
	EvpMaxMdSize       = 64
)
View Source 
const (
	GnutlsMasterSize  = 48
	GnutlsRandomSize  = 32
	GnutlsMaxHashSize = 64
)
View Source 
const (
	GotlsRandomSize    = 32
	MasterSecretKeyLen = 32
)
View Source 
const (
	//dispatch_command_return
	DispatchCommandV57Failed       = -2
	DispatchCommandNotCaptured     = -1
	DispatchCommandSuccess         = 0
	DispatchCommandCloseConnection = 1
	DispatchCommandWouldblock      = 2
)
View Source 
const (
	Ssl2Version   = 0x0002
	Ssl3Version   = 0x0300
	Tls1Version   = 0x0301
	Tls11Version  = 0x0302
	Tls12Version  = 0x0303
	Tls13Version  = 0x0304
	Dtls1Version  = 0xFEFF
	Dtls12Version = 0xFEFD
)
View Source 
const (
	TaskCommLen = 16
	CmdlineLen  = 256
)
View Source 
const (
	COLORRESET  = "\033[0m"
	COLORRED    = "\033[31m"
	COLORGREEN  = "\033[32m"
	COLORYELLOW = "\033[33m"
	COLORBLUE   = "\033[34m"
	COLORPURPLE = "\033[35m"
	COLORCYAN   = "\033[36m"
	COLORWHITE  = "\033[37m"
)
View Source 
const ChunkSize = 16
View Source 
const ChunkSizeHalf = ChunkSize / 2
View Source 
const MaxDataSize = 1024 * 4
View Source 
const MaxDataSizeBash = 256
View Source 
const MaxDataSizeZsh = 256
View Source 
const MysqldMaxDataSize = 256

u64 pid; u64 timestamp; char Query[MAX_DATA_SIZE]; u64 Alllen; u64 Len; char Comm[TASK_COMM_LEN];

View Source 
const PostgresMaxDataSize = 256

u64 pid; u64 timestamp; char Query[MAX_DATA_SIZE]; char Comm[TASK_COMM_LEN];

Variables

This section is empty.

Functions

func CToGoString 

func CToGoString(c []byte) string

func DecodeKtime 

func DecodeKtime(ktime int64, monotonic bool) (time.Time, error)

Types

type AttachType 

type AttachType int64
const (
	ProbeEntry AttachType = iota
	ProbeRet
)

type BashEvent 

type BashEvent struct {
	BashType    uint32                 `json:"bash_type"`
	Pid         uint32                 `json:"pid"`
	Uid         uint32                 `json:"uid"`
	Line        [MaxDataSizeBash]uint8 `json:"line"`
	ReturnValue uint32                 `json:"ret_val"`
	Comm        [16]byte               `json:"Comm"`
	AllLines    string
	// contains filtered or unexported fields
}

func (*BashEvent) Clone 

func (be *BashEvent) Clone() IEventStruct

func (*BashEvent) Decode 

func (be *BashEvent) Decode(payload []byte) (err error)

func (*BashEvent) EventType 

func (be *BashEvent) EventType() EventType

func (*BashEvent) GetUUID 

func (be *BashEvent) GetUUID() string

func (*BashEvent) Payload 

func (be *BashEvent) Payload() []byte

func (*BashEvent) PayloadLen 

func (be *BashEvent) PayloadLen() int

func (*BashEvent) String 

func (be *BashEvent) String() string

func (*BashEvent) StringHex 

func (be *BashEvent) StringHex() string

type ConnDataEvent 

type ConnDataEvent struct {
	Tuple string `json:"tuple"`
	// contains filtered or unexported fields
}

func (*ConnDataEvent) Clone 

func (ce *ConnDataEvent) Clone() IEventStruct

func (*ConnDataEvent) Decode 

func (ce *ConnDataEvent) Decode(payload []byte) (err error)

func (*ConnDataEvent) EventType 

func (ce *ConnDataEvent) EventType() EventType

func (*ConnDataEvent) GetUUID 

func (ce *ConnDataEvent) GetUUID() string

func (*ConnDataEvent) Payload 

func (ce *ConnDataEvent) Payload() []byte

func (*ConnDataEvent) PayloadLen 

func (ce *ConnDataEvent) PayloadLen() int

func (*ConnDataEvent) String 

func (ce *ConnDataEvent) String() string

func (*ConnDataEvent) StringHex 

func (ce *ConnDataEvent) StringHex() string

type EventType 

type EventType uint8
const (
	// EventTypeOutput upload to server or write to logfile.
	EventTypeOutput EventType = iota

	// EventTypeModuleData set as module cache data
	EventTypeModuleData

	// EventTypeEventProcessor display by event_processor.
	EventTypeEventProcessor
)

type GnutlsDataEvent 

type GnutlsDataEvent struct {
	DataType  int64             `json:"dataType"`
	Timestamp uint64            `json:"timestamp"`
	Pid       uint32            `json:"pid"`
	Tid       uint32            `json:"tid"`
	Data      [MaxDataSize]byte `json:"data"`
	DataLen   int32             `json:"data_len"`
	Comm      [16]byte          `json:"Comm"`
	// contains filtered or unexported fields
}

func (*GnutlsDataEvent) Clone 

func (ge *GnutlsDataEvent) Clone() IEventStruct

func (*GnutlsDataEvent) Decode 

func (ge *GnutlsDataEvent) Decode(payload []byte) (err error)

func (*GnutlsDataEvent) EventType 

func (ge *GnutlsDataEvent) EventType() EventType

func (*GnutlsDataEvent) GetUUID 

func (ge *GnutlsDataEvent) GetUUID() string

func (*GnutlsDataEvent) Payload 

func (ge *GnutlsDataEvent) Payload() []byte

func (*GnutlsDataEvent) PayloadLen 

func (ge *GnutlsDataEvent) PayloadLen() int

func (*GnutlsDataEvent) String 

func (ge *GnutlsDataEvent) String() string

func (*GnutlsDataEvent) StringHex 

func (ge *GnutlsDataEvent) StringHex() string

type GoTLSEvent 

type GoTLSEvent struct {
	Data []byte `json:"data"`
	// contains filtered or unexported fields
}

func (*GoTLSEvent) Clone 

func (ge *GoTLSEvent) Clone() IEventStruct

func (*GoTLSEvent) Decode 

func (ge *GoTLSEvent) Decode(payload []byte) error

func (*GoTLSEvent) EventType 

func (ge *GoTLSEvent) EventType() EventType

func (*GoTLSEvent) GetUUID 

func (ge *GoTLSEvent) GetUUID() string

func (*GoTLSEvent) Payload 

func (ge *GoTLSEvent) Payload() []byte

func (*GoTLSEvent) PayloadLen 

func (ge *GoTLSEvent) PayloadLen() int

func (*GoTLSEvent) String 

func (ge *GoTLSEvent) String() string

func (*GoTLSEvent) StringHex 

func (ge *GoTLSEvent) StringHex() string

type IEventStruct 

type IEventStruct interface {
	Decode(payload []byte) (err error)
	Payload() []byte
	PayloadLen() int
	String() string
	StringHex() string
	Clone() IEventStruct
	//Module() IModule
	//SetModule(IModule)
	EventType() EventType
	GetUUID() string
}

type MasterSecretBSSLEvent 

type MasterSecretBSSLEvent struct {
	Version int32 `json:"version"` // TLS Version

	// TLS 1.2 or older
	ClientRandom [Ssl3RandomSize]byte     `json:"clientRandom"` // Client Random
	Secret       [MasterSecretMaxLen]byte `json:"secret"`       // secret Key

	// TLS 1.3
	HashLen               uint32             `json:"hashLen"`               // hashLen
	EarlyTrafficSecret    [EvpMaxMdSize]byte `json:"earlyTrafficSecret"`    // CLIENT_EARLY_TRAFFIC_SECRET
	ClientHandshakeSecret [EvpMaxMdSize]byte `json:"clientHandshakeSecret"` // CLIENT_HANDSHAKE_TRAFFIC_SECRET
	ServerHandshakeSecret [EvpMaxMdSize]byte `json:"serverHandshakeSecret"` // SERVER_HANDSHAKE_TRAFFIC_SECRET
	ClientTrafficSecret0  [EvpMaxMdSize]byte `json:"clientTrafficSecret0"`  // SSL_HANDSHAKE_CLIENT_TRAFFIC_SECRET_0_
	ServerTrafficSecret0  [EvpMaxMdSize]byte `json:"serverTrafficSecret0"`  // SERVER_TRAFFIC_SECRET_0
	ExporterSecret        [EvpMaxMdSize]byte `json:"exporterSecret"`        // EXPORTER_SECRET
	// contains filtered or unexported fields
}

MasterSecretBSSLEvent for BoringSSL TLS 1.3

func (*MasterSecretBSSLEvent) Clone 

func (msbe *MasterSecretBSSLEvent) Clone() IEventStruct

func (*MasterSecretBSSLEvent) Decode 

func (msbe *MasterSecretBSSLEvent) Decode(payload []byte) (err error)

func (*MasterSecretBSSLEvent) EventType 

func (msbe *MasterSecretBSSLEvent) EventType() EventType

func (*MasterSecretBSSLEvent) GetUUID 

func (msbe *MasterSecretBSSLEvent) GetUUID() string

func (*MasterSecretBSSLEvent) Payload 

func (msbe *MasterSecretBSSLEvent) Payload() []byte

func (*MasterSecretBSSLEvent) PayloadLen 

func (msbe *MasterSecretBSSLEvent) PayloadLen() int

func (*MasterSecretBSSLEvent) String 

func (msbe *MasterSecretBSSLEvent) String() string

func (*MasterSecretBSSLEvent) StringHex 

func (msbe *MasterSecretBSSLEvent) StringHex() string

type MasterSecretEvent 

type MasterSecretEvent struct {
	Version int32 `json:"version"` // TLS Version

	// TLS 1.2 or older
	ClientRandom [Ssl3RandomSize]byte     `json:"clientRandom"` // Client Random
	MasterKey    [MasterSecretMaxLen]byte `json:"masterKey"`    // Master Key

	// TLS 1.3
	CipherId               uint32             `json:"cipherId"`               // Cipher ID
	HandshakeSecret        [EvpMaxMdSize]byte `json:"handshakeSecret"`        // Handshake Secret
	HandshakeTrafficHash   [EvpMaxMdSize]byte `json:"handshakeTrafficHash"`   // Handshake Traffic Hash
	ClientAppTrafficSecret [EvpMaxMdSize]byte `json:"clientAppTrafficSecret"` // Client App Traffic Secret
	ServerAppTrafficSecret [EvpMaxMdSize]byte `json:"serverAppTrafficSecret"` // Server App Traffic Secret
	ExporterMasterSecret   [EvpMaxMdSize]byte `json:"exporterMasterSecret"`   // Exporter Master Secret
	// contains filtered or unexported fields
}
	u8 client_random[SSL3_RANDOM_SIZE];
    u8 master_key[MASTER_SECRET_MAX_LEN];

func (*MasterSecretEvent) Clone 

func (mse *MasterSecretEvent) Clone() IEventStruct

func (*MasterSecretEvent) Decode 

func (mse *MasterSecretEvent) Decode(payload []byte) (err error)

func (*MasterSecretEvent) EventType 

func (mse *MasterSecretEvent) EventType() EventType

func (*MasterSecretEvent) GetUUID 

func (mse *MasterSecretEvent) GetUUID() string

func (*MasterSecretEvent) Payload 

func (mse *MasterSecretEvent) Payload() []byte

func (*MasterSecretEvent) PayloadLen 

func (mse *MasterSecretEvent) PayloadLen() int

func (*MasterSecretEvent) String 

func (mse *MasterSecretEvent) String() string

func (*MasterSecretEvent) StringHex 

func (mse *MasterSecretEvent) StringHex() string

type MasterSecretGnutlsEvent added in v0.8.10 

type MasterSecretGnutlsEvent struct {
	Version               int32                   `json:"version"`
	ClientRandom          [GnutlsRandomSize]byte  `json:"clientRandom"`
	MasterSecret          [GnutlsMasterSize]byte  `json:"masterSecret"`
	CipherId              int32                   `json:"cipherId"` // PRF MAC
	ClientHandshakeSecret [GnutlsMaxHashSize]byte `json:"clientHandshakeSecret"`
	ServerHandshakeSecret [GnutlsMaxHashSize]byte `json:"serverHandshakeSecret"`
	ClientTrafficSecret   [GnutlsMaxHashSize]byte `json:"clientTrafficSecret"`
	ServerTrafficSecret   [GnutlsMaxHashSize]byte `json:"serverTrafficSecret"`
	ExporterMasterSecret  [GnutlsMaxHashSize]byte `json:"exporterMasterSecret"`
	// contains filtered or unexported fields
}

mastersecret_gnutls_events

func (*MasterSecretGnutlsEvent) Clone added in v0.8.10 

func (mse *MasterSecretGnutlsEvent) Clone() IEventStruct

func (*MasterSecretGnutlsEvent) Decode added in v0.8.10 

func (mse *MasterSecretGnutlsEvent) Decode(payload []byte) (err error)

func (*MasterSecretGnutlsEvent) EventType added in v0.8.10 

func (mse *MasterSecretGnutlsEvent) EventType() EventType

func (*MasterSecretGnutlsEvent) GetUUID added in v0.8.10 

func (mse *MasterSecretGnutlsEvent) GetUUID() string

func (*MasterSecretGnutlsEvent) Payload added in v0.8.10 

func (mse *MasterSecretGnutlsEvent) Payload() []byte

func (*MasterSecretGnutlsEvent) PayloadLen added in v0.8.10 

func (mse *MasterSecretGnutlsEvent) PayloadLen() int

func (*MasterSecretGnutlsEvent) String added in v0.8.10 

func (mse *MasterSecretGnutlsEvent) String() string

func (*MasterSecretGnutlsEvent) StringHex added in v0.8.10 

func (mse *MasterSecretGnutlsEvent) StringHex() string

type MasterSecretGotlsEvent 

type MasterSecretGotlsEvent struct {
	Label           [MasterSecretKeyLen]byte `json:"label"` // label name
	LabelLen        uint8                    `json:"labelLen"`
	ClientRandom    [EvpMaxMdSize]byte       `json:"clientRandom"` // Client Random
	ClientRandomLen uint8                    `json:"clientRandomLen"`
	MasterSecret    [EvpMaxMdSize]byte       `json:"masterSecret"` // Master Secret
	MasterSecretLen uint8                    `json:"masterSecretLen"`
	// contains filtered or unexported fields
}

func (*MasterSecretGotlsEvent) Clone 

func (mge *MasterSecretGotlsEvent) Clone() IEventStruct

func (*MasterSecretGotlsEvent) Decode 

func (mge *MasterSecretGotlsEvent) Decode(payload []byte) (err error)

func (*MasterSecretGotlsEvent) EventType 

func (mge *MasterSecretGotlsEvent) EventType() EventType

func (*MasterSecretGotlsEvent) GetUUID 

func (mge *MasterSecretGotlsEvent) GetUUID() string

func (*MasterSecretGotlsEvent) Payload 

func (mge *MasterSecretGotlsEvent) Payload() []byte

func (*MasterSecretGotlsEvent) PayloadLen 

func (mge *MasterSecretGotlsEvent) PayloadLen() int

func (*MasterSecretGotlsEvent) String 

func (mge *MasterSecretGotlsEvent) String() string

func (*MasterSecretGotlsEvent) StringHex 

func (mge *MasterSecretGotlsEvent) StringHex() string

type MysqldEvent 

type MysqldEvent struct {
	Pid       uint64                   `json:"pid"`
	Timestamp uint64                   `json:"timestamp"`
	Query     [MysqldMaxDataSize]uint8 `json:"Query"`
	Alllen    uint64                   `json:"Alllen"`
	Len       uint64                   `json:"Len"`
	Comm      [16]uint8                `json:"Comm"`
	Retval    dispatch_command_return  `json:"retval"`
	// contains filtered or unexported fields
}

func (*MysqldEvent) Clone 

func (me *MysqldEvent) Clone() IEventStruct

func (*MysqldEvent) Decode 

func (me *MysqldEvent) Decode(payload []byte) (err error)

func (*MysqldEvent) EventType 

func (me *MysqldEvent) EventType() EventType

func (*MysqldEvent) GetUUID 

func (me *MysqldEvent) GetUUID() string

func (*MysqldEvent) Payload 

func (me *MysqldEvent) Payload() []byte

func (*MysqldEvent) PayloadLen 

func (me *MysqldEvent) PayloadLen() int

func (*MysqldEvent) String 

func (me *MysqldEvent) String() string

func (*MysqldEvent) StringHex 

func (me *MysqldEvent) StringHex() string

type NsprDataEvent 

type NsprDataEvent struct {
	DataType  int64             `json:"dataType"`
	Timestamp uint64            `json:"timestamp"`
	Pid       uint32            `json:"pid"`
	Tid       uint32            `json:"tid"`
	Data      [MaxDataSize]byte `json:"data"`
	DataLen   int32             `json:"dataLen"`
	Comm      [16]byte          `json:"Comm"`
	// contains filtered or unexported fields
}

func (*NsprDataEvent) Clone 

func (ne *NsprDataEvent) Clone() IEventStruct

func (*NsprDataEvent) Decode 

func (ne *NsprDataEvent) Decode(payload []byte) (err error)

func (*NsprDataEvent) EventType 

func (ne *NsprDataEvent) EventType() EventType

func (*NsprDataEvent) GetUUID 

func (ne *NsprDataEvent) GetUUID() string

func (*NsprDataEvent) Payload 

func (ne *NsprDataEvent) Payload() []byte

func (*NsprDataEvent) PayloadLen 

func (ne *NsprDataEvent) PayloadLen() int

func (*NsprDataEvent) String 

func (ne *NsprDataEvent) String() string

func (*NsprDataEvent) StringHex 

func (ne *NsprDataEvent) StringHex() string

type PostgresEvent 

type PostgresEvent struct {
	Pid       uint64                     `json:"pid"`
	Timestamp uint64                     `json:"timestamp"`
	Query     [PostgresMaxDataSize]uint8 `json:"Query"`
	Comm      [16]uint8                  `json:"Comm"`
	// contains filtered or unexported fields
}

func (*PostgresEvent) Clone 

func (pe *PostgresEvent) Clone() IEventStruct

func (*PostgresEvent) Decode 

func (pe *PostgresEvent) Decode(payload []byte) (err error)

func (*PostgresEvent) EventType 

func (pe *PostgresEvent) EventType() EventType

func (*PostgresEvent) GetUUID 

func (pe *PostgresEvent) GetUUID() string

func (*PostgresEvent) Payload 

func (pe *PostgresEvent) Payload() []byte

func (*PostgresEvent) PayloadLen 

func (pe *PostgresEvent) PayloadLen() int

func (*PostgresEvent) String 

func (pe *PostgresEvent) String() string

func (*PostgresEvent) StringHex 

func (pe *PostgresEvent) StringHex() string

type SSLDataEvent 

type SSLDataEvent struct {
	DataType  int64             `json:"dataType"`
	Timestamp uint64            `json:"timestamp"`
	Pid       uint32            `json:"pid"`
	Tid       uint32            `json:"tid"`
	Data      [MaxDataSize]byte `json:"data"`
	DataLen   int32             `json:"dataLen"`
	Comm      [16]byte          `json:"Comm"`
	Fd        uint32            `json:"fd"`
	Version   int32             `json:"version"`
	Tuple     string
	BioType   uint32
	// contains filtered or unexported fields
}

func (*SSLDataEvent) Clone 

func (se *SSLDataEvent) Clone() IEventStruct

func (*SSLDataEvent) Decode 

func (se *SSLDataEvent) Decode(payload []byte) (err error)

func (*SSLDataEvent) EventType 

func (se *SSLDataEvent) EventType() EventType

func (*SSLDataEvent) GetUUID 

func (se *SSLDataEvent) GetUUID() string

func (*SSLDataEvent) Payload 

func (se *SSLDataEvent) Payload() []byte

func (*SSLDataEvent) PayloadLen 

func (se *SSLDataEvent) PayloadLen() int

func (*SSLDataEvent) String 

func (se *SSLDataEvent) String() string

func (*SSLDataEvent) StringHex 

func (se *SSLDataEvent) StringHex() string

type TcSkbEvent 

type TcSkbEvent struct {
	Ts      uint64            `json:"ts"`
	Pid     uint32            `json:"pid"`
	Comm    [TaskCommLen]byte `json:"Comm"`
	Cmdline [CmdlineLen]byte  `json:"Cmdline"`
	Len     uint32            `json:"len"`
	Ifindex uint32            `json:"ifindex"`
	// contains filtered or unexported fields
}

func (*TcSkbEvent) Clone 

func (te *TcSkbEvent) Clone() IEventStruct

func (*TcSkbEvent) Decode 

func (te *TcSkbEvent) Decode(payload []byte) (err error)

func (*TcSkbEvent) EventType 

func (te *TcSkbEvent) EventType() EventType

func (*TcSkbEvent) GetUUID 

func (te *TcSkbEvent) GetUUID() string

func (*TcSkbEvent) Payload 

func (te *TcSkbEvent) Payload() []byte

func (*TcSkbEvent) PayloadLen 

func (te *TcSkbEvent) PayloadLen() int

func (*TcSkbEvent) String 

func (te *TcSkbEvent) String() string

func (*TcSkbEvent) StringHex 

func (te *TcSkbEvent) StringHex() string

type TlsVersion 

type TlsVersion struct {
	Version int32
}

func (TlsVersion) String 

func (t TlsVersion) String() string

type ZshEvent added in v0.9.0 

type ZshEvent struct {
	ZshType uint32                `json:"zsh_type"`
	Pid     uint32                `json:"pid"`
	Uid     uint32                `json:"uid"`
	Comm    [16]byte              `json:"Comm"`
	Line    [MaxDataSizeZsh]uint8 `json:"line"`
	// contains filtered or unexported fields
}

func (*ZshEvent) Clone added in v0.9.0 

func (be *ZshEvent) Clone() IEventStruct

func (*ZshEvent) Decode added in v0.9.0 

func (be *ZshEvent) Decode(payload []byte) (err error)

func (*ZshEvent) EventType added in v0.9.0 

func (be *ZshEvent) EventType() EventType

func (*ZshEvent) GetUUID added in v0.9.0 

func (be *ZshEvent) GetUUID() string

func (*ZshEvent) Payload added in v0.9.0 

func (be *ZshEvent) Payload() []byte

func (*ZshEvent) PayloadLen added in v0.9.0 

func (be *ZshEvent) PayloadLen() int

func (*ZshEvent) String added in v0.9.0 

func (be *ZshEvent) String() string

func (*ZshEvent) StringHex added in v0.9.0 

func (be *ZshEvent) StringHex() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.