diff --git a/helpers/argumentParsers.go b/helpers/argumentParsers.go index 1fa5cf01..dc7d127e 100644 --- a/helpers/argumentParsers.go +++ b/helpers/argumentParsers.go @@ -409,51 +409,51 @@ const ( func (c CapabilityFlagArgument) Value() uint64 { return uint64(c) } -func (c CapabilityFlagArgument) String() string { - var capabilities = map[CapabilityFlagArgument]string{ - CAP_CHOWN: "CAP_CHOWN", - CAP_DAC_OVERRIDE: "CAP_DAC_OVERRIDE", - CAP_DAC_READ_SEARCH: "CAP_DAC_READ_SEARCH", - CAP_FOWNER: "CAP_FOWNER", - CAP_FSETID: "CAP_FSETID", - CAP_KILL: "CAP_KILL", - CAP_SETGID: "CAP_SETGID", - CAP_SETUID: "CAP_SETUID", - CAP_SETPCAP: "CAP_SETPCAP", - CAP_LINUX_IMMUTABLE: "CAP_LINUX_IMMUTABLE", - CAP_NET_BIND_SERVICE: "CAP_NET_BIND_SERVICE", - CAP_NET_BROADCAST: "CAP_NET_BROADCAST", - CAP_NET_ADMIN: "CAP_NET_ADMIN", - CAP_NET_RAW: "CAP_NET_RAW", - CAP_IPC_LOCK: "CAP_IPC_LOCK", - CAP_IPC_OWNER: "CAP_IPC_OWNER", - CAP_SYS_MODULE: "CAP_SYS_MODULE", - CAP_SYS_RAWIO: "CAP_SYS_RAWIO", - CAP_SYS_CHROOT: "CAP_SYS_CHROOT", - CAP_SYS_PTRACE: "CAP_SYS_PTRACE", - CAP_SYS_PACCT: "CAP_SYS_PACCT", - CAP_SYS_ADMIN: "CAP_SYS_ADMIN", - CAP_SYS_BOOT: "CAP_SYS_BOOT", - CAP_SYS_NICE: "CAP_SYS_NICE", - CAP_SYS_RESOURCE: "CAP_SYS_RESOURCE", - CAP_SYS_TIME: "CAP_SYS_TIME", - CAP_SYS_TTY_CONFIG: "CAP_SYS_TTY_CONFIG", - CAP_MKNOD: "CAP_MKNOD", - CAP_LEASE: "CAP_LEASE", - CAP_AUDIT_WRITE: "CAP_AUDIT_WRITE", - CAP_AUDIT_CONTROL: "CAP_AUDIT_CONTROL", - CAP_SETFCAP: "CAP_SETFCAP", - CAP_MAC_OVERRIDE: "CAP_MAC_OVERRIDE", - CAP_MAC_ADMIN: "CAP_MAC_ADMIN", - CAP_SYSLOG: "CAP_SYSLOG", - CAP_WAKE_ALARM: "CAP_WAKE_ALARM", - CAP_BLOCK_SUSPEND: "CAP_BLOCK_SUSPEND", - CAP_AUDIT_READ: "CAP_AUDIT_READ", - } +var capFlagStringMap = map[CapabilityFlagArgument]string{ + CAP_CHOWN: "CAP_CHOWN", + CAP_DAC_OVERRIDE: "CAP_DAC_OVERRIDE", + CAP_DAC_READ_SEARCH: "CAP_DAC_READ_SEARCH", + CAP_FOWNER: "CAP_FOWNER", + CAP_FSETID: "CAP_FSETID", + CAP_KILL: "CAP_KILL", + CAP_SETGID: "CAP_SETGID", + CAP_SETUID: "CAP_SETUID", + CAP_SETPCAP: "CAP_SETPCAP", + CAP_LINUX_IMMUTABLE: "CAP_LINUX_IMMUTABLE", + CAP_NET_BIND_SERVICE: "CAP_NET_BIND_SERVICE", + CAP_NET_BROADCAST: "CAP_NET_BROADCAST", + CAP_NET_ADMIN: "CAP_NET_ADMIN", + CAP_NET_RAW: "CAP_NET_RAW", + CAP_IPC_LOCK: "CAP_IPC_LOCK", + CAP_IPC_OWNER: "CAP_IPC_OWNER", + CAP_SYS_MODULE: "CAP_SYS_MODULE", + CAP_SYS_RAWIO: "CAP_SYS_RAWIO", + CAP_SYS_CHROOT: "CAP_SYS_CHROOT", + CAP_SYS_PTRACE: "CAP_SYS_PTRACE", + CAP_SYS_PACCT: "CAP_SYS_PACCT", + CAP_SYS_ADMIN: "CAP_SYS_ADMIN", + CAP_SYS_BOOT: "CAP_SYS_BOOT", + CAP_SYS_NICE: "CAP_SYS_NICE", + CAP_SYS_RESOURCE: "CAP_SYS_RESOURCE", + CAP_SYS_TIME: "CAP_SYS_TIME", + CAP_SYS_TTY_CONFIG: "CAP_SYS_TTY_CONFIG", + CAP_MKNOD: "CAP_MKNOD", + CAP_LEASE: "CAP_LEASE", + CAP_AUDIT_WRITE: "CAP_AUDIT_WRITE", + CAP_AUDIT_CONTROL: "CAP_AUDIT_CONTROL", + CAP_SETFCAP: "CAP_SETFCAP", + CAP_MAC_OVERRIDE: "CAP_MAC_OVERRIDE", + CAP_MAC_ADMIN: "CAP_MAC_ADMIN", + CAP_SYSLOG: "CAP_SYSLOG", + CAP_WAKE_ALARM: "CAP_WAKE_ALARM", + CAP_BLOCK_SUSPEND: "CAP_BLOCK_SUSPEND", + CAP_AUDIT_READ: "CAP_AUDIT_READ", +} +func (c CapabilityFlagArgument) String() string { var res string - if capName, ok := capabilities[c]; ok { + if capName, ok := capFlagStringMap[c]; ok { res = capName } else { res = strconv.Itoa(int(c)) @@ -461,50 +461,51 @@ func (c CapabilityFlagArgument) String() string { return res } +var capabilitiesMap = map[uint64]CapabilityFlagArgument{ + CAP_CHOWN.Value(): CAP_CHOWN, + CAP_DAC_OVERRIDE.Value(): CAP_DAC_OVERRIDE, + CAP_DAC_READ_SEARCH.Value(): CAP_DAC_READ_SEARCH, + CAP_FOWNER.Value(): CAP_FOWNER, + CAP_FSETID.Value(): CAP_FSETID, + CAP_KILL.Value(): CAP_KILL, + CAP_SETGID.Value(): CAP_SETGID, + CAP_SETUID.Value(): CAP_SETUID, + CAP_SETPCAP.Value(): CAP_SETPCAP, + CAP_LINUX_IMMUTABLE.Value(): CAP_LINUX_IMMUTABLE, + CAP_NET_BIND_SERVICE.Value(): CAP_NET_BIND_SERVICE, + CAP_NET_BROADCAST.Value(): CAP_NET_BROADCAST, + CAP_NET_ADMIN.Value(): CAP_NET_ADMIN, + CAP_NET_RAW.Value(): CAP_NET_RAW, + CAP_IPC_LOCK.Value(): CAP_IPC_LOCK, + CAP_IPC_OWNER.Value(): CAP_IPC_OWNER, + CAP_SYS_MODULE.Value(): CAP_SYS_MODULE, + CAP_SYS_RAWIO.Value(): CAP_SYS_RAWIO, + CAP_SYS_CHROOT.Value(): CAP_SYS_CHROOT, + CAP_SYS_PTRACE.Value(): CAP_SYS_PTRACE, + CAP_SYS_PACCT.Value(): CAP_SYS_PACCT, + CAP_SYS_ADMIN.Value(): CAP_SYS_ADMIN, + CAP_SYS_BOOT.Value(): CAP_SYS_BOOT, + CAP_SYS_NICE.Value(): CAP_SYS_NICE, + CAP_SYS_RESOURCE.Value(): CAP_SYS_RESOURCE, + CAP_SYS_TIME.Value(): CAP_SYS_TIME, + CAP_SYS_TTY_CONFIG.Value(): CAP_SYS_TTY_CONFIG, + CAP_MKNOD.Value(): CAP_MKNOD, + CAP_LEASE.Value(): CAP_LEASE, + CAP_AUDIT_WRITE.Value(): CAP_AUDIT_WRITE, + CAP_AUDIT_CONTROL.Value(): CAP_AUDIT_CONTROL, + CAP_SETFCAP.Value(): CAP_SETFCAP, + CAP_MAC_OVERRIDE.Value(): CAP_MAC_OVERRIDE, + CAP_MAC_ADMIN.Value(): CAP_MAC_ADMIN, + CAP_SYSLOG.Value(): CAP_SYSLOG, + CAP_WAKE_ALARM.Value(): CAP_WAKE_ALARM, + CAP_BLOCK_SUSPEND.Value(): CAP_BLOCK_SUSPEND, + CAP_AUDIT_READ.Value(): CAP_AUDIT_READ, +} + // ParseCapability parses the `capability` bitmask argument of the // `cap_capable` function func ParseCapability(rawValue uint64) (CapabilityFlagArgument, error) { - var capabilities = map[uint64]CapabilityFlagArgument{ - CAP_CHOWN.Value(): CAP_CHOWN, - CAP_DAC_OVERRIDE.Value(): CAP_DAC_OVERRIDE, - CAP_DAC_READ_SEARCH.Value(): CAP_DAC_READ_SEARCH, - CAP_FOWNER.Value(): CAP_FOWNER, - CAP_FSETID.Value(): CAP_FSETID, - CAP_KILL.Value(): CAP_KILL, - CAP_SETGID.Value(): CAP_SETGID, - CAP_SETUID.Value(): CAP_SETUID, - CAP_SETPCAP.Value(): CAP_SETPCAP, - CAP_LINUX_IMMUTABLE.Value(): CAP_LINUX_IMMUTABLE, - CAP_NET_BIND_SERVICE.Value(): CAP_NET_BIND_SERVICE, - CAP_NET_BROADCAST.Value(): CAP_NET_BROADCAST, - CAP_NET_ADMIN.Value(): CAP_NET_ADMIN, - CAP_NET_RAW.Value(): CAP_NET_RAW, - CAP_IPC_LOCK.Value(): CAP_IPC_LOCK, - CAP_IPC_OWNER.Value(): CAP_IPC_OWNER, - CAP_SYS_MODULE.Value(): CAP_SYS_MODULE, - CAP_SYS_RAWIO.Value(): CAP_SYS_RAWIO, - CAP_SYS_CHROOT.Value(): CAP_SYS_CHROOT, - CAP_SYS_PTRACE.Value(): CAP_SYS_PTRACE, - CAP_SYS_PACCT.Value(): CAP_SYS_PACCT, - CAP_SYS_ADMIN.Value(): CAP_SYS_ADMIN, - CAP_SYS_BOOT.Value(): CAP_SYS_BOOT, - CAP_SYS_NICE.Value(): CAP_SYS_NICE, - CAP_SYS_RESOURCE.Value(): CAP_SYS_RESOURCE, - CAP_SYS_TIME.Value(): CAP_SYS_TIME, - CAP_SYS_TTY_CONFIG.Value(): CAP_SYS_TTY_CONFIG, - CAP_MKNOD.Value(): CAP_MKNOD, - CAP_LEASE.Value(): CAP_LEASE, - CAP_AUDIT_WRITE.Value(): CAP_AUDIT_WRITE, - CAP_AUDIT_CONTROL.Value(): CAP_AUDIT_CONTROL, - CAP_SETFCAP.Value(): CAP_SETFCAP, - CAP_MAC_OVERRIDE.Value(): CAP_MAC_OVERRIDE, - CAP_MAC_ADMIN.Value(): CAP_MAC_ADMIN, - CAP_SYSLOG.Value(): CAP_SYSLOG, - CAP_WAKE_ALARM.Value(): CAP_WAKE_ALARM, - CAP_BLOCK_SUSPEND.Value(): CAP_BLOCK_SUSPEND, - CAP_AUDIT_READ.Value(): CAP_AUDIT_READ, - } - v, ok := capabilities[rawValue] + v, ok := capabilitiesMap[rawValue] if !ok { return 0, fmt.Errorf("not a valid capability value: %d", rawValue) } @@ -570,64 +571,65 @@ const ( func (p PrctlOptionArgument) Value() uint64 { return uint64(p) } +var prctlOptionStringMap = map[PrctlOptionArgument]string{ + PR_SET_PDEATHSIG: "PR_SET_PDEATHSIG", + PR_GET_PDEATHSIG: "PR_GET_PDEATHSIG", + PR_GET_DUMPABLE: "PR_GET_DUMPABLE", + PR_SET_DUMPABLE: "PR_SET_DUMPABLE", + PR_GET_UNALIGN: "PR_GET_UNALIGN", + PR_SET_UNALIGN: "PR_SET_UNALIGN", + PR_GET_KEEPCAPS: "PR_GET_KEEPCAPS", + PR_SET_KEEPCAPS: "PR_SET_KEEPCAPS", + PR_GET_FPEMU: "PR_GET_FPEMU", + PR_SET_FPEMU: "PR_SET_FPEMU", + PR_GET_FPEXC: "PR_GET_FPEXC", + PR_SET_FPEXC: "PR_SET_FPEXC", + PR_GET_TIMING: "PR_GET_TIMING", + PR_SET_TIMING: "PR_SET_TIMING", + PR_SET_NAME: "PR_SET_NAME", + PR_GET_NAME: "PR_GET_NAME", + PR_GET_ENDIAN: "PR_GET_ENDIAN", + PR_SET_ENDIAN: "PR_SET_ENDIAN", + PR_GET_SECCOMP: "PR_GET_SECCOMP", + PR_SET_SECCOMP: "PR_SET_SECCOMP", + PR_CAPBSET_READ: "PR_CAPBSET_READ", + PR_CAPBSET_DROP: "PR_CAPBSET_DROP", + PR_GET_TSC: "PR_GET_TSC", + PR_SET_TSC: "PR_SET_TSC", + PR_GET_SECUREBITS: "PR_GET_SECUREBITS", + PR_SET_SECUREBITS: "PR_SET_SECUREBITS", + PR_SET_TIMERSLACK: "PR_SET_TIMERSLACK", + PR_GET_TIMERSLACK: "PR_GET_TIMERSLACK", + PR_TASK_PERF_EVENTS_DISABLE: "PR_TASK_PERF_EVENTS_DISABLE", + PR_TASK_PERF_EVENTS_ENABLE: "PR_TASK_PERF_EVENTS_ENABLE", + PR_MCE_KILL: "PR_MCE_KILL", + PR_MCE_KILL_GET: "PR_MCE_KILL_GET", + PR_SET_MM: "PR_SET_MM", + PR_SET_CHILD_SUBREAPER: "PR_SET_CHILD_SUBREAPER", + PR_GET_CHILD_SUBREAPER: "PR_GET_CHILD_SUBREAPER", + PR_SET_NO_NEW_PRIVS: "PR_SET_NO_NEW_PRIVS", + PR_GET_NO_NEW_PRIVS: "PR_GET_NO_NEW_PRIVS", + PR_GET_TID_ADDRESS: "PR_GET_TID_ADDRESS", + PR_SET_THP_DISABLE: "PR_SET_THP_DISABLE", + PR_GET_THP_DISABLE: "PR_GET_THP_DISABLE", + PR_MPX_ENABLE_MANAGEMENT: "PR_MPX_ENABLE_MANAGEMENT", + PR_MPX_DISABLE_MANAGEMENT: "PR_MPX_DISABLE_MANAGEMENT", + PR_SET_FP_MODE: "PR_SET_FP_MODE", + PR_GET_FP_MODE: "PR_GET_FP_MODE", + PR_CAP_AMBIENT: "PR_CAP_AMBIENT", + PR_SVE_SET_VL: "PR_SVE_SET_VL", + PR_SVE_GET_VL: "PR_SVE_GET_VL", + PR_GET_SPECULATION_CTRL: "PR_GET_SPECULATION_CTRL", + PR_SET_SPECULATION_CTRL: "PR_SET_SPECULATION_CTRL", + PR_PAC_RESET_KEYS: "PR_PAC_RESET_KEYS", + PR_SET_TAGGED_ADDR_CTRL: "PR_SET_TAGGED_ADDR_CTRL", + PR_GET_TAGGED_ADDR_CTRL: "PR_GET_TAGGED_ADDR_CTRL", +} + func (p PrctlOptionArgument) String() string { - var prctlOptions = map[PrctlOptionArgument]string{ - PR_SET_PDEATHSIG: "PR_SET_PDEATHSIG", - PR_GET_PDEATHSIG: "PR_GET_PDEATHSIG", - PR_GET_DUMPABLE: "PR_GET_DUMPABLE", - PR_SET_DUMPABLE: "PR_SET_DUMPABLE", - PR_GET_UNALIGN: "PR_GET_UNALIGN", - PR_SET_UNALIGN: "PR_SET_UNALIGN", - PR_GET_KEEPCAPS: "PR_GET_KEEPCAPS", - PR_SET_KEEPCAPS: "PR_SET_KEEPCAPS", - PR_GET_FPEMU: "PR_GET_FPEMU", - PR_SET_FPEMU: "PR_SET_FPEMU", - PR_GET_FPEXC: "PR_GET_FPEXC", - PR_SET_FPEXC: "PR_SET_FPEXC", - PR_GET_TIMING: "PR_GET_TIMING", - PR_SET_TIMING: "PR_SET_TIMING", - PR_SET_NAME: "PR_SET_NAME", - PR_GET_NAME: "PR_GET_NAME", - PR_GET_ENDIAN: "PR_GET_ENDIAN", - PR_SET_ENDIAN: "PR_SET_ENDIAN", - PR_GET_SECCOMP: "PR_GET_SECCOMP", - PR_SET_SECCOMP: "PR_SET_SECCOMP", - PR_CAPBSET_READ: "PR_CAPBSET_READ", - PR_CAPBSET_DROP: "PR_CAPBSET_DROP", - PR_GET_TSC: "PR_GET_TSC", - PR_SET_TSC: "PR_SET_TSC", - PR_GET_SECUREBITS: "PR_GET_SECUREBITS", - PR_SET_SECUREBITS: "PR_SET_SECUREBITS", - PR_SET_TIMERSLACK: "PR_SET_TIMERSLACK", - PR_GET_TIMERSLACK: "PR_GET_TIMERSLACK", - PR_TASK_PERF_EVENTS_DISABLE: "PR_TASK_PERF_EVENTS_DISABLE", - PR_TASK_PERF_EVENTS_ENABLE: "PR_TASK_PERF_EVENTS_ENABLE", - PR_MCE_KILL: "PR_MCE_KILL", - PR_MCE_KILL_GET: "PR_MCE_KILL_GET", - PR_SET_MM: "PR_SET_MM", - PR_SET_CHILD_SUBREAPER: "PR_SET_CHILD_SUBREAPER", - PR_GET_CHILD_SUBREAPER: "PR_GET_CHILD_SUBREAPER", - PR_SET_NO_NEW_PRIVS: "PR_SET_NO_NEW_PRIVS", - PR_GET_NO_NEW_PRIVS: "PR_GET_NO_NEW_PRIVS", - PR_GET_TID_ADDRESS: "PR_GET_TID_ADDRESS", - PR_SET_THP_DISABLE: "PR_SET_THP_DISABLE", - PR_GET_THP_DISABLE: "PR_GET_THP_DISABLE", - PR_MPX_ENABLE_MANAGEMENT: "PR_MPX_ENABLE_MANAGEMENT", - PR_MPX_DISABLE_MANAGEMENT: "PR_MPX_DISABLE_MANAGEMENT", - PR_SET_FP_MODE: "PR_SET_FP_MODE", - PR_GET_FP_MODE: "PR_GET_FP_MODE", - PR_CAP_AMBIENT: "PR_CAP_AMBIENT", - PR_SVE_SET_VL: "PR_SVE_SET_VL", - PR_SVE_GET_VL: "PR_SVE_GET_VL", - PR_GET_SPECULATION_CTRL: "PR_GET_SPECULATION_CTRL", - PR_SET_SPECULATION_CTRL: "PR_SET_SPECULATION_CTRL", - PR_PAC_RESET_KEYS: "PR_PAC_RESET_KEYS", - PR_SET_TAGGED_ADDR_CTRL: "PR_SET_TAGGED_ADDR_CTRL", - PR_GET_TAGGED_ADDR_CTRL: "PR_GET_TAGGED_ADDR_CTRL", - } var res string - if opName, ok := prctlOptions[p]; ok { + if opName, ok := prctlOptionStringMap[p]; ok { res = opName } else { res = strconv.Itoa(int(p)) @@ -636,65 +638,66 @@ func (p PrctlOptionArgument) String() string { return res } +var prctlOptionsMap = map[uint64]PrctlOptionArgument{ + PR_SET_PDEATHSIG.Value(): PR_SET_PDEATHSIG, + PR_GET_PDEATHSIG.Value(): PR_GET_PDEATHSIG, + PR_GET_DUMPABLE.Value(): PR_GET_DUMPABLE, + PR_SET_DUMPABLE.Value(): PR_SET_DUMPABLE, + PR_GET_UNALIGN.Value(): PR_GET_UNALIGN, + PR_SET_UNALIGN.Value(): PR_SET_UNALIGN, + PR_GET_KEEPCAPS.Value(): PR_GET_KEEPCAPS, + PR_SET_KEEPCAPS.Value(): PR_SET_KEEPCAPS, + PR_GET_FPEMU.Value(): PR_GET_FPEMU, + PR_SET_FPEMU.Value(): PR_SET_FPEMU, + PR_GET_FPEXC.Value(): PR_GET_FPEXC, + PR_SET_FPEXC.Value(): PR_SET_FPEXC, + PR_GET_TIMING.Value(): PR_GET_TIMING, + PR_SET_TIMING.Value(): PR_SET_TIMING, + PR_SET_NAME.Value(): PR_SET_NAME, + PR_GET_NAME.Value(): PR_GET_NAME, + PR_GET_ENDIAN.Value(): PR_GET_ENDIAN, + PR_SET_ENDIAN.Value(): PR_SET_ENDIAN, + PR_GET_SECCOMP.Value(): PR_GET_SECCOMP, + PR_SET_SECCOMP.Value(): PR_SET_SECCOMP, + PR_CAPBSET_READ.Value(): PR_CAPBSET_READ, + PR_CAPBSET_DROP.Value(): PR_CAPBSET_DROP, + PR_GET_TSC.Value(): PR_GET_TSC, + PR_SET_TSC.Value(): PR_SET_TSC, + PR_GET_SECUREBITS.Value(): PR_GET_SECUREBITS, + PR_SET_SECUREBITS.Value(): PR_SET_SECUREBITS, + PR_SET_TIMERSLACK.Value(): PR_SET_TIMERSLACK, + PR_GET_TIMERSLACK.Value(): PR_GET_TIMERSLACK, + PR_TASK_PERF_EVENTS_DISABLE.Value(): PR_TASK_PERF_EVENTS_DISABLE, + PR_TASK_PERF_EVENTS_ENABLE.Value(): PR_TASK_PERF_EVENTS_ENABLE, + PR_MCE_KILL.Value(): PR_MCE_KILL, + PR_MCE_KILL_GET.Value(): PR_MCE_KILL_GET, + PR_SET_MM.Value(): PR_SET_MM, + PR_SET_CHILD_SUBREAPER.Value(): PR_SET_CHILD_SUBREAPER, + PR_GET_CHILD_SUBREAPER.Value(): PR_GET_CHILD_SUBREAPER, + PR_SET_NO_NEW_PRIVS.Value(): PR_SET_NO_NEW_PRIVS, + PR_GET_NO_NEW_PRIVS.Value(): PR_GET_NO_NEW_PRIVS, + PR_GET_TID_ADDRESS.Value(): PR_GET_TID_ADDRESS, + PR_SET_THP_DISABLE.Value(): PR_SET_THP_DISABLE, + PR_GET_THP_DISABLE.Value(): PR_GET_THP_DISABLE, + PR_MPX_ENABLE_MANAGEMENT.Value(): PR_MPX_ENABLE_MANAGEMENT, + PR_MPX_DISABLE_MANAGEMENT.Value(): PR_MPX_DISABLE_MANAGEMENT, + PR_SET_FP_MODE.Value(): PR_SET_FP_MODE, + PR_GET_FP_MODE.Value(): PR_GET_FP_MODE, + PR_CAP_AMBIENT.Value(): PR_CAP_AMBIENT, + PR_SVE_SET_VL.Value(): PR_SVE_SET_VL, + PR_SVE_GET_VL.Value(): PR_SVE_GET_VL, + PR_GET_SPECULATION_CTRL.Value(): PR_GET_SPECULATION_CTRL, + PR_SET_SPECULATION_CTRL.Value(): PR_SET_SPECULATION_CTRL, + PR_PAC_RESET_KEYS.Value(): PR_PAC_RESET_KEYS, + PR_SET_TAGGED_ADDR_CTRL.Value(): PR_SET_TAGGED_ADDR_CTRL, + PR_GET_TAGGED_ADDR_CTRL.Value(): PR_GET_TAGGED_ADDR_CTRL, +} + // ParsePrctlOption parses the `option` argument of the `prctl` syscall // http://man7.org/linux/man-pages/man2/prctl.2.html func ParsePrctlOption(rawValue uint64) (PrctlOptionArgument, error) { - var prctlOptions = map[uint64]PrctlOptionArgument{ - PR_SET_PDEATHSIG.Value(): PR_SET_PDEATHSIG, - PR_GET_PDEATHSIG.Value(): PR_GET_PDEATHSIG, - PR_GET_DUMPABLE.Value(): PR_GET_DUMPABLE, - PR_SET_DUMPABLE.Value(): PR_SET_DUMPABLE, - PR_GET_UNALIGN.Value(): PR_GET_UNALIGN, - PR_SET_UNALIGN.Value(): PR_SET_UNALIGN, - PR_GET_KEEPCAPS.Value(): PR_GET_KEEPCAPS, - PR_SET_KEEPCAPS.Value(): PR_SET_KEEPCAPS, - PR_GET_FPEMU.Value(): PR_GET_FPEMU, - PR_SET_FPEMU.Value(): PR_SET_FPEMU, - PR_GET_FPEXC.Value(): PR_GET_FPEXC, - PR_SET_FPEXC.Value(): PR_SET_FPEXC, - PR_GET_TIMING.Value(): PR_GET_TIMING, - PR_SET_TIMING.Value(): PR_SET_TIMING, - PR_SET_NAME.Value(): PR_SET_NAME, - PR_GET_NAME.Value(): PR_GET_NAME, - PR_GET_ENDIAN.Value(): PR_GET_ENDIAN, - PR_SET_ENDIAN.Value(): PR_SET_ENDIAN, - PR_GET_SECCOMP.Value(): PR_GET_SECCOMP, - PR_SET_SECCOMP.Value(): PR_SET_SECCOMP, - PR_CAPBSET_READ.Value(): PR_CAPBSET_READ, - PR_CAPBSET_DROP.Value(): PR_CAPBSET_DROP, - PR_GET_TSC.Value(): PR_GET_TSC, - PR_SET_TSC.Value(): PR_SET_TSC, - PR_GET_SECUREBITS.Value(): PR_GET_SECUREBITS, - PR_SET_SECUREBITS.Value(): PR_SET_SECUREBITS, - PR_SET_TIMERSLACK.Value(): PR_SET_TIMERSLACK, - PR_GET_TIMERSLACK.Value(): PR_GET_TIMERSLACK, - PR_TASK_PERF_EVENTS_DISABLE.Value(): PR_TASK_PERF_EVENTS_DISABLE, - PR_TASK_PERF_EVENTS_ENABLE.Value(): PR_TASK_PERF_EVENTS_ENABLE, - PR_MCE_KILL.Value(): PR_MCE_KILL, - PR_MCE_KILL_GET.Value(): PR_MCE_KILL_GET, - PR_SET_MM.Value(): PR_SET_MM, - PR_SET_CHILD_SUBREAPER.Value(): PR_SET_CHILD_SUBREAPER, - PR_GET_CHILD_SUBREAPER.Value(): PR_GET_CHILD_SUBREAPER, - PR_SET_NO_NEW_PRIVS.Value(): PR_SET_NO_NEW_PRIVS, - PR_GET_NO_NEW_PRIVS.Value(): PR_GET_NO_NEW_PRIVS, - PR_GET_TID_ADDRESS.Value(): PR_GET_TID_ADDRESS, - PR_SET_THP_DISABLE.Value(): PR_SET_THP_DISABLE, - PR_GET_THP_DISABLE.Value(): PR_GET_THP_DISABLE, - PR_MPX_ENABLE_MANAGEMENT.Value(): PR_MPX_ENABLE_MANAGEMENT, - PR_MPX_DISABLE_MANAGEMENT.Value(): PR_MPX_DISABLE_MANAGEMENT, - PR_SET_FP_MODE.Value(): PR_SET_FP_MODE, - PR_GET_FP_MODE.Value(): PR_GET_FP_MODE, - PR_CAP_AMBIENT.Value(): PR_CAP_AMBIENT, - PR_SVE_SET_VL.Value(): PR_SVE_SET_VL, - PR_SVE_GET_VL.Value(): PR_SVE_GET_VL, - PR_GET_SPECULATION_CTRL.Value(): PR_GET_SPECULATION_CTRL, - PR_SET_SPECULATION_CTRL.Value(): PR_SET_SPECULATION_CTRL, - PR_PAC_RESET_KEYS.Value(): PR_PAC_RESET_KEYS, - PR_SET_TAGGED_ADDR_CTRL.Value(): PR_SET_TAGGED_ADDR_CTRL, - PR_GET_TAGGED_ADDR_CTRL.Value(): PR_GET_TAGGED_ADDR_CTRL, - } - - v, ok := prctlOptions[rawValue] + + v, ok := prctlOptionsMap[rawValue] if !ok { return 0, fmt.Errorf("not a valid prctl option value: %d", rawValue) } @@ -743,49 +746,50 @@ const ( func (b BPFCommandArgument) Value() uint64 { return uint64(b) } +var bpfCmdStringMap = map[BPFCommandArgument]string{ + BPF_MAP_CREATE: "BPF_MAP_CREATE", + BPF_MAP_LOOKUP_ELEM: "BPF_MAP_LOOKUP_ELEM", + BPF_MAP_UPDATE_ELEM: "BPF_MAP_UPDATE_ELEM", + BPF_MAP_DELETE_ELEM: "BPF_MAP_DELETE_ELEM", + BPF_MAP_GET_NEXT_KEY: "BPF_MAP_GET_NEXT_KEY", + BPF_PROG_LOAD: "BPF_PROG_LOAD", + BPF_OBJ_PIN: "BPF_OBJ_PIN", + BPF_OBJ_GET: "BPF_OBJ_GET", + BPF_PROG_ATTACH: "BPF_PROG_ATTACH", + BPF_PROG_DETACH: "BPF_PROG_DETACH", + BPF_PROG_TEST_RUN: "BPF_PROG_TEST_RUN", + BPF_PROG_GET_NEXT_ID: "BPF_PROG_GET_NEXT_ID", + BPF_MAP_GET_NEXT_ID: "BPF_MAP_GET_NEXT_ID", + BPF_PROG_GET_FD_BY_ID: "BPF_PROG_GET_FD_BY_ID", + BPF_MAP_GET_FD_BY_ID: "BPF_MAP_GET_FD_BY_ID", + BPF_OBJ_GET_INFO_BY_FD: "BPF_OBJ_GET_INFO_BY_FD", + BPF_PROG_QUERY: "BPF_PROG_QUERY", + BPF_RAW_TRACEPOINT_OPEN: "BPF_RAW_TRACEPOINT_OPEN", + BPF_BTF_LOAD: "BPF_BTF_LOAD", + BPF_BTF_GET_FD_BY_ID: "BPF_BTF_GET_FD_BY_ID", + BPF_TASK_FD_QUERY: "BPF_TASK_FD_QUERY", + BPF_MAP_LOOKUP_AND_DELETE_ELEM: "BPF_MAP_LOOKUP_AND_DELETE_ELEM", + BPF_MAP_FREEZE: "BPF_MAP_FREEZE", + BPF_BTF_GET_NEXT_ID: "BPF_BTF_GET_NEXT_ID", + BPF_MAP_LOOKUP_BATCH: "BPF_MAP_LOOKUP_BATCH", + BPF_MAP_LOOKUP_AND_DELETE_BATCH: "BPF_MAP_LOOKUP_AND_DELETE_BATCH", + BPF_MAP_UPDATE_BATCH: "BPF_MAP_UPDATE_BATCH", + BPF_MAP_DELETE_BATCH: "BPF_MAP_DELETE_BATCH", + BPF_LINK_CREATE: "BPF_LINK_CREATE", + BPF_LINK_UPDATE: "BPF_LINK_UPDATE", + BPF_LINK_GET_FD_BY_ID: "BPF_LINK_GET_FD_BY_ID", + BPF_LINK_GET_NEXT_ID: "BPF_LINK_GET_NEXT_ID", + BPF_ENABLE_STATS: "BPF_ENABLE_STATS", + BPF_ITER_CREATE: "BPF_ITER_CREATE", + BPF_LINK_DETACH: "BPF_LINK_DETACH", +} + // String parses the `cmd` argument of the `bpf` syscall // https://man7.org/linux/man-pages/man2/bpf.2.html func (b BPFCommandArgument) String() string { - var bpfCmd = map[BPFCommandArgument]string{ - BPF_MAP_CREATE: "BPF_MAP_CREATE", - BPF_MAP_LOOKUP_ELEM: "BPF_MAP_LOOKUP_ELEM", - BPF_MAP_UPDATE_ELEM: "BPF_MAP_UPDATE_ELEM", - BPF_MAP_DELETE_ELEM: "BPF_MAP_DELETE_ELEM", - BPF_MAP_GET_NEXT_KEY: "BPF_MAP_GET_NEXT_KEY", - BPF_PROG_LOAD: "BPF_PROG_LOAD", - BPF_OBJ_PIN: "BPF_OBJ_PIN", - BPF_OBJ_GET: "BPF_OBJ_GET", - BPF_PROG_ATTACH: "BPF_PROG_ATTACH", - BPF_PROG_DETACH: "BPF_PROG_DETACH", - BPF_PROG_TEST_RUN: "BPF_PROG_TEST_RUN", - BPF_PROG_GET_NEXT_ID: "BPF_PROG_GET_NEXT_ID", - BPF_MAP_GET_NEXT_ID: "BPF_MAP_GET_NEXT_ID", - BPF_PROG_GET_FD_BY_ID: "BPF_PROG_GET_FD_BY_ID", - BPF_MAP_GET_FD_BY_ID: "BPF_MAP_GET_FD_BY_ID", - BPF_OBJ_GET_INFO_BY_FD: "BPF_OBJ_GET_INFO_BY_FD", - BPF_PROG_QUERY: "BPF_PROG_QUERY", - BPF_RAW_TRACEPOINT_OPEN: "BPF_RAW_TRACEPOINT_OPEN", - BPF_BTF_LOAD: "BPF_BTF_LOAD", - BPF_BTF_GET_FD_BY_ID: "BPF_BTF_GET_FD_BY_ID", - BPF_TASK_FD_QUERY: "BPF_TASK_FD_QUERY", - BPF_MAP_LOOKUP_AND_DELETE_ELEM: "BPF_MAP_LOOKUP_AND_DELETE_ELEM", - BPF_MAP_FREEZE: "BPF_MAP_FREEZE", - BPF_BTF_GET_NEXT_ID: "BPF_BTF_GET_NEXT_ID", - BPF_MAP_LOOKUP_BATCH: "BPF_MAP_LOOKUP_BATCH", - BPF_MAP_LOOKUP_AND_DELETE_BATCH: "BPF_MAP_LOOKUP_AND_DELETE_BATCH", - BPF_MAP_UPDATE_BATCH: "BPF_MAP_UPDATE_BATCH", - BPF_MAP_DELETE_BATCH: "BPF_MAP_DELETE_BATCH", - BPF_LINK_CREATE: "BPF_LINK_CREATE", - BPF_LINK_UPDATE: "BPF_LINK_UPDATE", - BPF_LINK_GET_FD_BY_ID: "BPF_LINK_GET_FD_BY_ID", - BPF_LINK_GET_NEXT_ID: "BPF_LINK_GET_NEXT_ID", - BPF_ENABLE_STATS: "BPF_ENABLE_STATS", - BPF_ITER_CREATE: "BPF_ITER_CREATE", - BPF_LINK_DETACH: "BPF_LINK_DETACH", - } var res string - if cmdName, ok := bpfCmd[b]; ok { + if cmdName, ok := bpfCmdStringMap[b]; ok { res = cmdName } else { res = strconv.Itoa(int(b)) @@ -794,48 +798,48 @@ func (b BPFCommandArgument) String() string { return res } +var bpfCmdMap = map[uint64]BPFCommandArgument{ + BPF_MAP_CREATE.Value(): BPF_MAP_CREATE, + BPF_MAP_LOOKUP_ELEM.Value(): BPF_MAP_LOOKUP_ELEM, + BPF_MAP_UPDATE_ELEM.Value(): BPF_MAP_UPDATE_ELEM, + BPF_MAP_DELETE_ELEM.Value(): BPF_MAP_DELETE_ELEM, + BPF_MAP_GET_NEXT_KEY.Value(): BPF_MAP_GET_NEXT_KEY, + BPF_PROG_LOAD.Value(): BPF_PROG_LOAD, + BPF_OBJ_PIN.Value(): BPF_OBJ_PIN, + BPF_OBJ_GET.Value(): BPF_OBJ_GET, + BPF_PROG_ATTACH.Value(): BPF_PROG_ATTACH, + BPF_PROG_DETACH.Value(): BPF_PROG_DETACH, + BPF_PROG_TEST_RUN.Value(): BPF_PROG_TEST_RUN, + BPF_PROG_GET_NEXT_ID.Value(): BPF_PROG_GET_NEXT_ID, + BPF_MAP_GET_NEXT_ID.Value(): BPF_MAP_GET_NEXT_ID, + BPF_PROG_GET_FD_BY_ID.Value(): BPF_PROG_GET_FD_BY_ID, + BPF_MAP_GET_FD_BY_ID.Value(): BPF_MAP_GET_FD_BY_ID, + BPF_OBJ_GET_INFO_BY_FD.Value(): BPF_OBJ_GET_INFO_BY_FD, + BPF_PROG_QUERY.Value(): BPF_PROG_QUERY, + BPF_RAW_TRACEPOINT_OPEN.Value(): BPF_RAW_TRACEPOINT_OPEN, + BPF_BTF_LOAD.Value(): BPF_BTF_LOAD, + BPF_BTF_GET_FD_BY_ID.Value(): BPF_BTF_GET_FD_BY_ID, + BPF_TASK_FD_QUERY.Value(): BPF_TASK_FD_QUERY, + BPF_MAP_LOOKUP_AND_DELETE_ELEM.Value(): BPF_MAP_LOOKUP_AND_DELETE_ELEM, + BPF_MAP_FREEZE.Value(): BPF_MAP_FREEZE, + BPF_BTF_GET_NEXT_ID.Value(): BPF_BTF_GET_NEXT_ID, + BPF_MAP_LOOKUP_BATCH.Value(): BPF_MAP_LOOKUP_BATCH, + BPF_MAP_LOOKUP_AND_DELETE_BATCH.Value(): BPF_MAP_LOOKUP_AND_DELETE_BATCH, + BPF_MAP_UPDATE_BATCH.Value(): BPF_MAP_UPDATE_BATCH, + BPF_MAP_DELETE_BATCH.Value(): BPF_MAP_DELETE_BATCH, + BPF_LINK_CREATE.Value(): BPF_LINK_CREATE, + BPF_LINK_UPDATE.Value(): BPF_LINK_UPDATE, + BPF_LINK_GET_FD_BY_ID.Value(): BPF_LINK_GET_FD_BY_ID, + BPF_LINK_GET_NEXT_ID.Value(): BPF_LINK_GET_NEXT_ID, + BPF_ENABLE_STATS.Value(): BPF_ENABLE_STATS, + BPF_ITER_CREATE.Value(): BPF_ITER_CREATE, + BPF_LINK_DETACH.Value(): BPF_LINK_DETACH, +} + // ParseBPFCmd parses the raw value of the `cmd` argument of the `bpf` syscall // https://man7.org/linux/man-pages/man2/bpf.2.html func ParseBPFCmd(cmd uint64) (BPFCommandArgument, error) { - var bpfCmd = map[uint64]BPFCommandArgument{ - BPF_MAP_CREATE.Value(): BPF_MAP_CREATE, - BPF_MAP_LOOKUP_ELEM.Value(): BPF_MAP_LOOKUP_ELEM, - BPF_MAP_UPDATE_ELEM.Value(): BPF_MAP_UPDATE_ELEM, - BPF_MAP_DELETE_ELEM.Value(): BPF_MAP_DELETE_ELEM, - BPF_MAP_GET_NEXT_KEY.Value(): BPF_MAP_GET_NEXT_KEY, - BPF_PROG_LOAD.Value(): BPF_PROG_LOAD, - BPF_OBJ_PIN.Value(): BPF_OBJ_PIN, - BPF_OBJ_GET.Value(): BPF_OBJ_GET, - BPF_PROG_ATTACH.Value(): BPF_PROG_ATTACH, - BPF_PROG_DETACH.Value(): BPF_PROG_DETACH, - BPF_PROG_TEST_RUN.Value(): BPF_PROG_TEST_RUN, - BPF_PROG_GET_NEXT_ID.Value(): BPF_PROG_GET_NEXT_ID, - BPF_MAP_GET_NEXT_ID.Value(): BPF_MAP_GET_NEXT_ID, - BPF_PROG_GET_FD_BY_ID.Value(): BPF_PROG_GET_FD_BY_ID, - BPF_MAP_GET_FD_BY_ID.Value(): BPF_MAP_GET_FD_BY_ID, - BPF_OBJ_GET_INFO_BY_FD.Value(): BPF_OBJ_GET_INFO_BY_FD, - BPF_PROG_QUERY.Value(): BPF_PROG_QUERY, - BPF_RAW_TRACEPOINT_OPEN.Value(): BPF_RAW_TRACEPOINT_OPEN, - BPF_BTF_LOAD.Value(): BPF_BTF_LOAD, - BPF_BTF_GET_FD_BY_ID.Value(): BPF_BTF_GET_FD_BY_ID, - BPF_TASK_FD_QUERY.Value(): BPF_TASK_FD_QUERY, - BPF_MAP_LOOKUP_AND_DELETE_ELEM.Value(): BPF_MAP_LOOKUP_AND_DELETE_ELEM, - BPF_MAP_FREEZE.Value(): BPF_MAP_FREEZE, - BPF_BTF_GET_NEXT_ID.Value(): BPF_BTF_GET_NEXT_ID, - BPF_MAP_LOOKUP_BATCH.Value(): BPF_MAP_LOOKUP_BATCH, - BPF_MAP_LOOKUP_AND_DELETE_BATCH.Value(): BPF_MAP_LOOKUP_AND_DELETE_BATCH, - BPF_MAP_UPDATE_BATCH.Value(): BPF_MAP_UPDATE_BATCH, - BPF_MAP_DELETE_BATCH.Value(): BPF_MAP_DELETE_BATCH, - BPF_LINK_CREATE.Value(): BPF_LINK_CREATE, - BPF_LINK_UPDATE.Value(): BPF_LINK_UPDATE, - BPF_LINK_GET_FD_BY_ID.Value(): BPF_LINK_GET_FD_BY_ID, - BPF_LINK_GET_NEXT_ID.Value(): BPF_LINK_GET_NEXT_ID, - BPF_ENABLE_STATS.Value(): BPF_ENABLE_STATS, - BPF_ITER_CREATE.Value(): BPF_ITER_CREATE, - BPF_LINK_DETACH.Value(): BPF_LINK_DETACH, - } - - v, ok := bpfCmd[cmd] + v, ok := bpfCmdMap[cmd] if !ok { return 0, fmt.Errorf("not a valid BPF command argument: %d", cmd) } @@ -883,46 +887,46 @@ var ( func (p PtraceRequestArgument) Value() uint64 { return uint64(p) } -func (p PtraceRequestArgument) String() string { - var ptraceRequest = map[PtraceRequestArgument]string{ - PTRACE_TRACEME: "PTRACE_TRACEME", - PTRACE_PEEKTEXT: "PTRACE_PEEKTEXT", - PTRACE_PEEKDATA: "PTRACE_PEEKDATA", - PTRACE_PEEKUSER: "PTRACE_PEEKUSER", - PTRACE_POKETEXT: "PTRACE_POKETEXT", - PTRACE_POKEDATA: "PTRACE_POKEDATA", - PTRACE_POKEUSER: "PTRACE_POKEUSER", - PTRACE_CONT: "PTRACE_CONT", - PTRACE_KILL: "PTRACE_KILL", - PTRACE_SINGLESTEP: "PTRACE_SINGLESTEP", - PTRACE_GETREGS: "PTRACE_GETREGS", - PTRACE_SETREGS: "PTRACE_SETREGS", - PTRACE_GETFPREGS: "PTRACE_GETFPREGS", - PTRACE_SETFPREGS: "PTRACE_SETFPREGS", - PTRACE_ATTACH: "PTRACE_ATTACH", - PTRACE_DETACH: "PTRACE_DETACH", - PTRACE_GETFPXREGS: "PTRACE_GETFPXREGS", - PTRACE_SETFPXREGS: "PTRACE_SETFPXREGS", - PTRACE_SYSCALL: "PTRACE_SYSCALL", - PTRACE_SETOPTIONS: "PTRACE_SETOPTIONS", - PTRACE_GETEVENTMSG: "PTRACE_GETEVENTMSG", - PTRACE_GETSIGINFO: "PTRACE_GETSIGINFO", - PTRACE_SETSIGINFO: "PTRACE_SETSIGINFO", - PTRACE_GETREGSET: "PTRACE_GETREGSET", - PTRACE_SETREGSET: "PTRACE_SETREGSET", - PTRACE_SEIZE: "PTRACE_SEIZE", - PTRACE_INTERRUPT: "PTRACE_INTERRUPT", - PTRACE_LISTEN: "PTRACE_LISTEN", - PTRACE_PEEKSIGINFO: "PTRACE_PEEKSIGINFO", - PTRACE_GETSIGMASK: "PTRACE_GETSIGMASK", - PTRACE_SETSIGMASK: "PTRACE_SETSIGMASK", - PTRACE_SECCOMP_GET_FILTER: "PTRACE_SECCOMP_GET_FILTER", - PTRACE_SECCOMP_GET_METADATA: "PTRACE_SECCOMP_GET_METADATA", - PTRACE_GET_SYSCALL_INFO: "PTRACE_GET_SYSCALL_INFO", - } +var ptraceRequestStringMap = map[PtraceRequestArgument]string{ + PTRACE_TRACEME: "PTRACE_TRACEME", + PTRACE_PEEKTEXT: "PTRACE_PEEKTEXT", + PTRACE_PEEKDATA: "PTRACE_PEEKDATA", + PTRACE_PEEKUSER: "PTRACE_PEEKUSER", + PTRACE_POKETEXT: "PTRACE_POKETEXT", + PTRACE_POKEDATA: "PTRACE_POKEDATA", + PTRACE_POKEUSER: "PTRACE_POKEUSER", + PTRACE_CONT: "PTRACE_CONT", + PTRACE_KILL: "PTRACE_KILL", + PTRACE_SINGLESTEP: "PTRACE_SINGLESTEP", + PTRACE_GETREGS: "PTRACE_GETREGS", + PTRACE_SETREGS: "PTRACE_SETREGS", + PTRACE_GETFPREGS: "PTRACE_GETFPREGS", + PTRACE_SETFPREGS: "PTRACE_SETFPREGS", + PTRACE_ATTACH: "PTRACE_ATTACH", + PTRACE_DETACH: "PTRACE_DETACH", + PTRACE_GETFPXREGS: "PTRACE_GETFPXREGS", + PTRACE_SETFPXREGS: "PTRACE_SETFPXREGS", + PTRACE_SYSCALL: "PTRACE_SYSCALL", + PTRACE_SETOPTIONS: "PTRACE_SETOPTIONS", + PTRACE_GETEVENTMSG: "PTRACE_GETEVENTMSG", + PTRACE_GETSIGINFO: "PTRACE_GETSIGINFO", + PTRACE_SETSIGINFO: "PTRACE_SETSIGINFO", + PTRACE_GETREGSET: "PTRACE_GETREGSET", + PTRACE_SETREGSET: "PTRACE_SETREGSET", + PTRACE_SEIZE: "PTRACE_SEIZE", + PTRACE_INTERRUPT: "PTRACE_INTERRUPT", + PTRACE_LISTEN: "PTRACE_LISTEN", + PTRACE_PEEKSIGINFO: "PTRACE_PEEKSIGINFO", + PTRACE_GETSIGMASK: "PTRACE_GETSIGMASK", + PTRACE_SETSIGMASK: "PTRACE_SETSIGMASK", + PTRACE_SECCOMP_GET_FILTER: "PTRACE_SECCOMP_GET_FILTER", + PTRACE_SECCOMP_GET_METADATA: "PTRACE_SECCOMP_GET_METADATA", + PTRACE_GET_SYSCALL_INFO: "PTRACE_GET_SYSCALL_INFO", +} +func (p PtraceRequestArgument) String() string { var res string - if reqName, ok := ptraceRequest[p]; ok { + if reqName, ok := ptraceRequestStringMap[p]; ok { res = reqName } else { res = strconv.Itoa(int(p)) @@ -931,45 +935,46 @@ func (p PtraceRequestArgument) String() string { return res } +var ptraceRequestArgMap = map[uint64]PtraceRequestArgument{ + PTRACE_TRACEME.Value(): PTRACE_TRACEME, + PTRACE_PEEKTEXT.Value(): PTRACE_PEEKTEXT, + PTRACE_PEEKDATA.Value(): PTRACE_PEEKDATA, + PTRACE_PEEKUSER.Value(): PTRACE_PEEKUSER, + PTRACE_POKETEXT.Value(): PTRACE_POKETEXT, + PTRACE_POKEDATA.Value(): PTRACE_POKEDATA, + PTRACE_POKEUSER.Value(): PTRACE_POKEUSER, + PTRACE_CONT.Value(): PTRACE_CONT, + PTRACE_KILL.Value(): PTRACE_KILL, + PTRACE_SINGLESTEP.Value(): PTRACE_SINGLESTEP, + PTRACE_GETREGS.Value(): PTRACE_GETREGS, + PTRACE_SETREGS.Value(): PTRACE_SETREGS, + PTRACE_GETFPREGS.Value(): PTRACE_GETFPREGS, + PTRACE_SETFPREGS.Value(): PTRACE_SETFPREGS, + PTRACE_ATTACH.Value(): PTRACE_ATTACH, + PTRACE_DETACH.Value(): PTRACE_DETACH, + PTRACE_GETFPXREGS.Value(): PTRACE_GETFPXREGS, + PTRACE_SETFPXREGS.Value(): PTRACE_SETFPXREGS, + PTRACE_SYSCALL.Value(): PTRACE_SYSCALL, + PTRACE_SETOPTIONS.Value(): PTRACE_SETOPTIONS, + PTRACE_GETEVENTMSG.Value(): PTRACE_GETEVENTMSG, + PTRACE_GETSIGINFO.Value(): PTRACE_GETSIGINFO, + PTRACE_SETSIGINFO.Value(): PTRACE_SETSIGINFO, + PTRACE_GETREGSET.Value(): PTRACE_GETREGSET, + PTRACE_SETREGSET.Value(): PTRACE_SETREGSET, + PTRACE_SEIZE.Value(): PTRACE_SEIZE, + PTRACE_INTERRUPT.Value(): PTRACE_INTERRUPT, + PTRACE_LISTEN.Value(): PTRACE_LISTEN, + PTRACE_PEEKSIGINFO.Value(): PTRACE_PEEKSIGINFO, + PTRACE_GETSIGMASK.Value(): PTRACE_GETSIGMASK, + PTRACE_SETSIGMASK.Value(): PTRACE_SETSIGMASK, + PTRACE_SECCOMP_GET_FILTER.Value(): PTRACE_SECCOMP_GET_FILTER, + PTRACE_SECCOMP_GET_METADATA.Value(): PTRACE_SECCOMP_GET_METADATA, + PTRACE_GET_SYSCALL_INFO.Value(): PTRACE_GET_SYSCALL_INFO, +} + func ParsePtraceRequestArgument(rawValue uint64) (PtraceRequestArgument, error) { - var ptraceRequest = map[uint64]PtraceRequestArgument{ - PTRACE_TRACEME.Value(): PTRACE_TRACEME, - PTRACE_PEEKTEXT.Value(): PTRACE_PEEKTEXT, - PTRACE_PEEKDATA.Value(): PTRACE_PEEKDATA, - PTRACE_PEEKUSER.Value(): PTRACE_PEEKUSER, - PTRACE_POKETEXT.Value(): PTRACE_POKETEXT, - PTRACE_POKEDATA.Value(): PTRACE_POKEDATA, - PTRACE_POKEUSER.Value(): PTRACE_POKEUSER, - PTRACE_CONT.Value(): PTRACE_CONT, - PTRACE_KILL.Value(): PTRACE_KILL, - PTRACE_SINGLESTEP.Value(): PTRACE_SINGLESTEP, - PTRACE_GETREGS.Value(): PTRACE_GETREGS, - PTRACE_SETREGS.Value(): PTRACE_SETREGS, - PTRACE_GETFPREGS.Value(): PTRACE_GETFPREGS, - PTRACE_SETFPREGS.Value(): PTRACE_SETFPREGS, - PTRACE_ATTACH.Value(): PTRACE_ATTACH, - PTRACE_DETACH.Value(): PTRACE_DETACH, - PTRACE_GETFPXREGS.Value(): PTRACE_GETFPXREGS, - PTRACE_SETFPXREGS.Value(): PTRACE_SETFPXREGS, - PTRACE_SYSCALL.Value(): PTRACE_SYSCALL, - PTRACE_SETOPTIONS.Value(): PTRACE_SETOPTIONS, - PTRACE_GETEVENTMSG.Value(): PTRACE_GETEVENTMSG, - PTRACE_GETSIGINFO.Value(): PTRACE_GETSIGINFO, - PTRACE_SETSIGINFO.Value(): PTRACE_SETSIGINFO, - PTRACE_GETREGSET.Value(): PTRACE_GETREGSET, - PTRACE_SETREGSET.Value(): PTRACE_SETREGSET, - PTRACE_SEIZE.Value(): PTRACE_SEIZE, - PTRACE_INTERRUPT.Value(): PTRACE_INTERRUPT, - PTRACE_LISTEN.Value(): PTRACE_LISTEN, - PTRACE_PEEKSIGINFO.Value(): PTRACE_PEEKSIGINFO, - PTRACE_GETSIGMASK.Value(): PTRACE_GETSIGMASK, - PTRACE_SETSIGMASK.Value(): PTRACE_SETSIGMASK, - PTRACE_SECCOMP_GET_FILTER.Value(): PTRACE_SECCOMP_GET_FILTER, - PTRACE_SECCOMP_GET_METADATA.Value(): PTRACE_SECCOMP_GET_METADATA, - PTRACE_GET_SYSCALL_INFO.Value(): PTRACE_GET_SYSCALL_INFO, - } - - if reqName, ok := ptraceRequest[rawValue]; ok { + + if reqName, ok := ptraceRequestArgMap[rawValue]; ok { return reqName, nil } return 0, fmt.Errorf("not a valid ptrace request value: %d", rawValue) @@ -1027,60 +1032,60 @@ const ( func (s SocketDomainArgument) Value() uint64 { return uint64(s) } +var socketDomainStringMap = map[SocketDomainArgument]string{ + AF_UNSPEC: "AF_UNSPEC", + AF_UNIX: "AF_UNIX", + AF_INET: "AF_INET", + AF_AX25: "AF_AX25", + AF_IPX: "AF_IPX", + AF_APPLETALK: "AF_APPLETALK", + AF_NETROM: "AF_NETROM", + AF_BRIDGE: "AF_BRIDGE", + AF_ATMPVC: "AF_ATMPVC", + AF_X25: "AF_X25", + AF_INET6: "AF_INET6", + AF_ROSE: "AF_ROSE", + AF_DECnet: "AF_DECnet", + AF_NETBEUI: "AF_NETBEUI", + AF_SECURITY: "AF_SECURITY", + AF_KEY: "AF_KEY", + AF_NETLINK: "AF_NETLINK", + AF_PACKET: "AF_PACKET", + AF_ASH: "AF_ASH", + AF_ECONET: "AF_ECONET", + AF_ATMSVC: "AF_ATMSVC", + AF_RDS: "AF_RDS", + AF_SNA: "AF_SNA", + AF_IRDA: "AF_IRDA", + AF_PPPOX: "AF_PPPOX", + AF_WANPIPE: "AF_WANPIPE", + AF_LLC: "AF_LLC", + AF_IB: "AF_IB", + AF_MPLS: "AF_MPLS", + AF_CAN: "AF_CAN", + AF_TIPC: "AF_TIPC", + AF_BLUETOOTH: "AF_BLUETOOTH", + AF_IUCV: "AF_IUCV", + AF_RXRPC: "AF_RXRPC", + AF_ISDN: "AF_ISDN", + AF_PHONET: "AF_PHONET", + AF_IEEE802154: "AF_IEEE802154", + AF_CAIF: "AF_CAIF", + AF_ALG: "AF_ALG", + AF_NFC: "AF_NFC", + AF_VSOCK: "AF_VSOCK", + AF_KCM: "AF_KCM", + AF_QIPCRTR: "AF_QIPCRTR", + AF_SMC: "AF_SMC", + AF_XDP: "AF_XDP", +} + // String parses the `domain` bitmask argument of the `socket` syscall // http://man7.org/linux/man-pages/man2/socket.2.html func (s SocketDomainArgument) String() string { - var socketDomains = map[SocketDomainArgument]string{ - AF_UNSPEC: "AF_UNSPEC", - AF_UNIX: "AF_UNIX", - AF_INET: "AF_INET", - AF_AX25: "AF_AX25", - AF_IPX: "AF_IPX", - AF_APPLETALK: "AF_APPLETALK", - AF_NETROM: "AF_NETROM", - AF_BRIDGE: "AF_BRIDGE", - AF_ATMPVC: "AF_ATMPVC", - AF_X25: "AF_X25", - AF_INET6: "AF_INET6", - AF_ROSE: "AF_ROSE", - AF_DECnet: "AF_DECnet", - AF_NETBEUI: "AF_NETBEUI", - AF_SECURITY: "AF_SECURITY", - AF_KEY: "AF_KEY", - AF_NETLINK: "AF_NETLINK", - AF_PACKET: "AF_PACKET", - AF_ASH: "AF_ASH", - AF_ECONET: "AF_ECONET", - AF_ATMSVC: "AF_ATMSVC", - AF_RDS: "AF_RDS", - AF_SNA: "AF_SNA", - AF_IRDA: "AF_IRDA", - AF_PPPOX: "AF_PPPOX", - AF_WANPIPE: "AF_WANPIPE", - AF_LLC: "AF_LLC", - AF_IB: "AF_IB", - AF_MPLS: "AF_MPLS", - AF_CAN: "AF_CAN", - AF_TIPC: "AF_TIPC", - AF_BLUETOOTH: "AF_BLUETOOTH", - AF_IUCV: "AF_IUCV", - AF_RXRPC: "AF_RXRPC", - AF_ISDN: "AF_ISDN", - AF_PHONET: "AF_PHONET", - AF_IEEE802154: "AF_IEEE802154", - AF_CAIF: "AF_CAIF", - AF_ALG: "AF_ALG", - AF_NFC: "AF_NFC", - AF_VSOCK: "AF_VSOCK", - AF_KCM: "AF_KCM", - AF_QIPCRTR: "AF_QIPCRTR", - AF_SMC: "AF_SMC", - AF_XDP: "AF_XDP", - } - var res string - if sdName, ok := socketDomains[s]; ok { + if sdName, ok := socketDomainStringMap[s]; ok { res = sdName } else { res = strconv.Itoa(int(s)) @@ -1089,55 +1094,57 @@ func (s SocketDomainArgument) String() string { return res } +var socketDomainMap = map[uint64]SocketDomainArgument{ + AF_UNSPEC.Value(): AF_UNSPEC, + AF_UNIX.Value(): AF_UNIX, + AF_INET.Value(): AF_INET, + AF_AX25.Value(): AF_AX25, + AF_IPX.Value(): AF_IPX, + AF_APPLETALK.Value(): AF_APPLETALK, + AF_NETROM.Value(): AF_NETROM, + AF_BRIDGE.Value(): AF_BRIDGE, + AF_ATMPVC.Value(): AF_ATMPVC, + AF_X25.Value(): AF_X25, + AF_INET6.Value(): AF_INET6, + AF_ROSE.Value(): AF_ROSE, + AF_DECnet.Value(): AF_DECnet, + AF_NETBEUI.Value(): AF_NETBEUI, + AF_SECURITY.Value(): AF_SECURITY, + AF_KEY.Value(): AF_KEY, + AF_NETLINK.Value(): AF_NETLINK, + AF_PACKET.Value(): AF_PACKET, + AF_ASH.Value(): AF_ASH, + AF_ECONET.Value(): AF_ECONET, + AF_ATMSVC.Value(): AF_ATMSVC, + AF_RDS.Value(): AF_RDS, + AF_SNA.Value(): AF_SNA, + AF_IRDA.Value(): AF_IRDA, + AF_PPPOX.Value(): AF_PPPOX, + AF_WANPIPE.Value(): AF_WANPIPE, + AF_LLC.Value(): AF_LLC, + AF_IB.Value(): AF_IB, + AF_MPLS.Value(): AF_MPLS, + AF_CAN.Value(): AF_CAN, + AF_TIPC.Value(): AF_TIPC, + AF_BLUETOOTH.Value(): AF_BLUETOOTH, + AF_IUCV.Value(): AF_IUCV, + AF_RXRPC.Value(): AF_RXRPC, + AF_ISDN.Value(): AF_ISDN, + AF_PHONET.Value(): AF_PHONET, + AF_IEEE802154.Value(): AF_IEEE802154, + AF_CAIF.Value(): AF_CAIF, + AF_ALG.Value(): AF_ALG, + AF_NFC.Value(): AF_NFC, + AF_VSOCK.Value(): AF_VSOCK, + AF_KCM.Value(): AF_KCM, + AF_QIPCRTR.Value(): AF_QIPCRTR, + AF_SMC.Value(): AF_SMC, + AF_XDP.Value(): AF_XDP, +} + func ParseSocketDomainArgument(rawValue uint64) (SocketDomainArgument, error) { - var socketDomains = map[uint64]SocketDomainArgument{ - AF_UNSPEC.Value(): AF_UNSPEC, - AF_UNIX.Value(): AF_UNIX, - AF_INET.Value(): AF_INET, - AF_AX25.Value(): AF_AX25, - AF_IPX.Value(): AF_IPX, - AF_APPLETALK.Value(): AF_APPLETALK, - AF_NETROM.Value(): AF_NETROM, - AF_BRIDGE.Value(): AF_BRIDGE, - AF_ATMPVC.Value(): AF_ATMPVC, - AF_X25.Value(): AF_X25, - AF_INET6.Value(): AF_INET6, - AF_ROSE.Value(): AF_ROSE, - AF_DECnet.Value(): AF_DECnet, - AF_NETBEUI.Value(): AF_NETBEUI, - AF_SECURITY.Value(): AF_SECURITY, - AF_KEY.Value(): AF_KEY, - AF_NETLINK.Value(): AF_NETLINK, - AF_PACKET.Value(): AF_PACKET, - AF_ASH.Value(): AF_ASH, - AF_ECONET.Value(): AF_ECONET, - AF_ATMSVC.Value(): AF_ATMSVC, - AF_RDS.Value(): AF_RDS, - AF_SNA.Value(): AF_SNA, - AF_IRDA.Value(): AF_IRDA, - AF_PPPOX.Value(): AF_PPPOX, - AF_WANPIPE.Value(): AF_WANPIPE, - AF_LLC.Value(): AF_LLC, - AF_IB.Value(): AF_IB, - AF_MPLS.Value(): AF_MPLS, - AF_CAN.Value(): AF_CAN, - AF_TIPC.Value(): AF_TIPC, - AF_BLUETOOTH.Value(): AF_BLUETOOTH, - AF_IUCV.Value(): AF_IUCV, - AF_RXRPC.Value(): AF_RXRPC, - AF_ISDN.Value(): AF_ISDN, - AF_PHONET.Value(): AF_PHONET, - AF_IEEE802154.Value(): AF_IEEE802154, - AF_CAIF.Value(): AF_CAIF, - AF_ALG.Value(): AF_ALG, - AF_NFC.Value(): AF_NFC, - AF_VSOCK.Value(): AF_VSOCK, - AF_KCM.Value(): AF_KCM, - AF_QIPCRTR.Value(): AF_QIPCRTR, - AF_SMC.Value(): AF_SMC, - AF_XDP.Value(): AF_XDP, - } - v, ok := socketDomains[rawValue] + + v, ok := socketDomainMap[rawValue] if !ok { return 0, fmt.Errorf("not a valid argument: %d", rawValue) } @@ -1164,22 +1171,22 @@ var ( func (s SocketTypeArgument) Value() uint64 { return s.rawValue } func (s SocketTypeArgument) String() string { return s.stringValue } +var socketTypeMap = map[uint64]SocketTypeArgument{ + SOCK_STREAM.Value(): SOCK_STREAM, + SOCK_DGRAM.Value(): SOCK_DGRAM, + SOCK_RAW.Value(): SOCK_RAW, + SOCK_RDM.Value(): SOCK_RDM, + SOCK_SEQPACKET.Value(): SOCK_SEQPACKET, + SOCK_DCCP.Value(): SOCK_DCCP, + SOCK_PACKET.Value(): SOCK_PACKET, +} + // ParseSocketType parses the `type` bitmask argument of the `socket` syscall // http://man7.org/linux/man-pages/man2/socket.2.html func ParseSocketType(rawValue uint64) (SocketTypeArgument, error) { - var socketTypes = map[uint64]SocketTypeArgument{ - SOCK_STREAM.Value(): SOCK_STREAM, - SOCK_DGRAM.Value(): SOCK_DGRAM, - SOCK_RAW.Value(): SOCK_RAW, - SOCK_RDM.Value(): SOCK_RDM, - SOCK_SEQPACKET.Value(): SOCK_SEQPACKET, - SOCK_DCCP.Value(): SOCK_DCCP, - SOCK_PACKET.Value(): SOCK_PACKET, - } - var f []string - if stName, ok := socketTypes[rawValue&0xf]; ok { + if stName, ok := socketTypeMap[rawValue&0xf]; ok { f = append(f, stName.String()) } else { f = append(f, strconv.Itoa(int(rawValue)))