From daa652342faac60d08744cbd5d8757f1f4447544 Mon Sep 17 00:00:00 2001 From: CFC4N Date: Mon, 9 May 2022 23:07:10 +0800 Subject: [PATCH 1/3] * : rewrite event dispatch logic. Signed-off-by: CFC4N --- user/event_bash.go | 19 +++++++++++----- user/event_gnutls.go | 17 +++++++++----- user/event_mysqld.go | 25 +++++++++++++-------- user/event_nspr.go | 17 +++++++++----- user/event_openssl.go | 34 ++++++++++++++-------------- user/event_postgres.go | 19 +++++++++++----- user/ievent.go | 11 ++++++++++ user/imodule.go | 50 +++++++++++++++++++----------------------- user/probe_bash.go | 10 +++------ user/probe_gnutls.go | 4 ---- user/probe_mysqld.go | 4 ---- user/probe_nspr.go | 4 ---- user/probe_openssl.go | 18 ++++++++++----- user/probe_postgres.go | 4 ---- 14 files changed, 133 insertions(+), 103 deletions(-) diff --git a/user/event_bash.go b/user/event_bash.go index e59f6a24a..b4870fb5c 100644 --- a/user/event_bash.go +++ b/user/event_bash.go @@ -18,11 +18,12 @@ import ( const MAX_DATA_SIZE_BASH = 256 type bashEvent struct { - module IModule - Pid uint32 - Line [MAX_DATA_SIZE_BASH]uint8 - Retval uint32 - Comm [16]byte + module IModule + event_type EVENT_TYPE + Pid uint32 + Line [MAX_DATA_SIZE_BASH]uint8 + Retval uint32 + Comm [16]byte } func (this *bashEvent) Decode(payload []byte) (err error) { @@ -62,5 +63,11 @@ func (this *bashEvent) Module() IModule { } func (this *bashEvent) Clone() IEventStruct { - return new(bashEvent) + event := new(bashEvent) + event.event_type = EVENT_TYPE_OUTPUT + return event +} + +func (this *bashEvent) EventType() EVENT_TYPE { + return this.event_type } diff --git a/user/event_gnutls.go b/user/event_gnutls.go index 6898ede17..3dc7c68e8 100644 --- a/user/event_gnutls.go +++ b/user/event_gnutls.go @@ -12,7 +12,8 @@ import ( type GnutlsDataEvent struct { module IModule - EventType int64 + event_type EVENT_TYPE + DataType int64 Timestamp_ns uint64 Pid uint32 Tid uint32 @@ -23,7 +24,7 @@ type GnutlsDataEvent struct { func (this *GnutlsDataEvent) Decode(payload []byte) (err error) { buf := bytes.NewBuffer(payload) - if err = binary.Read(buf, binary.LittleEndian, &this.EventType); err != nil { + if err = binary.Read(buf, binary.LittleEndian, &this.DataType); err != nil { return } if err = binary.Read(buf, binary.LittleEndian, &this.Timestamp_ns); err != nil { @@ -49,7 +50,7 @@ func (this *GnutlsDataEvent) Decode(payload []byte) (err error) { func (this *GnutlsDataEvent) StringHex() string { var perfix, packetType string - switch AttachType(this.EventType) { + switch AttachType(this.DataType) { case PROBE_ENTRY: packetType = fmt.Sprintf("%sRecived%s", COLORGREEN, COLORRESET) perfix = COLORGREEN @@ -68,7 +69,7 @@ func (this *GnutlsDataEvent) StringHex() string { func (this *GnutlsDataEvent) String() string { var perfix, packetType string - switch AttachType(this.EventType) { + switch AttachType(this.DataType) { case PROBE_ENTRY: packetType = fmt.Sprintf("%sRecived%s", COLORGREEN, COLORRESET) perfix = COLORGREEN @@ -91,5 +92,11 @@ func (this *GnutlsDataEvent) Module() IModule { } func (this *GnutlsDataEvent) Clone() IEventStruct { - return new(GnutlsDataEvent) + event := new(GnutlsDataEvent) + event.event_type = EVENT_TYPE_OUTPUT + return event +} + +func (this *GnutlsDataEvent) EventType() EVENT_TYPE { + return this.event_type } diff --git a/user/event_mysqld.go b/user/event_mysqld.go index f463d2934..8a3a4b55f 100644 --- a/user/event_mysqld.go +++ b/user/event_mysqld.go @@ -51,14 +51,15 @@ func (this dispatch_command_return) String() string { } type mysqldEvent struct { - module IModule - Pid uint64 - Timestamp uint64 - query [MYSQLD_MAX_DATA_SIZE]uint8 - alllen uint64 - len uint64 - comm [16]uint8 - retval dispatch_command_return + module IModule + event_type EVENT_TYPE + Pid uint64 + Timestamp uint64 + query [MYSQLD_MAX_DATA_SIZE]uint8 + alllen uint64 + len uint64 + comm [16]uint8 + retval dispatch_command_return } func (this *mysqldEvent) Decode(payload []byte) (err error) { @@ -106,5 +107,11 @@ func (this *mysqldEvent) Module() IModule { } func (this *mysqldEvent) Clone() IEventStruct { - return new(mysqldEvent) + event := new(mysqldEvent) + event.event_type = EVENT_TYPE_OUTPUT + return event +} + +func (this *mysqldEvent) EventType() EVENT_TYPE { + return this.event_type } diff --git a/user/event_nspr.go b/user/event_nspr.go index f11e4f1af..d870a5333 100644 --- a/user/event_nspr.go +++ b/user/event_nspr.go @@ -13,7 +13,8 @@ import ( type NsprDataEvent struct { module IModule - EventType int64 + event_type EVENT_TYPE + DataType int64 Timestamp_ns uint64 Pid uint32 Tid uint32 @@ -24,7 +25,7 @@ type NsprDataEvent struct { func (this *NsprDataEvent) Decode(payload []byte) (err error) { buf := bytes.NewBuffer(payload) - if err = binary.Read(buf, binary.LittleEndian, &this.EventType); err != nil { + if err = binary.Read(buf, binary.LittleEndian, &this.DataType); err != nil { return } if err = binary.Read(buf, binary.LittleEndian, &this.Timestamp_ns); err != nil { @@ -50,7 +51,7 @@ func (this *NsprDataEvent) Decode(payload []byte) (err error) { func (this *NsprDataEvent) StringHex() string { var perfix, packetType string - switch AttachType(this.EventType) { + switch AttachType(this.DataType) { case PROBE_ENTRY: packetType = fmt.Sprintf("%sRecived%s", COLORGREEN, COLORRESET) perfix = COLORGREEN @@ -81,7 +82,7 @@ func (this *NsprDataEvent) StringHex() string { func (this *NsprDataEvent) String() string { var perfix, packetType string - switch AttachType(this.EventType) { + switch AttachType(this.DataType) { case PROBE_ENTRY: packetType = fmt.Sprintf("%sRecived%s", COLORGREEN, COLORRESET) perfix = COLORGREEN @@ -113,5 +114,11 @@ func (this *NsprDataEvent) Module() IModule { } func (this *NsprDataEvent) Clone() IEventStruct { - return new(NsprDataEvent) + event := new(NsprDataEvent) + event.event_type = EVENT_TYPE_OUTPUT + return event +} + +func (this *NsprDataEvent) EventType() EVENT_TYPE { + return this.event_type } diff --git a/user/event_openssl.go b/user/event_openssl.go index 6ed556fdd..0afb56b72 100644 --- a/user/event_openssl.go +++ b/user/event_openssl.go @@ -23,7 +23,8 @@ const SA_DATA_LEN = 14 type SSLDataEvent struct { module IModule - EventType int64 + event_type EVENT_TYPE + DataType int64 Timestamp_ns uint64 Pid uint32 Tid uint32 @@ -35,7 +36,7 @@ type SSLDataEvent struct { func (this *SSLDataEvent) Decode(payload []byte) (err error) { buf := bytes.NewBuffer(payload) - if err = binary.Read(buf, binary.LittleEndian, &this.EventType); err != nil { + if err = binary.Read(buf, binary.LittleEndian, &this.DataType); err != nil { return } if err = binary.Read(buf, binary.LittleEndian, &this.Timestamp_ns); err != nil { @@ -67,7 +68,7 @@ func (this *SSLDataEvent) StringHex() string { addr := this.module.(*MOpenSSLProbe).GetConn(this.Pid, this.Fd) var perfix, connInfo string - switch AttachType(this.EventType) { + switch AttachType(this.DataType) { case PROBE_ENTRY: connInfo = fmt.Sprintf("%sRecived %d%s bytes from %s%s%s", COLORGREEN, this.Data_len, COLORRESET, COLORYELLOW, addr, COLORRESET) perfix = COLORGREEN @@ -89,7 +90,7 @@ func (this *SSLDataEvent) String() string { addr := this.module.(*MOpenSSLProbe).GetConn(this.Pid, this.Fd) var perfix, connInfo string - switch AttachType(this.EventType) { + switch AttachType(this.DataType) { case PROBE_ENTRY: connInfo = fmt.Sprintf("%sRecived %d%s bytes from %s%s%s", COLORGREEN, this.Data_len, COLORRESET, COLORYELLOW, addr, COLORRESET) perfix = COLORGREEN @@ -113,10 +114,14 @@ func (this *SSLDataEvent) Module() IModule { func (this *SSLDataEvent) Clone() IEventStruct { event := new(SSLDataEvent) - event.module = this.module + event.event_type = EVENT_TYPE_OUTPUT return event } +func (this *SSLDataEvent) EventType() EVENT_TYPE { + return this.event_type +} + // connect_events map /* uint64_t timestamp_ns; @@ -128,13 +133,14 @@ uint64_t timestamp_ns; */ type ConnDataEvent struct { module IModule + event_type EVENT_TYPE TimestampNs uint64 Pid uint32 Tid uint32 Fd uint32 SaData [SA_DATA_LEN]byte Comm [16]byte - addr string + Addr string } func (this *ConnDataEvent) Decode(payload []byte) (err error) { @@ -159,24 +165,16 @@ func (this *ConnDataEvent) Decode(payload []byte) (err error) { } port := binary.BigEndian.Uint16(this.SaData[0:2]) ip := net.IPv4(this.SaData[2], this.SaData[3], this.SaData[4], this.SaData[5]) - this.addr = fmt.Sprintf("%s:%d", ip, port) - - // save event to this.module - module := this.module.(*MOpenSSLProbe) - module.AddConn(this.Pid, this.Fd, this.addr) + this.Addr = fmt.Sprintf("%s:%d", ip, port) return nil } func (this *ConnDataEvent) StringHex() string { return "" - s := fmt.Sprintf("PID:%d, Comm:%s, TID:%d, FD:%d, Addr: %s", this.Pid, this.Comm, this.Tid, this.Fd, this.addr) - return s } func (this *ConnDataEvent) String() string { return "" - s := fmt.Sprintf("PID:%d, Comm:%s, TID:%d, FD:%d, Addr: %s ", this.Pid, this.Comm, this.Tid, this.Fd, this.addr) - return s } func (this *ConnDataEvent) SetModule(module IModule) { @@ -189,6 +187,10 @@ func (this *ConnDataEvent) Module() IModule { func (this *ConnDataEvent) Clone() IEventStruct { event := new(ConnDataEvent) - event.module = this.module + event.event_type = EVENT_TYPE_MODULE_DATA return event } + +func (this *ConnDataEvent) EventType() EVENT_TYPE { + return this.event_type +} diff --git a/user/event_postgres.go b/user/event_postgres.go index ef323c75f..9f0bc6240 100644 --- a/user/event_postgres.go +++ b/user/event_postgres.go @@ -21,11 +21,12 @@ import ( const POSTGRES_MAX_DATA_SIZE = 256 type postgresEvent struct { - module IModule - Pid uint64 - Timestamp uint64 - query [POSTGRES_MAX_DATA_SIZE]uint8 - comm [16]uint8 + module IModule + event_type EVENT_TYPE + Pid uint64 + Timestamp uint64 + query [POSTGRES_MAX_DATA_SIZE]uint8 + comm [16]uint8 } func (this *postgresEvent) Decode(payload []byte) (err error) { @@ -64,5 +65,11 @@ func (this *postgresEvent) Module() IModule { } func (this *postgresEvent) Clone() IEventStruct { - return new(postgresEvent) + event := new(postgresEvent) + event.event_type = EVENT_TYPE_OUTPUT + return event +} + +func (this *postgresEvent) EventType() EVENT_TYPE { + return this.event_type } diff --git a/user/ievent.go b/user/ievent.go index 38a7a80e1..3ce396bc1 100644 --- a/user/ievent.go +++ b/user/ievent.go @@ -1,5 +1,15 @@ package user +type EVENT_TYPE uint8 + +const ( + // upload to server or write to logfile. + EVENT_TYPE_OUTPUT EVENT_TYPE = iota + + // set as module cache data + EVENT_TYPE_MODULE_DATA +) + type IEventStruct interface { Decode(payload []byte) (err error) String() string @@ -7,4 +17,5 @@ type IEventStruct interface { Clone() IEventStruct Module() IModule SetModule(IModule) + EventType() EVENT_TYPE } diff --git a/user/imodule.go b/user/imodule.go index 2830da34f..d7b842748 100644 --- a/user/imodule.go +++ b/user/imodule.go @@ -32,13 +32,13 @@ type IModule interface { SetChild(module IModule) - Decode(*ebpf.Map, []byte) (string, error) + Decode(*ebpf.Map, []byte) (IEventStruct, error) Events() []*ebpf.Map DecodeFun(p *ebpf.Map) (IEventStruct, bool) - Write(string) + Dispatcher(IEventStruct) } type Module struct { @@ -169,15 +169,15 @@ func (this *Module) perfEventReader(errChan chan error, em *ebpf.Map) { continue } - var result string - result, err = this.child.Decode(em, record.RawSample) + var event IEventStruct + event, err = this.child.Decode(em, record.RawSample) if err != nil { log.Printf("this.child.decode error:%v", err) continue } // 上报数据 - this.Write(result) + this.Dispatcher(event) } } @@ -207,46 +207,40 @@ func (this *Module) ringbufEventReader(errChan chan error, em *ebpf.Map) { return } - var result string - result, err = this.child.Decode(em, record.RawSample) + var event IEventStruct + event, err = this.child.Decode(em, record.RawSample) if err != nil { log.Printf("this.child.decode error:%v", err) continue } // 上报数据 - this.Write(result) + this.Dispatcher(event) } } -func (this *Module) EventsDecode(payload []byte, es IEventStruct) (s string, err error) { - te := es.Clone() - err = te.Decode(payload) - if err != nil { - return - } - if this.conf.GetHex() { - s = te.StringHex() - } else { - s = te.String() - } - return -} - -func (this *Module) Decode(em *ebpf.Map, b []byte) (result string, err error) { +func (this *Module) Decode(em *ebpf.Map, b []byte) (event IEventStruct, err error) { es, found := this.child.DecodeFun(em) if !found { err = fmt.Errorf("can't found decode function :%s, address:%p", em.String(), em) return } - result, err = this.EventsDecode(b, es) + + te := es.Clone() + err = te.Decode(b) if err != nil { - return + return nil, err } - return + return te, nil } // 写入数据,或者上传到远程数据库,写入到其他chan 等。 -func (this *Module) Write(result string) { - this.child.Write(result) +func (this *Module) Dispatcher(event IEventStruct) { + switch event.EventType() { + case EVENT_TYPE_OUTPUT: + this.logger.Println(event) + case EVENT_TYPE_MODULE_DATA: + // Save to cache TODO + //this.child.Dispatcher(event) + } } diff --git a/user/probe_bash.go b/user/probe_bash.go index efa22ae18..7af236922 100644 --- a/user/probe_bash.go +++ b/user/probe_bash.go @@ -83,8 +83,8 @@ func (this *MBashProbe) constantEditor() []manager.ConstantEditor { //FailOnMissing: true, }, { - Name: "target_errno", - Value: uint32(this.Module.conf.(* BashConfig).ErrNo), + Name: "target_errno", + Value: uint32(this.Module.conf.(*BashConfig).ErrNo), }, } @@ -123,7 +123,7 @@ func (this *MBashProbe) setupManagers() { Section: "uretprobe/bash_retval", EbpfFuncName: "uretprobe_bash_retval", AttachToFuncName: "execute_command", - BinaryPath: binaryPath, // 可能是 /bin/bash 也可能是 readline.so的真实地址 + BinaryPath: binaryPath, // 可能是 /bin/bash 也可能是 readline.so的真实地址 }, }, @@ -182,10 +182,6 @@ func (this *MBashProbe) Events() []*ebpf.Map { return this.eventMaps } -func (this *MBashProbe) Write(result string) { - this.logger.Println(result) -} - func init() { mod := &MBashProbe{} mod.name = MODULE_NAME_BASH diff --git a/user/probe_gnutls.go b/user/probe_gnutls.go index 6784f8376..674960f03 100644 --- a/user/probe_gnutls.go +++ b/user/probe_gnutls.go @@ -196,10 +196,6 @@ func (this *MGnutlsProbe) Events() []*ebpf.Map { return this.eventMaps } -func (this *MGnutlsProbe) Write(result string) { - this.logger.Println(result) -} - func init() { mod := &MGnutlsProbe{} mod.name = MODULE_NAME_GNUTLS diff --git a/user/probe_mysqld.go b/user/probe_mysqld.go index 06a824e6f..5f797ee67 100644 --- a/user/probe_mysqld.go +++ b/user/probe_mysqld.go @@ -212,10 +212,6 @@ func (this *MMysqldProbe) Events() []*ebpf.Map { return this.eventMaps } -func (this *MMysqldProbe) Write(result string) { - this.logger.Println(result) -} - func init() { mod := &MMysqldProbe{} mod.name = MODULE_NAME_MYSQLD diff --git a/user/probe_nspr.go b/user/probe_nspr.go index 0c16ab987..664a174ca 100644 --- a/user/probe_nspr.go +++ b/user/probe_nspr.go @@ -230,10 +230,6 @@ func (this *MNsprProbe) Events() []*ebpf.Map { return this.eventMaps } -func (this *MNsprProbe) Write(result string) { - this.logger.Println(result) -} - func init() { mod := &MNsprProbe{} mod.name = MODULE_NAME_NSPR diff --git a/user/probe_openssl.go b/user/probe_openssl.go index fc9e60ff1..d068012fc 100644 --- a/user/probe_openssl.go +++ b/user/probe_openssl.go @@ -23,7 +23,7 @@ type MOpenSSLProbe struct { eventFuncMaps map[*ebpf.Map]IEventStruct eventMaps []*ebpf.Map - // pid[fd:addr] + // pid[fd:Addr] pidConns map[uint32]map[uint32]string } @@ -283,13 +283,21 @@ func (this *MOpenSSLProbe) GetConn(pid, fd uint32) string { return addr } -func (this *MOpenSSLProbe) Write(result string) { - // TODO fixme , check result origin , if connEvent ,do not print - if result != "" { - this.logger.Println(result) +func (this *MOpenSSLProbe) Dispatcher(event IEventStruct) { + // check event type , uploaded for EVENT_TYPE_OUTPUT + switch event.EventType() { + case EVENT_TYPE_OUTPUT: + this.logger.Println(event) + case EVENT_TYPE_MODULE_DATA: + // Save to cache } } +func (this *MOpenSSLProbe) saveToCache(event IEventStruct) { + // save event to this.module TODO + //this.AddConn(event.Pid, event.Fd, event.Addr) +} + func init() { mod := &MOpenSSLProbe{} mod.name = MODULE_NAME_OPENSSL diff --git a/user/probe_postgres.go b/user/probe_postgres.go index c736ba775..dbfff623d 100644 --- a/user/probe_postgres.go +++ b/user/probe_postgres.go @@ -153,10 +153,6 @@ func (this *MPostgresProbe) Events() []*ebpf.Map { return this.eventMaps } -func (this *MPostgresProbe) Write(result string) { - this.logger.Println(result) -} - func init() { mod := &MPostgresProbe{} mod.name = MODULE_NAME_POSTGRES From 5c2e631f1e6808029b95b2a10a3036216db05870 Mon Sep 17 00:00:00 2001 From: CFC4N Date: Tue, 10 May 2022 00:11:02 +0800 Subject: [PATCH 2/3] * : saveData for event_type equal EVENT_TYPE_MODULE_DATA Signed-off-by: CFC4N --- user/event_bash.go | 1 + user/event_gnutls.go | 1 + user/event_mysqld.go | 1 + user/event_nspr.go | 1 + user/event_openssl.go | 8 ++++++-- user/imodule.go | 4 ++-- user/probe_openssl.go | 15 +++------------ 7 files changed, 15 insertions(+), 16 deletions(-) diff --git a/user/event_bash.go b/user/event_bash.go index b4870fb5c..82861cceb 100644 --- a/user/event_bash.go +++ b/user/event_bash.go @@ -64,6 +64,7 @@ func (this *bashEvent) Module() IModule { func (this *bashEvent) Clone() IEventStruct { event := new(bashEvent) + event.module = this.module event.event_type = EVENT_TYPE_OUTPUT return event } diff --git a/user/event_gnutls.go b/user/event_gnutls.go index 3dc7c68e8..4564551db 100644 --- a/user/event_gnutls.go +++ b/user/event_gnutls.go @@ -93,6 +93,7 @@ func (this *GnutlsDataEvent) Module() IModule { func (this *GnutlsDataEvent) Clone() IEventStruct { event := new(GnutlsDataEvent) + event.module = this.module event.event_type = EVENT_TYPE_OUTPUT return event } diff --git a/user/event_mysqld.go b/user/event_mysqld.go index 8a3a4b55f..68477120f 100644 --- a/user/event_mysqld.go +++ b/user/event_mysqld.go @@ -108,6 +108,7 @@ func (this *mysqldEvent) Module() IModule { func (this *mysqldEvent) Clone() IEventStruct { event := new(mysqldEvent) + event.module = this.module event.event_type = EVENT_TYPE_OUTPUT return event } diff --git a/user/event_nspr.go b/user/event_nspr.go index d870a5333..e97d07a09 100644 --- a/user/event_nspr.go +++ b/user/event_nspr.go @@ -115,6 +115,7 @@ func (this *NsprDataEvent) Module() IModule { func (this *NsprDataEvent) Clone() IEventStruct { event := new(NsprDataEvent) + event.module = this.module event.event_type = EVENT_TYPE_OUTPUT return event } diff --git a/user/event_openssl.go b/user/event_openssl.go index 0afb56b72..19df6904a 100644 --- a/user/event_openssl.go +++ b/user/event_openssl.go @@ -114,6 +114,7 @@ func (this *SSLDataEvent) Module() IModule { func (this *SSLDataEvent) Clone() IEventStruct { event := new(SSLDataEvent) + event.module = this.module event.event_type = EVENT_TYPE_OUTPUT return event } @@ -170,11 +171,13 @@ func (this *ConnDataEvent) Decode(payload []byte) (err error) { } func (this *ConnDataEvent) StringHex() string { - return "" + s := fmt.Sprintf("PID:%d, Comm:%s, TID:%d, FD:%d, Addr: %s", this.Pid, this.Comm, this.Tid, this.Fd, this.Addr) + return s } func (this *ConnDataEvent) String() string { - return "" + s := fmt.Sprintf("PID:%d, Comm:%s, TID:%d, FD:%d, Addr: %s", this.Pid, this.Comm, this.Tid, this.Fd, this.Addr) + return s } func (this *ConnDataEvent) SetModule(module IModule) { @@ -187,6 +190,7 @@ func (this *ConnDataEvent) Module() IModule { func (this *ConnDataEvent) Clone() IEventStruct { event := new(ConnDataEvent) + event.module = this.module event.event_type = EVENT_TYPE_MODULE_DATA return event } diff --git a/user/imodule.go b/user/imodule.go index d7b842748..7771fbe06 100644 --- a/user/imodule.go +++ b/user/imodule.go @@ -240,7 +240,7 @@ func (this *Module) Dispatcher(event IEventStruct) { case EVENT_TYPE_OUTPUT: this.logger.Println(event) case EVENT_TYPE_MODULE_DATA: - // Save to cache TODO - //this.child.Dispatcher(event) + // Save to cache + this.child.Dispatcher(event) } } diff --git a/user/probe_openssl.go b/user/probe_openssl.go index d068012fc..58436b93a 100644 --- a/user/probe_openssl.go +++ b/user/probe_openssl.go @@ -284,18 +284,9 @@ func (this *MOpenSSLProbe) GetConn(pid, fd uint32) string { } func (this *MOpenSSLProbe) Dispatcher(event IEventStruct) { - // check event type , uploaded for EVENT_TYPE_OUTPUT - switch event.EventType() { - case EVENT_TYPE_OUTPUT: - this.logger.Println(event) - case EVENT_TYPE_MODULE_DATA: - // Save to cache - } -} - -func (this *MOpenSSLProbe) saveToCache(event IEventStruct) { - // save event to this.module TODO - //this.AddConn(event.Pid, event.Fd, event.Addr) + // detect event type TODO + this.AddConn(event.(*ConnDataEvent).Pid, event.(*ConnDataEvent).Fd, event.(*ConnDataEvent).Addr) + //this.logger.Println(event) } func init() { From ab5dbfe6559addc875689caf61118b758a3502b8 Mon Sep 17 00:00:00 2001 From: CFC4N Date: Tue, 10 May 2022 00:18:15 +0800 Subject: [PATCH 3/3] * : syntax type error. Signed-off-by: CFC4N --- user/event_gnutls.go | 4 ++-- user/event_nspr.go | 4 ++-- user/event_openssl.go | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/user/event_gnutls.go b/user/event_gnutls.go index 4564551db..d0c198b2e 100644 --- a/user/event_gnutls.go +++ b/user/event_gnutls.go @@ -58,7 +58,7 @@ func (this *GnutlsDataEvent) StringHex() string { packetType = fmt.Sprintf("%sSend%s", COLORPURPLE, COLORRESET) perfix = fmt.Sprintf("%s\t", COLORPURPLE) default: - perfix = fmt.Sprintf("UNKNOW_%d", this.EventType) + perfix = fmt.Sprintf("UNKNOW_%d", this.DataType) } b := dumpByteSlice(this.Data[:this.Data_len], perfix) @@ -77,7 +77,7 @@ func (this *GnutlsDataEvent) String() string { packetType = fmt.Sprintf("%sSend%s", COLORPURPLE, COLORRESET) perfix = COLORPURPLE default: - packetType = fmt.Sprintf("%sUNKNOW_%d%s", COLORRED, this.EventType, COLORRESET) + packetType = fmt.Sprintf("%sUNKNOW_%d%s", COLORRED, this.DataType, COLORRESET) } s := fmt.Sprintf(" PID:%d, Comm:%s, TID:%d, TYPE:%s, DataLen:%d bytes, Payload:\n%s%s%s", this.Pid, this.Comm, this.Tid, packetType, this.Data_len, perfix, string(this.Data[:this.Data_len]), COLORRESET) return s diff --git a/user/event_nspr.go b/user/event_nspr.go index e97d07a09..ba36b9f1a 100644 --- a/user/event_nspr.go +++ b/user/event_nspr.go @@ -59,7 +59,7 @@ func (this *NsprDataEvent) StringHex() string { packetType = fmt.Sprintf("%sSend%s", COLORPURPLE, COLORRESET) perfix = fmt.Sprintf("%s\t", COLORPURPLE) default: - perfix = fmt.Sprintf("UNKNOW_%d", this.EventType) + perfix = fmt.Sprintf("UNKNOW_%d", this.DataType) } var b *bytes.Buffer @@ -90,7 +90,7 @@ func (this *NsprDataEvent) String() string { packetType = fmt.Sprintf("%sSend%s", COLORPURPLE, COLORRESET) perfix = COLORPURPLE default: - packetType = fmt.Sprintf("%sUNKNOW_%d%s", COLORRED, this.EventType, COLORRESET) + packetType = fmt.Sprintf("%sUNKNOW_%d%s", COLORRED, this.DataType, COLORRESET) } var b *bytes.Buffer diff --git a/user/event_openssl.go b/user/event_openssl.go index 19df6904a..1f0379f82 100644 --- a/user/event_openssl.go +++ b/user/event_openssl.go @@ -76,7 +76,7 @@ func (this *SSLDataEvent) StringHex() string { connInfo = fmt.Sprintf("%sSend %d%s bytes to %s%s%s", COLORPURPLE, this.Data_len, COLORRESET, COLORYELLOW, addr, COLORRESET) perfix = fmt.Sprintf("%s\t", COLORPURPLE) default: - perfix = fmt.Sprintf("UNKNOW_%d", this.EventType) + perfix = fmt.Sprintf("UNKNOW_%d", this.DataType) } b := dumpByteSlice(this.Data[:this.Data_len], perfix) @@ -98,7 +98,7 @@ func (this *SSLDataEvent) String() string { connInfo = fmt.Sprintf("%sSend %d%s bytes to %s%s%s", COLORPURPLE, this.Data_len, COLORRESET, COLORYELLOW, addr, COLORRESET) perfix = COLORPURPLE default: - connInfo = fmt.Sprintf("%sUNKNOW_%d%s", COLORRED, this.EventType, COLORRESET) + connInfo = fmt.Sprintf("%sUNKNOW_%d%s", COLORRED, this.DataType, COLORRESET) } s := fmt.Sprintf("PID:%d, Comm:%s, TID:%d, %s, Payload:\n%s%s%s", this.Pid, this.Comm, this.Tid, connInfo, perfix, string(this.Data[:this.Data_len]), COLORRESET) return s