Documentation
¶
Index ¶
- Constants
- type Column
- type Flow
- type FlowRequest
- type FlowResponse
- type GRPCRequest
- type GRPCResponse
- type HTTPRequest
- type HTTPResponse
- type Http2Flags
- type Http2Frame
- func (f *Http2Frame) Append(raw []byte)
- func (f *Http2Frame) Complete() bool
- func (f *Http2Frame) ConvertToFlowRequest() (FlowRequest, error)
- func (f *Http2Frame) ConvertToFlowResponse() (FlowResponse, error)
- func (f *Http2Frame) Flags() Http2Flags
- func (f *Http2Frame) Headers() ([]hpack.HeaderField, error)
- func (f *Http2Frame) HeadersText() string
- func (f *Http2Frame) IsRequest() bool
- func (f *Http2Frame) Length() uint32
- func (f *Http2Frame) Payload() []byte
- func (f *Http2Frame) StreamID() uint32
- func (f *Http2Frame) Type() uint8
- type Http2Stream
- type MysqlColumn
- type MysqlMessage
- type MysqlQuery
- type MysqlResponse
- func (resp *MysqlResponse) AddColumnPayload(data []byte)
- func (resp *MysqlResponse) AddEOF()
- func (resp *MysqlResponse) AddMessage(msg MysqlMessage)
- func (resp *MysqlResponse) AddPayload(data []byte)
- func (resp *MysqlResponse) AddRowPayload(msg MysqlMessage)
- func (resp *MysqlResponse) Complete() bool
- func (resp *MysqlResponse) String() string
- type PSQLQuery
- type PSQLResponse
- type PsqlMessage
- type Socket
- type SocketCommon
- type SocketHttp11
- type SocketHttp2
- type SocketMap
- type SocketMysql
- type SocketPsql
- type SocketUnknown
Constants ¶
View Source
const ( TypeMysqlOK = 0x00 TypeMysqlRow = 0x01 TypeMysqlQuery = 0x03 // COM_QUERY - Execute an SQL query TypeMysqlPrepareQuery = 0x16 // COM_STMT_PREPARE - Prepare a preapred query TypeMysqlExecute = 0x17 // COM_STMT_EXECUTE - Execute a prepared query TypeMysqlClose = 0x19 // COM_STMT_CLOSE TypeMysqlEOF = 0xFE )
View Source
const ( OK_HEADER byte = 0x00 MORE_DATE_HEADER byte = 0x01 ERR_HEADER byte = 0xff EOF_HEADER byte = 0xfe LocalInFile_HEADER byte = 0xfb )
View Source
const ( HTTP = "http" HTTP2 = "http2" PSQL = "psql" MySQL = "mysql" Unknown = "unknown" )
View Source
const ( TypeQuery = 0x51 // Q - a standard postgres query TypeParse = 0x50 // P - a prepared postgres query TypeBind = 0x42 // B - binding TypeParseComplete = 0x31 // 1 - server has successfully parsed a query TypeParamDesc = 0x74 // t TypeRowDesc = 0x54 // T - row description contains the columns being sent back TypeDataRow = 0x44 // D - a row of data TypeCommandComplete = 0x43 // C - the command is complete and all data has been sent )
View Source
const ZeroAddr = "0.0.0.0:0"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Flow ¶
type Flow struct {
UUID string
SourceAddr string
DestAddr string
L4Protocol string
L7Protocol string
Request FlowRequest
Response FlowResponse
PID int
FD int
}
Flow represents an exchange of data over a socket in the form of request + response.
func NewFlowRequest ¶
func NewFlowResponse ¶
func (*Flow) AddPayload ¶
AddPayload adds bytes onto either the request or the response depending on which type the flow is
func (*Flow) AddResponse ¶
type FlowRequest ¶
type FlowResponse ¶
type GRPCRequest ¶
func (*GRPCRequest) AddPayload ¶
func (req *GRPCRequest) AddPayload(data []byte)
func (*GRPCRequest) String ¶
func (req *GRPCRequest) String() string
type GRPCResponse ¶
func (*GRPCResponse) AddPayload ¶
func (resp *GRPCResponse) AddPayload(data []byte)
func (*GRPCResponse) String ¶
func (resp *GRPCResponse) String() string
type HTTPRequest ¶
type HTTPRequest struct {
Method string
Host string
Path string
HttpVersion string
Headers map[string][]string
Payload []byte
}
func NewHTTPRequest ¶
func NewHTTPRequest(method, path, host, httpVersion string, payload []byte, headers map[string][]string) HTTPRequest
func (*HTTPRequest) AddPayload ¶
func (req *HTTPRequest) AddPayload(data []byte)
func (*HTTPRequest) String ¶
func (req *HTTPRequest) String() string
type HTTPResponse ¶
type HTTPResponse struct {
Status int
StatusMsg string
HttpVersion string
Headers map[string][]string
Payload []byte
}
func (*HTTPResponse) AddPayload ¶
func (resp *HTTPResponse) AddPayload(data []byte)
func (*HTTPResponse) IsGRPC ¶
func (resp *HTTPResponse) IsGRPC() bool
func (*HTTPResponse) String ¶
func (resp *HTTPResponse) String() string
type Http2Flags ¶
type Http2Frame ¶
type Http2Frame struct {
// contains filtered or unexported fields
}
func NewHttp2Frame ¶
func NewHttp2Frame(raw []byte) *Http2Frame
func ParseBytesToFrames ¶
func ParseBytesToFrames(raw []byte) ([]*Http2Frame, []byte)
ParseBytesToFrames parses a byte array into zero or more complete Http2Frames. If there is an incomplete frame then the for it are return as the second return value. Its implemented like this because Go can send multiple frames in the same call, or send the same frame over multiple calls.
func (*Http2Frame) Append ¶
func (f *Http2Frame) Append(raw []byte)
func (*Http2Frame) Complete ¶
func (f *Http2Frame) Complete() bool
Cases (first 3 bytes are the length):
[00 00 10] => incomplete [00 00 00] => incomplete [00 00 00 04 01] => incomplete [00 00 00 04 01 00 00 00 00] => complete [00 00 03 04 01 00 00 00 00 01 02 03] => complete
func (*Http2Frame) ConvertToFlowRequest ¶
func (f *Http2Frame) ConvertToFlowRequest() (FlowRequest, error)
func (*Http2Frame) ConvertToFlowResponse ¶
func (f *Http2Frame) ConvertToFlowResponse() (FlowResponse, error)
func (*Http2Frame) Flags ¶
func (f *Http2Frame) Flags() Http2Flags
func (*Http2Frame) Headers ¶
func (f *Http2Frame) Headers() ([]hpack.HeaderField, error)
func (*Http2Frame) HeadersText ¶
func (f *Http2Frame) HeadersText() string
HeadersText converts this to an HTTP1.1 formatted message
func (*Http2Frame) IsRequest ¶
func (f *Http2Frame) IsRequest() bool
func (*Http2Frame) Length ¶
func (f *Http2Frame) Length() uint32
func (*Http2Frame) Payload ¶
func (f *Http2Frame) Payload() []byte
func (*Http2Frame) StreamID ¶
func (f *Http2Frame) StreamID() uint32
func (*Http2Frame) Type ¶
func (f *Http2Frame) Type() uint8
type Http2Stream ¶
type Http2Stream struct {
// contains filtered or unexported fields
}
func NewHttp2Stream ¶
func NewHttp2Stream() *Http2Stream
func (*Http2Stream) ProcessFrame ¶
func (strm *Http2Stream) ProcessFrame(frame *Http2Frame) *Flow
type MysqlMessage ¶
ForkEvent is sent from ebpf when a process is forked to create a child process
func ExtractMySQLMessages ¶
func ExtractMySQLMessages(data []byte) []MysqlMessage
ExtractMySQLMessages parses the provided data and returns a slice of payloads. Each MySQL packet is structured as follows:
- 3 bytes: payload length (little-endian)
- 1 byte: sequence number
- Payload: <length> bytes of data
func NewMysqlMessage ¶
func NewMysqlMessage(payload []byte, fullMessage []byte, sequenceNum int) MysqlMessage
type MysqlQuery ¶
func NewMysqlQuery ¶
func NewMysqlQuery(query []byte) MysqlQuery
func (*MysqlQuery) AddPayload ¶
func (qry *MysqlQuery) AddPayload(data []byte)
func (*MysqlQuery) String ¶
func (qry *MysqlQuery) String() string
type MysqlResponse ¶
type MysqlResponse struct {
Columns []Column
Rows [][]string
// contains filtered or unexported fields
}
func NewMysqlResponse ¶
func NewMysqlResponse() MysqlResponse
func (*MysqlResponse) AddColumnPayload ¶
func (resp *MysqlResponse) AddColumnPayload(data []byte)
AddColumnPayload decodes a single column payload and adds it to this response
func (*MysqlResponse) AddEOF ¶
func (resp *MysqlResponse) AddEOF()
func (*MysqlResponse) AddMessage ¶
func (resp *MysqlResponse) AddMessage(msg MysqlMessage)
func (*MysqlResponse) AddPayload ¶
func (resp *MysqlResponse) AddPayload(data []byte)
func (*MysqlResponse) AddRowPayload ¶
func (resp *MysqlResponse) AddRowPayload(msg MysqlMessage)
AddRowPayload decodes a single row payload and adds it to this response
func (*MysqlResponse) Complete ¶
func (resp *MysqlResponse) Complete() bool
Complete returns true if all the column and row data for this response has been parsed
func (*MysqlResponse) String ¶
func (resp *MysqlResponse) String() string
type PSQLResponse ¶
func NewPSQLResponse ¶
func NewPSQLResponse(columns []Column) PSQLResponse
func PSQLResponseFromRowDescription ¶
func PSQLResponseFromRowDescription(payload []byte) (PSQLResponse, error)
PSQLResponseFromRowDescription takes a row description payload, parses it into columns and returns a PSQLResponse struct
func (*PSQLResponse) AddPayload ¶
func (resp *PSQLResponse) AddPayload(data []byte)
func (*PSQLResponse) String ¶
func (resp *PSQLResponse) String() string
type PsqlMessage ¶
ForkEvent is sent from ebpf when a process is forked to create a child process
func ExtractMessages ¶
func ExtractMessages(data []byte) []PsqlMessage
extractMessages parses a PostgreSQL message stream and extracts individual messages
func (*PsqlMessage) Complete ¶
func (de *PsqlMessage) Complete() bool
func (*PsqlMessage) Decode ¶
func (de *PsqlMessage) Decode(payload []byte) (err error)
type SocketCommon ¶
type SocketCommon struct {
SourceAddr string
DestAddr string
Protocol string
PID uint32
TID uint32
FD uint32
SSL bool
// contains filtered or unexported fields
}
SocketCommon implements some common functionality and data used by all socket types
func NewSocketCommonFromUnknown ¶
func NewSocketCommonFromUnknown(unkownSocket *SocketUnknown) SocketCommon
func (*SocketCommon) AddFlowCallback ¶
func (sk *SocketCommon) AddFlowCallback(callback func(Flow))
func (*SocketCommon) Key ¶
func (sk *SocketCommon) Key() string
func (*SocketCommon) UpgradeToSSL ¶
func (sk *SocketCommon) UpgradeToSSL()
type SocketHttp11 ¶
type SocketHttp11 struct {
Common SocketCommon
// contains filtered or unexported fields
}
func NewSocketHttp11 ¶
func NewSocketHttp11(sourceAddr, destAddr string, pid, tid, fd uint32) SocketHttp11
func NewSocketHttp11FromUnknown ¶
func NewSocketHttp11FromUnknown(unkownSocket *SocketUnknown) SocketHttp11
func (*SocketHttp11) AddFlowCallback ¶
func (sk *SocketHttp11) AddFlowCallback(callback func(Flow))
func (*SocketHttp11) Key ¶
func (sk *SocketHttp11) Key() string
func (*SocketHttp11) ProcessDataEvent ¶
func (sk *SocketHttp11) ProcessDataEvent(event *events.DataEvent)
type SocketHttp2 ¶
type SocketHttp2 struct {
Common SocketCommon
// contains filtered or unexported fields
}
func NewSocketHttp2 ¶
func NewSocketHttp2(sourceAddr, destAddr string, pid, tid, fd uint32) SocketHttp2
func NewSocketHttp2FromUnknown ¶
func NewSocketHttp2FromUnknown(unkownSocket *SocketUnknown) SocketHttp2
func (*SocketHttp2) AddFlowCallback ¶
func (sk *SocketHttp2) AddFlowCallback(callback func(Flow))
func (*SocketHttp2) Key ¶
func (sk *SocketHttp2) Key() string
func (*SocketHttp2) ProcessDataEvent ¶
func (sk *SocketHttp2) ProcessDataEvent(event *events.DataEvent)
TODO: Have a structure for handling the frame header + payload?
type SocketMap ¶
type SocketMap struct {
// contains filtered or unexported fields
}
SocketMap tracks sockets which have been observed in ebpf
func NewSocketMap ¶
func (*SocketMap) AddFlowCallback ¶
func (*SocketMap) ProcessCloseEvent ¶
func (m *SocketMap) ProcessCloseEvent(event events.CloseEvent)
func (*SocketMap) ProcessDataEvent ¶
type SocketMysql ¶
type SocketMysql struct {
Common SocketCommon
// contains filtered or unexported fields
}
func NewSocketMysqlFromUnknown ¶
func NewSocketMysqlFromUnknown(unkownSocket *SocketUnknown) SocketMysql
func (*SocketMysql) AddFlowCallback ¶
func (sk *SocketMysql) AddFlowCallback(callback func(Flow))
func (*SocketMysql) Key ¶
func (sk *SocketMysql) Key() string
func (*SocketMysql) ProcessDataEvent ¶
func (sk *SocketMysql) ProcessDataEvent(event *events.DataEvent)
type SocketPsql ¶
type SocketPsql struct {
Common SocketCommon
// contains filtered or unexported fields
}
func NewSocketPsqlFromUnknown ¶
func NewSocketPsqlFromUnknown(unkownSocket *SocketUnknown) SocketPsql
func (*SocketPsql) AddFlowCallback ¶
func (sk *SocketPsql) AddFlowCallback(callback func(Flow))
func (*SocketPsql) Key ¶
func (sk *SocketPsql) Key() string
func (*SocketPsql) ProcessDataEvent ¶
func (sk *SocketPsql) ProcessDataEvent(event *events.DataEvent)
type SocketUnknown ¶
type SocketUnknown struct {
SourceAddr string
DestAddr string
Protocol string
PID uint32
TID uint32
FD uint32
SSL bool
// contains filtered or unexported fields
}
func NewSocketUnknownFromData ¶
func NewSocketUnknownFromData(event *events.DataEvent) SocketUnknown
func (*SocketUnknown) AddFlowCallback ¶
func (sk *SocketUnknown) AddFlowCallback(callback func(Flow))
func (*SocketUnknown) GetPrevDataEvent ¶
func (sk *SocketUnknown) GetPrevDataEvent() *events.DataEvent
func (*SocketUnknown) Key ¶
func (sk *SocketUnknown) Key() string
func (*SocketUnknown) ProcessDataEvent ¶
func (sk *SocketUnknown) ProcessDataEvent(event *events.DataEvent)
func (*SocketUnknown) SetPrevDataEvent ¶
func (sk *SocketUnknown) SetPrevDataEvent(event *events.DataEvent)
Source Files
¶
- const.go
- flow.go
- grpc_request.go
- grpc_response.go
- http2_frame.go
- http2_stream.go
- http_request.go
- http_response.go
- mysql_message.go
- mysql_query.go
- mysql_response.go
- protocol_detect.go
- psql_message.go
- psql_query.go
- psql_response.go
- socket_common.go
- socket_http11.go
- socket_http2.go
- socket_i.go
- socket_map.go
- socket_mysql.go
- socket_psql.go
- socket_unknown.go
Click to show internal directories.
Click to hide internal directories.