Copy disabled (too large)
Download .txt
Showing preview only (10,158K chars total). Download the full file to get everything.
Repository: gojue/ecapture
Branch: master
Commit: 4d0d18e2d5f4
Files: 333
Total size: 9.6 MB
Directory structure:
gitextract_64e4skmz/
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ └── bug_report.md
│ ├── agents/
│ │ └── pr-agent.md
│ └── workflows/
│ ├── android_e2e.yml
│ ├── codeql-analysis.yml
│ ├── e2e.yml
│ ├── go-c-cpp.yml
│ ├── pr_build_debug.yml
│ ├── pr_build_debug_comment.yml
│ └── release.yml
├── .gitignore
├── .gitmodules
├── .golangci.yml
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── Makefile
├── README-zh_Hans.md
├── README.md
├── SECURITY.md
├── assets/
│ └── ebpf_probe_stub.go
├── builder/
│ ├── Dockerfile
│ ├── Makefile.release
│ ├── init_env.sh
│ └── rpmBuild.spec
├── bytecode/
│ └── .gitkeep
├── cli/
│ ├── LICENSE
│ ├── cmd/
│ │ ├── bash.go
│ │ ├── ecaptureq.go
│ │ ├── env_detection.go
│ │ ├── gnutls.go
│ │ ├── gotls.go
│ │ ├── mysqld.go
│ │ ├── nss.go
│ │ ├── postgres.go
│ │ ├── root.go
│ │ ├── tls.go
│ │ ├── upgrade.go
│ │ └── zsh.go
│ ├── cobrautl/
│ │ └── help.go
│ ├── http/
│ │ ├── config_factory.go
│ │ ├── config_factory_ecandroid.go
│ │ ├── config_factory_linux.go
│ │ ├── logger.go
│ │ ├── resp.go
│ │ ├── server.go
│ │ └── status_string.go
│ └── main.go
├── dist/
│ └── .gitkeep
├── docs/
│ ├── README.md
│ ├── beta-release-guide.md
│ ├── compilation-zh_Hans.md
│ ├── compilation.md
│ ├── e2e-tests.md
│ ├── event-forward-api-zh_Hans.md
│ ├── event-forward-api.md
│ ├── event-forward.md
│ ├── refactoring-guide.md
│ ├── remote-config-update-api-zh_Hans.md
│ └── remote-config-update-api.md
├── examples/
│ ├── ecaptureq_client/
│ │ ├── README.md
│ │ ├── TESTING.md
│ │ ├── go.mod
│ │ ├── go.sum
│ │ └── main.go
│ └── https_client/
│ ├── golang_https.go
│ ├── node_https.js
│ └── python3_https.py
├── functions.mk
├── go.mod
├── go.sum
├── internal/
│ ├── README.md
│ ├── builder/
│ │ ├── config_builder.go
│ │ └── config_builder_test.go
│ ├── config/
│ │ ├── base_config.go
│ │ └── base_config_test.go
│ ├── domain/
│ │ ├── configuration.go
│ │ ├── event.go
│ │ └── probe.go
│ ├── errors/
│ │ ├── errors.go
│ │ └── errors_test.go
│ ├── events/
│ │ ├── dispatcher.go
│ │ └── dispatcher_test.go
│ ├── factory/
│ │ ├── probe_factory.go
│ │ └── probe_factory_test.go
│ ├── logger/
│ │ └── logger.go
│ ├── output/
│ │ ├── encoders/
│ │ │ ├── encoder.go
│ │ │ ├── json_encoder.go
│ │ │ ├── plain_encoder.go
│ │ │ └── protobuf_encoder.go
│ │ └── writers/
│ │ ├── factory.go
│ │ ├── file_writer.go
│ │ ├── keylog_writer.go
│ │ ├── logger_writer.go
│ │ ├── pcap_writer.go
│ │ ├── stdout_writer.go
│ │ ├── tcp_writer.go
│ │ ├── websocket_writer.go
│ │ └── writer.go
│ └── probe/
│ ├── base/
│ │ ├── base_probe.go
│ │ ├── base_probe_test.go
│ │ └── handlers/
│ │ ├── handlers.go
│ │ ├── keylog_handler.go
│ │ ├── keylog_handler_dedup_test.go
│ │ ├── keylog_handler_test.go
│ │ ├── pcap_handler.go
│ │ ├── pcap_handler_test.go
│ │ ├── text_handler.go
│ │ └── text_handler_test.go
│ ├── bash/
│ │ ├── bash_probe.go
│ │ ├── bash_test.go
│ │ ├── config.go
│ │ ├── event.go
│ │ └── register.go
│ ├── gnutls/
│ │ ├── config.go
│ │ ├── config_test.go
│ │ ├── event.go
│ │ ├── event_masterkey.go
│ │ ├── gnutls_probe.go
│ │ ├── gnutls_probe_test.go
│ │ └── register.go
│ ├── gotls/
│ │ ├── config.go
│ │ ├── config_symbol.go
│ │ ├── config_symbol_test.go
│ │ ├── config_test.go
│ │ ├── event.go
│ │ ├── event_masterkey.go
│ │ ├── event_packet.go
│ │ ├── go_instructions_amd64.go
│ │ ├── go_instructions_arm64.go
│ │ ├── gotls_probe.go
│ │ ├── gotls_probe_test.go
│ │ └── register.go
│ ├── mysql/
│ │ ├── config.go
│ │ ├── event.go
│ │ ├── mysql_probe.go
│ │ ├── mysql_test.go
│ │ └── register.go
│ ├── nspr/
│ │ ├── config.go
│ │ ├── config_test.go
│ │ ├── event.go
│ │ ├── event_masterkey.go
│ │ ├── nspr_probe.go
│ │ ├── nspr_probe_test.go
│ │ └── register.go
│ ├── openssl/
│ │ ├── config.go
│ │ ├── config_ecandroid.go
│ │ ├── config_linux.go
│ │ ├── config_test.go
│ │ ├── event.go
│ │ ├── event_connect.go
│ │ ├── event_connect_test.go
│ │ ├── event_masterkey.go
│ │ ├── event_packet.go
│ │ ├── event_test.go
│ │ ├── libs.go
│ │ ├── openssl_probe.go
│ │ ├── openssl_probe_test.go
│ │ └── register.go
│ ├── postgres/
│ │ ├── config.go
│ │ ├── event.go
│ │ ├── postgres_probe.go
│ │ ├── postgres_test.go
│ │ └── register.go
│ └── zsh/
│ ├── config.go
│ ├── event.go
│ ├── register.go
│ ├── zsh_probe.go
│ └── zsh_test.go
├── kern/
│ ├── README.md
│ ├── bash_kern.c
│ ├── boringssl_a_13_kern.c
│ ├── boringssl_a_14_kern.c
│ ├── boringssl_a_15_kern.c
│ ├── boringssl_a_16_kern.c
│ ├── boringssl_const.h
│ ├── boringssl_masterkey.h
│ ├── boringssl_na_kern.c
│ ├── bpf/
│ │ ├── arm64/
│ │ │ └── vmlinux_614.h
│ │ ├── bpf_core_read.h
│ │ ├── bpf_endian.h
│ │ ├── bpf_helper_defs.h
│ │ ├── bpf_helpers.h
│ │ ├── bpf_tracing.h
│ │ └── x86/
│ │ ├── .gitkeep
│ │ └── vmlinux_614.h
│ ├── common.h
│ ├── core_fixes.bpf.h
│ ├── ecapture.h
│ ├── gnutls.h
│ ├── gnutls_3_6_12_kern.c
│ ├── gnutls_3_6_13_kern.c
│ ├── gnutls_3_7_0_kern.c
│ ├── gnutls_3_7_3_kern.c
│ ├── gnutls_3_7_7_kern.c
│ ├── gnutls_3_8_4_kern.c
│ ├── gnutls_3_8_7_kern.c
│ ├── gnutls_masterkey.h
│ ├── go_argument.h
│ ├── gotls_kern.c
│ ├── mysqld_kern.c
│ ├── nspr_kern.c
│ ├── openssl.h
│ ├── openssl_1_0_2a_kern.c
│ ├── openssl_1_1_0a_kern.c
│ ├── openssl_1_1_1a_kern.c
│ ├── openssl_1_1_1b_kern.c
│ ├── openssl_1_1_1d_kern.c
│ ├── openssl_1_1_1j_kern.c
│ ├── openssl_3_0_0_kern.c
│ ├── openssl_3_0_12_kern.c
│ ├── openssl_3_1_0_kern.c
│ ├── openssl_3_2_0_kern.c
│ ├── openssl_3_2_3_kern.c
│ ├── openssl_3_2_4_kern.c
│ ├── openssl_3_3_0_kern.c
│ ├── openssl_3_3_2_kern.c
│ ├── openssl_3_3_3_kern.c
│ ├── openssl_3_4_0_kern.c
│ ├── openssl_3_4_1_kern.c
│ ├── openssl_3_5_0_kern.c
│ ├── openssl_masterkey.h
│ ├── openssl_masterkey_3.0.h
│ ├── openssl_masterkey_3.2.h
│ ├── postgres_kern.c
│ ├── tc.h
│ └── zsh_kern.c
├── main.go
├── pkg/
│ ├── ecaptureq/
│ │ ├── README.md
│ │ ├── client.go
│ │ ├── hub.go
│ │ └── server.go
│ ├── event_processor/
│ │ ├── base_event.go
│ │ ├── event.go
│ │ ├── http2_request.go
│ │ ├── http2_request_test.go
│ │ ├── http2_response.go
│ │ ├── http2_response_test.go
│ │ ├── http_request.go
│ │ ├── http_response.go
│ │ ├── http_response_test.go
│ │ ├── iparser.go
│ │ ├── iworker.go
│ │ ├── processor.go
│ │ ├── processor_test.go
│ │ └── testdata/
│ │ └── all.json
│ ├── proc/
│ │ ├── go_elf/
│ │ │ ├── eprint.go
│ │ │ └── gccgo.go
│ │ ├── proc.go
│ │ └── proc_test.go
│ ├── upgrade/
│ │ ├── github_response.go
│ │ ├── upgrade.go
│ │ └── upgrade_test.go
│ └── util/
│ ├── ebpf/
│ │ ├── bpf.go
│ │ ├── bpf_ecandroid.go
│ │ ├── bpf_linux.go
│ │ ├── bpf_test.go
│ │ ├── elibpcap.go
│ │ ├── elibpcap_stub.go
│ │ └── parse.go
│ ├── ethernet/
│ │ └── trailer.go
│ ├── hkdf/
│ │ ├── hkdf.go
│ │ └── hkdf_test.go
│ ├── kernel/
│ │ ├── kernel_version.go
│ │ ├── kernel_version_unsupport.go
│ │ └── version.go
│ ├── roratelog/
│ │ └── rorate.go
│ └── ws/
│ ├── client.go
│ ├── client_test.go
│ ├── server.go
│ └── server_test.go
├── protobuf/
│ ├── PROTOCOLS-zh_Hans.md
│ ├── PROTOCOLS.md
│ ├── README-zh_Hans.md
│ ├── README.md
│ ├── gen/
│ │ └── v1/
│ │ └── ecaptureq.pb.go
│ └── proto/
│ └── v1/
│ └── ecaptureq.proto
├── test/
│ ├── e2e/
│ │ ├── IMPLEMENTATION_STATUS.md
│ │ ├── QUICK_REFERENCE.md
│ │ ├── README.md
│ │ ├── android/
│ │ │ ├── android_bash_e2e_test.sh
│ │ │ ├── android_gotls_e2e_test.sh
│ │ │ ├── android_tls_e2e_test.sh
│ │ │ ├── build_android_tests.sh
│ │ │ ├── common_android.sh
│ │ │ ├── run_android_e2e_tests.sh
│ │ │ └── setup_android_env.sh
│ │ ├── bash_advanced_test.sh
│ │ ├── bash_e2e_test.sh
│ │ ├── common.sh
│ │ ├── edge_cases_test.sh
│ │ ├── gnutls_e2e_test.sh
│ │ ├── go_https_client.go
│ │ ├── gotls_advanced_test.sh
│ │ ├── gotls_e2e_test.sh
│ │ ├── mysql_advanced_test.sh
│ │ ├── mysql_e2e_test.sh
│ │ ├── postgres_e2e_test.sh
│ │ ├── run_e2e.sh
│ │ ├── tls_e2e_test.sh
│ │ ├── tls_keylog_advanced_test.sh
│ │ ├── tls_pcap_advanced_test.sh
│ │ ├── tls_text_advanced_test.sh
│ │ └── zsh_e2e_test.sh
│ └── issue_463/
│ ├── Makefile
│ ├── main.c
│ └── readme.md
├── tools/
│ └── check_dsb.go
├── utils/
│ ├── boringssl-offset.c
│ ├── boringssl_android_offset.sh
│ ├── boringssl_non_android_offset.sh
│ ├── ecapture.lua
│ ├── gnutls_offset.c
│ ├── gnutls_offset.sh
│ ├── openssl_1_0_2_offset.c
│ ├── openssl_1_1_0_offset.c
│ ├── openssl_1_1_1_offset.c
│ ├── openssl_3_0_offset.c
│ ├── openssl_3_2_0_offset.c
│ ├── openssl_3_5_0_offset.c
│ ├── openssl_offset_1.0.2.sh
│ ├── openssl_offset_1.1.0.sh
│ ├── openssl_offset_1.1.1.sh
│ ├── openssl_offset_3.0.sh
│ ├── openssl_offset_3.1.sh
│ ├── openssl_offset_3.2.sh
│ ├── openssl_offset_3.3.sh
│ ├── openssl_offset_3.4.sh
│ ├── openssl_offset_3.5.sh
│ └── protobuf_visualizer/
│ ├── README.md
│ ├── README_CN.md
│ └── pb_debugger.go
└── variables.mk
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.md
================================================
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
> [!IMPORTANT]
> You can mention the @dosu AI robot, which can quickly answer your questions.
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior:
1.
2.
3.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Linux Server/Android (please complete the following information):**
- Device: `Pixel 9` or `Linux Server`
- Kernel Info: `uname -a`
- eCapture Version: `ecapture -v`
**Additional context**
Add any other context about the problem here.
================================================
FILE: .github/agents/pr-agent.md
================================================
---
name: eCapture-PR-Agent
display_name: eCapture PR Agent
description: >
本 Agent 专门服务于 `gojue/ecapture` 仓库,用于自动创建 **小粒度、可审阅的代码改动 PR**。
---
# eCapture 自动 PR Agent Profile(草案)
## 名称
eCapture 自动 PR 机器人(Auto PR Agent)
## 作用描述
本 Agent 专门服务于 `gojue/ecapture` 仓库,用于自动创建小粒度、可审阅的代码改动 PR。主要目标:
- 维护与扩展对 OpenSSL / BoringSSL / GnuTLS / NSS / GoTLS 等加密库版本的 HOOK 支持;
- 改进或增加内核 eBPF 侧 C 代码和 Go 用户态逻辑中的健壮性、小 bug 修复;
- 强制为变更添加相应测试(单元测试 + e2e 脚本);
- 保持现有构建系统(`Makefile` / `variables.mk` / `functions.mk`)的约定与约束,但不负责发布或打包。
重要约束(严格):
- **不向后兼容**
- 不进行打包、发布、Tag 操作;
- 不修改 `README*` / `CHANGELOG.md` 等文档(默认禁止改动,除非维护者明确要求);
- 不修改版本号或自动化发布流程。
---
## 作用范围(Scope)
Agent 允许并应该做的事情:
1. OpenSSL/其他加密库版本支持增强(核心任务)
- 在 kern/ 源文件(`kern/openssl_*`、`kern/boringssl_*`、`kern/gnutls_*`、`kern/nspr` 等)与用户态版本检测逻辑中,增加对新版本加密库的支持;包括:
- 在 `variables.mk` 的 `TARGETS` 中新增目标项;
- 添加对应的 `kern/openssl_<version>_kern.c` 源文件或必要的偏移/结构体定义;
- 在用户态(Go)中补充版本字符串映射、降级/回退逻辑与日志提示。
- 保证对旧版本不回归,并提供最小验证(编译通过或单测覆盖关键路径)。
2. 小范围代码修复与增强
- C 代码:修复明显 bug、加健壮性检查(空指针/边界/长度),改进日志;
- Go 代码:改进错误处理、增加或修补单元测试、提升解析/事件处理健壮性;
- 避免大规模重构或改动公共 CLI 语义。
3. 构建系统与工具链检查(不发布)
- 可修改 `Makefile` / `variables.mk` / `functions.mk` 中与工具链检查、编译选项的小优化;
- 不引入打包/发布动作,不修改 release 相关自动化。
4. 自动创建 PR
- 基于默认开发分支创建新分支并打开 PR;
- PR 描述必须包含:问题背景、修改点、测试方法、兼容性说明。
Agent 禁止的事项(严格):
- 不做发布(不生成 .deb/.rpm,不打 Tag 或更新 release);
- 不修改 README/CHANGELOG;
- 不变更 CLI 外部行为(除非明确授权);
- 不直接修改生成的二进制 bytecode(如 user/bytecode/*.o)。
---
## 仓库关键约束与变更要求
1. 工具链版本要求
- Clang 版本:**要求升级为 clang 12 或更高**。Agent 在必要的构建检查中应把 `.checkver_$(CMD_CLANG)` 的阈值改为 12。
- Go 版本:继续保持 Go 1.24 及以上(GO_VERSION_MAJ == 1 且 GO_VERSION_MIN >= 24)。
- bpftool 等工具保持检查逻辑,但不自动安装这些工具。
2. eBPF / 内核策略
- 保留 CO-RE 与 non-CO-RE 两条构建路径,不破坏 `AUTOGENCMD` 与 `kern/bpf/*/vmlinux.h` 的生成逻辑;
- 最小内核:x86_64 ≥ 4.18,aarch64 ≥ 5.5(该约束不被 Agent 更改)。
3. OpenSSL 等库支持策略(Agent 的长期目标)
- `variables.mk` 的 `TARGETS` 列表代表已支持版本,但 Agent 的目标是:持续添加对更新版本 OpenSSL/BoringSSL/GnuTLS/NSS 的 HOOK 支持。新增支持时,需:
- 新增 target 与 kernel 源文件;
- 添加用户态版本映射;
- 提交 PR 并附带测试说明与验证方法。
---
## 软件测试要求(新增)
为保证变更质量与可回溯性,Agent 在创建 PR 前必须满足以下测试要求:
1. 单元测试(必需)
- 对于任何修改或新增的 Go 代码,必须新增或修改对应的 Go 单元测试,位于与被修改包相同的测试包(例如 `package foo_test` 或 `package foo`);
- 新增/修改的测试应覆盖主要逻辑分支、异常路径与边界条件;
- PR 必须能通过命令:`make test-race`(若有特定包,可只跑对应包的测试);
- 若修改影响到公共函数签名或行为,测试需明确验证向后兼容性。
2. C/内核代码的测试与静态检查(必需/建议)
- 对 C/eBPF 源文件,至少要保证能够通过静态语法检查与本地编译(`clang -fsyntax-only` 或 `make ebpf`);
- 若能做到,新增/修改的 C 代码应包含编译时断言或注释说明,以便在 CI 中尽早发现问题;
- 在无法运行内核级测试(CI 限制)时,需在 PR 描述中注明“仅编译通过,未在目标内核上运行验证”的限制。
3. CLI E2E 脚本(必需,尽量)
- 每个涉及 CLI 行为或集成点的变更,应补充或更新一条 e2e 测试脚本(放在 `test/e2e/` 目录),脚本需:
- 能够在受控环境下做基本的“构建 -> 启动 -> smoke test”流程(例如 `ecapture --help`、`ecapture tls -h` 或 keylog/pcap 模式的最小运行检查);
- 需要用root权限运行ecapture,根据代码需求,补充启动时的必要参数(`参见 --help的结果`);
- 再开一个终端,使用`curl`或`wget`等脚本,触发https的请求,以验证eBPF hook的基本功能(如TLS keylog生成、流量捕获等);
- 在 PR 中给出如何运行 e2e 的说明(本地直接执行 / CI 集成的命令行)。
- 例:新增 `test/e2e/run_e2e.sh`,脚本执行:
- `go test ./...` 并保存 coverage;
- 构建二进制(`make build` 或 `go build` 作为回退);
- 运行 `bin/ecapture --help` 与一个最小子命令进行 smoke-test;
- 提供可选的 Docker 模式(注释或开关)以便做更完整的运行时测试(需要 root/特权容器)。
4. CI 要求(必需)
- 在 CI 流程中至少运行:
- 运行 `make test-race`进行项目的单元测试与竞态检测;
- 语法检查、`go vet`、`golangci-lint`;
- 轻量 e2e 脚本以验证二进制基本可用性。
- 如涉及 eBPF 运行的严格验证,建议维护者决定是否启用带特权的 runner。
---
## 风格与质量要求
(与之前描述一致,略述)
- 使用 `make format` 格式化项目代码;
- 小步提交、单一目的 PR、清晰的 PR 描述;
- 所有 PR 中若有未解决的集成测试限制,必须在 PR 描述中注明并提供复现步骤或需要的维护者权限/环境。
---
## PR 模板建议(尽量用英文)
- 标题:`[type] 简短描述`,例如:
- `feat: 支持 OpenSSL 3.6.x HOOK`
- `fix: 修复 gotls 在某条件下的 panic`
- 描述结构:
1. 背景/目的
2. 修改内容(文件/模块列表)
3. 测试说明(单元测试、e2e 脚本、手工验证步骤)
4. 兼容性影响与风险评估
5. CI 运行状态/限制说明(如有)
---
## 安全与保守原则
- 优先**少改**、保守变更;
- 若无法确定兼容性或内核行为,不要直接合并,先开 PR 征询维护者;
- 不随意修改 release/打包相关变量与文档,除非被明确授权。
================================================
FILE: .github/workflows/android_e2e.yml
================================================
name: Android E2E Tests
on:
pull_request:
branches: [ master, v2, v1 ]
push:
branches: [ master, v2, v1 ]
workflow_dispatch:
permissions:
contents: read
issues: write
pull-requests: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
android-e2e-tests:
runs-on: ubuntu-latest
name: Android E2E Tests
strategy:
matrix:
api-level: [35] # Android 15
target: [google_apis]
arch: [x86_64] # Use x86_64 for emulator (host arch matches)
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: 'recursive'
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24.6'
- name: Install Required Tools
run: |
sudo apt-get update
sudo apt-get install --yes build-essential pkgconf libelf-dev llvm-14 clang-14 flex bison linux-tools-common linux-tools-generic gcc libssl-dev linux-source libpulse0 xvfb libxcb-cursor0 libxkbcommon-x11-0
for tool in "clang" "llc" "llvm-strip"
do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
done
cd /usr/src
source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')
sudo tar -xf $source_file
cd $source_dir
test -f .config || sudo make oldconfig
shell: bash
- uses: actions/checkout@v4
with:
submodules: 'recursive'
fetch-depth: 0
- name: Build ecapture for Android
run: |
# Build for x86_64 (for emulator testing)
ANDROID=1 make clean
ANDROID=1 make env
echo "Building ecapture for Android (x86_64)..."
CROSS_ARCH=amd64 ANDROID=1 make nocore -j$(nproc)
# Verify binary
if [ ! -f bin/ecapture ]; then
echo "❌ Failed to build ecapture binary"
exit 1
fi
echo "=== Binary Info ==="
ls -lh bin/ecapture
file bin/ecapture
# Verify x86_64 architecture
if ! file bin/ecapture | grep -q "x86-64\|x86_64"; then
echo "❌ Binary is not x86_64"
exit 1
fi
echo "✓ ecapture built successfully for Android x86_64"
- name: Build Go test client for Android
run: |
cd test/e2e
echo "Building Go HTTPS client for Android..."
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o android/go_https_client_android go_https_client.go
if [ -f android/go_https_client_android ]; then
echo "✓ Go client built successfully"
ls -lh android/go_https_client_android
file android/go_https_client_android
else
echo "⚠️ Go client build failed (tests will use curl)"
fi
- name: Start Xvfb for headless display
run: |
echo "Starting Xvfb virtual display..."
sudo Xvfb :99 -screen 0 1024x768x24 > /dev/null 2>&1 &
echo "DISPLAY=:99" >> $GITHUB_ENV
sleep 2
echo "✓ Xvfb started on display :99"
- name: Enable KVM group permissions
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
- name: AVD cache
uses: actions/cache@v4
id: avd-cache
with:
path: |
~/.android/avd/*
~/.android/adb*
key: avd-${{ matrix.api-level }}-${{ matrix.arch }}
- name: Create AVD and generate snapshot for caching
if: steps.avd-cache.outputs.cache-hit != 'true'
uses: reactivecircus/android-emulator-runner@v2
with:
api-level: ${{ matrix.api-level }}
target: ${{ matrix.target }}
arch: ${{ matrix.arch }}
force-avd-creation: false
ram-size: 4096M
disk-size: 8192M
emulator-options: -no-window -no-snapshot-save -noaudio -no-boot-anim -camera-back none
disable-animations: true
script: echo "Generated AVD snapshot for caching."
- name: Run Android E2E Tests
uses: reactivecircus/android-emulator-runner@v2
with:
api-level: ${{ matrix.api-level }}
target: ${{ matrix.target }}
arch: ${{ matrix.arch }}
force-avd-creation: false
ram-size: 4096M
disk-size: 8192M
emulator-options: -no-snapshot-save -noaudio -no-boot-anim -camera-back none -writable-system
disable-animations: true
script: |
echo "=== Android Emulator Info ==="
adb devices
adb shell getprop ro.build.version.release
adb shell getprop ro.build.version.sdk
adb shell uname -a
echo "=== Getting root access ==="
adb root
sleep 5
adb wait-for-device
echo "=== Checking root ==="
adb shell id
echo "=== Setting SELinux to permissive ==="
adb shell setenforce 0 || true
adb shell getenforce
echo "=== Setup environment ==="
bash test/e2e/android/setup_android_env.sh || true
echo "=== Checking ecapture startup (diagnostic) ==="
adb push bin/ecapture /data/local/tmp/ecapture
adb shell chmod 755 /data/local/tmp/ecapture
echo "--- Verifying eBPF / ecapture can start (3s sample) ---"
adb shell "setsid nohup /data/local/tmp/ecapture tls -m text > /data/local/tmp/ecapture_startup.log 2>&1 < /dev/null &"
sleep 3
adb shell "ps -A | grep ecapture || echo '(no ecapture process found)'"
adb shell "cat /data/local/tmp/ecapture_startup.log 2>/dev/null || echo '(no startup log)'"
adb shell "ps -A | grep ecapture | awk '{print \$2}' | while read p; do kill -9 \$p; done 2>/dev/null || true"
echo "--- ecapture diagnostic complete ---"
bash test/e2e/android/run_android_e2e_tests.sh
- name: Upload test artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: android-e2e-test-logs
path: /tmp/ecapture_android_*
retention-days: 7
================================================
FILE: .github/workflows/codeql-analysis.yml
================================================
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ master, v2, v1 ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master, v2, v1 ]
schedule:
- cron: '42 15 * * 3'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-22.04
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'cpp', 'go' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
steps:
- uses: actions/setup-go@v3
with:
go-version: '1.24.6'
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: 'recursive'
fetch-depth: 0
- name: Install Compilers
run: |
sudo apt-get update
sudo apt-get install --yes build-essential pkgconf libelf-dev llvm clang linux-tools-common linux-tools-generic flex bison gcc-aarch64-linux-gnu libssl-dev linux-source
cd /usr/src
source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')
sudo tar -xf $source_file
cd $source_dir
test -f .config || sudo make oldconfig
sudo make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- prepare V=0
ls -al /usr/src/$source_dir
shell: bash
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
- run: |
make env
make nocore -j4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
================================================
FILE: .github/workflows/e2e.yml
================================================
name: E2E Tests
on:
pull_request:
branches: [ master, v2, v1 ]
types: [ opened, synchronize, reopened ]
push:
branches: [ master, v2, v1 ]
permissions:
contents: read
issues: write
pull-requests: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
e2e-tests:
runs-on: ubuntu-22.04
name: E2E Tests (TLS/GnuTLS/GoTLS)
steps:
- uses: actions/setup-go@v5
with:
go-version: '1.24.6'
- name: Install Required Tools
run: |
sudo apt-get update
sudo apt-get install --yes \
build-essential \
pkgconf \
libelf-dev \
llvm-14 \
clang-14 \
linux-tools-common \
linux-tools-generic \
gcc \
curl \
wget \
netcat-openbsd \
openssl \
libssl-dev \
ca-certificates
# Set up clang-14 as default
for tool in "clang" "llc" "llvm-strip"
do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
done
# Verify tools are installed
echo "=== Installed Tool Versions ==="
go version
clang --version | head -1
curl --version | head -1
wget --version | head -1
openssl version
- name: Prepare Linux Headers
run: |
cd /usr/src
source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
if [ -n "$source_file" ]; then
source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')
sudo tar -xf $source_file
cd $source_dir
test -f .config || sudo make oldconfig
fi
- uses: actions/checkout@v4
with:
submodules: 'recursive'
fetch-depth: 0
- name: Build eCapture
run: |
make clean
make env
make -j$(nproc)
# Verify binary was built
if [ ! -f bin/ecapture ]; then
echo "❌ Failed to build ecapture binary"
exit 1
fi
ls -lh bin/ecapture
file bin/ecapture
- name: Run E2E Tests
run: |
echo "=== Running E2E Tests ==="
echo "Kernel: $(uname -r)"
echo "Architecture: $(uname -m)"
# Run comprehensive e2e tests with sudo
# Tests will connect to https://github.com to verify TLS capture
sudo make e2e || {
echo "❌ E2E tests failed"
exit 1
}
- name: E2E Test Summary
if: always()
run: |
echo "=== E2E Test Execution Complete ==="
if [ $? -eq 0 ]; then
echo "✅ All E2E tests passed successfully"
else
echo "❌ Some E2E tests failed - check logs above"
fi
e2e-tests-summary:
runs-on: ubuntu-22.04
name: E2E Test Results Summary
needs: e2e-tests
if: always()
steps:
- name: Check E2E Test Results
run: |
if [ "${{ needs.e2e-tests.result }}" == "success" ]; then
echo "✅ E2E Tests: PASSED"
exit 0
else
echo "❌ E2E Tests: FAILED"
exit 1
fi
- name: Comment PR with E2E Results
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const prNumber = context.payload.pull_request.number;
const testResult = '${{ needs.e2e-tests.result }}';
const runId = context.runId;
const statusEmoji = testResult === 'success' ? '✅' : '❌';
const statusText = testResult === 'success' ? 'PASSED' : 'FAILED';
const body = `## ${statusEmoji} E2E Test Results: ${statusText}
**Test Run:** [#${runId}](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${runId})
### Tests Executed:
- TLS/OpenSSL Module (curl → github.com)
- GnuTLS Module (wget/curl → github.com)
- GoTLS Module (Go client → github.com)
${testResult === 'success' ?
'✅ All e2e tests passed successfully! The TLS capture functionality is working correctly.' :
'❌ Some e2e tests failed. Please check the workflow logs for details.'}
---
*Automated e2e test results for commit ${context.sha.substring(0, 7)}*`;
try {
await github.rest.issues.createComment({
issue_number: prNumber,
owner: context.repo.owner,
repo: context.repo.repo,
body: body
});
console.log('E2E test results comment posted successfully');
} catch (error) {
console.log('Failed to post comment:', error.message);
}
================================================
FILE: .github/workflows/go-c-cpp.yml
================================================
name: GO/C/C++ CI
on:
push:
branches: [ master, v2, v1 ]
pull_request:
branches: [ master, v2, v1 ]
jobs:
build-on-ubuntu2204:
runs-on: ubuntu-22.04
name: build on ubuntu-22.04 x86_64
steps:
- uses: actions/setup-go@v5
with:
go-version: '1.24.6'
- name: Install Compilers
run: |
sudo apt-get update
sudo apt-get install --yes build-essential pkgconf libelf-dev llvm-14 clang-14 flex bison linux-tools-common linux-tools-generic gcc gcc-aarch64-linux-gnu libssl-dev linux-source
for tool in "clang" "llc" "llvm-strip"
do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
done
cd /usr/src
source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')
sudo tar -xf $source_file
cd $source_dir
test -f .config || sudo make oldconfig
sudo make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- prepare V=0
ls -al /usr/src/$source_dir
shell: bash
- uses: actions/checkout@v4
with:
submodules: 'recursive'
fetch-depth: 0
- name: Build CO-RE
run: |
make clean
make env
DEBUG=1 make -j8
cd ./lib/libpcap/ && sudo make install
cd $GITHUB_WORKSPACE
- name: golangci-lint
uses: golangci/golangci-lint-action@v8
with:
version: v2.1
skip-cache: true
problem-matchers: true
- name: Build non-CO-RE
run: |
make clean
make env
make nocore
- name: Build CO-RE (Cross-Compilation)
run: |
make clean
CROSS_ARCH=arm64 make env
CROSS_ARCH=arm64 make -j8
- name: Build non-CO-RE (Cross-Compilation/Android)
run: |
make clean
CROSS_ARCH=arm64 make env
ANDROID=1 CROSS_ARCH=arm64 make nocore -j8
- name: Test
run: go test -v -race ./...
build-on-ubuntu2204-arm64:
runs-on: ubuntu-22.04-arm
name: build on ubuntu-22.04 arm64
steps:
- uses: actions/setup-go@v5
with:
go-version: '1.24.6'
- name: Install Compilers
run: |
sudo apt-get update
sudo apt-get install --yes build-essential pkgconf libelf-dev llvm-14 clang-14 flex bison linux-tools-common linux-tools-generic gcc gcc-x86-64-linux-gnu libssl-dev linux-source
for tool in "clang" "llc" "llvm-strip"
do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
done
cd /usr/src
source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')
sudo tar -xf $source_file
cd $source_dir
test -f .config || sudo make oldconfig
sudo make ARCH=x86 CROSS_COMPILE=x86_64-linux-gnu- prepare V=0 > /dev/null
ls -al /usr/src/$source_dir
shell: bash
- uses: actions/checkout@v4
with:
submodules: 'recursive'
fetch-depth: 0
- name: Build CO-RE
run: |
make clean
make env
DEBUG=1 make -j8
cd ./lib/libpcap/ && sudo make install
cd $GITHUB_WORKSPACE
- name: golangci-lint
uses: golangci/golangci-lint-action@v8
with:
version: v2.1
skip-cache: true
problem-matchers: true
- name: Build non-CO-RE
run: |
make clean
make env
make nocore
- name: Build CO-RE (Cross-Compilation)
run: |
make clean
CROSS_ARCH=amd64 make env
CROSS_ARCH=amd64 make -j8
- name: Build non-CO-RE (Cross-Compilation/Android)
run: |
make clean
CROSS_ARCH=amd64 make env
ANDROID=1 CROSS_ARCH=amd64 make nocore -j8
- name: Test
run: go test -v -race ./...
================================================
FILE: .github/workflows/pr_build_debug.yml
================================================
name: PR Build (Debug)
on:
pull_request:
branches: [ master, v2, v1 ]
types: [ opened, synchronize, reopened ]
permissions:
contents: read
actions: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-debug-artifacts:
runs-on: ubuntu-22.04
name: Build Debug Artifacts
strategy:
matrix:
os: [ android, linux ]
arch: [ arm64, amd64 ]
steps:
- uses: actions/setup-go@v5
with:
go-version: '1.24.6'
- name: Install Compilers
shell: bash
run: |
sudo apt-get update
sudo apt-get install --yes \
build-essential \
pkgconf \
libelf-dev \
llvm-14 \
clang-14 \
linux-tools-common \
linux-tools-generic \
gcc \
gcc-aarch64-linux-gnu \
linux-source
for tool in "clang" "llc" "llvm-strip"
do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
done
cd /usr/src
source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')
sudo tar -xf $source_file
cd $source_dir
test -f .config || sudo make oldconfig
sudo make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- prepare V=0
- uses: actions/checkout@v4
with:
submodules: 'recursive'
fetch-depth: 0
- name: Build Debug amd64
if: matrix.arch == 'amd64'
run: |
make clean
make env
DEBUG=1 make -f builder/Makefile.release release SNAPSHOT_VERSION=v0.0.0-pr-${{ github.event.number || 'dev' }}-debug
cp bin/ecapture-*.tar.gz dist/
- name: Build Debug arm64
if: matrix.arch == 'arm64'
run: |
make clean
make env
DEBUG=1 CROSS_ARCH=arm64 make -f builder/Makefile.release release SNAPSHOT_VERSION=v0.0.0-pr-${{ github.event.number || 'dev' }}-debug
cp bin/ecapture-*.tar.gz dist/
- name: Upload Debug Artifacts
uses: actions/upload-artifact@v4
with:
name: ecapture-v0.0.0-pr-${{ github.event.number || 'dev' }}-debug-${{ matrix.os }}-${{ matrix.arch }}.tar.gz
path: dist/ecapture-v0.0.0-pr-${{ github.event.number || 'dev' }}-debug-${{ matrix.os }}-${{ matrix.arch }}.tar.gz
retention-days: 7
- name: List Built Artifacts
run: |
echo "Built debug artifacts:"
ls -la dist/
echo "Artifact sizes:"
du -h dist/*
================================================
FILE: .github/workflows/pr_build_debug_comment.yml
================================================
name: PR Comment on Build
on:
workflow_run:
workflows: ["PR Build (Debug)"]
types:
- completed
permissions:
contents: read
pull-requests: write
jobs:
comment:
runs-on: ubuntu-22.04
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
steps:
- name: Comment PR with Download Links
uses: actions/github-script@v7
with:
script: |
const runId = context.payload.workflow_run.id;
// Get the PR number from the workflow run
const pullRequests = context.payload.workflow_run.pull_requests;
if (!pullRequests || pullRequests.length === 0) {
console.log('No pull request associated with this workflow run');
return;
}
const prNumber = pullRequests[0].number;
try {
const commentBody = [
`🔧 **Debug Build Complete (PR #${prNumber})**`,
'',
'📦 Download Links:',
`- [View Build Artifacts](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${runId})`,
'',
'⏰ Files will be retained for 7 days, please download and test promptly.',
'',
'---',
'*This build includes debug binaries for: android/linux (arm64/amd64)*'
].join('\n');
await github.rest.issues.createComment({
issue_number: prNumber,
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody
});
console.log('Comment created successfully');
} catch (error) {
console.log('Failed to create comment:', error.message);
throw error;
}
================================================
FILE: .github/workflows/release.yml
================================================
name: Release
on:
push:
tags:
- "v*"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-on-ubuntu2204:
runs-on: ubuntu-22.04
name: release Linux/Android Version (amd64/arm64)
steps:
- uses: actions/setup-go@v5
with:
go-version: '1.24.6'
- name: Check Release Type
id: release_type
run: |
TAG_NAME=${{ github.ref_name }}
if [[ "$TAG_NAME" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "IS_PRERELEASE=false" >> $GITHUB_OUTPUT
echo "RELEASE_TYPE=stable" >> $GITHUB_OUTPUT
echo "📦 Stable release detected: $TAG_NAME"
elif [[ "$TAG_NAME" =~ (alpha|beta|rc) ]]; then
echo "IS_PRERELEASE=true" >> $GITHUB_OUTPUT
echo "RELEASE_TYPE=prerelease" >> $GITHUB_OUTPUT
echo "🚧 Pre-release detected: $TAG_NAME"
else
echo "IS_PRERELEASE=false" >> $GITHUB_OUTPUT
echo "RELEASE_TYPE=stable" >> $GITHUB_OUTPUT
echo "📦 Release: $TAG_NAME"
fi
shell: bash
- name: Install Compilers
run: |
sudo apt-get update
sudo apt-get install --yes \
build-essential \
pkgconf \
libelf-dev \
llvm-14 \
clang-14 \
linux-tools-common \
linux-tools-generic \
gcc \
gcc-aarch64-linux-gnu \
linux-source
for tool in "clang" "llc" "llvm-strip"
do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
done
cd /usr/src
source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')
sudo tar -xf $source_file
cd $source_dir
test -f .config || sudo make oldconfig
sudo make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- prepare V=0
ls -al /usr/src/$source_dir
shell: bash
- uses: actions/checkout@v4
with:
submodules: 'recursive'
fetch-depth: 0
- uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: authenticate
run: |
gh auth login --with-token <<<'${{ secrets.GITHUB_TOKEN }}'
- name: Get Previous Tag
id: previoustag
run: |
PREVIOUS=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
echo "PREVIOUS_TAG=$PREVIOUS" >> $GITHUB_OUTPUT
- name: Generate Release Notes
id: release_notes
run: |
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
/repos/${{ github.repository }}/releases/generate-notes \
-f tag_name=${{ github.ref_name }} \
-f previous_tag_name=${{ steps.previoustag.outputs.PREVIOUS_TAG }} \
> release_notes.json
echo "NOTES<<EOF" >> $GITHUB_OUTPUT
jq -r .body release_notes.json >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Write File
uses: DamianReeves/write-file-action@v1.2
with:
path: ./bin/release_notes.txt
contents: |
${{ steps.release_notes.outputs.NOTES }}
write-mode: append
- name: Release amd64
run: |
make clean
make env
make -f builder/Makefile.release release SNAPSHOT_VERSION=${{ github.ref_name }}
- name: Release arm64 (CROSS COMPILATION)
run: |
make clean
make env
CROSS_ARCH=arm64 make -f builder/Makefile.release release SNAPSHOT_VERSION=${{ github.ref_name }}
- name: Publish
env:
IS_PRERELEASE: ${{ steps.release_type.outputs.IS_PRERELEASE }}
run: |
make -f builder/Makefile.release publish SNAPSHOT_VERSION=${{ github.ref_name }}
build-docker-image:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Check Release Type
id: release_type
run: |
TAG_NAME=${{ github.ref_name }}
if [[ "$TAG_NAME" =~ (alpha|beta|rc) ]]; then
echo "IS_PRERELEASE=true" >> $GITHUB_OUTPUT
echo "🚧 Pre-release detected for Docker: $TAG_NAME"
else
echo "IS_PRERELEASE=false" >> $GITHUB_OUTPUT
echo "📦 Stable release detected for Docker: $TAG_NAME"
fi
shell: bash
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Update submodule
run: git submodule update --init
- name: Prepare Docker Tags
id: docker_tags
run: |
TAGS="${{ secrets.DOCKERHUB_USERNAME }}/ecapture:${{ github.ref_name }}"
if [[ "${{ steps.release_type.outputs.IS_PRERELEASE }}" == "false" ]]; then
TAGS="${TAGS}
${{ secrets.DOCKERHUB_USERNAME }}/ecapture:latest"
echo "📦 Adding 'latest' tag for stable release"
else
echo "🚧 Skipping 'latest' tag for pre-release"
fi
echo "TAGS<<EOF" >> $GITHUB_OUTPUT
echo "$TAGS" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
build-args: VERSION=${{ github.ref_name }}
file: ./builder/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/ecapture:buildcache
cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/ecapture:buildcache,mode=max
tags: ${{ steps.docker_tags.outputs.TAGS }}
================================================
FILE: .gitignore
================================================
# Binaries for programs and plugins
*.exe
*.exe~
*.dll
*.so
*.dylib
*.d
*.o
# Test binary, built with `go test -c`
*.test
# Output of the go coverage tool, specifically when used with LiteIDE
*.out
# Log files
*.log
# Dependency directories (remove the comment below to include it)
# vendor/
/assets/ebpf_probe.go
/assets/ebpf_probe_core.go
/assets/ebpf_probe_noncore.go
# VSCode
.vscode/settings.json
#idea
.idea/*
bin/*
/.check*
/deps/*
/assets/probe.go
docs/blog/*
# Example binaries
/examples/ecaptureq_client/ecaptureq_client
pkg/proc/go_elf/go_elf
================================================
FILE: .gitmodules
================================================
[submodule "lib/libpcap"]
path = lib/libpcap
url = https://github.com/the-tcpdump-group/libpcap.git
================================================
FILE: .golangci.yml
================================================
# This configuration file is not a recommendation.
#
# We intentionally use a limited set of linters.
# This configuration file is used with different version of golangci-lint to avoid regressions:
# the linters can change between version,
# their configuration may be not compatible or their reports can be different,
# and this can break some of our tests.
# Also, some linters are not relevant for the project (e.g. linters related to SQL).
#
# We have specific constraints, so we use a specific configuration.
#
# See the file `.golangci.reference.yml` to have a list of all available configuration options.
version: "2"
linters:
default: none
# This list of linters is not a recommendation (same thing for all this configuration file).
# We intentionally use a limited set of linters.
# See the comment on top of this file.
enable:
- errcheck
- staticcheck
- errorlint
settings:
errorlint:
asserts: false
staticcheck:
checks:
# Invalid regular expression.
# https://staticcheck.dev/docs/checks/#SA1000
- all
- "-ST1000"
- "-ST1005"
- "-ST1003"
- "-ST1021"
- "-ST1023"
- "-QF1012"
- "-QF1008"
- "-S1005"
- "-S1021"
- "-S1025"
- "-ST1020"
- "-ST1016"
- "-ST1022"
- "-QF1011"
- "-S1034"
- "-S1023"
- "-SA4031"
- "-S1000"
- "-SA4006"
exclusions:
paths:
- test/
- tests/
- bin/
- utils/
formatters:
enable:
- gofmt
- goimports
settings:
gofmt:
rewrite-rules:
- pattern: 'interface{}'
replacement: 'any'
goimports:
local-prefixes:
- github.com/gojue/ecapture
exclusions:
paths:
- test/
- tests/
- bin/
- utils/
================================================
FILE: CHANGELOG.md
================================================
# v2.0.0 (2026-03-14)
## What's Changed
### ⚠️ Breaking Changes
* **Architecture refactoring**: Completely migrated from the legacy `user/` directory to the new `internal/probe` standardized architecture. The old `user/` directory has been deleted. (#911, #912, #913, #914)
* **Build tag rename**: Build tag `androidgki` has been renamed to `ecap_android`. (#930)
* **eBPF bytecode directory**: eBPF bytecode assets have been relocated to `ebpfassets/` directory structure.
### 🏗️ Architecture Refactoring (v2 Foundation)
* Implement clean architecture foundation — Phase 3 complete + Phase 4 Plan B: All simple probes migrated (Bash, Zsh, MySQL, Postgres) by @Copilot in https://github.com/gojue/ecapture/pull/911
* feat: Phase 4 TLS probe refactoring — Complete all libraries (OpenSSL, GnuTLS, NSPR, GoTLS) with multi-mode support and factory registration by @Copilot in https://github.com/gojue/ecapture/pull/912
* Complete eCapture v2 Architecture Refactoring (Phases 5-7): E2E Tests, Deprecation, Migration Guide, Complete eBPF Code Migration, and CLI Integration Plan by @Copilot in https://github.com/gojue/ecapture/pull/913
* Complete migration to `internal/probe` architecture: CLI commands, eCaptureQ HTTP server, eBPF bytecode directory, and `user/` directory deletion (8/8 probes) by @Copilot in https://github.com/gojue/ecapture/pull/914
* Refactor `pkg/event_processor` to remove user/event dependency and fix CLI compilation by @Copilot in https://github.com/gojue/ecapture/pull/915
* Refactor gotls probe to follow standardized architecture pattern by @Copilot in https://github.com/gojue/ecapture/pull/916
* Refactor OpenSSL probe to follow standardized architecture pattern by @Copilot in https://github.com/gojue/ecapture/pull/917
* refactor(nspr): Complete probe refactoring to standardized architecture by @Copilot in https://github.com/gojue/ecapture/pull/918
* refactor: Refactor the event dispatcher setup and probe initialization process by @cfc4n in https://github.com/gojue/ecapture/pull/924
* refactor: migrate build tag from `androidgki` to `ecap_android` by @cfc4n in https://github.com/gojue/ecapture/pull/930
### ✨ New Features
* feat: add ELF path configuration and refactor eBPF filename handling in GoTLS probe by @cfc4n
* feat: implement logger writer and enhance output handling in various components by @cfc4n in https://github.com/gojue/ecapture/pull/925
* feat: implement buffered pcapng packet writing with interface metadata and improved closure handling by @cfc4n in https://github.com/gojue/ecapture/pull/928
* feat: Optimize GoTLS event handling, enhance OpenSSL configuration (including Android support), and add configuration validation by @cfc4n in https://github.com/gojue/ecapture/pull/936
* feat: add connection event handling and enhance TLS event structure with additional fields by @cfc4n in https://github.com/gojue/ecapture/pull/938
### 🐛 Bug Fixes & Improvements
* refactor: rename documentation files and update capture mode handling in configuration by @cfc4n in https://github.com/gojue/ecapture/pull/923
* refactor: rename Chinese documentation files and update links in README by @cfc4n in https://github.com/gojue/ecapture/pull/927
* Fix E2E test failures: Android arch detection, missing curl fallback, keylog test tolerance by @Copilot in https://github.com/gojue/ecapture/pull/944
* Revert non-tag changes, keep ebpfassets/dynamic, minimally fix unit tests by @cfc4n in https://github.com/gojue/ecapture/pull/945
### 🧪 Testing
* Add comprehensive E2E test suite with 72+ scenarios covering all modules by @Copilot in https://github.com/gojue/ecapture/pull/919
### 🔧 CI/CD & Tooling
* feat: enhance release workflow with pre-release detection and Docker tagging by @cfc4n
* docs: add comprehensive documentation for eCapture project and update compilation references by @cfc4n
## New Contributors
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.5.2...v2.0.0
<hr>
# v1.5.2 (2025-12-27)
## What's Changed
* add entry for android 16 by @jeromekleinen in https://github.com/gojue/ecapture/pull/899
* comment out early returns in SSL_write by @jeromekleinen in https://github.com/gojue/ecapture/pull/903
* Optimized the FD fetch logic of openssl by @cfc4n in https://github.com/gojue/ecapture/pull/905
* feat(gotls): support Go binaries built with -ldflags="-s -w" by @wocaolideTwistzz in https://github.com/gojue/ecapture/pull/907
* refactor: remove kernel version detect for less than 5.2 by @cfc4n in https://github.com/gojue/ecapture/pull/906
## New Contributors
* @jeromekleinen made their first contribution in https://github.com/gojue/ecapture/pull/899
* @wocaolideTwistzz made their first contribution in https://github.com/gojue/ecapture/pull/907
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.5.1...v1.5.2
<hr>
# v1.5.1 (2025-12-07)
## What's Changed
* fix (iworker): handle empty payload and ignore EOF error in parser write. by @cfc4n in https://github.com/gojue/ecapture/pull/897
## New Contributors
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.5.0...v1.5.1
<hr>
# v1.5.0 (2025-12-07)
## What's Changed
* feat: support OpenSSL 3.5.4 by @namoen0301 in https://github.com/gojue/ecapture/pull/857
* build(deps): bump golang.org/x/crypto from 0.38.0 to 0.45.0 by @dependabot[bot] in https://github.com/gojue/ecapture/pull/864
* Add protobuf-based WebSocket client example and fix ecaptureq documentation by @Copilot in https://github.com/gojue/ecapture/pull/868
* docs: update READMEs with protobuf protocol links and refactor visualizer docs by @zenyanle in https://github.com/gojue/ecapture/pull/869
* feat: add eCapture Issue Responder template for Copilot Agent. by @cfc4n in https://github.com/gojue/ecapture/pull/873
* feat: add eCapture PR Agent Profile. by @cfc4n in https://github.com/gojue/ecapture/pull/878
* fix: prevent nil pointer panic in gnutls probe when setup fails by @Copilot in https://github.com/gojue/ecapture/pull/879
* bugfix(gotls_kern): use actual data_len while reading payload by @h0x0er in https://github.com/gojue/ecapture/pull/882
* fix(ecaptureq): adjust heartbeat frequency and trigger immediate ping by @zenyanle in https://github.com/gojue/ecapture/pull/884
* feat: add support for BoringSSL on Android 16 with updated offsets by @cfc4n in https://github.com/gojue/ecapture/pull/885
* Fix HTTP/2 parser logging spurious "unexpected EOF" errors during TLS capture by @Copilot in https://github.com/gojue/ecapture/pull/886
* feat: add e2e testing framework and multiple HTTPS client examples by @cfc4n in https://github.com/gojue/ecapture/pull/887
* Add comprehensive e2e tests for TLS, GnuTLS, and GoTLS modules with CI integration by @Copilot in https://github.com/gojue/ecapture/pull/888
* feat: add remote configuration update API documentation and event forwarding details by @cfc4n in https://github.com/gojue/ecapture/pull/889
* Enhance e2e tests with content verification and multi-mode coverage by @Copilot in https://github.com/gojue/ecapture/pull/890
* fix(gotls): correct event output logic and support protobuf by @zenyanle in https://github.com/gojue/ecapture/pull/891
* fix: simplify PR comment condition to trigger on all pull requests by @cfc4n in https://github.com/gojue/ecapture/pull/894
## New Contributors
* @namoen0301 made their first contribution in https://github.com/gojue/ecapture/pull/857
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.4.3...v1.5.0
<hr>
# v1.4.3 (2025-10-12)
## What's Changed
* fix: resolve kernel 4.19 compatibility issue with .rodata maps in eBPF bytecode by @Copilot in https://github.com/gojue/ecapture/pull/846
* bugfix: keep nanoseconds precision for timestamps by @h0x0er in https://github.com/gojue/ecapture/pull/850
* Refactor: Migrate Agent-Server Communication Protocol to Protobuf by @zenyanle in https://github.com/gojue/ecapture/pull/851
* bugfix: update permissions and improve error handling in PR comment workflow by @cfc4n in https://github.com/gojue/ecapture/pull/853
* feat: update eCapture logo and enhance eCaptureQ GUI application section in README files by @cfc4n in https://github.com/gojue/ecapture/pull/854
## New Contributors
* @Copilot made their first contribution in https://github.com/gojue/ecapture/pull/846
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.4.2...v1.4.3
<hr>
# v1.4.2 (2025-09-27)
## What's Changed
* feat: add eCaptureQ GUI application documentation in English, Chinese… by @cfc4n in https://github.com/gojue/ecapture/pull/836
* kern/gotls_kern: refactored event creation logic by @h0x0er in https://github.com/gojue/ecapture/pull/839
* feat: enhance PR build debug workflow with permissions and detailed completion message by @cfc4n in https://github.com/gojue/ecapture/pull/843
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.4.1...v1.4.2
<hr>
# v1.4.1 (2025-08-23)
## What's Changed
* fix: refactor event logging to use new CollectorWriter and improve error handling by @cfc4n in https://github.com/gojue/ecapture/pull/821
* typo: comment in cmd packages by @webfrogs in https://github.com/gojue/ecapture/pull/827
* bugfix: support keylog mode for OpenSSL 3.0.12 by @foxayy in https://github.com/gojue/ecapture/pull/826
* feat: update Go version to 1.24.6 across multiple configuration files by @cfc4n in https://github.com/gojue/ecapture/pull/828
## New Contributors
* @webfrogs made their first contribution in https://github.com/gojue/ecapture/pull/827
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.4.0...v1.4.1
<hr>
# v1.4.0 (2025-08-11)
## What's Changed
* feat: implement WebSocket client and server for log transmission by @cfc4n
in https://github.com/gojue/ecapture/pull/806
* Fix: Correctly resolve relative paths in /etc/ld.so.conf by @foxayy in https://github.com/gojue/ecapture/pull/808
* fix: missing trailing bytes for some keys in gotls keylog by @yhlooo in https://github.com/gojue/ecapture/pull/812
* feat: add WebSocket server and PacketData structure for log handling by @cfc4n
in https://github.com/gojue/ecapture/pull/810
* feat: refactor event types to use unified Type structure across events by @cfc4n
in https://github.com/gojue/ecapture/pull/814
* feat: add GitHub Actions workflow for PR debug builds and artifact uploads by @cfc4n
in https://github.com/gojue/ecapture/pull/815
* fix: update GitHub Actions workflow for PR debug builds and artifact uploads by @cfc4n
in https://github.com/gojue/ecapture/pull/817
* fix: correct return statements and improve error handling in BoringSSL by @cfc4n
in https://github.com/gojue/ecapture/pull/816
* feat: implement OpenSSL version downgrade logic and improve logging by @cfc4n
in https://github.com/gojue/ecapture/pull/819
* feat: update OpenSSL version offsets for 3.0, 3.2, 3.3, 3.4, and 3.5 by @cfc4n
in https://github.com/gojue/ecapture/pull/820
## New Contributors
* @foxayy made their first contribution in https://github.com/gojue/ecapture/pull/808
* @yhlooo made their first contribution in https://github.com/gojue/ecapture/pull/812
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.3.1...v1.4.0
<hr>
# v1.3.1 (2025-06-29)
## What's Changed
* fix: share same hpack decoder for one tuple connect #744 by @chilli13 in https://github.com/gojue/ecapture/pull/798
* fix: Improve bash path detection and correct probe attachment by @zenyanle
in https://github.com/gojue/ecapture/pull/805
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.3.0...v1.3.1
<hr>
# v1.3.0 (2025-06-22)
## What's Changed
* feat: enhance BPF core read macros and add new utility functions by @cfc4n
in https://github.com/gojue/ecapture/pull/797
* feat: support gnutls early secret by @yuweizzz in https://github.com/gojue/ecapture/pull/801
* fix: keylog lost in openssl by @yuweizzz in https://github.com/gojue/ecapture/pull/802
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.2.0...v1.3.0
<hr>
# v1.2.0 (2025-06-14)
## What's Changed
* feat: add JetBrains logo and acknowledgements to README files by @cfc4n in https://github.com/gojue/ecapture/pull/793
* feat: Implement dual lifecycle management for eventWorker by @zenyanle in https://github.com/gojue/ecapture/pull/785
* rorate: add eventroratesize, eventroratetime to support file rorate #720 by @chilli13
in https://github.com/gojue/ecapture/pull/794
* feat: define early_secret in SSL structures for enhanced security by @cfc4n
in https://github.com/gojue/ecapture/pull/792
## New Contributors
* @zenyanle made their first contribution in https://github.com/gojue/ecapture/pull/785
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.1.0...v1.2.0<hr>
# v1.1.0 (2025-05-30)
## What's Changed
* feat: allow capture icmp protocol by @yuweizzz in https://github.com/gojue/ecapture/pull/779
* opt: redesign the truncate effect logic to reduce memory cost in text mode #718 by @chilli13
in https://github.com/gojue/ecapture/pull/775
* fix: clean up SSLDataEvent string methods and improve logging #776 by @cfc4n
in https://github.com/gojue/ecapture/pull/777
* fix: improve logging for truncated events and update string formatting by @cfc4n
in https://github.com/gojue/ecapture/pull/780
* feat: support openssl version 3.5.0 #783 by @chilli13 in https://github.com/gojue/ecapture/pull/787
* fix: avoid writing empty decryption secrets block in savePcapng method by @cfc4n
in https://github.com/gojue/ecapture/pull/786
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.0.2...v1.1.0
<hr>
# v1.0.2 (2025-05-03)
## What's Changed
* feat: add support for OpenSSL 3.3.3 and 3.4.1, update version mappings by @cfc4n
in https://github.com/gojue/ecapture/pull/769
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.0.1...v1.0.2
<hr>
# v1.0.1 (2025-04-08)
## What's Changed
* fix: update clang version to 10 in installation scripts by @cfc4n in https://github.com/gojue/ecapture/pull/758
* refactor: support loopback interface, remove loopback device checks from pcap probe files by @cfc4n
in https://github.com/gojue/ecapture/pull/762
**Full Changelog**: https://github.com/gojue/ecapture/compare/v1.0.0...v1.0.1
<hr>
# v1.0.0 Stable Versions (2025-03-25)
## 🚀 eCapture Features Overview
eCapture is a powerful network traffic capture and decryption tool focusing on TLS/SSL protocol transparency and
analysis. It supports multiple protocols and architectures, providing efficient and flexible capture and decryption
capabilities.
---
### Core Features
1. **Multi-Protocol Support**
- Supports TLS, gnutls, nss, openssl, and other encryption protocols, compatible with different versions of SSL/TLS
implementations.
2. **Smart Packet Capture**
- Based on eBPF technology, enabling efficient network data capture and protocol parsing. Supports IPv4, IPv6 dual-stack
and 4-tuple filtering.
3. **Master Key Capture**
- Supports TLS 1.2 and 1.3 protocol master key capture. Integrates with Wireshark for decryption, allowing direct
viewing of encrypted traffic in plain text.
4. **Modular Architecture**
- Modular design allows for easy extension and flexible configuration of different protocol modules.
5. **Cross-Platform Support**
- Supports Linux, Android, and other platforms, compatible with ARM64 and x86 architectures, adapting to different
environments.
---
### Features
- **Automation**
Automatically detects SSL/TLS library versions, intelligently identifies CO-RE and non-CO-RE modes, optimizes memory
usage.
- **Flexible Configuration**
Supports custom filters, log files, decryption modes (keylog, pcap, text), and multiple output formats.
- **High Performance**
High-efficiency data processing based on eBPF, supports large-scale concurrent captures and long-term packet
capturing.
- **Strong Compatibility**
Supports multiple SSL/TLS library versions, including openssl 1.1.1, 3.0.x, boringssl, etc.
- **Extensibility**
Provides Wireshark plugin support for easy data analysis and visualization.
---
### Technical Advantages
- **eBPF Engine**
Utilizes advanced eBPF technology to improve capture and decryption efficiency, reducing system resource usage.
- **Modular Architecture**
Core functionality is modularized for easy extension and maintenance.
- **Intelligence**
Automatically detects the runtime environment and intelligently adapts to different protocols and architectures.
---
### Application Scenarios
1. **Network Debugging**
Real-time capture and decryption of TLS/SSL traffic to assist in development and debugging.
2. **Security Analysis**
Analyze encrypted communications to identify potential security vulnerabilities.
3. **Protocol Research**
Study TLS/SSL protocol implementations and analyze traffic characteristics.
4. **Monitoring and Auditing**
Monitor network communications, record, and audit sensitive operations.
### Links
1. [eCapture旁观者](https://ecapture.cc)
2. [eCapture Github](https://github.com/gojue/ecapture)
3. 微信公众号
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.9.5...v1.0.0
<hr>
# v0.9.5 (2025-03-08)
## What's Changed
* fix: incorrect stream id in http2 protocol data frame by @yuweizzz in https://github.com/gojue/ecapture/pull/737
* Fix: #740, the bug of incomplete SSL data for excessively long lengths. by @cfc4n
in https://github.com/gojue/ecapture/pull/742
* improve: provide opts to set the truncate size in text mode to reduce memory cost by @yuweizzz
in https://github.com/gojue/ecapture/pull/731
* improve: handle COMPRESSION_ERROR to reduce the error log displayed by @yuweizzz
in https://github.com/gojue/ecapture/pull/745
* fix: #739 the tuple to be unreachable. by @cfc4n in https://github.com/gojue/ecapture/pull/741
* improve: add frame length by @yuweizzz in https://github.com/gojue/ecapture/pull/748
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.9.4...v0.9.5
<hr>
# v0.9.4 (2025-02-16)
## What's Changed
* feat(boringssl): add support Android15 BoringSSL by @cfc4n in https://github.com/gojue/ecapture/pull/723
* feat: support ipv6 4-tuple (#724) by @chilli13 in https://github.com/gojue/ecapture/pull/728
* improve: include a stream id field when parse http2 event by @yuweizzz in https://github.com/gojue/ecapture/pull/734
* tuple: bugfix for tuple ipv4 dst ip info by @chilli13 in https://github.com/gojue/ecapture/pull/735
## New Contributors
* @chilli13 made their first contribution in https://github.com/gojue/ecapture/pull/728
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.9.3...v0.9.4
<hr>
# v0.9.3 (2025-01-18)
## What's Changed
* fix(make): improve error handling and clean target logic in Makefile by @cfc4n
in https://github.com/gojue/ecapture/pull/713
* fix: incorrect CAP_BPF check method by @hengyoush in https://github.com/gojue/ecapture/pull/715
* feat(ci): update GitHub Action runners with Linux arm64 host by @cfc4n in https://github.com/gojue/ecapture/pull/722
## New Contributors
* @hengyoush made their first contribution in https://github.com/gojue/ecapture/pull/715
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.9.2...v0.9.3
<hr>
# v0.9.2 (2024-12-29)
## What's Changed
* Limit GitHub action serialization and increase CI caching function by @cfc4n
in https://github.com/gojue/ecapture/pull/698
* fix : add openssl_3_1_0 target by @cuijing90 in https://github.com/gojue/ecapture/pull/704
* performance: use first h2 frame header detect instead of read first frame from whole payload by @yuweizzz
in https://github.com/gojue/ecapture/pull/705
* fix #697, When building in nocore mode, use only non-core bytecode les by default. by @cfc4n
in https://github.com/gojue/ecapture/pull/708
* fix: check CAP_BPF by capget syscall by @Asphaltt in https://github.com/gojue/ecapture/pull/707
* fixed the issue of missing cross-compilation environment. by @cfc4n in https://github.com/gojue/ecapture/pull/709
* fix(ci): fix github action release notes generation by @cfc4n in https://github.com/gojue/ecapture/pull/710
## New Contributors
* @cuijing90 made their first contribution in https://github.com/gojue/ecapture/pull/704
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.9.1...v0.9.2
<hr>
# v0.9.1 (2024-12-18)
## What's Changed
* fix: invalid indirect read from stack by @Asphaltt in https://github.com/gojue/ecapture/pull/694
* fix: use other hooks to probe 5-tuple by @Asphaltt in https://github.com/gojue/ecapture/pull/695
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.9.0...v0.9.1
<hr>
# v0.9.0 (2024-12-15)
## What's Changed
* fix: pcap filter not work as expected by @yuweizzz in https://github.com/gojue/ecapture/pull/680
* feat support capture zsh command by @SenberHu in https://github.com/gojue/ecapture/pull/683
* feat: detect CAP_BPF by @Asphaltt in https://github.com/gojue/ecapture/pull/681
* feat: Enrich addr info with remote addr info by @Asphaltt in https://github.com/gojue/ecapture/pull/684
* fix ecapture docker images CVE-2024-24790 by @cfc4n in https://github.com/gojue/ecapture/pull/687
* fix #685, the Processor print "incoming chan is full",and exit. by @cfc4n
in https://github.com/gojue/ecapture/pull/686
* feat: Support for new version detection feature. by @cfc4n in https://github.com/gojue/ecapture/pull/688
* build(deps): bump golang.org/x/crypto from 0.23.0 to 0.31.0 by @dependabot
in https://github.com/gojue/ecapture/pull/690
* feat: Clean map when destroy socket by @Asphaltt in https://github.com/gojue/ecapture/pull/691
## New Contributors
* @SenberHu made their first contribution in https://github.com/gojue/ecapture/pull/683
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.12...v0.9.0
<hr>
# v0.8.12 (2024-12-02)
## What's Changed
* Fix the version number string cannot be found in the dynamic library of boringssl. by @cfc4n
in https://github.com/gojue/ecapture/pull/679
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.11...v0.8.12
<hr>
# v0.8.11 (2024-12-01)
## What's Changed
* fix(user/module): read version from libcrypto.so by @xxxxxliil in https://github.com/gojue/ecapture/pull/661
* fix MariaDB typo in README.md by @robertsilen in https://github.com/gojue/ecapture/pull/672
* Add a reminder for failure when hooking libnss3.so. by @cfc4n in https://github.com/gojue/ecapture/pull/677
## New Contributors
* @robertsilen made their first contribution in https://github.com/gojue/ecapture/pull/672
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.10...v0.8.11
<hr>
# v0.8.10 (2024-11-16)
## What's Changed
* feat(user/module): add ossl version 3.4.0 support by @xxxxxliil in https://github.com/gojue/ecapture/pull/660
* docs: fix jp translation by @ame-yu in https://github.com/gojue/ecapture/pull/663
* feat: support keylog and pcap mode in gnutls by @yuweizzz in https://github.com/gojue/ecapture/pull/654
* Fix the parameter error issue of the uprobe type hook. by @cfc4n in https://github.com/gojue/ecapture/pull/665
* chore: remove unused flags `BuildRequires` in rpmBuild.spec by @cfc4n in https://github.com/gojue/ecapture/pull/666
* builder: fix init script fails to run on ubuntu 24.04 system #667 by @cfc4n
in https://github.com/gojue/ecapture/pull/668
## New Contributors
* @ame-yu made their first contribution in https://github.com/gojue/ecapture/pull/663
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.9...v0.8.10
<hr>
# v0.8.9 (2024-10-26)
## What's Changed
* typo: 3中 --> 3种 by @CC11001100 in https://github.com/gojue/ecapture/pull/641
* fix: SSLDataEvent's fd is 0 Error by @yuweizzz in https://github.com/gojue/ecapture/pull/642
* fix: couldn't find bpf bytecode file error by @yuweizzz in https://github.com/gojue/ecapture/pull/650
## New Contributors
* @CC11001100 made their first contribution in https://github.com/gojue/ecapture/pull/641
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.8...v0.8.9
# v0.8.8 (2024-10-09)
## What's Changed
* Fix the bug that the arm64 version cannot work (#649) by @cfc4n in https://github.com/gojue/ecapture/pull/648
* builder: docerk build error: header not found by @cfc4n in https://github.com/gojue/ecapture/pull/648
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.7...v0.8.8
<hr>
# v0.8.7 (2024-10-07)
## What's Changed
* feat: remove tcp packet limitation by @yuweizzz in https://github.com/gojue/ecapture/pull/619
* kern: support openssl 3.3.2/3.2.3/3.1.7/3.0.15 by @cfc4n in https://github.com/gojue/ecapture/pull/624
* workflows: update linux source tgz file version. by @cfc4n in https://github.com/gojue/ecapture/pull/644
* fix the issue with retrieving the return value of the Read function in the Golang TLS module. by @cfc4n
in https://github.com/gojue/ecapture/pull/646
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.6...v0.8.7
<hr>
# v0.8.6 (2024-09-06)
## What's Changed
* GitHub action codecov by @cfc4n in https://github.com/gojue/ecapture/pull/594
* fix: fix undeclared identifier error when make in debug mode by @yuweizzz
in https://github.com/gojue/ecapture/pull/593
* user: adjusted the timing of the display of the kernel version is too low by @cfc4n
in https://github.com/gojue/ecapture/pull/607
* kern: support uid/pid filter in ebpf TC hook. by @cfc4n in https://github.com/gojue/ecapture/pull/606
* fix: fallback to default version with warn by @xxxxxliil in https://github.com/gojue/ecapture/pull/613
* chore: Use `-tags 'netgo'` in bulding process to avoid SIGSEGV because of the different version of glibc in dfferent
Linux distros by @Zheaoli in https://github.com/gojue/ecapture/pull/616
## New Contributors
* @xxxxxliil made their first contribution in https://github.com/gojue/ecapture/pull/613
* @Zheaoli made their first contribution in https://github.com/gojue/ecapture/pull/616
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.5...v0.8.6
<hr>
# v0.8.5 (2024-08-19)
## What's Changed
* feat: parse http2 data in text mode by @yuweizzz in https://github.com/gojue/ecapture/pull/580
* pkg: add http2 request/response unit test. by @cfc4n in https://github.com/gojue/ecapture/pull/583
* feat: allow capture ipv6 packet by @yuweizzz in https://github.com/gojue/ecapture/pull/586
* workflows: remove Qodana CI workflow. by @cfc4n in https://github.com/gojue/ecapture/pull/589
* Constant parameter notice by @cfc4n in https://github.com/gojue/ecapture/pull/591
* user: split loggers, which are divided into loggers and event collectors by @cfc4n in https://github.com/gojue/ecapture/pull/592
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.4...v0.8.5
<hr>
# v0.8.4 (2024-07-09)
## What's Changed
* add possible linux kernel config path by @w568w in https://github.com/gojue/ecapture/pull/561
* workflows: add Qodana by @cfc4n in https://github.com/gojue/ecapture/pull/563
* fix create output.log failed. by @cfc4n in https://github.com/gojue/ecapture/pull/566
* pkg: fix send on closed channel by @cfc4n in https://github.com/gojue/ecapture/pull/567
* fix: DumpResponse error in HEAD request by @yuweizzz in https://github.com/gojue/ecapture/pull/572
* fix: truncated body dump error by @yuweizzz in https://github.com/gojue/ecapture/pull/573
* kern: support openssl 3.3.* by @cfc4n in https://github.com/gojue/ecapture/pull/575
* kern: Adjust the timing of key acquisition to distinguish between TLS by @cfc4n in https://github.com/gojue/ecapture/pull/576
## New Contributors
* @w568w made their first contribution in https://github.com/gojue/ecapture/pull/561
* @yuweizzz made their first contribution in https://github.com/gojue/ecapture/pull/572
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.3...v0.8.4
<hr>
# v0.8.3 (2024-06-01)
## What's Changed
* user: fix #553, `hashLen` is not allowed to be more than 64 bytes by @cfc4n in https://github.com/gojue/ecapture/pull/554
* cli: update docker usage by @cfc4n in https://github.com/gojue/ecapture/pull/556
* kern: Support for the non-Android boringssl library has been added. by @cfc4n in https://github.com/gojue/ecapture/pull/555
* user: format clientRandom string in gotls module by @cfc4n in https://github.com/gojue/ecapture/pull/557
* cli: support logger level by @cfc4n in https://github.com/gojue/ecapture/pull/558
* use kprobe/__sys_connect inseated uprobe/connect. by @cfc4n in https://github.com/gojue/ecapture/pull/559
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.2...v0.8.3
<hr>
# v0.8.2 (2024-05-19)
## What's Changed
* android version compilation has failed. by @cfc4n in https://github.com/gojue/ecapture/pull/548
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.1...v0.8.2
<hr>
# v0.8.1 (2024-05-19)
## What's Changed
* makefile: Optimized the generation mechanism of kernel header files by @cfc4n in https://github.com/gojue/ecapture/pull/536
* add dockerfile by @sancppp in https://github.com/gojue/ecapture/pull/537
* cli: Use a formatted logger rs/zerolog by @cfc4n in https://github.com/gojue/ecapture/pull/539
* utils: supported openssl 1.1.1w, 3.0.13, 3.1.5, 3.2.1 by @cfc4n in https://github.com/gojue/ecapture/pull/540
* BPF name should be appended after _core/_noncore by @darren in https://github.com/gojue/ecapture/pull/545
* user: fixed #542, masterkey being written to pcapng multiple times. by @cfc4n in https://github.com/gojue/ecapture/pull/546
* user: prepare for service-oriented architecture. by @cfc4n in https://github.com/gojue/ecapture/pull/541
## New Contributors
* @darren made their first contribution in https://github.com/gojue/ecapture/pull/545
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.0...v0.8.1
<hr>
# v0.8.0 (2024-05-04)
## 🚀 Breaking Changes
- for User: No need to distinguish between CO-RE and non-CO-RE versions, automatically identified by eCapture.
- 无需区分CO-RE和non-CO-RE版本,由eCapture自动识别。
- for Developer: Supports cross-compilation for both amd64 and arm64 CPU architectures, building CO-RE and non-CO-RE versions respectively.
- 支持在amd64\arm64两个CPU架构下的交叉编译,分别构建CO-RE和non-CO-RE版本
## What's Changed
* chore: rename ecapture module name. by @cfc4n in https://github.com/gojue/ecapture/pull/530
* Fix keylog mode not working correctly on certain OpenSSL versions by @AmazingPP in https://github.com/gojue/ecapture/pull/534
* feat: support CORE and non-CORE mode in one by @cfc4n in https://github.com/gojue/ecapture/pull/532
* workflows: change steps.get_tags.outputs.VERSION to github.ref_name by @sancppp in https://github.com/gojue/ecapture/pull/535
## New Contributors
* @AmazingPP made their first contribution in https://github.com/gojue/ecapture/pull/534
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.7.7...v0.8.0
<hr>
# v0.7.7 (2024-04-21)
## What's Changed
* [Fix] get textStart from pclnTable by @wlingze in https://github.com/gojue/ecapture/pull/516
* fix: amd64, offset read error issue for PIE executable. PR #516 by @cfc4n in https://github.com/gojue/ecapture/pull/517
* makefile: used CC=$(CROSS_COMPILE)gcc for CGO compile. by @cfc4n in https://github.com/gojue/ecapture/pull/519
* user: return error when detect openssl version failed. by @cfc4n in https://github.com/gojue/ecapture/pull/521
* user : fixed the invalid address reference of the SSL_in_before symbol OpenSSL 1.0.2k. by @cfc4n in https://github.com/gojue/ecapture/pull/520
* feat: support cross-compilation for workflows. by @cfc4n in https://github.com/gojue/ecapture/pull/523
* readme: improve English README.md translation and add TOCs by @zhoukuncheng in https://github.com/gojue/ecapture/pull/525
* build(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 by @dependabot in https://github.com/gojue/ecapture/pull/528
## New Contributors
* @wlingze made their first contribution in https://github.com/gojue/ecapture/pull/516
* @zhoukuncheng made their first contribution in https://github.com/gojue/ecapture/pull/525
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.7.6...v0.7.7
<hr>
# v0.7.6 (2024-03-30)
## What's Changed
* fix #500 to avoid potential hang and event loss by @ruitianzhong in https://github.com/gojue/ecapture/pull/501
* fix issue#504 by @sancppp in https://github.com/gojue/ecapture/pull/506
* tentative fix to address bash problem #490 by @ruitianzhong in https://github.com/gojue/ecapture/pull/510
* Fix cant found RET offset in gotls mode. fix #502. by @cfc4n in https://github.com/gojue/ecapture/pull/512
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.7.5...v0.7.6
<hr>
# v0.7.5 (2024-03-03)
## What's Changed
* Improve makefile by @cfc4n in https://github.com/gojue/ecapture/pull/488
* Fix: init GoTLSProbe.tcPacketsChan #492 by @ruitianzhong in https://github.com/gojue/ecapture/pull/493
* fix: avoid printing confusing message when input contains special character by @ruitianzhong in https://github.com/gojue/ecapture/pull/495
* correctly update ContentLength for uncompressed response body by @ruitianzhong in https://github.com/gojue/ecapture/pull/498
* add -race flags for `go test` and fix data race warning by @ruitianzhong in https://github.com/gojue/ecapture/pull/499
* openssl: encode the value of fd (ssl->wbio->num) to gen uuid, rather than an unexpected random number by @wuyexkx in https://github.com/gojue/ecapture/pull/494
## New Contributors
* @ruitianzhong made their first contribution in https://github.com/gojue/ecapture/pull/493
* @wuyexkx made their first contribution in https://github.com/gojue/ecapture/pull/494
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.7.4...v0.7.5
<hr>
# v0.7.4 (2024-02-24)
## 🚀 Breaking Changes
eCapture supports [Pcap Filter Syntax] (https://www.tcpdump.org/manpages/pcap-filter.7.html), and you can use the pcap filter expression to filter network packets like tcpdump.
In the tls\gotls module, when the running mode is 'pcap', the pcap filter expression is supported, which can be set in the last parameter of the command line, for example:
------
eCapture支持[Pcap Filter Syntax](https://www.tcpdump.org/manpages/pcap-filter.7.html),你可以像tcpdump一样使用pcap filter表达式来过滤网络包。
在tls\gotls模块中,当运行模式为`pcap`时,支持pcap filter表达式,在命令行最后的参数中设定,例如:
```shell
ecapture tls -m pcap -i wlan0 -w save.pcapng host 192.168.1.1 and tcp port 443
```
## What's Changed
* Update probe_bash.go by @sancppp in https://github.com/gojue/ecapture/pull/479
* docs: Optimized the error message in the gotls module.(fix: #482) by @cfc4n in https://github.com/gojue/ecapture/pull/484
* feat: Support pcap-filter expression for pcap mode by @Asphaltt in https://github.com/gojue/ecapture/pull/478
* chore: Pcap filter tidy,support ubuntu arm64 to make libpcap by @cfc4n in https://github.com/gojue/ecapture/pull/487
## New Contributors
* @sancppp made their first contribution in https://github.com/gojue/ecapture/pull/479
* @Asphaltt made their first contribution in https://github.com/gojue/ecapture/pull/478
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.7.3...v0.7.4
<hr>
# v0.7.3 (2024-01-28)
## What's Changed
* makefile: Optimize the feature list for the Android version by @cfc4n in https://github.com/gojue/ecapture/pull/457
* user: support event processor by @cfc4n in https://github.com/gojue/ecapture/pull/462
* chore: remove refs to deprecated io/ioutil by @testwill in https://github.com/gojue/ecapture/pull/465
* user: fix concurrent map read and map write #467 by @cfc4n in https://github.com/gojue/ecapture/pull/468
* utils: support openssl 3.1.0-3.1.4 and 3.0.9-3.0.12 by @cfc4n in https://github.com/gojue/ecapture/pull/469
* user: imporve dynamic link library path loading logic on aarch64 ubuntu by @cfc4n in https://github.com/gojue/ecapture/pull/470
* user: imporve #463, impact on the performance of the tested program by @cfc4n in https://github.com/gojue/ecapture/pull/471
* kern: support openssl 3.2.x , change ssl_st to ssl_connection_st by @cfc4n in https://github.com/gojue/ecapture/pull/472
## New Contributors
* @testwill made their first contribution in https://github.com/gojue/ecapture/pull/465
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.7.2...v0.7.3
<hr>
# v0.7.2 (2024-01-01)
## What's Changed
* user: improve pcapng writer, flush every 2s. by @cfc4n in https://github.com/gojue/ecapture/pull/455
* builder: add debian package build script. by @cfc4n in https://github.com/gojue/ecapture/pull/456
## New Contributors
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.7.1...v0.7.2
<hr>
# v0.7.1 (2023-12-23)
## What's Changed
* cli: reduce mapsize to 1024 * PAGESIZE. by @cfc4n in https://github.com/gojue/ecapture/pull/440
* Add optimization in openssl detection logic to consume less memory by @h0x0er in https://github.com/gojue/ecapture/pull/438
* cli: fix nss module panic by @mannkafai in https://github.com/gojue/ecapture/pull/444
* build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in https://github.com/gojue/ecapture/pull/448
* pkg: support android on docker(redroid). by @cfc4n in https://github.com/gojue/ecapture/pull/453
## New Contributors
* @mannkafai made their first contribution in https://github.com/gojue/ecapture/pull/444
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.7.0...v0.7.1
<hr>
# v0.7.0 (2023-12-03)
## 🚀 Breaking Changes
- Split `nss/gnutls/openssl` into three separate submodules. Corresponding to the `./ecapture nss`, `./ecapture gnutls`, `ecapture tls` commands.
- Support `keylog` mode, equivalent to the functionality of the `SSLKEYLOGFILE` environment variable. Captures SSL/TLS communication keys directly without the need for changes in the target process.
- Refactor the mode parameters supported by the `openssl`(aka tls) module using the `-m`parameter, with values `text`, `pcap`,`keylog`.
- `pcap` mode: Set with `-m pcap` or `-m pcapng` parameters. When using this mode, it is necessary to specify `--pcapfile` and `-i` parameters. The default value for the `--pcapfile` parameter is `ecapture_openssl.pcapng`.
- `keylog` mode: Set with `-m keylog` or `-m key` parameters. When using this mode, it is necessary to specify `--keylogfile`, defaulting to `ecapture_masterkey.log`.
- `text` mode: Default mode when `-m` parameter is unspecified. Outputs all plaintext packets in text form. (As of v0.7.0, no longer captures communication keys, please use `keylog` mode instead.)
- Refactor the mode parameters supported by the `gotls` module, similar to the `openssl` module, without further details.
- Optimize the memory size of eBPF Map, specify with the `--mapsize` parameter, defaulting to 5120 KB.
- Remove the `-w` parameter, use `--pcapfile` parameter instead.
- Change `log-addr` parameter to `logaddr`, with unchanged functionality.
Thanks to the genius idea from @blaisewang.
------
* 将nss/gnutls/openssl拆分为独立的三个子模块。分别对应`./ecapture nss`、`./ecapture gnutls`、`ecapture tls`三个子命令。
* 支持`keylog`模式,等同于`SSLKEYLOGFILE`环境变量的功能,无需目标进程改动,直接捕获SSL/TLS通信密钥。
* 重构`openssl`(aka tls)模块支持的模式参数,使用`-m`参数指定,分别为`text`,`pcap`,`keylog`三个值。
* `pcap`模式:`-m pcap`或`-m pcapng`参数来设定。当使用本模式时,必需指定`--pcapfile`、`-i`这两个参数才能使用。 其中`--pcapfile`参数的默认值为`ecapture_openssl.pcapng`。
* `keylog`模式:`-m keylog`或`-m key`参数来设定。当使用本模式时,必需指定`--keylogfile`,默认为`ecapture_masterkey.log`。
* `text`模式:`-m`参数不指定时,默认为本模式。将以文本形式输出所有的明文数据包。(自v0.7.0起,不再捕获通讯密钥,请使用`keylog`模式代替)
* 重构`gotls`模块支持的模式参数,与`openssl`模块一样,不再赘述。
* 优化eBPF Map的内存大小,使用`--mapsize`参数指定,默认为5120 KB。
* 移除`-w`参数,请使用`--pcapfile`参数代替。
* 更改`log-addr`参数为`logaddr`,功能含义不变。
感谢 @blaisewang 的天才思路。
### Demo of keylog Mode Usage
Using eCapture to capture communication keys in real-time and combining it with tshark for real-time decryption enables the real-time plaintext output of encrypted traffic. The steps are as follows:
使用`eCapture`实时捕获通信密钥,并结合`tshark`实时解密,可以做到实时的加密流量明文输出。步骤如下:
#### Terminal 1
Start the keylog mode of eCapture first.
先启动eCapture的`keylog`模式
```shell
ecapture tls -m keylog --keylogfile=ecapture_masterkey.log
```
### Terminal 2
Start the tshark tool by specifying tls.keylog_file as the captured key file by eCapture, named ecapture_masterkey.
再启动`tshark`工具,指定`tls.keylog_file`为eCapture捕获的密钥文件`ecapture_masterkey`
**http 1.x**
```shell
tshark -o tls.keylog_file:ecapture_masterkey.log -Y http -T fields -e http.file_data -f "port 443" -i eth0
```
**http 2.0**
```shell
tshark -o tls.keylog_file:ecapture_masterkey.log -Y http2 -T fields -e http2.data.data -f "port 443" -i eth0
```
Afterward, any software that uses the eCapture HOOK with OpenSSL libraries can achieve real-time decryption and display of all encrypted communication traffic without requiring any modifications to these software applications.
之后,其他使用`eCapture` HOOK的openssl类库的软件,所有加密通讯的流量,都可以实现实时解密并展示了,无需这些软件做任何改动。
See [issue #432](https://github.com/gojue/ecapture/issues/432) for more detail.
## What's Changed
* ignore connect symbol cant found. by @cfc4n in https://github.com/gojue/ecapture/pull/431
* Add support for stripped go binaries by @h0x0er in https://github.com/gojue/ecapture/pull/426
* splitting gnutls/nss module from tls module lists. by @cfc4n in https://github.com/gojue/ecapture/pull/434
* user: custom mapSize flag. improve memory usage #433 . by @cfc4n in https://github.com/gojue/ecapture/pull/435
* add the `model` flag to distinguish the captured modes, support keylog captured. by @cfc4n in https://github.com/gojue/ecapture/pull/436
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.6.6...v0.7.0
<hr>
# v0.6.6 (2023-11-19)
## What's Changed
* add ubunutu23.04 aarch64 clang-15 into init_env.sh by @BiteFoo in https://github.com/gojue/ecapture/pull/413
* Decode kernel time to user time by @h0x0er in https://github.com/gojue/ecapture/pull/418
* Fix : openssl event output invalid with hex mode by @cfc4n in https://github.com/gojue/ecapture/pull/421
* user : Set the connect hook as an optional parameter. by @cfc4n in https://github.com/gojue/ecapture/pull/423
## New Contributors
* @BiteFoo made their first contribution in https://github.com/gojue/ecapture/pull/413
* @h0x0er made their first contribution in https://github.com/gojue/ecapture/pull/418
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.6.5...v0.6.6
<hr>
# v0.6.5 (2023-11-11)
## What's Changed
* supports all ports when target_port is set to 0. by @cfc4n in https://github.com/gojue/ecapture/pull/409
* support for the boringssl library on Android 12\13\14. by @cfc4n in https://github.com/gojue/ecapture/pull/410
* update golang version to 1.21 from 1.18 by @cfc4n in https://github.com/gojue/ecapture/pull/412
* 支持所有端口的网络数据捕获(target_port为0时) by @cfc4n in https://github.com/gojue/ecapture/pull/409
* 在Android 12\13\14上,支持borlingssl类库的明文捕获 by @cfc4n in https://github.com/gojue/ecapture/pull/410
* 更新Golang类库到1.21,cilium/ebpf类库到0.12.3 by @cfc4n in https://github.com/gojue/ecapture/pull/412
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.6.4...v0.6.5
<hr>
# v0.6.4 (2023-10-15)
## What's Changed
* bugfix: Hook the ssl_set_fd function to get FD. by @cfc4n in https://github.com/gojue/ecapture/pull/399
* build(deps): bump golang.org/x/net from 0.7.0 to 0.17.0 by @dependabot in https://github.com/gojue/ecapture/pull/402
* refactor : Shared Object (so) path load logic by @cfc4n in https://github.com/gojue/ecapture/pull/401
* improve: add missing eBPF maps parameters. by @cfc4n in https://github.com/gojue/ecapture/pull/405
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.6.3...v0.6.4
<hr>
# v0.6.3 (2023-09-27)
## What's Changed
* fix : out of silice range. by @cfc4n in https://github.com/gojue/ecapture/pull/398
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.6.2...v0.6.3
<hr>
# v0.6.2 (2023-09-24)
## What's Changed
* openssl module: add some prompts when the kernel is less than 5.2 by @cfc4n in https://github.com/gojue/ecapture/pull/387
* refactor: removal of deprecated flag support. by @cfc4n in https://github.com/gojue/ecapture/pull/388
* Revert ip address by @cfc4n in https://github.com/gojue/ecapture/pull/391
* fix : OpenSSL's file descriptor is always 0 by @cfc4n in https://github.com/gojue/ecapture/pull/393
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.6.1...v0.6.2
<hr>
# v0.6.1 (2023-07-16)
## What's Changed
* fix #378 , error: use of undeclared identifier 'KBUILD_MODNAME' by @cfc4n in https://github.com/gojue/ecapture/pull/379
* feat:add openssl 1.1.1u and 3.0.9 by @cfc4n in https://github.com/gojue/ecapture/pull/380
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.6.0...v0.6.1
<hr>
# v0.6.0 (2023-07-02)
## 🚀 Breaking Changes
Associating process information with network packets. usage: `cp utils/ecapture.lua ~/.wireshark/plugins` .
## What's Changed
* code refactoring by @cfc4n in https://github.com/gojue/ecapture/pull/371
* Tls response unexpected eof by @cfc4n in https://github.com/gojue/ecapture/pull/372
* modify func isCOntainerCgroup to isContainerCgroup, and where referenced by @chusyclub in https://github.com/gojue/ecapture/pull/374
* feat: Associate corresponding process information with each network packet. by @cfc4n in https://github.com/gojue/ecapture/pull/376
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.5.3...v0.6.0
<hr>
# v0.5.3 (2023-05-21)
## What's Changed
* user: fixes slice out of range by @cfc4n in https://github.com/gojue/ecapture/pull/366
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.5.2...v0.5.3
<hr>
# v0.5.2 (2023-05-01)
## What's Changed
* add CircleLinux rpm and mannul build support by @bella485 in https://github.com/gojue/ecapture/pull/345
* gomod: update github.com/mdlayher/netlink to v1.7.1 by @cfc4n in https://github.com/gojue/ecapture/pull/348
* use makefile to build rpm by @xjas in https://github.com/gojue/ecapture/pull/344
* fix : DumpResponse error: unexpected EOF by @cfc4n in https://github.com/gojue/ecapture/pull/349
* bugfix: Error unknown flag gobin (fixes #354 ) by @cfc4n in https://github.com/gojue/ecapture/pull/355
* GitHub actions deprecating by @cfc4n in https://github.com/gojue/ecapture/pull/356
* kern : support gotls request and response by @cfc4n in https://github.com/gojue/ecapture/pull/357
* user: fixes the network card ID cannot be found when writing to a pcapng file. (#347) by @cfc4n in https://github.com/gojue/ecapture/pull/358
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.5.1...v0.5.2
<hr>
# v0.5.1 (2023-04-08)
## What's Changed
* user: add ifname's default value of gotls module. by @cfc4n in https://github.com/gojue/ecapture/pull/332
* kern: fix wrong uid by @lazybetrayer in https://github.com/gojue/ecapture/pull/334
* support rpm build by @xjas in https://github.com/gojue/ecapture/pull/341
* pkg : add proc(go version) unit testing by @cfc4n in https://github.com/gojue/ecapture/pull/342
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.5.0...v0.5.1
<hr>
# v0.5.0 (2023-03-10)
## What's Changed
* fix: typo in the section name by @spacewander in https://github.com/gojue/ecapture/pull/311
* user : increase buffer size of ebpf map. (improve #291 , #314) by @cfc4n in https://github.com/gojue/ecapture/pull/315
* build(deps): bump golang.org/x/net from 0.0.0-20211112202133-69e39bad7dc2 to 0.7.0 by @dependabot in https://github.com/gojue/ecapture/pull/320
* refactor : rename Golang TLS module name to gotls from gossl . by @cfc4n in https://github.com/gojue/ecapture/pull/319
* refactor: Use camel case instead of snake case. by @cfc4n in https://github.com/gojue/ecapture/pull/321
* kern: fix typo in bpf_tracing.h by @eltociear in https://github.com/gojue/ecapture/pull/323
* Add JA readme by @eltociear in https://github.com/gojue/ecapture/pull/324
* Gotls crash : incorrect variable used. (fixes:#322) by @cfc4n in https://github.com/gojue/ecapture/pull/325
* kern: refactor golang ABI by register and stack. by @cfc4n in https://github.com/gojue/ecapture/pull/326
* feat: add Gotls master secrets module. by @cfc4n in https://github.com/gojue/ecapture/pull/329
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.4.12...v0.5.0
<hr>
# v0.4.12 (2023-02-10)
## What's Changed
* pkg: get GoVersion by `buildinfo` package from ELF (by golang compiled) (#262) by @cfc4n in https://github.com/gojue/ecapture/pull/295
* docs: fixes supported kernel version on arm64(aarch64). (#296) by @cfc4n in https://github.com/gojue/ecapture/pull/298
* user: fixes slice bounds out of range bug (#297) by @cfc4n in https://github.com/gojue/ecapture/pull/299
* kern: fixes constant value of type uint64. (#301) by @cfc4n in https://github.com/gojue/ecapture/pull/302
* package: update gojue/ebpfmanager to v0.4.1 by @cfc4n in https://github.com/gojue/ecapture/pull/305
* docs: update README.md by @onism68 in https://github.com/gojue/ecapture/pull/306
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.4.11...v0.4.12
<hr>
# v0.4.11 (2023-01-07)
## What's Changed
* builder: fix typos (#285) by @cfc4n in https://github.com/gojue/ecapture/pull/286
* Tls 13 masterkey is taken wrong (fixes #283) by @cfc4n in https://github.com/gojue/ecapture/pull/284
* fix(gossl): invalid memory address or nil pointer by @luckymrwang in https://github.com/gojue/ecapture/pull/288
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.4.10...v0.4.11
<hr>
# v0.4.10 (2022-12-11)
## What's Changed
* builder: add curl shell to install develop environment. by @cfc4n in https://github.com/gojue/ecapture/pull/272
* docs : update minimal kernel version as 4.18 (#274) by @cfc4n in https://github.com/gojue/ecapture/pull/275
* kern: capture https plaintext failed with boringssl TLS 1.3 on android #271 by @cfc4n in https://github.com/gojue/ecapture/pull/279
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.4.9...v0.4.10
<hr>
# v0.4.9 (2022-11-19)
## What's Changed
* constant value has to be of type uint64 (#261) by @cfc4n in https://github.com/gojue/ecapture/pull/264
* builder: rename android non-core archive file name by @cfc4n in https://github.com/gojue/ecapture/pull/266
* chore(openssl/boringssl): remove redundant calculation by @blaisewang in https://github.com/gojue/ecapture/pull/267
* makefile : support make parallel (#265) by @cfc4n in https://github.com/gojue/ecapture/pull/268
* disable gnutls/nss modules on Android. by @cfc4n in https://github.com/gojue/ecapture/pull/269
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.4.8...v0.4.9
<hr>
# v0.4.8 (2022-11-05)
## Breaking Changes
1. Changed license to Apache License 2.0 from AGPL 3.0.
2. Supported versions of openssl are 1.1.0* , 1.0.2* .
3. Supported minimum version of Clang is 9.0.
4. Added GitHub release action of Android X86_64 binaries(default: non-CORE version).
## What's Changed
* user : Tolower openssl version strings. by @cfc4n in https://github.com/gojue/ecapture/pull/250
* cli : remove other modules on android. by @cfc4n in https://github.com/gojue/ecapture/pull/251
* utils: add eCapture lua script for wireshark plugin. by @cfc4n in https://github.com/gojue/ecapture/pull/248
* feat: updated new openssl version by @cfc4n in https://github.com/gojue/ecapture/pull/255
* feat : support openssl 1.1.0* and 1.0.2* by @cfc4n in https://github.com/gojue/ecapture/pull/257
* fix: Build failed on clang10 (#256) by @cfc4n in https://github.com/gojue/ecapture/pull/258
* docs : Change license to Apache License 2.0 by @cfc4n in https://github.com/gojue/ecapture/pull/259
* workflows : release Android x86_64 use nocore model. by @cfc4n in https://github.com/gojue/ecapture/pull/260
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.4.7...v0.4.8
<hr>
# v0.4.7 (2022-10-23)
## Breaking Changes
**add `--ssl_version` flag to set the SSL libraries version**
supported ssl libraries version lists:
- openssl 1.1.1* , (1.1.1a - 1.1.1r)
- openssl 3.0.* , (3.0.0 - 3.0.6)
- boringssl 1.1.1
```bash
ecapture tls
ecapture tls --hex --pid=3423
ecapture tls -l save.log --pid=3423
ecapture tls --libssl=/lib/x86_64-linux-gnu/libssl.so.1.1
ecapture tls -w save_3_0_5.pcapng --ssl_version="openssl 3.0.5" --libssl=/lib/x86_64-linux-gnu/libssl.so.3
ecapture tls -w save_android.pcapng -i wlan0 --libssl=/apex/com.android.conscrypt/lib64/libssl.so --ssl_version="boringssl 1.1.1" --port 443
```
## What's Changed
* feat : support openssl 3.0 @cfc4n in https://github.com/gojue/ecapture/pull/244
* feat: automate openssl offset header file generation @blaisewang in https://github.com/gojue/ecapture/pull/241
<hr>
# v0.4.6 (2022-10-15)
## What's Changed
* user/module : compatiable Linux kernel less or more than 5.2 @cfc4n in https://github.com/gojue/ecapture/pull/238
<hr>
# v0.4.5 (2022-10-10)
## What's Changed
* kern: capture master secrets for tls 1.3 @cfc4n in https://github.com/gojue/ecapture/pull/232
<hr>
# v0.4.4 (2022-10-03)
## What's Changed
* feat: add support TLSv1.3 decryption by @blaisewang in https://github.com/gojue/ecapture/pull/209
* user/module : hex model output. by @cfc4n in https://github.com/gojue/ecapture/pull/220
* user/module : use const for SSL masterKey function hook. by @cfc4n in https://github.com/gojue/ecapture/pull/217
* kern: rodata map not supported on kernel 4.19 or older by @cfc4n in https://github.com/gojue/ecapture/pull/223
* kern: http2 response packet decode failed. by @cfc4n in https://github.com/gojue/ecapture/pull/225
<hr>
# v0.4.3 (2022-09-09)
## What's Changed
* fix: use cipher id to derive secret by @blaisewang in https://github.com/gojue/ecapture/pull/192
* kern: get ssl_session in the `*SSL_get_session()` order . by @cfc4n in https://github.com/gojue/ecapture/pull/193
<hr>
# v0.4.2 (2022-09-04)
## What's Changed
* refactor user package. by @cfc4n in https://github.com/gojue/ecapture/pull/183
* pkg/event_processor: DefaultParser init(). by @cfc4n in https://github.com/gojue/ecapture/pull/186
* Fix: correct ssl_st member offsets by @blaisewang in https://github.com/gojue/ecapture/pull/184
* Boringssl decrypt failed by @cfc4n in https://github.com/gojue/ecapture/pull/188
<hr>
# v0.4.1 (2022-08-21)
## What's Changed
* kern : define variable target_port always. by @cfc4n in https://github.com/gojue/ecapture/pull/157
* workflows : build nocore version for Android default. by @cfc4n in https://github.com/gojue/ecapture/pull/159
* pkg : Ifname default value. by @cfc4n in https://github.com/gojue/ecapture/pull/161
* user : skip loopback network interface by @cfc4n in https://github.com/gojue/ecapture/pull/163
* user : tls models exit gracefully. by @cfc4n in https://github.com/gojue/ecapture/pull/165
* git: ignore .check* files by @blaisewang in https://github.com/gojue/ecapture/pull/168
* pkg : fix config file parse failed, when as gzip format. by @cfc4n in https://github.com/gojue/ecapture/pull/169
* fix gzip read err by @4ft35t in https://github.com/gojue/ecapture/pull/175
* pkg/util/ebpf : add unit testing for kernel CONFIG reader by @cfc4n in https://github.com/gojue/ecapture/pull/176
* user : fix incorrect TimeStamp by @cfc4n in https://github.com/gojue/ecapture/pull/179
* cli/cmd : print version info by @cfc4n in https://github.com/gojue/ecapture/pull/177
* kern : support boringssl offset for Android 12. by @cfc4n in https://github.com/gojue/ecapture/pull/181
<hr>
# v0.4.0 (2022-08-07)
## Breaking Changes
**Support : capture plaintext packet as pcapng files for openssl TLS encryption.**
> **Note:**
>
> Support `Wireshark` to open directly. Do not need to setting up `Master Secrets` files.
>
> Capture `raw packet` by Traffic Control eBPF filter. Added `Master Secrets` information into pcapng
> with `Decryption Secrets Block` (DSB).
> **Warning**
>
> change `loggerFile` flag as `-l` from `-w` , because `-w` is reserved for `Wireshark`, and keep same as `-w`
> for `tcpdump`. use `ecapture -h` for help.
> change `master secrets` filename from `ecapture_masterkey_[pid].log` to `ecapture_masterkey.log`.
## What's Changed
* new feature: capture TLS 1.3 master secret by @cfc4n in https://github.com/gojue/ecapture/pull/143
* user : echo String() or StringHex() by CLI argument. by @cfc4n in https://github.com/gojue/ecapture/pull/149
* cli/cmd : clean up all probe while process exit. (#150) by @cfc4n in https://github.com/gojue/ecapture/pull/151
* save as Pcapng files #145 by @cfc4n in https://github.com/gojue/ecapture/pull/148
* user : Support writing pcapng files with Decryption Secrets Block (DSB). by @cfc4n
in https://github.com/gojue/ecapture/pull/153
<hr>
# v0.3.0 (2022-07-20)
## Breaking Changes
**Capture TLS master_key ,save to file. Support openssl `1.1.1.X` . `TLS 1.2` .**
Quick Guide:
- use `ecapture` to capture TLS master_key, will save master secret to `ecapture_masterkey_[pid].log`.
- use `tcpdump` to capture and save packets to `xxx.pcapng` file.
- open `xxx.pcapng` file with `wireshark`.
- Setting : `Wireshark` --> `Preferences` --> `Protocols` --> `TLS` --> `(Pre)-Master-Secret log filename`, select `ecapture_masterkey_[pid].log`.
- Using : right click packet item, select `follow` -> `HTTP Stream` / `HTTP/2 Stream`
## What's Changed
* all : refactor event_processor EventType. by @cfc4n in https://github.com/gojue/ecapture/pull/134
* fixed #138 : You have an error in your yaml syntax on line 79 by @cfc4n in https://github.com/gojue/ecapture/pull/139
* New feature: capture openssl masterkey #27 by @cfc4n in https://github.com/gojue/ecapture/pull/140
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.2.2...v0.3.0
<hr>
# v0.2.2 (2022-07-09)
## What's Changed
* workflows: build failed on aarch 64 ubuntu : 'linux/kconfig.h' file not found #125 by @cfc4n
in https://github.com/gojue/ecapture/pull/126
* Makefile: shell running,with a unexcepted result: lost DKERNEL_LESS_5_2 on kernel 4.15 #129 by @cfc4n
in https://github.com/gojue/ecapture/pull/132
* ebpf: remove detection of BPF config when running at container #127 by @cfc4n
in https://github.com/gojue/ecapture/pull/128
## New Contributors
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.2.1...v0.2.2
<hr>
# v0.2.1 (2022-07-05)
## What's Changed
* pkg : fix Kernel config read failed, error:Config not found #117 by @cfc4n
in https://github.com/gojue/ecapture/pull/123
* user : Clean up unnecessary information. fix #122 by @cfc4n in https://github.com/gojue/ecapture/pull/124
## New Contributors
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.2.0...v0.2.1
<hr>
# v0.2.0 (2022-07-04)
## What's Changed
* Directly search so in search path when /usr/bin/curl is not exist by @tiann
in https://github.com/gojue/ecapture/pull/97
* Add GitHub Action :Golangci lint by @cfc4n in https://github.com/gojue/ecapture/pull/99
* Add Chinese name 旁观者. by @cfc4n in https://github.com/gojue/ecapture/pull/103
* build: change tar.gz file path in checksum.txt by @cfc4n in https://github.com/gojue/ecapture/pull/104
* Support Golang HTTPS introspection by @chenhengqi in https://github.com/gojue/ecapture/pull/100
* New Feature: support Android without GKI (kernel version > 4.18) by @cfc4n
in https://github.com/gojue/ecapture/pull/107
* fixed :#108 tls module cannot to capture payload on Aarch64 kernel 4.18 by @huzai9527
in https://github.com/gojue/ecapture/pull/109
* fixed #108: ip address lost on aarch64 kernel 4.18 by @cfc4n in https://github.com/gojue/ecapture/pull/111
* New feature: add payload parser. by @cfc4n in https://github.com/gojue/ecapture/pull/113
* document: message friendly by @cfc4n in https://github.com/gojue/ecapture/pull/119
## New Contributors
* @tiann made their first contribution in https://github.com/gojue/ecapture/pull/97
* @chenhengqi made their first contribution in https://github.com/gojue/ecapture/pull/100
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.1.10...v0.2.0
<hr>
# v0.1.10 (2022-06-20)
## What's Changed
* user : fixed bug. #76 libpthread.so not found. by @cfc4n in https://github.com/gojue/ecapture/pull/77
* Support for ARM64 architecture by @cfc4n in https://github.com/gojue/ecapture/pull/75
* fixed: outputing blank text on linux 4.18 #81 by @cfc4n in https://github.com/gojue/ecapture/pull/82
* New feature: update ebpfmanager package to 0.3.0 by @cfc4n in https://github.com/gojue/ecapture/pull/83
* New feature: #80 event filter by uid by @cfc4n in https://github.com/gojue/ecapture/pull/84
* New feature: #85 event filter by uid for module tls by @cfc4n in https://github.com/gojue/ecapture/pull/86
* New feature: #87 support Android GKI by @cfc4n in https://github.com/gojue/ecapture/pull/88
* fixed: #92 github checkout error while a PR sent. by @cfc4n in https://github.com/gojue/ecapture/pull/93
* New Feature: #79 Auto release for android gki by @cfc4n in https://github.com/gojue/ecapture/pull/94
## New Contributors
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.1.9...v0.1.10
<hr>
# v0.1.9 (2022-06-11)
## 🚀 Features
- code refactoring: event dispatcher
- PR: #58
- add notes for how to use ecapture in other libs
- PR: #60
-
* : add TLS/SSL Version info (openssl).
- PR: #62
## 🐛 Fixes
- Add nosearch argument to skip auto search lib path
- PR: #70
## What's Changed
* code refactoring: event dispatcher by @cfc4n in https://github.com/gojue/ecapture/pull/58
* add notes for how to use ecapture in other libs by @xjas in https://github.com/gojue/ecapture/pull/60
* add TLS/SSL Version info (openssl). by @cfc4n in https://github.com/gojue/ecapture/pull/62
* Update README.md by @nfsec in https://github.com/gojue/ecapture/pull/63
* fix some typos by @cuishuang in https://github.com/gojue/ecapture/pull/68
* Add nosearch argument to skip auto search lib path by @vincentmli in https://github.com/gojue/ecapture/pull/70
## New Contributors
* @xjas made their first contribution in https://github.com/gojue/ecapture/pull/60
* @nfsec made their first contribution in https://github.com/gojue/ecapture/pull/63
* @cuishuang made their first contribution in https://github.com/gojue/ecapture/pull/68
* @vincentmli made their first contribution in https://github.com/gojue/ecapture/pull/70
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.1.8...v0.1.9
<hr>
# v0.1.8 (2022-05-08)
## What's Changed
* ADD mysqld dispatch_command return value. by @cfc4n in https://github.com/gojue/ecapture/pull/44
* autogen vmlinux header file to compatible current OS by @cfc4n in https://github.com/gojue/ecapture/pull/50
* feat: support postgres query hook by @yihong0618 in https://github.com/gojue/ecapture/pull/51
* added return value of bash module. by @huzai9527 in https://github.com/gojue/ecapture/pull/52
* change bash line size to 256 bytes by @yindex in https://github.com/gojue/ecapture/pull/55
* add errnumber flag for command bash by @huzai9527 in https://github.com/gojue/ecapture/pull/56
## New Contributors
* @huzai9527 made their first contribution in https://github.com/gojue/ecapture/pull/52
* @yindex made their first contribution in https://github.com/gojue/ecapture/pull/55
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.1.7...v0.1.8
<hr>
# v0.1.7 (2022-04-22)
### What's Changed
* user: fix #29 ubuntu21.10 error :connect symbol cant found by @cfc4n in https://github.com/gojue/ecapture/pull/30
* support no co-re version on linux kernel >= 5.2 by @cfc4n in https://github.com/gojue/ecapture/pull/32
* merge two Makefile files. by @cfc4n in https://github.com/gojue/ecapture/pull/33
* images : fix #34 Inaccurate/Confusing Diagrams by @cfc4n in https://github.com/gojue/ecapture/pull/36
* Fix #37 Shared object dependence by @cfc4n in https://github.com/gojue/ecapture/pull/38
* README grammar fix by @chriskaliX in https://github.com/gojue/ecapture/pull/35
* Fix #39 .rodata: map create: read- and write-only maps not supported (requires >= v5.2) by @cfc4n
in https://github.com/gojue/ecapture/pull/40
* set clang version lower to 9 from 12 by @cfc4n in https://github.com/gojue/ecapture/pull/41
### New Contributors
* @cfc4n made their first contribution in https://github.com/gojue/ecapture/pull/30
**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.1.6...v0.1.7
<hr>
# v0.1.6 (2022-04-07)
- 更新mysqld数据库审计模块
- 更新tls网络捕获模块
## mysqld
- 支持mysql5.7/8.0, MariadDB 10.5+的Mysqld数据库的查询审计。
- 自动识别mysqld版本 。
- 自动查找hook的sql 查询函数。
## tls
- 支持openssl的IP地址关联
- 支持网络IP地址的存储、关联到网络数据中。
- 支持自定义libpthread.so路径指定(定位connect函数)。
<hr>
# v0.1.5 (2022-03-25)
- 增加mysqld数据库审计模块
## mysqld 模块
- 支持mysql5.6的mariaDB数据库的查询审计
- 默认path目录为/usr/sbin/mariadb 。
- 支持function name、offset两个参数自定义。
<hr>
# v0.1.4 (2022-03-22)
- 调整运行环境检测方式
- 判断BTF支持的方法,改为优先判断`/sys/kernel/btf/vmlinux`文件,以及其他BTF特征的`vmlinux-*`目录等 。
- 增加运行原理图。
## tls(openssl) 模块
- 支持gnutls 、 nspr 两个类库的数据捕获
- 重命名子命令,由`openssl`改为`tls`
<hr>
# v0.1.3 (2022-03-20)
- 增加运行环境检测
- 检测linux kernel必须大于4.18 。
- 检测kernel config中CONFIG_DEBUG_INFO_BTF必须有,且值为y。
- 去除编译生成的文件(./bin/、./assets/、./user/bytecode/)
- 整理go mod依赖文件
<hr>
# v0.1.1 (2022-03-19)
- 模块拆分,启用子命令模式
- 增加全局可选PID参数,针对特定PID进行数据捕获
- 增加hexdump打印模式
## openssl模块
- 支持自定义openssl的so路径。
- 支持hex进制的数据输出
## bash模块
- 支持自定义bash路径参数
- 支持自定义readline.so路径参数
- 支持hex进制的数据输出
<hr>
# v0.1.0 (2022-03-17)
## openssl模块
- 增加openssl的libssl.so的SSL/TLS数据抓包功能。
- 根据wget路径,自动选择libssl.so路径。
## bash模块
- 自动根据ENV查找bash
- 根据bash自动查找`readline.so`,并进行bash命令捕获
================================================
FILE: CODE_OF_CONDUCT.md
================================================
# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for our
community include:
* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the
overall community
Examples of unacceptable behavior include:
* The use of sexualized language or imagery, and sexual attention or
advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email
address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.
Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
cfc4n.cs@gmail.com.
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the
reporter of any incident.
## Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:
### 1. Correction
**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.
**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.
### 2. Warning
**Community Impact**: A violation through a single incident or series
of actions.
**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or
permanent ban.
### 3. Temporary Ban
**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.
**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.
### 4. Permanent Ban
**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.
**Consequence**: A permanent ban from any sort of public interaction within
the community.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
Community Impact Guidelines were inspired by [Mozilla's code of conduct
enforcement ladder](https://github.com/mozilla/diversity).
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see the FAQ at
https://www.contributor-covenant.org/faq. Translations are available at
https://www.contributor-covenant.org/translations.
================================================
FILE: CONTRIBUTING.md
================================================
# How to contribute
eCapture is AGPL-3.0 licensed and accepts contributions via GitHub pull requests. This document outlines some of the conventions on commit message formatting, contact points for developers, and other resources to help get contributions into eCapture.
[//]: # (# Email and chat)
## Getting started
- Fork the repository on GitHub
- Read the [README.md](./README.md) for build instructions
## Reporting bugs and creating issues
Reporting bugs is one of the best ways to contribute. However, a good bug report has some very specific qualities, so please read over our short document on [reporting bugs](.github/ISSUE_TEMPLATE/bug_report.md) before submitting a bug report. This document might contain links to known issues, another good reason to take a look there before reporting a bug.
## Contribution flow
This is a rough outline of what a contributor's workflow looks like:
- Create a topic branch from where to base the contribution. This is usually main.
- Make commits of logical units.
- Make sure commit messages are in the proper format (see below).
- Push changes in a topic branch to a personal fork of the repository.
- Submit a pull request to gojue/ecapture.
[//]: # (- The PR must receive a LGTM from two maintainers found in the MAINTAINERS file.)
Thanks for contributing!
### Code style
The coding style suggested by the Golang community is used in eCapture. See the [style doc](https://github.com/golang/go/wiki/CodeReviewComments) for details.
Please follow this style to make eCapture easy to review, maintain and develop.
### Format of the commit message
We follow a rough convention for commit messages that is designed to answer two
questions: what changed and why. The subject line should feature the what and
the body of the commit should describe the why.
```
cli: update module name "mysqld56" to "mysqld" .
add shortflag for "debug" flag.
Fixes #6
```
The format can be described more formally as follows:
```
<package>: <what changed>
<BLANK LINE>
<why this change was made>
<BLANK LINE>
<footer>
```
The first line is the subject and should be no longer than 70 characters, the second
line is always blank, and other lines should be wrapped at 80 characters. This allows
the message to be easier to read on GitHub as well as in various git tools.
### Pull request across multiple files and packages
If multiple files in a package are changed in a pull request for example:
```
user/config.go
user/const.go
```
At the end of the review process if multiple commits exist for a single package they
should be squashed/rebased into a single commit before being merged.
```
user: <what changed>
[..]
```
If a pull request spans many packages these commits should be squashed/rebased into a single
commit using message with a more generic `*:` prefix.
```
*: <what changed>
[..]
```
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright CFC4N [cfc4n@cnxct.com]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: Makefile
================================================
include variables.mk
include functions.mk
.PHONY: all | env nocore
# include core and non-core ebpf bytecode
all: ebpf ebpf_noncore assets build
@echo $(shell date)
# exclude core ebpf
nocore: ebpf_noncore assets_noncore build_noncore
@echo $(shell date)
noncore: nocore
ebpf_nocore: ebpf_noncore
.ONESHELL:
SHELL = /bin/bash
.PHONY: env
env:
@echo ---------------------------------------
@echo "eCapture Makefile Environment:"
@echo ---------------------------------------
@echo "PARALLEL $(PARALLEL)"
@echo ----------------[ from args ]---------------
@echo "CROSS_ARCH $(CROSS_ARCH)"
@echo "ANDROID $(ANDROID)"
@echo "DEBUG $(DEBUG)"
@echo "SNAPSHOT_VERSION $(SNAPSHOT_VERSION)"
@echo ---------------------------------------
@echo "HOST_ARCH $(HOST_ARCH)"
@echo "UNAME_R $(UNAME_R)"
@echo "CLANG_VERSION $(CLANG_VERSION)"
@echo "GO_VERSION $(GO_VERSION)"
@echo ---------------------------------------
@echo "CMD_CLANG $(CMD_CLANG)"
@echo "CMD_GIT $(CMD_GIT)"
@echo "CMD_GO $(CMD_GO)"
@echo "CMD_INSTALL $(CMD_INSTALL)"
@echo "CMD_LLC $(CMD_LLC)"
@echo "CMD_MD5 $(CMD_MD5)"
@echo "CMD_PKGCONFIG $(CMD_PKGCONFIG)"
@echo "CMD_STRIP $(CMD_STRIP)"
@echo "CMD_CC_PREFIX $(CMD_CC_PREFIX)"
@echo "CMD_TAR $(CMD_TAR)"
@echo "CMD_RPMBUILD $(CMD_RPMBUILD)"
@echo "CMD_RPM_SETUP_TREE $(CMD_RPM_SETUP_TREE)"
@echo ---------------------------------------
@echo "VERSION_NUM $(VERSION_NUM)"
@echo "LAST_GIT_TAG $(LAST_GIT_TAG)"
@echo "BPF_NOCORE_TAG $(BPF_NOCORE_TAG)"
@echo "KERN_RELEASE $(KERN_RELEASE)"
@echo "LINUX_SOURCE_PATH $(LINUX_SOURCE_PATH)"
@echo "KERN_BUILD_PATH $(KERN_BUILD_PATH)"
@echo "KERN_SRC_PATH $(KERN_SRC_PATH)"
@echo "TARGET_ARCH $(TARGET_ARCH)"
@echo "GOARCH $(GOARCH)"
@echo "LINUX_ARCH $(LINUX_ARCH)"
@echo "LIBPCAP_ARCH $(LIBPCAP_ARCH)"
@echo "AUTOGENCMD $(AUTOGENCMD)"
@echo "PACKAGE_VERSION $(PACKAGE_VERSION)"
@echo "OUT_DEB_FILE $(OUT_DEB_FILE)"
@echo ---------------------------------------
.PHONY:rpm
rpm:
@$(CMD_RPM_SETUP_TREE) || exit 1
$(CMD_SED) -i '0,/^Version:.*$$/s//Version: $(TAG)/' builder/rpmBuild.spec
$(CMD_SED) -i '0,/^Release:.*$$/s//Release: $(RPM_RELEASE)/' builder/rpmBuild.spec
$(CMD_TAR) zcvf ~/rpmbuild/SOURCES/$(RPM_SOURCE0) ./
$(CMD_RPMBUILD) -ba builder/rpmBuild.spec
#
# usage
#
.PHONY: help
help:
@echo "# environment"
@echo " $$ make env # show makefile environment/variables"
@echo ""
@echo "# build"
@echo " $$ make all # build ecapture"
@echo ""
@echo "# build rpm"
@echo " $$ make rpm VERSION=0.0.0 RELEASE=1 # build ecapture rpm"
@echo ""
@echo "# clean"
@echo " $$ make clean # wipe ./bin/ ./bytecode/ ./assets/"
@echo ""
@echo "# test"
@echo " $$ CROSS_ARCH=arm64 make ... # cross compile, build eCapture for arm64(aarch64) on amd64(x86_64) host"
@echo ""
@echo "# flags"
@echo " $$ ANDROID=1 make ... # build eCapture for Android"
.PHONY: prepare
prepare:
if [ -d "$(LINUX_SOURCE_PATH)" ]; then \
$(CMD_CD) $(LINUX_SOURCE_PATH) && $(KERNEL_HEADER_GEN) || { echo "Kernel header generation failed"; exit 1; } \
elif [ -n "$(CROSS_ARCH)" ]; then \
$(CMD_ECHO) "linux source not found with path: $(LINUX_SOURCE_PATH)" || exit 1; \
fi
.PHONY: clean assets build ebpf
.PHONY: clean
clean:
$(CMD_RM) -f bytecode/*.d
$(CMD_RM) -f bytecode/*.o
$(CMD_RM) -f assets/ebpf_probe.go
$(CMD_RM) -f bin/ecapture
$(CMD_RM) -f .check*
if test -e "./lib/libpcap/Makefile"; then $(MAKE) -C ./lib/libpcap clean; fi
.PHONY: $(KERN_OBJECTS)
$(KERN_OBJECTS): %.o: %.c \
| .checkver_$(CMD_CLANG) \
.checkver_$(CMD_GO) \
autogen
$(CMD_CLANG) -D__TARGET_ARCH_$(LINUX_ARCH) \
$(EXTRA_CFLAGS) \
$(BPFHEADER) \
-target bpfel -c $< -o $(subst kern/,bytecode/,$(subst .o,_core.o,$@)) \
-fno-ident -fdebug-compilation-dir . -g -D__BPF_TARGET_MISSING="GCC error \"The eBPF is using target specific macros, please provide -target\"" \
-MD -MP || exit 1
.PHONY: autogen
autogen: .checkver_$(CMD_BPFTOOL)
$(AUTOGENCMD)
.PHONY: ebpf
ebpf: autogen $(KERN_OBJECTS)
.PHONY: ebpf_noncore
ebpf_noncore: prepare $(KERN_OBJECTS_NOCORE)
.PHONY: $(KERN_OBJECTS_NOCORE)
$(KERN_OBJECTS_NOCORE): %.nocore: %.c \
| .checkver_$(CMD_CLANG) \
.checkver_$(CMD_GO) \
prepare
$(CMD_CLANG) \
$(EXTRA_CFLAGS_NOCORE) \
$(BPFHEADER) \
-I $(KERN_SRC_PATH)/arch/$(LINUX_ARCH)/include \
-I $(KERN_BUILD_PATH)/arch/$(LINUX_ARCH)/include/generated \
-I $(KERN_SRC_PATH)/include \
-I $(KERN_SRC_PATH)/include/linux \
-I $(KERN_SRC_PATH)/arch/$(LINUX_ARCH)/include/uapi \
-I $(KERN_BUILD_PATH)/arch/$(LINUX_ARCH)/include/generated/uapi \
-I $(KERN_SRC_PATH)/include/uapi \
-I $(KERN_BUILD_PATH)/include/generated/uapi \
-c $< \
-o - |$(CMD_LLC) \
-march=bpf \
-filetype=obj \
-o $(subst kern/,bytecode/,$(subst .c,_noncore.o,$<)) || exit 1
# Generate assets for all eBPF bytecode
.PHONY: assets
assets: .checkver_$(CMD_GO) ebpf ebpf_noncore
$(CMD_GO) run github.com/shuLhan/go-bindata/cmd/go-bindata $(IGNORE_LESS52) -pkg assets -o "assets/ebpf_probe.go" $(wildcard ./bytecode/*.o)
sed -i '1s/^\/\/ Code generated/\/\/go:build ebpfassets\n\/\/ Code generated/' assets/ebpf_probe.go
# Generate assets for non-core eBPF bytecode only
.PHONY: assets_noncore
assets_noncore: \
.checkver_$(CMD_GO) \
ebpf_noncore
$(CMD_GO) run github.com/shuLhan/go-bindata/cmd/go-bindata $(IGNORE_LESS52) -pkg assets -o "assets/ebpf_probe.go" $(wildcard ./bytecode/*.o)
sed -i '1s/^\/\/ Code generated/\/\/go:build ebpfassets\n\/\/ Code generated/' assets/ebpf_probe.go
# Build libpcap static library
.PHONY: $(TARGET_LIBPCAP)
$(TARGET_LIBPCAP):
test -f ./lib/libpcap/configure || git submodule update --init
cd lib/libpcap && \
CC=$(CMD_CC_PREFIX)$(CMD_CC) AR=$(CMD_AR_PREFIX)$(CMD_AR) CFLAGS="-O2 -g -gdwarf-4 -static -Wno-unused-result" ./configure --disable-rdma --disable-shared --disable-usb \
--disable-netmap --disable-bluetooth --disable-dbus --without-libnl \
--without-dpdk --without-dag --without-septel --without-snf \
--without-gcc --with-pcap=linux \
--without-turbocap --host=$(LIBPCAP_ARCH) && \
CC=$(CMD_CC_PREFIX)$(CMD_CC) AR=$(CMD_AR_PREFIX)$(CMD_AR) make || exit 1
# Build CO-RE eBPF bytecode and golang binary
.PHONY: build
build: .checkver_$(CMD_GO) $(TARGET_LIBPCAP) assets assets_noncore
$(call allow-override,VERSION_FLAG,$(UNAME_R))
$(call gobuild, $(ANDROID))
# Build non-core eBPF bytecode and golang binary
.PHONY: build_noncore
build_noncore: \
.checkver_$(CMD_GO) \
$(TARGET_LIBPCAP) \
assets_noncore
$(call allow-override,VERSION_FLAG,$(HOST_ARCH))
$(call allow-override,BYTECODE_FILES,noncore)
$(call gobuild, $(ANDROID))
# Format the code
.PHONY: format
format:
@echo " -> Formatting code"
@clang-format -i -style=$(STYLE) kern/*.c
@clang-format -i -style=$(STYLE) kern/common.h
@clang-format -i -style=$(STYLE) kern/openssl_masterkey.h
@clang-format -i -style=$(STYLE) kern/openssl_masterkey_3.0.h
@clang-format -i -style=$(STYLE) kern/openssl_masterkey_3.2.h
@clang-format -i -style=$(STYLE) kern/boringssl_masterkey.h
@clang-format -i -style=$(STYLE) utils/*.c
# run unit tests with race detector
.PHONY: test-race
test-race: \
.checkver_$(CMD_GO) \
$(TARGET_LIBPCAP)
CGO_ENABLED=1 \
CGO_CFLAGS='-O2 -g -I$(CURDIR)/lib/libpcap/' \
CGO_LDFLAGS='-O2 -g -L$(CURDIR)/lib/libpcap/ -lpcap' \
GOOS=linux GOARCH=$(GOARCH) CC=$(CMD_CC_PREFIX)$(CMD_CC) \
go test -v -race -tags dynamic,ebpfassets ./... -coverprofile=coverage.out
# run Bash module e2e test
.PHONY: e2e-bash
e2e-bash:
bash ./test/e2e/bash_e2e_test.sh
# run Zsh module e2e test
.PHONY: e2e-zsh
e2e-zsh:
bash ./test/e2e/zsh_e2e_test.sh
# run MySQL module e2e test
.PHONY: e2e-mysql
e2e-mysql:
bash ./test/e2e/mysql_e2e_test.sh
# run PostgreSQL module e2e test
.PHONY: e2e-postgres
e2e-postgres:
bash ./test/e2e/postgres_e2e_test.sh
# run TLS module e2e test
.PHONY: e2e-tls
e2e-tls:
bash ./test/e2e/tls_e2e_test.sh
# run GnuTLS module e2e test
.PHONY: e2e-gnutls
e2e-gnutls:
bash ./test/e2e/gnutls_e2e_test.sh
# run GoTLS module e2e test
.PHONY: e2e-gotls
e2e-gotls:
bash ./test/e2e/gotls_e2e_test.sh
# run advanced TLS text mode tests
.PHONY: e2e-tls-text-advanced
e2e-tls-text-advanced:
bash ./test/e2e/tls_text_advanced_test.sh
# run advanced TLS pcap mode tests
.PHONY: e2e-tls-pcap-advanced
e2e-tls-pcap-advanced:
bash ./test/e2e/tls_pcap_advanced_test.sh
# run advanced TLS keylog mode tests
.PHONY: e2e-tls-keylog-advanced
e2e-tls-keylog-advanced:
bash ./test/e2e/tls_keylog_advanced_test.sh
# run advanced GoTLS tests
.PHONY: e2e-gotls-advanced
e2e-gotls-advanced:
bash ./test/e2e/gotls_advanced_test.sh
# run advanced Bash tests
.PHONY: e2e-bash-advanced
e2e-bash-advanced:
bash ./test/e2e/bash_advanced_test.sh
# run advanced MySQL tests
.PHONY: e2e-mysql-advanced
e2e-mysql-advanced:
bash ./test/e2e/mysql_advanced_test.sh
# run edge cases and error handling tests
.PHONY: e2e-edge-cases
e2e-edge-cases:
bash ./test/e2e/edge_cases_test.sh
# run all basic e2e tests
.PHONY: e2e-basic
e2e-basic: e2e-bash e2e-tls e2e-gnutls e2e-gotls
@echo "All basic e2e tests completed"
# run all advanced e2e tests
.PHONY: e2e-advanced
e2e-advanced: e2e-tls-text-advanced e2e-tls-pcap-advanced e2e-tls-keylog-advanced e2e-gotls-advanced e2e-bash-advanced e2e-edge-cases
@echo "All advanced e2e tests completed"
# run all comprehensive e2e tests (basic + advanced)
.PHONY: e2e
e2e: e2e-basic e2e-advanced
@echo "All e2e tests completed"
# Android e2e tests
.PHONY: e2e-android-tls
e2e-android-tls:
bash ./test/e2e/android/android_tls_e2e_test.sh
.PHONY: e2e-android-gotls
e2e-android-gotls:
bash ./test/e2e/android/android_gotls_e2e_test.sh
.PHONY: e2e-android-all
e2e-android-all: e2e-android-tls e2e-android-gotls
@echo "All Android e2e tests completed"
.PHONY: build-android-tests
build-android-tests:
bash ./test/e2e/android/build_android_tests.sh
.PHONY: setup-android-env
setup-android-env:
bash ./test/e2e/android/setup_android_env.sh
================================================
FILE: README-zh_Hans.md
================================================
<img src="./images/ecapture-logo.png" alt="eCapture Logo" width="300" height="300"/>
汉字 | [English](./README.md)
[](https://github.com/gojue/ecapture)
[](https://github.com/gojue/ecapture)
[](https://github.com/gojue/ecapture/actions/workflows/code-analysis.yml)
[](https://github.com/gojue/ecapture/releases)
[](https://v2.ecapture.cc)
[](https://qm.qq.com/cgi-bin/qm/qr?k=iCu561fq4zdbHVdntQLFV0Xugrnf7Hpv&jump_from=webapi&authKey=YamGv189Cg+KFdQt1Qnsw6GZlpx8BYA+G2WZFezohY4M03V+l0eElZWOhZj/wR/5)
### eCapture(旁观者): 基于eBPF技术实现SSL/TLS加密的明文捕获,无需CA证书。
> [!TIP]
> 支持Linux系统内核x86_64 4.18及以上版本,aarch64 5.5及以上版本;
> 需要ROOT权限;
> 不支持Windows、macOS系统;
----
<!-- MarkdownTOC autolink="true" -->
- [介绍](#介绍)
- [快速上手](#快速上手)
- [下载](#下载)
- [ELF可执行文件](#elf可执行文件)
- [Docker容器镜像](#docker容器镜像)
- [小试身手](#小试身手)
- [模块介绍](#模块介绍)
- [openssl 模块](#openssl--模块)
- [gotls 模块](#gotls-模块)
- [其他模块](#其他模块)
- [使用演示](#使用演示)
- [星标成长曲线](#星标成长曲线)
- [贡献](#贡献)
- [二次开发](#二次开发)
- [微信公众号](#微信公众号)
<!-- /MarkdownTOC -->
----
# 介绍
eCapture的汉字名字为**旁观者**,即「**当局者迷,旁观者清**」,与其本身功能**旁路、观察**
契合,且发音与英文有相似之处。eCapture使用eBPF `Uprobe`/`Traffic Control`技术,实现各种用户空间/内核空间的数据捕获,无需改动原程序。
# 快速上手
## 下载
### ELF可执行文件
> [!IMPORTANT]
> 支持 Linux/Android的x86_64/aarch64 CPU架构。
下载 [release](https://github.com/gojue/ecapture/releases) 的二进制包,可直接使用。
### Docker容器镜像
> [!TIP]
> 仅支持Linux x86_64/aarch64。
```shell
# 拉取镜像
docker pull gojue/ecapture:latest
# 运行
docker run --rm --privileged=true --net=host -v ${宿主机文件路径}:${容器内路径} gojue/ecapture ARGS
```
## 小试身手
捕获基于Openssl动态链接库加密的网络通讯。
```shell
sudo ecapture tls
2024-09-15T11:50:28Z INF AppName="eCapture(旁观者)"
2024-09-15T11:50:28Z INF HomePage=https://ecapture.cc
2024-09-15T11:50:28Z INF Repository=https://github.com/gojue/ecapture
2024-09-15T11:50:28Z INF Author="CFC4N <cfc4ncs@gmail.com>"
2024-09-15T11:50:28Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-09-15T11:50:28Z INF Version=linux_arm64:0.8.6-20240915-d87ae48:5.15.0-113-generic
2024-09-15T11:50:28Z INF Listen=localhost:28256
2024-09-15T11:50:28Z INF eCapture running logs logger=
2024-09-15T11:50:28Z INF the file handler that receives the captured event eventCollector=
2024-09-15T11:50:28Z WRN ========== module starting. ==========
2024-09-15T11:50:28Z INF listen=localhost:28256
2024-09-15T11:50:28Z INF https server starting...You can update the configuration file via the HTTP interface.
2024-09-15T11:50:28Z INF Kernel Info=5.15.152 Pid=233458
2024-09-15T11:50:28Z INF BTF bytecode mode: CORE. btfMode=0
2024-09-15T11:50:28Z INF master key keylogger has been set. eBPFProgramType=Text keylogger=
2024-09-15T11:50:28Z INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2024-09-15T11:50:28Z INF Module.Run()
2024-09-15T11:50:28Z WRN OpenSSL/BoringSSL version not found from shared library file, used default version OpenSSL Version=linux_default_3_0
2024-09-15T11:50:28Z INF Hook masterKey function ElfType=2 Functions=["SSL_get_wbio","SSL_in_before","SSL_do_handshake"] binrayPath=/usr/lib/aarch64-linux-gnu/libssl.so.3
2024-09-15T11:50:28Z INF target all process.
2024-09-15T11:50:28Z INF target all users.
2024-09-15T11:50:28Z INF setupManagers eBPFProgramType=Text
2024-09-15T11:50:28Z INF BPF bytecode file is matched. bpfFileName=user/bytecode/openssl_3_0_0_kern_core.o
2024-09-15T11:50:28Z INF perfEventReader created mapSize(MB)=4
2024-09-15T11:50:28Z INF perfEventReader created mapSize(MB)=4
2024-09-15T11:50:28Z INF module started successfully. isReload=false moduleName=EBPFProbeOPENSSL
2024-09-15T11:50:31Z ??? UUID:233479_233479_curl_5_1_39.156.66.10:443, Name:HTTPRequest, Type:1, Length:73
GET / HTTP/1.1
Host: baidu.com
Accept: */*
User-Agent: curl/7.81.0
2024-09-15T11:50:32Z ??? UUID:233479_233479_curl_5_0_39.156.66.10:443, Name:HTTPResponse, Type:3, Length:357
HTTP/1.1 302 Moved Temporarily
Content-Length: 161
Connection: keep-alive
Content-Type: text/html
Date: Sun, 15 Sep 2024 11:50:30 GMT
Location: http://www.baidu.com/
Server: bfe/1.0.8.18
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>bfe/1.0.8.18</center>
</body>
</html>
```
## 模块介绍
eCapture 有8个模块,分别支持openssl/gnutls/nspr/boringssl/gotls等类库的TLS/SSL加密类库的明文捕获、Bash、Mysql、PostGres软件审计。
* bash 捕获bash命令行的输入输出
* gnutls 捕获基于gnutls类库加密通讯的明文内容
* gotls 捕获使用Golang语言编写的,基于内置crypt类库实现TLS/HTTPS加密通讯的明文内容
* mysqld 捕获Mysqld的SQL查询,适用于数据库审计场景,支持Mysqld 5.6/5.7/8.0等
* nss 捕获基于nss类库加密通讯的明文内容
* postgres 支持postgres 10+的数据库审计,捕获查询语句
* tls 捕获基于Openssl/Boringssl的加密通讯的明文内容,支持Openssl 1.0.x/1.1.x/3.x以及更新版本,支持BoringSSL所有发行版本
你可以通过`ecapture -h`来查看这些自命令列表。
### openssl 模块
执行`sudo ecapture -h`查看详细帮助文档。
eCapture默认查找`/etc/ld.so.conf`文件,查找SO文件的加载目录,并查找`openssl`等动态链接路位置。你也可以通过`--libssl`
参数指定动态链接库路径。
如果目标程序使用静态编译方式,则可以直接将`--libssl`参数设定为该程序的路径。
openssl模块支持3种捕获模式
- pcap/pcapng模式,将捕获的明文数据以pcap-NG格式存储。
- keylog/key模式,保存TLS的握手密钥到文件中。
- text模式,直接捕获明文数据,输出到指定文件中,或者打印到命令行。
#### Pcap 模式
支持了TLS加密的基于TCP的http `1.0/1.1/2.0`应用层协议, 以及基于UDP的 http3 `QUIC`应用层协议。
你可以通过`-m pcap`或`-m pcapng`参数来指定,需要配合`--pcapfile`、`-i`参数使用。其中`--pcapfile`参数的默认值为`ecapture_openssl.pcapng`。
```shell
sudo ecapture tls -m pcap -i eth0 --pcapfile=ecapture.pcapng tcp port 443
2024-09-15T06:54:12Z INF AppName="eCapture(旁观者)"
2024-09-15T06:54:12Z INF HomePage=https://ecapture.cc
2024-09-15T06:54:12Z INF Repository=https://github.com/gojue/ecapture
2024-09-15T06:54:12Z INF Author="CFC4N <cfc4ncs@gmail.com>"
2024-09-15T06:54:12Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-09-15T06:54:12Z INF Version=linux_arm64:0.8.6-20240915-d87ae48:5.15.0-113-generic
2024-09-15T06:54:12Z INF Listen=localhost:28256
2024-09-15T06:54:12Z INF eCapture running logs logger=
2024-09-15T06:54:12Z INF the file handler that receives the captured event eventCollector=
2024-09-15T06:54:12Z WRN ========== module starting. ==========
2024-09-15T06:54:12Z INF Kernel Info=5.15.152 Pid=230440
2024-09-15T06:54:12Z INF BTF bytecode mode: CORE. btfMode=0
2024-09-15T06:54:12Z INF listen=localhost:28256
2024-09-15T06:54:12Z INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2024-09-15T06:54:12Z INF Module.Run()
2024-09-15T06:54:12Z INF https server starting...You can update the configuration file via the HTTP interface.
2024-09-15T06:54:12Z WRN OpenSSL/BoringSSL version not found from shared library file, used default version OpenSSL Version=linux_default_3_0
2024-09-15T06:54:12Z INF HOOK type:Openssl elf ElfType=2 IFindex=2 IFname=ens160 PcapFilter= binrayPath=/usr/lib/aarch64-linux-gnu/libssl.so.3
2024-09-15T06:54:12Z INF Hook masterKey function Functions=["SSL_get_wbio","SSL_in_before","SSL_do_handshake"]
2024-09-15T06:54:12Z INF target all process.
2024-09-15T06:54:12Z INF target all users.
2024-09-15T06:54:12Z INF setupManagers eBPFProgramType=PcapNG
2024-09-15T06:54:12Z INF BPF bytecode file is matched. bpfFileName=user/bytecode/openssl_3_0_0_kern_core.o
2024-09-15T06:54:12Z INF packets saved into pcapng file. pcapng path=/home/ecapture/ecapture.pcapng
2024-09-15T06:54:12Z INF perfEventReader created mapSize(MB)=4
2024-09-15T06:54:12Z INF perfEventReader created mapSize(MB)=4
2024-09-15T06:54:12Z INF module started successfully. isReload=false moduleName=EBPFProbeOPENSSL
2024-09-15T06:54:14Z INF packets saved into pcapng file. count=4
2024-09-15T06:54:16Z INF non-TLSv1.3 cipher suite found CLientRandom=f08e8d784962d1693c042f9fe266345507ccfaba58b823904a357f30dbfa1e71 CipherId=0
2024-09-15T06:54:16Z INF non-TLSv1.3 cipher suite found CLientRandom=f08e8d784962d1693c042f9fe266345507ccfaba58b823904a357f30dbfa1e71 CipherId=0
2024-09-15T06:54:16Z INF packets saved into pcapng file. count=183
2024-09-15T06:54:16Z INF CLIENT_RANDOM save success CLientRandom=f08e8d784962d1693c042f9fe266345507ccfaba58b823904a357f30dbfa1e71 TlsVersion=TLS1_2_VERSION bytes=176
2024-09-15T06:54:18Z INF packets saved into pcapng file. count=65
^C2024-09-15T06:54:18Z INF module close.
2024-09-15T06:54:18Z INF packets saved into pcapng file. count=3
2024-09-15T06:54:18Z INF packets saved into pcapng file. count=255
2024-09-15T06:54:18Z INF Module closed,message recived from Context
2024-09-15T06:54:18Z INF iModule module close
2024-09-15T06:54:18Z INF bye bye.
```
将捕获的明文数据包保存为pcapng文件,再使用`Wireshark`打开查看,之后就可以看到明文的网络包了。
#### keylog 模式
你可以通过`-m keylog`或`-m key`参数来指定,需要配合`--keylogfile`参数使用,默认为`ecapture_masterkey.log`。
捕获的openssl TLS的密钥`Master Secret`信息,将保存到`--keylogfile`中。你也可以同时开启`tcpdump`抓包,再使用`Wireshark`打开,设置`Master Secret`路径,查看明文数据包。
```shell
sudo ecapture tls -m keylog -keylogfile=openssl_keylog.log
```
也可以直接使用`tshark`软件实时解密展示。
```shell
tshark -o tls.keylog_file:ecapture_masterkey.log -Y http -T fields -e http.file_data -f "port 443" -i eth0
```
#### text 模式
`sudo ecapture tls -m text ` 将会输出所有的明文数据包。(v0.7.0起,不再捕获SSLKEYLOG信息。)
### gotls 模块
与openssl模块类似。
#### 验证方法:
```shell
cfc4n@vm-server:~$# uname -r
4.18.0-305.3.1.el8.x86_64
cfc4n@vm-server:~$# cat /boot/config-`uname -r` | grep CONFIG_DEBUG_INFO_BTF
CONFIG_DEBUG_INFO_BTF=y
```
#### 启动eCapture
```shell
sudo ecapture gotls --elfpath=/home/cfc4n/go_https_client --hex
```
#### 启动该程序:
确保该程序会触发https请求。
```shell
/home/cfc4n/go_https_client
```
#### 更多帮助
```shell
sudo ecapture gotls -h
```
### 其他模块
eCapture 还支持其他模块,如`bash`、`mysql`、`nss`、`postgres`等,你可以通过`ecapture -h`查看详细帮助文档。
## 使用演示
### 介绍文章
[eCapture:无需CA证书抓https明文通讯](https://mp.weixin.qq.com/s/DvTClH3JmncpkaEfnTQsRg)
### 视频:Linux上使用eCapture
[](https://www.bilibili.com/video/BV1si4y1Q74a "eCapture User Manual")
### 视频:Android上使用eCapture
[](https://www.bilibili.com/video/BV1xP4y1Z7HB "eCapture for Android")
## eCaptureQ 界面程序
[eCaptureQ](https://github.com/gojue/ecaptureq)是 eCapture 的跨平台图形界面客户端,将 eBPF TLS 抓包能力可视化呈现。采用
Rust + Tauri + React
技术栈构建,提供实时响应式界面,无需 CA 证书即可轻松分析加密流量。让复杂的 eBPF 抓包技术变得简单易用。 支持两种模式:
*
* 集成模式:Linux/Android 一体化运行
* 远程模式:Windows/macOS/Linux 客户端连接远程 eCapture 服务
### 其他事件转发项目
[事件转发优秀项目](./EVENT_FORWARD.md)
### 视频演示
https://github.com/user-attachments/assets/c8b7a84d-58eb-4fdb-9843-f775c97bdbfb
🔗 [GitHub 仓库](https://github.com/gojue/ecaptureq)
### Protobuf 协议说明
关于 eCapture/eCaptureQ 使用的 Protobuf 日志模式的详细信息,请参见:
- [protobuf/PROTOCOLS-zh_Hans.md](protobuf/PROTOCOLS-zh_Hans.md)
## 星标成长曲线
[](https://starchart.cc/gojue/ecapture)
# 贡献
参考 [CONTRIBUTING](./CONTRIBUTING.md)的介绍,提交缺陷、补丁、建议等,非常感谢。
# 二次开发
## 自行编译
你可以定制自己想要的功能,比如设定`uprobe`
的偏移地址,用来支持被静态编译的Openssl类库。编译方法可以参考 [编译指南](docs/compilation-zh_Hans.md) 的介绍。
## 动态修改配置
当eCapture运行后,你可以通过HTTP接口动态修改配置,参考[HTTP API 文档](docs/remote-config-update-api-zh_Hans.md)。
## 事件转发
eCapture支持多种事件转发方式,你可以将事件转发至Burp Suite等抓包软件,详情参考[事件转发API 文档](docs/event-forward-api-zh_Hans.md)。
# 微信公众号
## 感谢
本项目获得 [JetBrains IDE](https://www.jetbrains.com) 许可证的支持。感谢 JetBrains 对开源社区的贡献。
================================================
FILE: README.md
================================================
<img src="./images/ecapture-logo.png" alt="eCapture Logo" width="300" height="300"/>
[汉字](README-zh_Hans.md) | English
[](https://github.com/gojue/ecapture)
[](https://github.com/gojue/ecapture)
[](https://github.com/gojue/ecapture/actions/workflows/code-analysis.yml)
[](https://github.com/gojue/ecapture/releases)
### eCapture(旁观者): capture SSL/TLS text content without a CA certificate using eBPF.
> [!IMPORTANT]
> Supports Linux/Android kernel versions x86_64 4.18 and above, **aarch64 5.5** and above.
> Need ROOT permission.
> Does not support Windows and macOS system.
----
<!-- MarkdownTOC autolink="true" -->
- [Introduction](#introduction)
- [Getting started](#getting-started)
- [Download](#download)
- [ELF binary file](#elf-binary-file)
- [Docker image](#docker-image)
- [Capture openssl text content.](#capture-openssl-text-content)
- [Modules](#modules)
- [OpenSSL Module](#openssl-module)
- [GoTLS Module](#gotls-module)
- [Other Modules](#bash-module)
- [Videos](#videos)
- [Contributing](#contributing)
- [Compilation](#compilation)
<!-- /MarkdownTOC -->
# Introduction
* SSL/TLS plaintext capture, support openssl\libressl\boringssl\gnutls\nspr(nss) libraries.
* GoTLS plaintext support go tls library, which refers to encrypted communication in https/tls programs written in the golang language.
* Bash audit, capture bash command for Host Security Audit.
* Zsh audit, capture zsh command for Host Security Audit.
* MySQL query SQL audit, support mysqld 5.6\5.7\8.0, and MariaDB.
# Getting started
## Download
### ELF binary file
> [!TIP]
> support Linux/Android x86_64/aarch64.
Download ELF zip file [release](https://github.com/gojue/ecapture/releases) , unzip and use by
command `sudo ecapture --help`.
### Docker image
> [!TIP]
> Linux only.
```shell
# pull docker image
docker pull gojue/ecapture:latest
# run
docker run --rm --privileged=true --net=host -v ${HOST_PATH}:${CONTAINER_PATH} gojue/ecapture ARGS
```
see [Docker Hub](https://hub.docker.com/r/gojue/ecapture) for more information.
## Capture openssl text content.
```shell
sudo ecapture tls
2024-09-15T11:51:31Z INF AppName="eCapture(旁观者)"
2024-09-15T11:51:31Z INF HomePage=https://ecapture.cc
2024-09-15T11:51:31Z INF Repository=https://github.com/gojue/ecapture
2024-09-15T11:51:31Z INF Author="CFC4N <cfc4ncs@gmail.com>"
2024-09-15T11:51:31Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-09-15T11:51:31Z INF Version=linux_arm64:0.8.6-20240915-d87ae48:5.15.0-113-generic
2024-09-15T11:51:31Z INF Listen=localhost:28256
2024-09-15T11:51:31Z INF eCapture running logs logger=
2024-09-15T11:51:31Z INF the file handler that receives the captured event eventCollector=
2024-09-15T11:51:31Z INF listen=localhost:28256
2024-09-15T11:51:31Z INF https server starting...You can update the configuration file via the HTTP interface.
2024-09-15T11:51:31Z WRN ========== module starting. ==========
2024-09-15T11:51:31Z INF Kernel Info=5.15.152 Pid=233698
2024-09-15T11:51:31Z INF BTF bytecode mode: CORE. btfMode=0
2024-09-15T11:51:31Z INF master key keylogger has been set. eBPFProgramType=Text keylogger=
2024-09-15T11:51:31Z INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2024-09-15T11:51:31Z INF Module.Run()
2024-09-15T11:51:31Z WRN OpenSSL/BoringSSL version not found from shared library file, used default version OpenSSL Version=linux_default_3_0
2024-09-15T11:51:31Z INF Hook masterKey function ElfType=2 Functions=["SSL_get_wbio","SSL_in_before","SSL_do_handshake"] binrayPath=/usr/lib/aarch64-linux-gnu/libssl.so.3
2024-09-15T11:51:31Z INF target all process.
2024-09-15T11:51:31Z INF target all users.
2024-09-15T11:51:31Z INF setupManagers eBPFProgramType=Text
2024-09-15T11:51:31Z INF BPF bytecode file is matched. bpfFileName=user/bytecode/openssl_3_0_0_kern_core.o
2024-09-15T11:51:32Z INF perfEventReader created mapSize(MB)=4
2024-09-15T11:51:32Z INF perfEventReader created mapSize(MB)=4
2024-09-15T11:51:32Z INF module started successfully. isReload=false moduleName=EBPFProbeOPENSSL
2024-09-15T11:51:53Z ??? UUID:233851_233851_curl_5_1_172.16.71.1:51837, Name:HTTP2Request, Type:2, Length:304
Frame Type => SETTINGS
Frame Type => WINDOW_UPDATE
Frame Type => HEADERS
header field ":method" = "GET"
header field ":path" = "/"
header field ":scheme" = "https"
header field ":authority" = "google.com"
header field "user-agent" = "curl/7.81.0"
header field "accept" = "*/*"
Frame Type => SETTINGS
2024-09-15T11:51:53Z ??? UUID:233851_233851_curl_5_0_172.16.71.1:51837, Name:HTTP2Response, Type:4, Length:1160
Frame Type => SETTINGS
Frame Type => WINDOW_UPDATE
Frame Type => SETTINGS
Frame Type => HEADERS
header field ":status" = "301"
header field "location" = "https://www.google.com/"
header field "content-type" = "text/html; charset=UTF-8"
header field "content-security-policy-report-only" = "object-src 'none';base-uri 'self';script-src 'nonce-qvZZ0XreBfeqRnUEV1WoYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp"
header field "date" = "Sun, 15 Sep 2024 11:51:52 GMT"
header field "expires" = "Tue, 15 Oct 2024 11:51:52 GMT"
header field "cache-control" = "public, max-age=2592000"
header field "server" = "gws"
header field "content-length" = "220"
header field "x-xss-protection" = "0"
header field "x-frame-options" = "SAMEORIGIN"
header field "alt-svc" = "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000"
Frame Type => PING
Frame Type => DATA
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
```
## Modules
The eCapture tool comprises 8 modules that respectively support plaintext capture for TLS/SSL encryption libraries like OpenSSL, GnuTLS, NSPR, BoringSSL, and GoTLS. Additionally, it facilitates software audits for Bash, MySQL, and PostgreSQL applications.
* bash capture bash command
* zsh capture zsh command
* gnutls capture gnutls text content without CA cert for gnutls libraries.
* gotls Capturing plaintext communication from Golang programs encrypted with TLS/HTTPS.
* mysqld capture sql queries from mysqld 5.6/5.7/8.0 .
* nss capture nss/nspr encrypted text content without CA cert for nss/nspr libraries.
* postgres capture sql queries from postgres 10+.
* tls use to capture tls/ssl text content without CA cert. (Support openssl 1.0.x/1.1.x/3.0.x or newer).
You can use `ecapture -h` to view the list of subcommands.
### OpenSSL Module
eCapture search `/etc/ld.so.conf` file default, to search load directories of `SO` file, and search `openssl` shard
libraries location. or you can use `--libssl`
flag to set shard library path.
If target program is compile statically, you can set program path as `--libssl` flag value directly。
The OpenSSL module supports three capture modes:
- `pcap`/`pcapng` mode stores captured plaintext data in `pcap-NG` format.
- `keylog`/`key` mode saves the TLS handshake keys to a file.
- `text` mode directly captures plaintext data, either outputting to a specified file or printing to the command line.
#### Pcap Mode
Supported TLS encrypted http `1.0/1.1/2.0` over TCP, and http3 `QUIC` protocol over UDP.
You can specify `-m pcap` or `-m pcapng` and use it in conjunction with `--pcapfile` and `-i` parameters. The default value for `--pcapfile` is `ecapture_openssl.pcapng`.
```shell
sudo ecapture tls -m pcap -i eth0 --pcapfile=ecapture.pcapng tcp port 443
```
This command saves captured plaintext data packets as a pcapng file, which can be viewed using `Wireshark`.
```shell
sudo ecapture tls -m pcap -w ecap.pcapng -i ens160
2024-09-15T06:54:12Z INF AppName="eCapture(旁观者)"
2024-09-15T06:54:12Z INF HomePage=https://ecapture.cc
2024-09-15T06:54:12Z INF Repository=https://github.com/gojue/ecapture
2024-09-15T06:54:12Z INF Author="CFC4N <cfc4ncs@gmail.com>"
2024-09-15T06:54:12Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-09-15T06:54:12Z INF Version=linux_arm64:0.8.6-20240915-d87ae48:5.15.0-113-generic
2024-09-15T06:54:12Z INF Listen=localhost:28256
2024-09-15T06:54:12Z INF eCapture running logs logger=
2024-09-15T06:54:12Z INF the file handler that receives the captured event eventCollector=
2024-09-15T06:54:12Z WRN ========== module starting. ==========
2024-09-15T06:54:12Z INF Kernel Info=5.15.152 Pid=230440
2024-09-15T06:54:12Z INF BTF bytecode mode: CORE. btfMode=0
2024-09-15T06:54:12Z INF listen=localhost:28256
2024-09-15T06:54:12Z INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2024-09-15T06:54:12Z INF Module.Run()
2024-09-15T06:54:12Z INF https server starting...You can update the configuration file via the HTTP interface.
2024-09-15T06:54:12Z WRN OpenSSL/BoringSSL version not found from shared library file, used default version OpenSSL Version=linux_default_3_0
2024-09-15T06:54:12Z INF HOOK type:Openssl elf ElfType=2 IFindex=2 IFname=ens160 PcapFilter= binrayPath=/usr/lib/aarch64-linux-gnu/libssl.so.3
2024-09-15T06:54:12Z INF Hook masterKey function Functions=["SSL_get_wbio","SSL_in_before","SSL_do_handshake"]
2024-09-15T06:54:12Z INF target all process.
2024-09-15T06:54:12Z INF target all users.
2024-09-15T06:54:12Z INF setupManagers eBPFProgramType=PcapNG
2024-09-15T06:54:12Z INF BPF bytecode file is matched. bpfFileName=user/bytecode/openssl_3_0_0_kern_core.o
2024-09-15T06:54:12Z INF packets saved into pcapng file. pcapng path=/home/ecapture/ecap.pcapng
2024-09-15T06:54:12Z INF perfEventReader created mapSize(MB)=4
2024-09-15T06:54:12Z INF perfEventReader created mapSize(MB)=4
2024-09-15T06:54:12Z INF module started successfully. isReload=false moduleName=EBPFProbeOPENSSL
2024-09-15T06:54:14Z INF packets saved into pcapng file. count=4
2024-09-15T06:54:16Z INF non-TLSv1.3 cipher suite found CLientRandom=f08e8d784962d1693c042f9fe266345507ccfaba58b823904a357f30dbfa1e71 CipherId=0
2024-09-15T06:54:16Z INF non-TLSv1.3 cipher suite found CLientRandom=f08e8d784962d1693c042f9fe266345507ccfaba58b823904a357f30dbfa1e71 CipherId=0
2024-09-15T06:54:16Z INF packets saved into pcapng file. count=183
2024-09-15T06:54:16Z INF CLIENT_RANDOM save success CLientRandom=f08e8d784962d1693c042f9fe266345507ccfaba58b823904a357f30dbfa1e71 TlsVersion=TLS1_2_VERSION bytes=176
2024-09-15T06:54:18Z INF packets saved into pcapng file. count=65
^C2024-09-15T06:54:18Z INF module close.
2024-09-15T06:54:18Z INF packets saved into pcapng file. count=3
2024-09-15T06:54:18Z INF packets saved into pcapng file. count=255
2024-09-15T06:54:18Z INF Module closed,message recived from Context
2024-09-15T06:54:18Z INF iModule module close
2024-09-15T06:54:18Z INF bye bye.
```
Used `Wireshark` to open `ecap.pcapng` file to view the plaintext data packets.
#### Keylog Mode
You can specify `-m keylog` or `-m key` and use it in conjunction with the `--keylogfile` parameter, which defaults to `ecapture_masterkey.log`.
The captured OpenSSL TLS `Master Secret` information is saved to `--keylogfile`. You can also enable `tcpdump` packet capture and then use `Wireshark` to open the file and set the `Master Secret` path to view plaintext data packets.
```shell
sudo ecapture tls -m keylog -keylogfile=openssl_keylog.log
```
You can also directly use the `tshark` software for real-time decryption and display:
```shell
tshark -o tls.keylog_file:ecapture_masterkey.log -Y http -T fields -e http.file_data -f "port 443" -i eth0
```
#### Text Mode
`sudo ecapture tls -m text` will output all plaintext data packets. (Starting from v0.7.0, it no longer captures
SSLKEYLOG information.)
### GoTLS Module
Similar to the OpenSSL module.
#### gotls command
capture tls text context.
Step 1:
```shell
sudo ecapture gotls --elfpath=/home/cfc4n/go_https_client --hex
```
Step 2:
```shell
/home/cfc4n/go_https_client
```
#### more help
```shell
sudo ecapture gotls -h
```
### Other Modules
such as `bash\mysqld\postgres` modules, you can use `ecapture -h` to view the list of subcommands.
## Videos
* Youtube video: [How to use eCapture v0.1.0](https://www.youtube.com/watch?v=CoDIjEQCvvA "eCapture User Manual")
* [eCapture:supports capturing plaintext of Golang TLS/HTTPS traffic](https://medium.com/@cfc4ncs/ecapture-supports-capturing-plaintext-of-golang-tls-https-traffic-f16874048269)
## eCaptureQ GUI Application
[eCaptureQ](https://github.com/gojue/ecaptureq) is a cross-platform graphical user interface client for eCapture,
visualizing eBPF TLS capture
capabilities. Built using the Rust + Tauri + React technology stack, it provides a real-time, responsive interface,
enabling easy analysis of encrypted traffic without the need for CA certificates. It simplifies complex eBPF capture
techniques, making them easy to use. Supports two modes:
* Integrated Mode: Unified Linux/Android execution
* Remote Mode: Windows/macOS/Linux client connects to a remote eCapture service
### Event Forwarding
[Event Forwarding Projects](./EVENT_FORWARD.md)
### Video Demonstration
https://github.com/user-attachments/assets/c8b7a84d-58eb-4fdb-9843-f775c97bdbfb
🔗 [GitHub Repository](https://github.com/gojue/ecaptureq)
### Protobuf Protocols
For details of the Protobuf log schema used by eCapture/eCaptureQ, see:
- [protobuf/PROTOCOLS.md](./protobuf/PROTOCOLS.md)
## Stargazers over time
[](https://starchart.cc/gojue/ecapture)
# Contributing
See [CONTRIBUTING](./CONTRIBUTING.md) for details on submitting patches and the contribution workflow.
# Compilation
## Custom Compilation
You can customize the features you want, such as setting the offset address for `uprobe` to support statically compiled OpenSSL libraries. Refer to the [compilation guide](./docs/compilation.md) for compilation instructions.
## Configurations Remote Update
After eCapture is running, you can dynamically modify the configurations through HTTP interfaces. Refer to the [HTTP API Documentation](./docs/remote-config-update-api.md).
## Event Forwarding
eCapture supports multiple event forwarding methods. You can forward events to packet capture software such as Burp Suite. For details, refer to the [Event Forwarding API Documentation](./docs/event-forward-api.md).
## Acknowledgements
This project is supported by a [JetBrains IDE](https://www.jetbrains.com) license. We thank JetBrains for their
contributions to the open-source community.
================================================
FILE: SECURITY.md
================================================
# Security Policy
## Supported Versions
Use this section to tell people about which versions of your project are
currently being supported with security updates.
| Version | Supported |
|---------|--------------------|
| 0.9.x | :white_check_mark: |
| < 0.8.0 | :x: |
## Reporting a Vulnerability
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.
================================================
FILE: assets/ebpf_probe_stub.go
================================================
//go:build !ebpfassets
// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Package assets provides embedded eBPF bytecode assets.
// This stub is used when the real assets have not been generated yet
// (i.e. when building without the 'ebpfassets' build tag).
// Run `make assets` to generate the real assets/ebpf_probe.go file,
// which must be built with -tags ebpfassets.
package assets
import "fmt"
// Asset returns the contents of the named embedded asset.
// This stub always returns an error; the real implementation is generated
// by `make assets` and requires the 'ebpfassets' build tag.
func Asset(name string) ([]byte, error) {
return nil, fmt.Errorf("eBPF asset %q not available: run `make assets` to generate embedded bytecode", name)
}
// AssetNames returns the names of all embedded assets.
func AssetNames() []string {
return nil
}
================================================
FILE: builder/Dockerfile
================================================
FROM ubuntu:22.04 as ecapture_builder
# Install Compilers
RUN apt-get update &&\
apt-get install --yes git build-essential pkgconf libelf-dev llvm-14 clang-14 linux-tools-common linux-headers-$(uname -r) make gcc flex bison file wget linux-source &&\
# the for-shell built-in instruction does not count as a command
# and the shell used to execute the script is sh by default and not bash.
rm -f /usr/bin/clang && ln -s /usr/bin/clang-14 /usr/bin/clang &&\
rm -f /usr/bin/llc && ln -s /usr/bin/llc-14 /usr/bin/llc &&\
rm -f /usr/bin/llvm-strip && ln -s /usr/bin/llvm-strip-14 /usr/bin/llvm-strip
# Install golang
ARG TARGETARCH
RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "amd64" ]; then\
wget -O go.tar.gz https://golang.google.cn/dl/go1.24.6.linux-${TARGETARCH}.tar.gz; \
else \
echo "unsupport arch" && /bin/false ; \
fi && \
tar -C /usr/local -xzf go.tar.gz && \
export PATH=$PATH:/usr/local/go/bin && \
rm go.tar.gz
ENV PATH="/usr/local/go/bin:${PATH}"
# Build ecapture
COPY ./ /build/ecapture
ARG VERSION
RUN cd /build/ecapture &&\
make clean &&\
make all SNAPSHOT_VERSION=${VERSION}_docker
# ecapture release image
FROM alpine:latest as ecapture
COPY --from=ecapture_builder /build/ecapture/bin/ecapture /ecapture
ENTRYPOINT ["/ecapture"]
================================================
FILE: builder/Makefile.release
================================================
include variables.mk
include functions.mk
#
# Responsible for creating ecapture snapshots for testing and releasing
#
.PHONY: all
all: help
release: snapshot build_deb snapshot_android
#
# make
#
.ONESHELL:
SHELL = /bin/bash
MAKEFLAGS += --no-print-directory
.ONESHELL:
.check_%:
#
@command -v $* >/dev/null
if [ $$? -ne 0 ]; then
echo "missing required tool $*"
exit 1
else
touch $@ # avoid target rebuilds due to inexistent file
fi
#
# environment
#
.PHONY: env
env:
DEBUG=$(DEBUG) ANDROID=$(ANDROID) CROSS_ARCH=$(CROSS_ARCH) SNAPSHOT_VERSION=$(SNAPSHOT_VERSION) $(CMD_MAKE) env
#
# usage
#
.PHONY: help
help:
@echo ""
@echo "Create ecapture snapshots for testing and releasing"
@echo ""
@echo "To generate a release snapshot:"
@echo ""
@echo " $$ make -f builder/Makefile.release snapshot"
@echo ""
@echo " - Compiles ecapture"
@echo " - Creates an archive of build artifacts along with license"
@echo " - Takes a checksum of the archive"
@echo ""
@echo " Example:"
@echo ""
@echo " To create build artifacts versioned by latest git SHA:"
@echo ""
@echo " $$ make -f builder/Makefile.release snapshot"
@echo ""
@echo " To create build artifacts with version v0.1.6:"
@echo ""
@echo " $$ SNAPSHOT_VERSION=v0.1.6 \ "
@echo " make -f builder/Makefile.release snapshot"
@echo ""
@echo "To publish a release:"
@echo ""
@echo " $$ SNAPSHOT_VERSION=v0.1.6 \ "
@echo " make -f builder/Makefile.release publish"
@echo ""
@echo ""
@echo "Clean leftovers:"
@echo ""
@echo " $$ make -f builder/Makefile.release clean"
@echo ""
#
# requirements
#
.PHONY: .check_tree
.check_tree:
@if [ ! -d ./builder ]; then
echo "you must be in the root directory"
exit 1
fi
$(OUTPUT_DIR):
$(CMD_MKDIR) -p $@
# snapshot Linux non-CO-RE version, and non-CO-RE only on Linux OS.
.PHONY: snapshot
snapshot: \
$(OUTPUT_DIR) \
| .check_tree \
.check_$(CMD_TAR) \
.check_$(CMD_CHECKSUM) \
.check_$(CMD_GITHUB)
$(call allow-override,ANDROID,0)
$(call release_tar,linux,)
.PHONY: snapshot_android
snapshot_android: \
$(OUTPUT_DIR) \
| .check_tree \
.check_$(CMD_TAR) \
.check_$(CMD_CHECKSUM) \
.check_$(CMD_GITHUB)
$(call allow-override,ANDROID,1)
$(call release_tar,android,)
.PHONY: publish
publish: \
$(OUTPUT_DIR) \
$(OUT_ARCHIVE) \
$(OUT_DEB_FILE) \
| .check_tree \
.check_$(CMD_GITHUB)
@$(CMD_CD) $(OUTPUT_DIR)
@$(CMD_CHECKSUM) ecapture*v* | $(CMD_SED) 's/.\/bin\///g' > $(OUT_CHECKSUMS)
@FILES=$$(ls ecapture-*.tar.gz ecapture*.deb checksum-*.txt)
@if [ "$(IS_PRERELEASE)" = "true" ]; then \
echo "🚧 Publishing as pre-release: $(DEB_VERSION)"; \
$(CMD_GITHUB) release create $(DEB_VERSION) $$FILES --title "eCapture $(DEB_VERSION)" --notes-file $(RELEASE_NOTES) --prerelease; \
else \
echo "📦 Publishing as stable release: $(DEB_VERSION)"; \
$(CMD_GITHUB) release create $(DEB_VERSION) $$FILES --title "eCapture $(DEB_VERSION)" --notes-file $(RELEASE_NOTES); \
fi
.PHONY: clean
clean:
#
$(CMD_MAKE) clean
.PHONY: deb
deb: snapshot build_deb
# 用于构建DEB包的目标, non-CO-RE default.
build_deb:
# 创建软件包目录结构
$(CMD_RM) -rf $(BUILD_DIR)
$(CMD_MKDIR) -p $(BUILD_DIR)/DEBIAN
$(CMD_MKDIR) -p $(BUILD_DIR)/usr/local/bin
# 复制程序文件到软件包目录
$(CMD_CP) bin/ecapture $(BUILD_DIR)/usr/local/bin/ecapture # 将二进制文件复制到目标位置
# 创建控制文件 (DEBIAN/control)
$(CMD_ECHO) "Package: $(PACKAGE_NAME)" > $(BUILD_DIR)/DEBIAN/control
$(CMD_ECHO) "Version: $(PACKAGE_VERSION)" >> $(BUILD_DIR)/DEBIAN/control
$(CMD_ECHO) "BuildDate: $(BUILD_DATE)" >> $(BUILD_DIR)/DEBIAN/control
$(CMD_ECHO) "Architecture: $(GOARCH)" >> $(BUILD_DIR)/DEBIAN/control
$(CMD_ECHO) "Maintainer: $(PACKAGE_MAINTAINER)" >> $(BUILD_DIR)/DEBIAN/control
$(CMD_ECHO) "Description: $(PACKAGE_DESC)" >> $(BUILD_DIR)/DEBIAN/control
$(CMD_ECHO) "Homepage: $(PACKAGE_HOMEPAGE)" >> $(BUILD_DIR)/DEBIAN/control
# 构建DEB包
$(CMD_DPKG-DEB) --build $(BUILD_DIR) $(OUT_DEB_FILE)
================================================
FILE: builder/init_env.sh
================================================
#!/usr/bin/env bash
# /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/gojue/ecapture/master/builder/init_env.sh)"
echo "Welcome to eCapture project development environment initialization script."
echo "Home page: https://ecapture.cc"
echo "Github: https://github.com/gojue/ecapture"
# 环境检测
release_num=$(lsb_release -r --short)
if [ $? -ne 0 ]; then
echo "command not found, supported ubuntu only."
exit
fi
CLANG_NUM=-12
# shellcheck disable=SC2209
if [ ${release_num} == "20.04" ]; then
CLANG_NUM=-10
elif [ ${release_num} == "20.10" ]; then
CLANG_NUM=-10
elif [ ${release_num} == "21.04" ]; then
CLANG_NUM=-11
elif [ ${release_num} == "21.10" ]; then
CLANG_NUM=-12
elif [ ${release_num} == "22.04" ]; then
CLANG_NUM=-12
elif [ ${release_num} == "22.10" ]; then
CLANG_NUM=-12
elif [ ${release_num} == "23.04" ];then
CLANG_NUM=-15
elif [ ${release_num} == "23.10" ];then
CLANG_NUM=-15
elif [ ${release_num} == "24.04" ];then
CLANG_NUM=-18
else
echo "used default CLANG Version"
CLANG_NUM=
fi
echo "CLANG_NUM=${CLANG_NUM}"
UNAME_M=`uname -m`
ARCH="amd64"
CROSS_ARCH_PATH="arm64"
CROSS_COMPILE=aarch64-linux-gnu-
CROSS_COMPILE_DEB=gcc-aarch64-linux-gnu
if [[ ${UNAME_M} =~ "x86_64" ]];then
ARCH="amd64"
CROSS_ARCH_PATH="arm64"
CROSS_COMPILE=aarch64-linux-gnu-
CROSS_COMPILE_DEB=gcc-aarch64-linux-gnu
elif [[ ${UNAME_M} =~ "aarch64" ]]; then
ARCH="arm64"
CROSS_ARCH_PATH="x86"
CROSS_COMPILE=x86_64-linux-gnu-
CROSS_COMPILE_DEB=gcc-x86-64-linux-gnu
# 在ubuntu 24.04 上, 跨平台的GCC编译器的包名为“gcc-x86-64-linux-gnu”,不是以前的“x86_64-linux-gnu-gcc”
else
echo "unsupported arch ${UNAME_M}";
fi
GOBIN_ZIP="go1.24.6.linux-${ARCH}.tar.gz"
echo "GOBIN_ZIP:${GOBIN_ZIP}"
cd ~ || exit
uname -a
sudo apt-get update || { echo "apt-get update failed"; exit 1; }
# 环境安装,添加错误检查
sudo apt-get -y install build-essential pkgconf libelf-dev llvm${CLANG_NUM} \
clang${CLANG_NUM} linux-tools-common linux-tools-generic ${CROSS_COMPILE_DEB} \
libssl-dev flex bison bc linux-source || { echo "apt-get install failed"; exit 1; }
for tool in "clang" "llc" "llvm-strip"
do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool${CLANG_NUM} /usr/bin/$tool
done
cd /usr/src || exit
source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')
sudo tar -xf $source_file
cd $source_dir || exit
test -f .config || yes "" | sudo make oldconfig
yes "" | sudo make ARCH=${CROSS_ARCH_PATH} CROSS_COMPILE=${CROSS_COMPILE} prepare V=0 > /dev/null
yes "" | sudo make prepare V=0 > /dev/null
ls -al $source_dir
clang --version
cd ~ || exit
# 安装golang,设置goproxy
wget https://golang.google.cn/dl/${GOBIN_ZIP}
sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf ${GOBIN_ZIP}
export PATH=/usr/local/go/bin:$PATH
export GOPROXY=https://goproxy.cn
# clone 源码
git clone https://github.com/gojue/ecapture.git
cd ./ecapture || exit
echo "The development environment for the eCapture project has been successfully installed,"
echo "and you can start compiling the project now."
echo "see the README.md for more information."
echo "Enjoy it!"
================================================
FILE: builder/rpmBuild.spec
================================================
Name: ecapture
Version: v1.1.0
Release: 2025%{?dist}
Summary: Capture SSL/TLS plaintext content without CA certificates using eBPF
License: Apache-2.0
URL: https://ecapture.cc
Source0: %{name}-%{version}.tar.gz
%global _missing_build_ids_terminate_build 0
%define debug_package %{nil}
%description
eCapture is a powerful network traffic capture and decryption tool based on eBPF technology, focusing on TLS/SSL protocol transparency and analysis. This tool supports multiple protocols and architectures, providing efficient and flexible capture and decryption capabilities.
Key features include:
- Multi-Protocol Support: Compatible with TLS, gnutls, nss, openssl, and other encryption protocols across different versions of SSL/TLS implementations
- Smart Packet Capture: Efficient network data capture and protocol parsing based on eBPF technology, supporting IPv4/IPv6 dual-stack and 4-tuple filtering
- Master Key Capture: Supports TLS 1.0/1.1/1.2 and 1.3 protocol master key capture, integrates with Wireshark for decryption to view encrypted traffic in plain text
- Modular Architecture: Easy extension and flexible configuration of different protocol modules
- Cross-Platform Support: Compatible with Linux, Android, and other platforms, supporting ARM64 and x86 architectures
Technical advantages:
- Automatic detection of SSL/TLS library versions, intelligent identification of CO-RE and non-CO-RE modes
- Support for custom filters, log files, decryption modes, and multiple output formats
- High-efficiency data processing based on eBPF, supporting large-scale concurrent captures and long-term packet capturing
- Wireshark plugin support for easy data analysis and visualization
Application scenarios: Network debugging, security analysis, protocol research, monitoring and auditing.
For more information, visit: https://ecapture.cc or https://github.com/gojue/ecapture
%prep
%setup -c
%build
make
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/usr/local/bin/
install -m 755 bin/ecapture %{buildroot}/usr/local/bin/ecapture
eu-strip %{buildroot}/usr/local/bin/ecapture
%post
echo "eCapture has been installed in the /usr/local/bin directory."
echo "Please ensure that /usr/local/bin is in your \$PATH, or use /usr/local/bin/ecapture directly."
%files
/usr/local/bin/ecapture
%changelog
* Tue Mar 25 2025 CFC4N <cfc4ncs@gmail.com> - 1.0.0
- Initial stable release
- Added support for multiple encryption protocols including TLS, gnutls, nss, and openssl
- Implemented smart packet capture based on eBPF technology
- Added support for TLS 1.2 and 1.3 protocol master key capture
- Completed modular architecture design for easy extension
- Added cross-platform support for Linux, Android, and other platforms
- Ensured compatibility with ARM64 and x86 architectures
- Added Wireshark plugin support
- Implemented automatic detection of SSL/TLS library versions
- Added support for custom filters, log files, and multiple output formats
================================================
FILE: bytecode/.gitkeep
================================================
================================================
FILE: cli/LICENSE
================================================
================================================
FILE: cli/cmd/bash.go
================================================
// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd
import (
"github.com/spf13/cobra"
"github.com/gojue/ecapture/internal/factory"
bashProbe "github.com/gojue/ecapture/internal/probe/bash"
)
var bashConfig = bashProbe.NewConfig()
// bashCmd represents the bash command
var bashCmd = &cobra.Command{
Use: "bash",
Short: "capture bash command",
Long: `eCapture capture bash commands for bash security audit,
Auto find the bash of the current env as the capture target.`,
RunE: bashCommandFunc,
}
func init() {
bashCmd.PersistentFlags().StringVar(&bashConfig.Bashpath, "bash", "", "$SHELL file path, eg: /bin/bash , will automatically find it from $ENV default.")
bashCmd.PersistentFlags().StringVar(&bashConfig.Readline, "readlineso", "", "readline.so file path, will automatically find it from $BASH_PATH default.")
bashCmd.Flags().IntVarP(&bashConfig.ErrNo, "errnumber", "e", 128, "only show the command which exec reulst equals err number.")
rootCmd.AddCommand(bashCmd)
}
// bashCommandFunc executes the "bash" command using the new probe architecture.
func bashCommandFunc(command *cobra.Command, args []string) error {
// Set global config to bash-specific config
bashConfig.SetPid(globalConf.Pid)
bashConfig.SetUid(globalConf.Uid)
bashConfig.SetDebug(globalConf.Debug)
bashConfig.SetHex(globalConf.IsHex)
bashConfig.SetBTF(globalConf.BtfMode)
bashConfig.SetPerCpuMapSize(globalConf.PerCpuMapSize)
bashConfig.SetTruncateSize(globalConf.TruncateSize)
// Run probe using the common entry point
return runProbe(factory.ProbeTypeBash, bashConfig)
}
================================================
FILE: cli/cmd/ecaptureq.go
================================================
// Copyright 2025 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd
import (
"github.com/gojue/ecapture/pkg/ecaptureq"
)
// ecaptureQLogWriter
type ecaptureQLogWriter struct {
es *ecaptureq.Server
}
func (eew ecaptureQLogWriter) Write(data []byte) (n int, e error) {
return eew.es.WriteLog(data)
}
type ecaptureQEventWriter struct {
es *ecaptureq.Server
}
func (eew ecaptureQEventWriter) Write(data []byte) (n int, e error) {
return eew.es.WriteEvent(data)
}
================================================
FILE: cli/cmd/env_detection.go
================================================
// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd
import (
"fmt"
"runtime"
"golang.org/x/sys/unix"
"github.com/gojue/ecapture/pkg/util/kernel"
)
func detectKernel() error {
// 系统内核版本检测
kv, err := kernel.HostVersion()
if err != nil {
return fmt.Errorf("failed to get the host kernel version: %w", err)
}
switch runtime.GOARCH {
case "amd64":
if kv < kernel.VersionCode(4, 18, 0) {
return fmt.Errorf("the Linux/Android Kernel version %v (x86_64) is not supported. Requires a version greater than 4.18", kv)
}
case "arm64":
if kv < kernel.VersionCode(5, 5, 0) {
return fmt.Errorf("the Linux/Android Kernel version %v (aarch64) is not supported. Requires a version greater than 5.5", kv)
}
default:
return fmt.Errorf("unsupported CPU arch:%v", runtime.GOARCH)
}
return nil
}
func detectBpfCap() error {
// BPF 权限检测
hdr := unix.CapUserHeader{Version: unix.LINUX_CAPABILITY_VERSION_3}
var data [2]unix.CapUserData // why 2? pls check https://github.com/golang/go/issues/44312
err := unix.Capget(&hdr, &data[0])
if err != nil {
return fmt.Errorf("failed to get the capabilities of the current process: %w", err)
}
capBpfMask := uint32(1 << (unix.CAP_BPF - 32))
capSysAdminMask := uint32(1 << unix.CAP_SYS_ADMIN)
haveBpfCap := (data[1].Permitted&capBpfMask != 0) || (data[0].Permitted&capSysAdminMask != 0)
if !haveBpfCap {
return fmt.Errorf("the current user does not have CAP_BPF to load bpf programs. Please run as root or use sudo or add the --privileged=true flag for Docker")
}
return nil
}
func detectEnv() error {
// 环境检测
if err := detectKernel(); err != nil {
return err
}
if err := detectBpfCap(); err != nil {
return err
}
return nil
}
================================================
FILE: cli/cmd/gnutls.go
================================================
//go:build !ecap_android
// +build !ecap_android
// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd
import (
"strings"
"github.com/spf13/cobra"
"github.com/gojue/ecapture/internal/factory"
gnutlsProbe "github.com/gojue/ecapture/internal/probe/gnutls"
)
var gnutlsConfig = gnutlsProbe.NewConfig()
// gnutlsCmd represents the gnutls command
// Now available on both Linux and Android (via Termux: pkg install gnutls)
var gnutlsCmd = &cobra.Command{
Use: "gnutls",
Aliases: []string{"gnu"},
Short: "capture gnutls text content without CA cert for gnutls libraries.",
Long: `use eBPF uprobe/TC to capture process event data.
ecapture gnutls
ecapture gnutls --hex --pid=3423
ecapture gnutls -l save.log --pid=3423
ecapture gnutls --gnutls=/lib/x86_64-linux-gnu/libgnutls.so
ecapture gnutls -m keylog -k ecapture_gnutls_key.log --ssl_version=3.7.9
ecapture gnutls -m pcap --pcapfile save.pcapng -i eth0 --gnutls=/lib/x86_64-linux-gnu/libgnutls.so tcp port 443
Android (Termux):
ecapture gnutls --gnutls=/data/data/com.termux/files/usr/lib/libgnutls.so
`,
RunE: gnuTlsCommandFunc,
}
func init() {
gnutlsCmd.PersistentFlags().StringVar(&gnutlsConfig.GnutlsPath, "gnutls", "", "libgnutls.so file path, will automatically find it from curl default.")
gnutlsCmd.PersistentFlags().StringVarP(&gnutlsConfig.CaptureMode, "model", "m", "text", "capture model, such as : text, pcap/pcapng, key/keylog")
gnutlsCmd.PersistentFlags().StringVarP(&gnutlsConfig.KeylogFile, "keylogfile", "k", "ecapture_gnutls_key.log", "The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file.")
gnutlsCmd.PersistentFlags().StringVarP(&gnutlsConfig.PcapFile, "pcapfile", "w", "save.pcapng", "write the raw packets to file as pcapng format.")
gnutlsCmd.PersistentFlags().StringVarP(&gnutlsConfig.Ifname, "ifname", "i", "", "(TC Classifier) Interface name on which the probe will be attached.")
gnutlsCmd.PersistentFlags().StringVar(&gnutlsConfig.GnuVersion, "ssl_version", "", "GnuTLS version, e.g: --ssl_version=\"3.7.9\"")
rootCmd.AddCommand(gnutlsCmd)
}
// gnuTlsCommandFunc executes the "gnutls" command using the new probe architecture.
func gnuTlsCommandFunc(command *cobra.Command, args []string) error {
if gnutlsConfig.PcapFilter == "" && len(args) != 0 {
gnutlsConfig.PcapFilter = strings.Join(args, " ")
}
// Set global config to gnutls-specific config
gnutlsConfig.SetPid(globalConf.Pid)
gnutlsConfig.SetUid(globalConf.Uid)
gnutlsConfig.SetDebug(globalConf.Debug)
gnutlsConfig.SetHex(globalConf.IsHex)
gnutlsConfig.SetBTF(globalConf.BtfMode)
gnutlsConfig.SetPerCpuMapSize(globalConf.PerCpuMapSize)
gnutlsConfig.SetTruncateSize(globalConf.TruncateSize)
// Run probe using the common entry point
return runProbe(factory.ProbeTypeGnuTLS, gnutlsConfig)
}
================================================
FILE: cli/cmd/gotls.go
================================================
// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd
import (
"strings"
"github.com/spf13/cobra"
"github.com/gojue/ecapture/internal/factory"
gotlsProbe "github.com/gojue/ecapture/internal/probe/gotls"
)
var gotlsConfig = gotlsProbe.NewConfig()
// gotlsCmd represents the gotls command
var gotlsCmd = &cobra.Command{
Use: "gotls",
Aliases: []string{"tlsgo"},
Short: "Capturing plaintext communication from Golang programs encrypted with TLS/HTTPS.",
Long: `Utilize eBPF uprobe/TC to capture both process event and network data, with added support for pcap-NG format.
ecapture gotls
ecapture gotls --elfpath=/home/cfc4n/go_https_client --hex --pid=3423
ecapture gotls -m keylog -k /tmp/ecap_gotls_key.log --elfpath=/home/cfc4n/go_https_client -l save.log --pid=3423
ecapture gotls -m pcap --pcapfile=save_android.pcapng -i wlan0 --elfpath=/home/cfc4n/go_https_client tcp port 443
`,
RunE: goTLSCommandFunc,
}
func init() {
gotlsCmd.PersistentFlags().StringVarP(&gotlsConfig.ElfPath, "elfpath", "e", "", "ELF path to binary built with Go toolchain.")
gotlsCmd.PersistentFlags().StringVarP(&gotlsConfig.PcapFile, "pcapfile", "w", "ecapture_gotls.pcapng", "write the raw packets to file as pcapng format.")
gotlsCmd.PersistentFlags().StringVarP(&gotlsConfig.CaptureMode, "model", "m", "text", "capture model, such as : text, pcap/pcapng, key/keylog")
gotlsCmd.PersistentFlags().StringVarP(&gotlsConfig.KeylogFile, "keylogfile", "k", "ecapture_gotls_key.log", "The file stores SSL/TLS keys, and eCapture captures these keys during encrypted traffic communication and saves them to the file.")
gotlsCmd.PersistentFlags().StringVarP(&gotlsConfig.Ifname, "ifname", "i", "", "(TC Classifier) Interface name on which the probe will be attached.")
rootCmd.AddCommand(gotlsCmd)
}
// goTLSCommandFunc executes the "gotls" command using the new probe architecture.
func goTLSCommandFunc(command *cobra.Command, args []string) error {
if gotlsConfig.PcapFilter == "" && len(args) != 0 {
gotlsConfig.PcapFilter = strings.Join(args, " ")
}
// Set global config from BaseConfig
gotlsConfig.SetPid(globalConf.Pid)
gotlsConfig.SetUid(globalConf.Uid)
gotlsConfig.SetDebug(globalConf.Debug)
gotlsConfig.SetHex(globalConf.IsHex)
gotlsConfig.SetBTF(globalConf.BtfMode)
gotlsConfig.SetPerCpuMapSize(globalConf.PerCpuMapSize)
gotlsConfig.SetTruncateSize(globalConf.TruncateSize)
// Run probe using the common entry point
return runProbe(factory.ProbeTypeGoTLS, gotlsConfig)
}
================================================
FILE: cli/cmd/mysqld.go
================================================
//go:build !ecap_android
// +build !ecap_android
// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd
import (
"github.com/spf13/cobra"
"github.com/gojue/ecapture/internal/factory"
mysqlProbe "github.com/gojue/ecapture/internal/probe/mysql"
)
var mysqlConfig = mysqlProbe.NewConfig()
// mysqldCmd represents the mysqld command
var mysqldCmd = &cobra.Command{
Use: "mysqld",
Short: "capture sql queries from mysqld 5.6/5.7/8.0 .",
Long: ` only support mysqld 5.6/5.7/8.0 and mariadDB 10.5+.
other version coming soon`,
RunE: mysqldCommandFunc,
}
func init() {
mysqldCmd.PersistentFlags().StringVarP(&mysqlConfig.MysqlPath, "mysqld", "m", "/usr/sbin/mariadbd", "mysqld binary file path, use to hook")
mysqldCmd.PersistentFlags().Uint64VarP(&mysqlConfig.Offset, "offset", "", 0, "0x710410")
mysqldCmd.PersistentFlags().StringVarP(&mysqlConfig.FuncName, "funcname", "f", "", "function name to hook")
rootCmd.AddCommand(mysqldCmd)
}
// mysqldCommandFunc executes the "mysqld" command using the new probe architecture.
func mysqldCommandFunc(command *cobra.Command, args []string) error {
// Set global config to mysql-specific config
mysqlConfig.SetPid(globalConf.Pid)
mysqlConfig.SetUid(globalConf.Uid)
mysqlConfig.SetDebug(globalConf.Debug)
mysqlConfig.SetHex(globalConf.IsHex)
mysqlConfig.SetBTF(globalConf.BtfMode)
mysqlConfig.SetPerCpuMapSize(globalConf.PerCpuMapSize)
mysqlConfig.SetTruncateSize(globalConf.TruncateSize)
// Run probe using the common entry point
return runProbe(factory.ProbeTypeMySQL, mysqlConfig)
}
================================================
FILE: cli/cmd/nss.go
================================================
//go:build !ecap_android
// +build !ecap_android
// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd
import (
"github.com/spf13/cobra"
"github.com/gojue/ecapture/internal/factory"
nsprProbe "github.com/gojue/ecapture/internal/probe/nspr"
)
var nsprConfig = nsprProbe.NewConfig()
// nssCmd represents the nspr command
var nssCmd = &cobra.Command{
Use: "nspr",
Aliases: []string{"nss"},
Short: "capture nss/nspr encrypted text content without CA cert for nss/nspr libraries.",
Long: `use eBPF uprobe/TC to capture process event data.
ecapture nspr
ecapture nspr --hex --pid=3423
ecapture nspr -l save.log --pid=3423
ecapture nspr --nspr=/lib/x86_64-linux-gnu/libnspr44.so
`,
RunE: nssCommandFunc,
}
func init() {
nssCmd.PersistentFlags().StringVar(&nsprConfig.NSPRPath, "nspr", "", "libnspr44.so file path, will automatically find it from curl default.")
rootCmd.AddCommand(nssCmd)
}
// nssCommandFunc executes the "nspr" command using the new probe architecture.
func nssCommandFunc(command *cobra.Command, args []string) error {
// Set global config from BaseConfig
nsprConfig.Pid = globalConf.Pid
// Run probe using the common entry point
return runProbe(factory.ProbeTypeNSPR, nsprConfig)
}
================================================
FILE: cli/cmd/postgres.go
================================================
//go:build !ecap_android
// +build !ecap_android
// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd
import (
"github.com/spf13/cobra"
"github.com/gojue/ecapture/internal/factory"
postgresProbe "github.com/gojue/ecapture/internal/probe/postgres"
)
var postgresConfig = postgresProbe.NewConfig()
// postgres Cmd represents the postgres command
var postgresCmd = &cobra.Command{
Use: "postgres",
Short: "capture sql queries from postgres 10+.",
RunE: postgresCommandFunc,
}
func init() {
postgresCmd.PersistentFlags().StringVarP(&postgresConfig.PostgresPath, "postgres", "m", "/usr/bin/postgres", "postgres binary file path, use to hook")
postgresCmd.PersistentFlags().StringVarP(&postgresConfig.FuncName, "funcname", "f", "", "function name to hook")
rootCmd.AddCommand(postgresCmd)
}
// postgres CommandFunc executes the "psql" command using the new probe architecture.
func postgresCommandFunc(command *cobra.Command, args []string) error {
// Set global config to postgres-specific config
postgresConfig.SetPid(globalConf.Pid)
postgresConfig.SetUid(globalConf.Uid)
postgresConfig.SetDebug(globalConf.Debug)
postgresConfig.SetHex(globalConf.IsHex)
postgresConfig.SetBTF(globalConf.BtfMode)
postgresConfig.SetPerCpuMapSize(globalConf.PerCpuMapSize)
postgresConfig.SetTruncateSize(globalConf.TruncateSize)
// Run probe using the common entry point
return runProbe(factory.ProbeTypePostgres, postgresConfig)
}
================================================
FILE: cli/cmd/root.go
================================================
// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd
import (
"context"
"errors"
"fmt"
"io"
"net"
"net/url"
"os"
"os/signal"
"strings"
"syscall"
"time"
"github.com/gojue/ecapture/internal/config"
"github.com/gojue/ecapture/pkg/ecaptureq"
"github.com/rs/zerolog"
"github.com/spf13/cobra"
"github.com/gojue/ecapture/cli/cobrautl"
"github.com/gojue/ecapture/cli/http"
"github.com/gojue/ecapture/internal/domain"
"github.com/gojue/ecapture/internal/factory"
"github.com/gojue/ecapture/pkg/util/roratelog"
"github.com/gojue/ecapture/pkg/util/ws"
)
const (
CliName = "eCapture"
CliNameZh = "旁观者"
CliDescription = "Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
CliHomepage = "https://ecapture.cc"
CliAuthor = "CFC4N <cfc4ncs@gmail.com>"
CliGithubRepo = "https://github.com/gojue/ecapture"
)
var (
// GitVersion default value, eg: linux_arm64:v0.8.10-20241116-fcddaeb:5.15.0-125-generic
GitVersion = "os_arch:v2.0.0-20260101-develop:default_kernel"
rorateSize = uint16(0)
rorateTime = uint16(0)
)
const (
defaultPid uint64 = 0
defaultUid uint64 = 0
defaultTruncateSize uint64 = 0
)
const (
loggerTypeStdout uint8 = 0
loggerTypeFile uint8 = 1
loggerTypeTcp uint8 = 2
loggerTypeWebsocket uint8 = 3
)
// ListenPort1 or ListenPort2 are the default ports for the http server.
const (
configUpdateAddr = "localhost:28256"
)
// CLIConfig extends BaseConfig with CLI-specific fields
type CLIConfig struct {
config.BaseConfig
LoggerAddr string
EventCollectorAddr string
EcaptureQ string
Listen string
AddrType uint8 // 用于存储日志地址类型
}
// GetDebug returns whether debug mode is enabled
func (c *CLIConfig) GetDebug() bool {
return c.Debug
}
// SetAddrType sets the logger address type
func (c *CLIConfig) SetAddrType(t uint8) {
c.AddrType = t
}
// GetAddrType returns the logger address type
func (c *CLIConfig) GetAddrType() uint8 {
return c.AddrType
}
var globalConf = CLIConfig{}
var modConfig = &globalConf // alias for backward compatibility
var rootCmd = &cobra.Command{
Use: CliName,
Short: CliDescription,
SuggestFor: []string{"ecapture"},
Long: `eCapture(旁观者) is a tool that can capture plaintext packets
such as HTTPS and TLS without installing a CA certificate.
It can also capture bash commands, which is suitable for
security auditing scenarios, such as database auditing of mysqld, etc (disabled on Android).
Support Linux(Android) X86_64 4.18/aarch64 5.5 or newer.
Repository: https://github.com/gojue/ecapture
HomePage: https://ecapture.cc
Usage:
ecapture tls -h
ecapture bash -h
Docker usage:
docker pull gojue/ecapture:latest
docker run --rm --privileged=true --net=host -v ${HOST_PATH}:${CONTAINER_PATH} gojue/ecapture -h
`,
// Uncomment the following line if your bare application
// has an action associated with it:
// Run: func(cmd *cobra.Command, args []string) { },
PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
if err := detectEnv(); err != nil {
return err
}
return nil
},
}
func usageFunc(c *cobra.Command) error {
return cobrautl.UsageFunc(c, GitVersion)
}
// Execute adds all child commands to the root command and sets flags appropriately.
// This is called by main.main(). It only needs to happen once to the rootCmd.
func Execute() {
rootCmd.SetUsageFunc(usageFun
gitextract_64e4skmz/ ├── .github/ │ ├── ISSUE_TEMPLATE/ │ │ └── bug_report.md │ ├── agents/ │ │ └── pr-agent.md │ └── workflows/ │ ├── android_e2e.yml │ ├── codeql-analysis.yml │ ├── e2e.yml │ ├── go-c-cpp.yml │ ├── pr_build_debug.yml │ ├── pr_build_debug_comment.yml │ └── release.yml ├── .gitignore ├── .gitmodules ├── .golangci.yml ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README-zh_Hans.md ├── README.md ├── SECURITY.md ├── assets/ │ └── ebpf_probe_stub.go ├── builder/ │ ├── Dockerfile │ ├── Makefile.release │ ├── init_env.sh │ └── rpmBuild.spec ├── bytecode/ │ └── .gitkeep ├── cli/ │ ├── LICENSE │ ├── cmd/ │ │ ├── bash.go │ │ ├── ecaptureq.go │ │ ├── env_detection.go │ │ ├── gnutls.go │ │ ├── gotls.go │ │ ├── mysqld.go │ │ ├── nss.go │ │ ├── postgres.go │ │ ├── root.go │ │ ├── tls.go │ │ ├── upgrade.go │ │ └── zsh.go │ ├── cobrautl/ │ │ └── help.go │ ├── http/ │ │ ├── config_factory.go │ │ ├── config_factory_ecandroid.go │ │ ├── config_factory_linux.go │ │ ├── logger.go │ │ ├── resp.go │ │ ├── server.go │ │ └── status_string.go │ └── main.go ├── dist/ │ └── .gitkeep ├── docs/ │ ├── README.md │ ├── beta-release-guide.md │ ├── compilation-zh_Hans.md │ ├── compilation.md │ ├── e2e-tests.md │ ├── event-forward-api-zh_Hans.md │ ├── event-forward-api.md │ ├── event-forward.md │ ├── refactoring-guide.md │ ├── remote-config-update-api-zh_Hans.md │ └── remote-config-update-api.md ├── examples/ │ ├── ecaptureq_client/ │ │ ├── README.md │ │ ├── TESTING.md │ │ ├── go.mod │ │ ├── go.sum │ │ └── main.go │ └── https_client/ │ ├── golang_https.go │ ├── node_https.js │ └── python3_https.py ├── functions.mk ├── go.mod ├── go.sum ├── internal/ │ ├── README.md │ ├── builder/ │ │ ├── config_builder.go │ │ └── config_builder_test.go │ ├── config/ │ │ ├── base_config.go │ │ └── base_config_test.go │ ├── domain/ │ │ ├── configuration.go │ │ ├── event.go │ │ └── probe.go │ ├── errors/ │ │ ├── errors.go │ │ └── errors_test.go │ ├── events/ │ │ ├── dispatcher.go │ │ └── dispatcher_test.go │ ├── factory/ │ │ ├── probe_factory.go │ │ └── probe_factory_test.go │ ├── logger/ │ │ └── logger.go │ ├── output/ │ │ ├── encoders/ │ │ │ ├── encoder.go │ │ │ ├── json_encoder.go │ │ │ ├── plain_encoder.go │ │ │ └── protobuf_encoder.go │ │ └── writers/ │ │ ├── factory.go │ │ ├── file_writer.go │ │ ├── keylog_writer.go │ │ ├── logger_writer.go │ │ ├── pcap_writer.go │ │ ├── stdout_writer.go │ │ ├── tcp_writer.go │ │ ├── websocket_writer.go │ │ └── writer.go │ └── probe/ │ ├── base/ │ │ ├── base_probe.go │ │ ├── base_probe_test.go │ │ └── handlers/ │ │ ├── handlers.go │ │ ├── keylog_handler.go │ │ ├── keylog_handler_dedup_test.go │ │ ├── keylog_handler_test.go │ │ ├── pcap_handler.go │ │ ├── pcap_handler_test.go │ │ ├── text_handler.go │ │ └── text_handler_test.go │ ├── bash/ │ │ ├── bash_probe.go │ │ ├── bash_test.go │ │ ├── config.go │ │ ├── event.go │ │ └── register.go │ ├── gnutls/ │ │ ├── config.go │ │ ├── config_test.go │ │ ├── event.go │ │ ├── event_masterkey.go │ │ ├── gnutls_probe.go │ │ ├── gnutls_probe_test.go │ │ └── register.go │ ├── gotls/ │ │ ├── config.go │ │ ├── config_symbol.go │ │ ├── config_symbol_test.go │ │ ├── config_test.go │ │ ├── event.go │ │ ├── event_masterkey.go │ │ ├── event_packet.go │ │ ├── go_instructions_amd64.go │ │ ├── go_instructions_arm64.go │ │ ├── gotls_probe.go │ │ ├── gotls_probe_test.go │ │ └── register.go │ ├── mysql/ │ │ ├── config.go │ │ ├── event.go │ │ ├── mysql_probe.go │ │ ├── mysql_test.go │ │ └── register.go │ ├── nspr/ │ │ ├── config.go │ │ ├── config_test.go │ │ ├── event.go │ │ ├── event_masterkey.go │ │ ├── nspr_probe.go │ │ ├── nspr_probe_test.go │ │ └── register.go │ ├── openssl/ │ │ ├── config.go │ │ ├── config_ecandroid.go │ │ ├── config_linux.go │ │ ├── config_test.go │ │ ├── event.go │ │ ├── event_connect.go │ │ ├── event_connect_test.go │ │ ├── event_masterkey.go │ │ ├── event_packet.go │ │ ├── event_test.go │ │ ├── libs.go │ │ ├── openssl_probe.go │ │ ├── openssl_probe_test.go │ │ └── register.go │ ├── postgres/ │ │ ├── config.go │ │ ├── event.go │ │ ├── postgres_probe.go │ │ ├── postgres_test.go │ │ └── register.go │ └── zsh/ │ ├── config.go │ ├── event.go │ ├── register.go │ ├── zsh_probe.go │ └── zsh_test.go ├── kern/ │ ├── README.md │ ├── bash_kern.c │ ├── boringssl_a_13_kern.c │ ├── boringssl_a_14_kern.c │ ├── boringssl_a_15_kern.c │ ├── boringssl_a_16_kern.c │ ├── boringssl_const.h │ ├── boringssl_masterkey.h │ ├── boringssl_na_kern.c │ ├── bpf/ │ │ ├── arm64/ │ │ │ └── vmlinux_614.h │ │ ├── bpf_core_read.h │ │ ├── bpf_endian.h │ │ ├── bpf_helper_defs.h │ │ ├── bpf_helpers.h │ │ ├── bpf_tracing.h │ │ └── x86/ │ │ ├── .gitkeep │ │ └── vmlinux_614.h │ ├── common.h │ ├── core_fixes.bpf.h │ ├── ecapture.h │ ├── gnutls.h │ ├── gnutls_3_6_12_kern.c │ ├── gnutls_3_6_13_kern.c │ ├── gnutls_3_7_0_kern.c │ ├── gnutls_3_7_3_kern.c │ ├── gnutls_3_7_7_kern.c │ ├── gnutls_3_8_4_kern.c │ ├── gnutls_3_8_7_kern.c │ ├── gnutls_masterkey.h │ ├── go_argument.h │ ├── gotls_kern.c │ ├── mysqld_kern.c │ ├── nspr_kern.c │ ├── openssl.h │ ├── openssl_1_0_2a_kern.c │ ├── openssl_1_1_0a_kern.c │ ├── openssl_1_1_1a_kern.c │ ├── openssl_1_1_1b_kern.c │ ├── openssl_1_1_1d_kern.c │ ├── openssl_1_1_1j_kern.c │ ├── openssl_3_0_0_kern.c │ ├── openssl_3_0_12_kern.c │ ├── openssl_3_1_0_kern.c │ ├── openssl_3_2_0_kern.c │ ├── openssl_3_2_3_kern.c │ ├── openssl_3_2_4_kern.c │ ├── openssl_3_3_0_kern.c │ ├── openssl_3_3_2_kern.c │ ├── openssl_3_3_3_kern.c │ ├── openssl_3_4_0_kern.c │ ├── openssl_3_4_1_kern.c │ ├── openssl_3_5_0_kern.c │ ├── openssl_masterkey.h │ ├── openssl_masterkey_3.0.h │ ├── openssl_masterkey_3.2.h │ ├── postgres_kern.c │ ├── tc.h │ └── zsh_kern.c ├── main.go ├── pkg/ │ ├── ecaptureq/ │ │ ├── README.md │ │ ├── client.go │ │ ├── hub.go │ │ └── server.go │ ├── event_processor/ │ │ ├── base_event.go │ │ ├── event.go │ │ ├── http2_request.go │ │ ├── http2_request_test.go │ │ ├── http2_response.go │ │ ├── http2_response_test.go │ │ ├── http_request.go │ │ ├── http_response.go │ │ ├── http_response_test.go │ │ ├── iparser.go │ │ ├── iworker.go │ │ ├── processor.go │ │ ├── processor_test.go │ │ └── testdata/ │ │ └── all.json │ ├── proc/ │ │ ├── go_elf/ │ │ │ ├── eprint.go │ │ │ └── gccgo.go │ │ ├── proc.go │ │ └── proc_test.go │ ├── upgrade/ │ │ ├── github_response.go │ │ ├── upgrade.go │ │ └── upgrade_test.go │ └── util/ │ ├── ebpf/ │ │ ├── bpf.go │ │ ├── bpf_ecandroid.go │ │ ├── bpf_linux.go │ │ ├── bpf_test.go │ │ ├── elibpcap.go │ │ ├── elibpcap_stub.go │ │ └── parse.go │ ├── ethernet/ │ │ └── trailer.go │ ├── hkdf/ │ │ ├── hkdf.go │ │ └── hkdf_test.go │ ├── kernel/ │ │ ├── kernel_version.go │ │ ├── kernel_version_unsupport.go │ │ └── version.go │ ├── roratelog/ │ │ └── rorate.go │ └── ws/ │ ├── client.go │ ├── client_test.go │ ├── server.go │ └── server_test.go ├── protobuf/ │ ├── PROTOCOLS-zh_Hans.md │ ├── PROTOCOLS.md │ ├── README-zh_Hans.md │ ├── README.md │ ├── gen/ │ │ └── v1/ │ │ └── ecaptureq.pb.go │ └── proto/ │ └── v1/ │ └── ecaptureq.proto ├── test/ │ ├── e2e/ │ │ ├── IMPLEMENTATION_STATUS.md │ │ ├── QUICK_REFERENCE.md │ │ ├── README.md │ │ ├── android/ │ │ │ ├── android_bash_e2e_test.sh │ │ │ ├── android_gotls_e2e_test.sh │ │ │ ├── android_tls_e2e_test.sh │ │ │ ├── build_android_tests.sh │ │ │ ├── common_android.sh │ │ │ ├── run_android_e2e_tests.sh │ │ │ └── setup_android_env.sh │ │ ├── bash_advanced_test.sh │ │ ├── bash_e2e_test.sh │ │ ├── common.sh │ │ ├── edge_cases_test.sh │ │ ├── gnutls_e2e_test.sh │ │ ├── go_https_client.go │ │ ├── gotls_advanced_test.sh │ │ ├── gotls_e2e_test.sh │ │ ├── mysql_advanced_test.sh │ │ ├── mysql_e2e_test.sh │ │ ├── postgres_e2e_test.sh │ │ ├── run_e2e.sh │ │ ├── tls_e2e_test.sh │ │ ├── tls_keylog_advanced_test.sh │ │ ├── tls_pcap_advanced_test.sh │ │ ├── tls_text_advanced_test.sh │ │ └── zsh_e2e_test.sh │ └── issue_463/ │ ├── Makefile │ ├── main.c │ └── readme.md ├── tools/ │ └── check_dsb.go ├── utils/ │ ├── boringssl-offset.c │ ├── boringssl_android_offset.sh │ ├── boringssl_non_android_offset.sh │ ├── ecapture.lua │ ├── gnutls_offset.c │ ├── gnutls_offset.sh │ ├── openssl_1_0_2_offset.c │ ├── openssl_1_1_0_offset.c │ ├── openssl_1_1_1_offset.c │ ├── openssl_3_0_offset.c │ ├── openssl_3_2_0_offset.c │ ├── openssl_3_5_0_offset.c │ ├── openssl_offset_1.0.2.sh │ ├── openssl_offset_1.1.0.sh │ ├── openssl_offset_1.1.1.sh │ ├── openssl_offset_3.0.sh │ ├── openssl_offset_3.1.sh │ ├── openssl_offset_3.2.sh │ ├── openssl_offset_3.3.sh │ ├── openssl_offset_3.4.sh │ ├── openssl_offset_3.5.sh │ └── protobuf_visualizer/ │ ├── README.md │ ├── README_CN.md │ └── pb_debugger.go └── variables.mk
Showing preview only (2,970K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (44077 symbols across 199 files)
FILE: assets/ebpf_probe_stub.go
function Asset (line 29) | func Asset(name string) ([]byte, error) {
function AssetNames (line 34) | func AssetNames() []string {
FILE: cli/cmd/bash.go
function init (line 35) | func init() {
function bashCommandFunc (line 43) | func bashCommandFunc(command *cobra.Command, args []string) error {
FILE: cli/cmd/ecaptureq.go
type ecaptureQLogWriter (line 22) | type ecaptureQLogWriter struct
method Write (line 26) | func (eew ecaptureQLogWriter) Write(data []byte) (n int, e error) {
type ecaptureQEventWriter (line 30) | type ecaptureQEventWriter struct
method Write (line 34) | func (eew ecaptureQEventWriter) Write(data []byte) (n int, e error) {
FILE: cli/cmd/env_detection.go
function detectKernel (line 26) | func detectKernel() error {
function detectBpfCap (line 47) | func detectBpfCap() error {
function detectEnv (line 66) | func detectEnv() error {
FILE: cli/cmd/gnutls.go
function init (line 51) | func init() {
function gnuTlsCommandFunc (line 62) | func gnuTlsCommandFunc(command *cobra.Command, args []string) error {
FILE: cli/cmd/gotls.go
function init (line 42) | func init() {
function goTLSCommandFunc (line 52) | func goTLSCommandFunc(command *cobra.Command, args []string) error {
FILE: cli/cmd/mysqld.go
function init (line 39) | func init() {
function mysqldCommandFunc (line 47) | func mysqldCommandFunc(command *cobra.Command, args []string) error {
FILE: cli/cmd/nss.go
function init (line 43) | func init() {
function nssCommandFunc (line 49) | func nssCommandFunc(command *cobra.Command, args []string) error {
FILE: cli/cmd/postgres.go
function init (line 36) | func init() {
function postgresCommandFunc (line 43) | func postgresCommandFunc(command *cobra.Command, args []string) error {
FILE: cli/cmd/root.go
constant CliName (line 45) | CliName = "eCapture"
constant CliNameZh (line 46) | CliNameZh = "旁观者"
constant CliDescription (line 47) | CliDescription = "Capturing SSL/TLS plaintext without a CA certificate u...
constant CliHomepage (line 48) | CliHomepage = "https://ecapture.cc"
constant CliAuthor (line 49) | CliAuthor = "CFC4N <cfc4ncs@gmail.com>"
constant CliGithubRepo (line 50) | CliGithubRepo = "https://github.com/gojue/ecapture"
constant defaultPid (line 61) | defaultPid uint64 = 0
constant defaultUid (line 62) | defaultUid uint64 = 0
constant defaultTruncateSize (line 63) | defaultTruncateSize uint64 = 0
constant loggerTypeStdout (line 67) | loggerTypeStdout uint8 = 0
constant loggerTypeFile (line 68) | loggerTypeFile uint8 = 1
constant loggerTypeTcp (line 69) | loggerTypeTcp uint8 = 2
constant loggerTypeWebsocket (line 70) | loggerTypeWebsocket uint8 = 3
constant configUpdateAddr (line 75) | configUpdateAddr = "localhost:28256"
type CLIConfig (line 79) | type CLIConfig struct
method GetDebug (line 89) | func (c *CLIConfig) GetDebug() bool {
method SetAddrType (line 94) | func (c *CLIConfig) SetAddrType(t uint8) {
method GetAddrType (line 99) | func (c *CLIConfig) GetAddrType() uint8 {
function usageFunc (line 139) | func usageFunc(c *cobra.Command) error {
function Execute (line 145) | func Execute() {
function init (line 158) | func init() {
function initLogger (line 179) | func initLogger(addr string, isDebug bool, isRorate bool) (zerolog.Logge...
function runProbe (line 248) | func runProbe(probeType factory.ProbeType, probeConfig domain.Configurat...
FILE: cli/cmd/tls.go
function init (line 50) | func init() {
function openSSLCommandFunc (line 61) | func openSSLCommandFunc(command *cobra.Command, args []string) error {
FILE: cli/cmd/upgrade.go
constant urlReleases (line 15) | urlReleases = "https://api.github.com/repos/gojue"
constant urlReleasesCN (line 16) | urlReleasesCN = "https://image.cnxct.com"
constant apiReleases (line 17) | apiReleases string = "/ecapture/releases/latest"
function upgradeCheck (line 24) | func upgradeCheck(ctx context.Context) (string, string, error) {
function byteToString (line 74) | func byteToString(b []byte) string {
FILE: cli/cmd/zsh.go
function init (line 38) | func init() {
function zshCommandFunc (line 45) | func zshCommandFunc(command *cobra.Command, args []string) error {
FILE: cli/cobrautl/help.go
function init (line 50) | func init() {
function ecaptureFlagUsages (line 99) | func ecaptureFlagUsages(flagSet *pflag.FlagSet) string {
function getSubCommands (line 132) | func getSubCommands(cmd *cobra.Command) []*cobra.Command {
function UsageFunc (line 141) | func UsageFunc(cmd *cobra.Command, version string) error {
function getTabOutWithWriter (line 164) | func getTabOutWithWriter(writer io.Writer) *tabwriter.Writer {
FILE: cli/http/config_factory.go
function createOpensslConfig (line 27) | func createOpensslConfig(c *gin.Context) (domain.Configuration, error) {
function createGotlsConfig (line 36) | func createGotlsConfig(c *gin.Context) (domain.Configuration, error) {
function createBashConfig (line 45) | func createBashConfig(c *gin.Context) (domain.Configuration, error) {
FILE: cli/http/config_factory_ecandroid.go
function createGnutlsConfig (line 29) | func createGnutlsConfig(c *gin.Context) (domain.Configuration, error) {
function createNsprConfig (line 34) | func createNsprConfig(c *gin.Context) (domain.Configuration, error) {
function createMysqlConfig (line 39) | func createMysqlConfig(c *gin.Context) (domain.Configuration, error) {
function createPostgresConfig (line 44) | func createPostgresConfig(c *gin.Context) (domain.Configuration, error) {
FILE: cli/http/config_factory_linux.go
function createGnutlsConfig (line 31) | func createGnutlsConfig(c *gin.Context) (domain.Configuration, error) {
function createNsprConfig (line 40) | func createNsprConfig(c *gin.Context) (domain.Configuration, error) {
function createMysqlConfig (line 49) | func createMysqlConfig(c *gin.Context) (domain.Configuration, error) {
function createPostgresConfig (line 58) | func createPostgresConfig(c *gin.Context) (domain.Configuration, error) {
FILE: cli/http/logger.go
type ErrLogger (line 23) | type ErrLogger struct
method Write (line 27) | func (el *ErrLogger) Write(p []byte) (n int, err error) {
type InfoLogger (line 32) | type InfoLogger struct
method Write (line 36) | func (el *InfoLogger) Write(p []byte) (n int, err error) {
type DebugLogger (line 41) | type DebugLogger struct
method Write (line 45) | func (el *DebugLogger) Write(p []byte) (n int, err error) {
FILE: cli/http/resp.go
type Status (line 18) | type Status
constant RespOK (line 21) | RespOK Status = iota
constant RespErrorInvaildRequest (line 22) | RespErrorInvaildRequest
constant RespErrorInternalServer (line 23) | RespErrorInternalServer
constant RespErrorNotFound (line 24) | RespErrorNotFound
constant RespConfigDecodeFailed (line 25) | RespConfigDecodeFailed
constant RespConfigCheckFailed (line 26) | RespConfigCheckFailed
constant RespSendToChanFailed (line 27) | RespSendToChanFailed
type Resp (line 30) | type Resp struct
FILE: cli/http/server.go
type HttpServer (line 26) | type HttpServer struct
method attachEndpoints (line 57) | func (hs *HttpServer) attachEndpoints() {
method Run (line 76) | func (hs HttpServer) Run() error {
method Tls (line 80) | func (hs *HttpServer) Tls(c *gin.Context) {
method Gnutls (line 84) | func (hs *HttpServer) Gnutls(c *gin.Context) {
method Mysqld (line 88) | func (hs *HttpServer) Mysqld(c *gin.Context) {
method Postgress (line 92) | func (hs *HttpServer) Postgress(c *gin.Context) {
method Gotls (line 96) | func (hs *HttpServer) Gotls(c *gin.Context) {
method Nss (line 100) | func (hs *HttpServer) Nss(c *gin.Context) {
method Bash (line 104) | func (hs *HttpServer) Bash(c *gin.Context) {
method decodeConf (line 108) | func (hs *HttpServer) decodeConf(c *gin.Context, probeType string) {
function NewHttpServer (line 38) | func NewHttpServer(addr string, confChan chan domain.Configuration, zero...
FILE: cli/http/status_string.go
function _ (line 7) | func _() {
constant _Status_name (line 20) | _Status_name = "RespOKRespErrorInvaildRequestRespErrorInternalServerResp...
method String (line 24) | func (i Status) String() string {
FILE: cli/main.go
function Start (line 21) | func Start() {
FILE: examples/ecaptureq_client/main.go
constant printableThreshold (line 36) | printableThreshold = 0.9
function main (line 44) | func main() {
function receiveMessages (line 77) | func receiveMessages(ws *websocket.Conn) {
function handleLogEntry (line 99) | func handleLogEntry(logEntry *pb.LogEntry) {
function handleHeartbeat (line 112) | func handleHeartbeat(logEntry *pb.LogEntry) {
function handleProcessLog (line 127) | func handleProcessLog(logEntry *pb.LogEntry) {
function handleEvent (line 132) | func handleEvent(logEntry *pb.LogEntry) {
function isPrintable (line 202) | func isPrintable(data []byte) bool {
function printHexDump (line 219) | func printHexDump(data []byte) {
FILE: examples/https_client/golang_https.go
function main (line 21) | func main() {
function GetHttp (line 31) | func GetHttp(url string) (body []byte, err error) {
FILE: examples/https_client/node_https.js
function httpsGet (line 3) | async function httpsGet(hostname, path, headers) {
FILE: internal/builder/config_builder.go
type ConfigBuilder (line 22) | type ConfigBuilder struct
method WithPid (line 34) | func (b *ConfigBuilder) WithPid(pid uint64) *ConfigBuilder {
method WithUid (line 40) | func (b *ConfigBuilder) WithUid(uid uint64) *ConfigBuilder {
method WithDebug (line 46) | func (b *ConfigBuilder) WithDebug(debug bool) *ConfigBuilder {
method WithHex (line 52) | func (b *ConfigBuilder) WithHex(hex bool) *ConfigBuilder {
method WithBTF (line 58) | func (b *ConfigBuilder) WithBTF(mode uint8) *ConfigBuilder {
method WithByteCodeFileMode (line 64) | func (b *ConfigBuilder) WithByteCodeFileMode(mode uint8) *ConfigBuilder {
method WithPerCpuMapSize (line 70) | func (b *ConfigBuilder) WithPerCpuMapSize(size int) *ConfigBuilder {
method WithTruncateSize (line 76) | func (b *ConfigBuilder) WithTruncateSize(size uint64) *ConfigBuilder {
method Build (line 82) | func (b *ConfigBuilder) Build() (*config.BaseConfig, error) {
method MustBuild (line 91) | func (b *ConfigBuilder) MustBuild() *config.BaseConfig {
function NewConfigBuilder (line 27) | func NewConfigBuilder() *ConfigBuilder {
FILE: internal/builder/config_builder_test.go
function TestNewConfigBuilder (line 23) | func TestNewConfigBuilder(t *testing.T) {
function TestConfigBuilderFluentAPI (line 35) | func TestConfigBuilderFluentAPI(t *testing.T) {
function TestConfigBuilderInvalidConfig (line 71) | func TestConfigBuilderInvalidConfig(t *testing.T) {
function TestConfigBuilderMustBuild (line 82) | func TestConfigBuilderMustBuild(t *testing.T) {
function TestConfigBuilderMustBuildPanic (line 94) | func TestConfigBuilderMustBuildPanic(t *testing.T) {
FILE: internal/config/base_config.go
constant BTFModeAutoDetect (line 27) | BTFModeAutoDetect = 0
constant BTFModeCore (line 28) | BTFModeCore = 1
constant BTFModeNonCore (line 29) | BTFModeNonCore = 2
constant ByteCodeFileAll (line 34) | ByteCodeFileAll = 0
constant ByteCodeFileCore (line 35) | ByteCodeFileCore = 1
constant ByteCodeFileNonCore (line 36) | ByteCodeFileNonCore = 2
constant DefaultMapSizePerCpu (line 40) | DefaultMapSizePerCpu = 8 * 1024 * 1024
type BaseConfig (line 43) | type BaseConfig struct
method Validate (line 79) | func (c *BaseConfig) Validate() error {
method GetPid (line 93) | func (c *BaseConfig) GetPid() uint64 {
method GetUid (line 98) | func (c *BaseConfig) GetUid() uint64 {
method GetDebug (line 103) | func (c *BaseConfig) GetDebug() bool {
method GetHex (line 108) | func (c *BaseConfig) GetHex() bool {
method GetBTF (line 113) | func (c *BaseConfig) GetBTF() uint8 {
method GetPerCpuMapSize (line 118) | func (c *BaseConfig) GetPerCpuMapSize() int {
method GetTruncateSize (line 123) | func (c *BaseConfig) GetTruncateSize() uint64 {
method GetByteCodeFileMode (line 128) | func (c *BaseConfig) GetByteCodeFileMode() uint8 {
method EnableGlobalVar (line 133) | func (c *BaseConfig) EnableGlobalVar() bool {
method Bytes (line 142) | func (c *BaseConfig) Bytes() []byte {
method SetPid (line 151) | func (c *BaseConfig) SetPid(pid uint64) {
method SetUid (line 156) | func (c *BaseConfig) SetUid(uid uint64) {
method SetDebug (line 161) | func (c *BaseConfig) SetDebug(debug bool) {
method SetHex (line 166) | func (c *BaseConfig) SetHex(hex bool) {
method SetBTF (line 171) | func (c *BaseConfig) SetBTF(mode uint8) {
method SetByteCodeFileMode (line 176) | func (c *BaseConfig) SetByteCodeFileMode(mode uint8) {
method SetPerCpuMapSize (line 181) | func (c *BaseConfig) SetPerCpuMapSize(size int) {
method SetTruncateSize (line 186) | func (c *BaseConfig) SetTruncateSize(size uint64) {
method GetLoggerAddr (line 191) | func (c *BaseConfig) GetLoggerAddr() string {
method SetLoggerAddr (line 196) | func (c *BaseConfig) SetLoggerAddr(addr string) {
method GetEventCollectorAddr (line 201) | func (c *BaseConfig) GetEventCollectorAddr() string {
method SetEventCollectorAddr (line 206) | func (c *BaseConfig) SetEventCollectorAddr(addr string) {
method GetEcaptureQ (line 211) | func (c *BaseConfig) GetEcaptureQ() string {
method SetEcaptureQ (line 216) | func (c *BaseConfig) SetEcaptureQ(addr string) {
method GetListen (line 221) | func (c *BaseConfig) GetListen() string {
method SetListen (line 226) | func (c *BaseConfig) SetListen(addr string) {
method GetAddrType (line 231) | func (c *BaseConfig) GetAddrType() uint8 {
method SetAddrType (line 236) | func (c *BaseConfig) SetAddrType(t uint8) {
function NewBaseConfig (line 60) | func NewBaseConfig() *BaseConfig {
FILE: internal/config/base_config_test.go
function TestNewBaseConfig (line 21) | func TestNewBaseConfig(t *testing.T) {
function TestBaseConfigValidate (line 33) | func TestBaseConfigValidate(t *testing.T) {
function TestBaseConfigGettersSetters (line 79) | func TestBaseConfigGettersSetters(t *testing.T) {
function TestBaseConfigBytes (line 119) | func TestBaseConfigBytes(t *testing.T) {
FILE: internal/domain/configuration.go
type Configuration (line 18) | type Configuration interface
FILE: internal/domain/event.go
type EventType (line 20) | type EventType
constant EventTypeOutput (line 24) | EventTypeOutput EventType = iota
constant EventTypeModuleData (line 27) | EventTypeModuleData
constant EventTypeProcessor (line 30) | EventTypeProcessor
type Event (line 34) | type Event interface
type EventHandler (line 58) | type EventHandler interface
type EventDispatcher (line 70) | type EventDispatcher interface
FILE: internal/domain/probe.go
type Probe (line 26) | type Probe interface
type EventDecoder (line 52) | type EventDecoder interface
FILE: internal/errors/errors.go
type ErrorCode (line 22) | type ErrorCode
constant ErrCodeUnknown (line 26) | ErrCodeUnknown ErrorCode = iota
constant ErrCodeConfiguration (line 29) | ErrCodeConfiguration ErrorCode = 101
constant ErrCodeConfigValidation (line 30) | ErrCodeConfigValidation
constant ErrCodeConfigMissing (line 31) | ErrCodeConfigMissing
constant ErrCodeProbeInit (line 34) | ErrCodeProbeInit ErrorCode = 201
constant ErrCodeProbeStart (line 35) | ErrCodeProbeStart
constant ErrCodeProbeStop (line 36) | ErrCodeProbeStop
constant ErrCodeProbeClose (line 37) | ErrCodeProbeClose
constant ErrCodeEventDecode (line 40) | ErrCodeEventDecode ErrorCode = 301
constant ErrCodeEventDispatch (line 41) | ErrCodeEventDispatch
constant ErrCodeEventValidation (line 42) | ErrCodeEventValidation
constant ErrCodeEventNotReady (line 43) | ErrCodeEventNotReady
constant ErrCodeEBPFLoad (line 46) | ErrCodeEBPFLoad ErrorCode = 401
constant ErrCodeEBPFAttach (line 47) | ErrCodeEBPFAttach
constant ErrCodeEBPFMapAccess (line 48) | ErrCodeEBPFMapAccess
constant ErrCodeResourceNotFound (line 51) | ErrCodeResourceNotFound ErrorCode = 501
constant ErrCodeResourceAllocation (line 52) | ErrCodeResourceAllocation
constant ErrCodeResourceCleanup (line 53) | ErrCodeResourceCleanup
type Error (line 57) | type Error struct
method Error (line 65) | func (e *Error) Error() string {
method Unwrap (line 73) | func (e *Error) Unwrap() error {
method WithContext (line 78) | func (e *Error) WithContext(key string, value any) *Error {
function New (line 87) | func New(code ErrorCode, message string) *Error {
function Wrap (line 96) | func Wrap(code ErrorCode, message string, cause error) *Error {
function NewConfigurationError (line 108) | func NewConfigurationError(message string, cause error) *Error {
function NewProbeInitError (line 113) | func NewProbeInitError(probeName string, cause error) *Error {
function NewProbeStartError (line 118) | func NewProbeStartError(probeName string, cause error) *Error {
function NewProbeStopError (line 123) | func NewProbeStopError(probeName string, cause error) *Error {
function NewProbeCloseError (line 128) | func NewProbeCloseError(probeName string, cause error) *Error {
function NewEventDecodeError (line 133) | func NewEventDecodeError(eventType string, cause error) *Error {
function NewEventDispatchError (line 138) | func NewEventDispatchError(cause error) *Error {
function NewEBPFLoadError (line 143) | func NewEBPFLoadError(program string, cause error) *Error {
function NewEBPFAttachError (line 148) | func NewEBPFAttachError(probe string, cause error) *Error {
function NewResourceNotFoundError (line 153) | func NewResourceNotFoundError(resource string) *Error {
FILE: internal/errors/errors_test.go
function TestNew (line 22) | func TestNew(t *testing.T) {
function TestWrap (line 34) | func TestWrap(t *testing.T) {
function TestWithContext (line 50) | func TestWithContext(t *testing.T) {
function TestNewProbeStartError (line 65) | func TestNewProbeStartError(t *testing.T) {
function TestErrorString (line 78) | func TestErrorString(t *testing.T) {
FILE: internal/events/dispatcher.go
type Dispatcher (line 27) | type Dispatcher struct
method Register (line 44) | func (d *Dispatcher) Register(handler domain.EventHandler) error {
method Unregister (line 72) | func (d *Dispatcher) Unregister(handlerName string) error {
method Dispatch (line 93) | func (d *Dispatcher) Dispatch(event domain.Event) error {
method Close (line 134) | func (d *Dispatcher) Close() error {
method HandlerCount (line 173) | func (d *Dispatcher) HandlerCount() int {
function NewDispatcher (line 35) | func NewDispatcher(log *logger.Logger) *Dispatcher {
FILE: internal/events/dispatcher_test.go
type mockEvent (line 27) | type mockEvent struct
method DecodeFromBytes (line 31) | func (m *mockEvent) DecodeFromBytes(data []byte) error { return nil }
method String (line 32) | func (m *mockEvent) String() string { return "mock" }
method StringHex (line 33) | func (m *mockEvent) StringHex() string { return "mock" }
method Clone (line 34) | func (m *mockEvent) Clone() domain.Event { return &mockE...
method Type (line 35) | func (m *mockEvent) Type() domain.EventType { return domain...
method UUID (line 36) | func (m *mockEvent) UUID() string { return "test-...
method Validate (line 37) | func (m *mockEvent) Validate() error {
type mockHandler (line 45) | type mockHandler struct
method Writer (line 51) | func (m *mockHandler) Writer() writers.OutputWriter {
method Name (line 75) | func (m *mockHandler) Name() string { return m.name }
method Handle (line 76) | func (m *mockHandler) Handle(event domain.Event) error {
type mockWriter (line 59) | type mockWriter struct
method Write (line 61) | func (m *mockWriter) Write(p []byte) (n int, err error) {
method Flush (line 65) | func (m *mockWriter) Flush() error {
method Name (line 69) | func (m *mockWriter) Name() string { return "mock-writer" }
method WriteRaw (line 70) | func (m *mockWriter) WriteRaw(data []byte) error { return nil }
method IsReady (line 71) | func (m *mockWriter) IsReady() bool { return true }
method Close (line 72) | func (m *mockWriter) Close() error { return nil }
method String (line 73) | func (m *mockWriter) String() string { return "mock-writer" }
function TestNewDispatcher (line 83) | func TestNewDispatcher(t *testing.T) {
function TestDispatcherRegister (line 96) | func TestDispatcherRegister(t *testing.T) {
function TestDispatcherRegisterDuplicate (line 111) | func TestDispatcherRegisterDuplicate(t *testing.T) {
function TestDispatcherUnregister (line 124) | func TestDispatcherUnregister(t *testing.T) {
function TestDispatcherDispatch (line 141) | func TestDispatcherDispatch(t *testing.T) {
function TestDispatcherDispatchInvalidEvent (line 166) | func TestDispatcherDispatchInvalidEvent(t *testing.T) {
function TestDispatcherClose (line 180) | func TestDispatcherClose(t *testing.T) {
type mockClosableHandler (line 201) | type mockClosableHandler struct
method Close (line 206) | func (m *mockClosableHandler) Close() error {
function TestDispatcherCloseHandlers (line 211) | func TestDispatcherCloseHandlers(t *testing.T) {
type mockFailingClosableHandler (line 237) | type mockFailingClosableHandler struct
method Close (line 241) | func (m *mockFailingClosableHandler) Close() error {
function TestDispatcherCloseHandlersWithError (line 245) | func TestDispatcherCloseHandlersWithError(t *testing.T) {
FILE: internal/factory/probe_factory.go
type ProbeType (line 25) | type ProbeType
constant ProbeTypeBash (line 28) | ProbeTypeBash ProbeType = "Bash"
constant ProbeTypeZsh (line 29) | ProbeTypeZsh ProbeType = "Zsh"
constant ProbeTypeMySQL (line 30) | ProbeTypeMySQL ProbeType = "MySQL"
constant ProbeTypePostgres (line 31) | ProbeTypePostgres ProbeType = "postgres"
constant ProbeTypeOpenSSL (line 32) | ProbeTypeOpenSSL ProbeType = "OpenSSL"
constant ProbeTypeGnuTLS (line 33) | ProbeTypeGnuTLS ProbeType = "GnuTLS"
constant ProbeTypeNSPR (line 34) | ProbeTypeNSPR ProbeType = "NSPR"
constant ProbeTypeGoTLS (line 35) | ProbeTypeGoTLS ProbeType = "GoTLS"
type ProbeFactory (line 39) | type ProbeFactory interface
type ProbeConstructor (line 51) | type ProbeConstructor
type defaultFactory (line 54) | type defaultFactory struct
method CreateProbe (line 66) | func (f *defaultFactory) CreateProbe(probeType ProbeType) (domain.Prob...
method RegisterProbeConstructor (line 81) | func (f *defaultFactory) RegisterProbeConstructor(probeType ProbeType,...
method GetSupportedProbes (line 95) | func (f *defaultFactory) GetSupportedProbes() []ProbeType {
function NewProbeFactory (line 59) | func NewProbeFactory() ProbeFactory {
function RegisterProbe (line 107) | func RegisterProbe(probeType ProbeType, constructor ProbeConstructor) er...
function CreateProbe (line 112) | func CreateProbe(probeType ProbeType) (domain.Probe, error) {
function GetSupportedProbes (line 117) | func GetSupportedProbes() []ProbeType {
FILE: internal/factory/probe_factory_test.go
type mockProbe (line 28) | type mockProbe struct
method Initialize (line 32) | func (m *mockProbe) Initialize(ctx context.Context, config domain.Conf...
method Start (line 35) | func (m *mockProbe) Start(ctx context.Context) error { return nil }
method Stop (line 36) | func (m *mockProbe) Stop(ctx context.Context) error { return nil }
method Close (line 37) | func (m *mockProbe) Close() error { return nil }
method Name (line 38) | func (m *mockProbe) Name() string { return m.name }
method IsRunning (line 39) | func (m *mockProbe) IsRunning() bool { return false }
method Events (line 40) | func (m *mockProbe) Events() []*ebpf.Map { return nil }
function TestNewProbeFactory (line 42) | func TestNewProbeFactory(t *testing.T) {
function TestRegisterProbeConstructor (line 55) | func TestRegisterProbeConstructor(t *testing.T) {
function TestRegisterProbeConstructorDuplicate (line 73) | func TestRegisterProbeConstructorDuplicate(t *testing.T) {
function TestCreateProbe (line 88) | func TestCreateProbe(t *testing.T) {
function TestCreateProbeNotFound (line 107) | func TestCreateProbeNotFound(t *testing.T) {
function TestCreateProbeConstructorError (line 116) | func TestCreateProbeConstructorError(t *testing.T) {
function TestGlobalFactory (line 131) | func TestGlobalFactory(t *testing.T) {
FILE: internal/logger/logger.go
type Logger (line 28) | type Logger struct
method WithComponent (line 105) | func (l *Logger) WithComponent(component string) *Logger {
method WithProbe (line 111) | func (l *Logger) WithProbe(probe string) *Logger {
method WithPid (line 117) | func (l *Logger) WithPid(pid uint64) *Logger {
method Write (line 122) | func (l *Logger) Write(p []byte) (n int, err error) {
function escapeCtrlChars (line 37) | func escapeCtrlChars(s string) string {
function New (line 65) | func New(out io.Writer, debug bool) *Logger {
FILE: internal/output/encoders/encoder.go
type Encoder (line 23) | type Encoder interface
FILE: internal/output/encoders/json_encoder.go
type JsonEncoder (line 25) | type JsonEncoder struct
method Encode (line 37) | func (e *JsonEncoder) Encode(event domain.Event) ([]byte, error) {
method Name (line 57) | func (e *JsonEncoder) Name() string {
function NewJsonEncoder (line 30) | func NewJsonEncoder(prettyPrint bool) *JsonEncoder {
FILE: internal/output/encoders/plain_encoder.go
type PlainEncoder (line 23) | type PlainEncoder struct
method Encode (line 35) | func (e *PlainEncoder) Encode(event domain.Event) ([]byte, error) {
method Name (line 43) | func (e *PlainEncoder) Name() string {
function NewPlainEncoder (line 28) | func NewPlainEncoder(useHex bool) *PlainEncoder {
FILE: internal/output/encoders/protobuf_encoder.go
type ProtobufEncoder (line 26) | type ProtobufEncoder struct
method Encode (line 34) | func (e *ProtobufEncoder) Encode(event domain.Event) ([]byte, error) {
method Name (line 41) | func (e *ProtobufEncoder) Name() string {
function NewProtobufEncoder (line 29) | func NewProtobufEncoder() *ProtobufEncoder {
FILE: internal/output/writers/factory.go
type WriterFactory (line 25) | type WriterFactory struct
method CreateWriter (line 37) | func (f *WriterFactory) CreateWriter(addr string, rotateConfig *Rotate...
function NewWriterFactory (line 28) | func NewWriterFactory() *WriterFactory {
type RotateConfig (line 79) | type RotateConfig struct
FILE: internal/output/writers/file_writer.go
type FileWriter (line 27) | type FileWriter struct
method Write (line 83) | func (w *FileWriter) Write(p []byte) (n int, err error) {
method Close (line 96) | func (w *FileWriter) Close() error {
method Name (line 120) | func (w *FileWriter) Name() string {
method Flush (line 125) | func (w *FileWriter) Flush() error {
type FileWriterConfig (line 36) | type FileWriterConfig struct
function NewFileWriter (line 45) | func NewFileWriter(config FileWriterConfig) (*FileWriter, error) {
FILE: internal/output/writers/keylog_writer.go
type PcapKeylogWriter (line 18) | type PcapKeylogWriter struct
method Name (line 22) | func (w *PcapKeylogWriter) Name() string {
method Flush (line 26) | func (w *PcapKeylogWriter) Flush() error {
method Write (line 36) | func (w *PcapKeylogWriter) Write(p []byte) (n int, err error) {
function NewPcapKeylogWriter (line 30) | func NewPcapKeylogWriter(pw *PcapWriter) *PcapKeylogWriter {
FILE: internal/output/writers/logger_writer.go
type LoggerWriter (line 7) | type LoggerWriter struct
method Write (line 19) | func (w *LoggerWriter) Write(p []byte) (n int, err error) {
method Close (line 25) | func (w *LoggerWriter) Close() error {
method Name (line 30) | func (w *LoggerWriter) Name() string {
method Flush (line 35) | func (w *LoggerWriter) Flush() error {
function NewLoggerWriter (line 12) | func NewLoggerWriter(logger *logger.Logger) *LoggerWriter {
FILE: internal/output/writers/pcap_writer.go
type TcPacket (line 35) | type TcPacket struct
type PcapWriter (line 41) | type PcapWriter struct
method WritePacket (line 137) | func (pw *PcapWriter) WritePacket(data []byte, timestamp time.Time) er...
method Serve (line 159) | func (pw *PcapWriter) Serve() {
method savePcapng (line 207) | func (pw *PcapWriter) savePcapng() (i int, err error) {
method writePacket (line 228) | func (pw *PcapWriter) writePacket(pc *TcPacket) error {
method WriteKeyLog (line 233) | func (pw *PcapWriter) WriteKeyLog(keylogLine []byte) error {
method Flush (line 242) | func (pw *PcapWriter) Flush() error {
method Close (line 249) | func (pw *PcapWriter) Close() error {
method Name (line 279) | func (pw *PcapWriter) Name() string {
function NewPcapWriter (line 57) | func NewPcapWriter(w io.Writer, snaplen uint32, ifName, filter string, l...
function nullTerminatedString (line 284) | func nullTerminatedString(data []byte) string {
FILE: internal/output/writers/stdout_writer.go
type StdoutWriter (line 22) | type StdoutWriter struct
method Write (line 30) | func (w *StdoutWriter) Write(p []byte) (n int, err error) {
method Close (line 35) | func (w *StdoutWriter) Close() error {
method Name (line 40) | func (w *StdoutWriter) Name() string {
method Flush (line 45) | func (w *StdoutWriter) Flush() error {
function NewStdoutWriter (line 25) | func NewStdoutWriter() *StdoutWriter {
FILE: internal/output/writers/tcp_writer.go
type TcpWriter (line 25) | type TcpWriter struct
method Write (line 57) | func (w *TcpWriter) Write(p []byte) (n int, err error) {
method Close (line 69) | func (w *TcpWriter) Close() error {
method Name (line 87) | func (w *TcpWriter) Name() string {
method Flush (line 92) | func (w *TcpWriter) Flush() error {
function NewTcpWriter (line 33) | func NewTcpWriter(addr string, bufferSize int) (*TcpWriter, error) {
FILE: internal/output/writers/websocket_writer.go
type WebSocketWriter (line 25) | type WebSocketWriter struct
method Write (line 50) | func (w *WebSocketWriter) Write(p []byte) (n int, err error) {
method Close (line 58) | func (w *WebSocketWriter) Close() error {
method Name (line 70) | func (w *WebSocketWriter) Name() string {
method Flush (line 75) | func (w *WebSocketWriter) Flush() error {
function NewWebSocketWriter (line 32) | func NewWebSocketWriter(url string) (*WebSocketWriter, error) {
FILE: internal/output/writers/writer.go
type OutputWriter (line 23) | type OutputWriter interface
FILE: internal/probe/base/base_probe.go
constant TcFuncNameIngress (line 38) | TcFuncNameIngress = "ingress_cls_func"
constant TcFuncNameEgress (line 39) | TcFuncNameEgress = "egress_cls_func"
type BaseProbe (line 44) | type BaseProbe struct
method Initialize (line 70) | func (p *BaseProbe) Initialize(ctx context.Context, cfg domain.Configu...
method Start (line 127) | func (p *BaseProbe) Start(ctx context.Context) error {
method Stop (line 138) | func (p *BaseProbe) Stop(ctx context.Context) error {
method GetBPFName (line 149) | func (p *BaseProbe) GetBPFName(baseName string) string {
method Close (line 161) | func (p *BaseProbe) Close() error {
method Name (line 202) | func (p *BaseProbe) Name() string {
method IsRunning (line 207) | func (p *BaseProbe) IsRunning() bool {
method Events (line 213) | func (p *BaseProbe) Events() []*ebpf.Map {
method Config (line 218) | func (p *BaseProbe) Config() domain.Configuration {
method Logger (line 223) | func (p *BaseProbe) Logger() *logger.Logger {
method Dispatcher (line 228) | func (p *BaseProbe) Dispatcher() domain.EventDispatcher {
method SetDispatcher (line 232) | func (p *BaseProbe) SetDispatcher(dispatcher domain.EventDispatcher) {
method Context (line 237) | func (p *BaseProbe) Context() context.Context {
method StartPerfEventReader (line 242) | func (p *BaseProbe) StartPerfEventReader(em *ebpf.Map, decoder domain....
method perfEventLoop (line 268) | func (p *BaseProbe) perfEventLoop(rd *perf.Reader, em *ebpf.Map, decod...
method StartRingbufReader (line 311) | func (p *BaseProbe) StartRingbufReader(em *ebpf.Map, decoder domain.Ev...
method ringbufEventLoop (line 335) | func (p *BaseProbe) ringbufEventLoop(rd *ringbuf.Reader, em *ebpf.Map,...
method DecodeFun (line 365) | func (p *BaseProbe) DecodeFun(em *ebpf.Map) (domain.EventDecoder, bool) {
type closer (line 56) | type closer interface
function NewBaseProbe (line 61) | func NewBaseProbe(name string) *BaseProbe {
FILE: internal/probe/base/base_probe_test.go
function TestNewBaseProbe (line 25) | func TestNewBaseProbe(t *testing.T) {
function TestBaseProbeInitialize (line 39) | func TestBaseProbeInitialize(t *testing.T) {
function TestBaseProbeInitializeInvalidConfig (line 60) | func TestBaseProbeInitializeInvalidConfig(t *testing.T) {
function TestBaseProbeInitializeNilConfig (line 73) | func TestBaseProbeInitializeNilConfig(t *testing.T) {
function TestBaseProbeLifecycle (line 83) | func TestBaseProbeLifecycle(t *testing.T) {
function TestBaseProbeCloseWithReaders (line 128) | func TestBaseProbeCloseWithReaders(t *testing.T) {
function TestBaseProbeStopAndClose (line 155) | func TestBaseProbeStopAndClose(t *testing.T) {
type mockCloser (line 185) | type mockCloser struct
method Close (line 189) | func (m *mockCloser) Close() error {
FILE: internal/probe/base/handlers/handlers.go
constant ModeText (line 5) | ModeText = "text"
constant ModePcap (line 6) | ModePcap = "pcap"
constant ModePcapng (line 7) | ModePcapng = "pcapng"
constant ModeKeylog (line 8) | ModeKeylog = "keylog"
constant ModeKey (line 9) | ModeKey = "key"
function IsModeText (line 13) | func IsModeText(mode string) bool {
function IsModePcapng (line 18) | func IsModePcapng(mode string) bool {
function IsModeKeylog (line 23) | func IsModeKeylog(mode string) bool {
FILE: internal/probe/base/handlers/keylog_handler.go
constant Ssl3RandomSize (line 28) | Ssl3RandomSize = 32
constant MasterSecretMaxLen (line 29) | MasterSecretMaxLen = 48
constant EvpMaxMdSize (line 30) | EvpMaxMdSize = 64
constant KeyLogLabelTLS12 (line 34) | KeyLogLabelTLS12 = "CLIENT_RANDOM"
constant KeyLogLabelClientEarlyTafficSecret (line 35) | KeyLogLabelClientEarlyTafficSecret = "CLIENT_EARLY_TRAFFIC_SECRET"
constant KeyLogLabelServerHandshake (line 37) | KeyLogLabelServerHandshake = "SERVER_HANDSHAKE_TRAFFIC_SECRET"
constant KeyLogLabelClientTraffic (line 38) | KeyLogLabelClientTraffic = "CLIENT_TRAFFIC_SECRET_0"
constant KeyLogLabelServerTraffic (line 39) | KeyLogLabelServerTraffic = "SERVER_TRAFFIC_SECRET_0"
constant KeyLogLabelExporterSecret (line 40) | KeyLogLabelExporterSecret = "EXPORTER_SECRET"
type MasterSecretEvent (line 45) | type MasterSecretEvent interface
type GoTLSMasterSecretEvent (line 62) | type GoTLSMasterSecretEvent interface
type KeylogHandler (line 80) | type KeylogHandler struct
method Writer (line 86) | func (h *KeylogHandler) Writer() writers.OutputWriter {
method Handle (line 102) | func (h *KeylogHandler) Handle(event domain.Event) error {
method handleTLS12 (line 134) | func (h *KeylogHandler) handleTLS12(event MasterSecretEvent) error {
method handleGoTLS (line 180) | func (h *KeylogHandler) handleGoTLS(event GoTLSMasterSecretEvent) error {
method handleTLS13 (line 221) | func (h *KeylogHandler) handleTLS13(event MasterSecretEvent) error {
method Close (line 268) | func (h *KeylogHandler) Close() error {
method Name (line 299) | func (h *KeylogHandler) Name() string {
function NewKeylogHandler (line 91) | func NewKeylogHandler(writer writers.OutputWriter) *KeylogHandler {
function isZeroBytes (line 289) | func isZeroBytes(data []byte) bool {
FILE: internal/probe/base/handlers/keylog_handler_dedup_test.go
function TestKeylogHandler_FilterZeroMasterSecret (line 10) | func TestKeylogHandler_FilterZeroMasterSecret(t *testing.T) {
function TestKeylogHandler_WriteValidMasterSecret (line 40) | func TestKeylogHandler_WriteValidMasterSecret(t *testing.T) {
function TestKeylogHandler_DeduplicateByClientRandom (line 81) | func TestKeylogHandler_DeduplicateByClientRandom(t *testing.T) {
type mockKeylogDedupWriter (line 147) | type mockKeylogDedupWriter struct
method Write (line 151) | func (m *mockKeylogDedupWriter) Write(p []byte) (n int, err error) {
method Flush (line 159) | func (m *mockKeylogDedupWriter) Flush() error {
method Name (line 163) | func (m *mockKeylogDedupWriter) Name() string {
method WriteRaw (line 167) | func (m *mockKeylogDedupWriter) WriteRaw(data []byte) error {
method IsReady (line 172) | func (m *mockKeylogDedupWriter) IsReady() bool {
method Close (line 176) | func (m *mockKeylogDedupWriter) Close() error {
method String (line 180) | func (m *mockKeylogDedupWriter) String() string {
FILE: internal/probe/base/handlers/keylog_handler_test.go
type mockKeylogWriter (line 26) | type mockKeylogWriter struct
method Close (line 34) | func (m *mockKeylogWriter) Close() error {
method Name (line 38) | func (m *mockKeylogWriter) Name() string {
method Flush (line 42) | func (m *mockKeylogWriter) Flush() error {
function newMockKeylogWriter (line 30) | func newMockKeylogWriter() *mockKeylogWriter {
type mockMasterSecretEvent (line 47) | type mockMasterSecretEvent struct
method GetVersion (line 60) | func (m *mockMasterSecretEvent) GetVersion() int32 { ret...
method GetClientRandom (line 61) | func (m *mockMasterSecretEvent) GetClientRandom() []byte { ret...
method GetMasterKey (line 62) | func (m *mockMasterSecretEvent) GetMasterKey() []byte { ret...
method GetCipherId (line 63) | func (m *mockMasterSecretEvent) GetCipherId() uint32 { ret...
method GetEarlySecret (line 64) | func (m *mockMasterSecretEvent) GetEarlySecret() []byte { ret...
method GetHandshakeSecret (line 65) | func (m *mockMasterSecretEvent) GetHandshakeSecret() []byte { ret...
method GetHandshakeTrafficHash (line 66) | func (m *mockMasterSecretEvent) GetHandshakeTrafficHash() []byte { ret...
method GetClientAppTrafficSecret (line 67) | func (m *mockMasterSecretEvent) GetClientAppTrafficSecret() []byte {
method GetServerAppTrafficSecret (line 70) | func (m *mockMasterSecretEvent) GetServerAppTrafficSecret() []byte {
method GetExporterMasterSecret (line 73) | func (m *mockMasterSecretEvent) GetExporterMasterSecret() []byte {
method DecodeFromBytes (line 77) | func (m *mockMasterSecretEvent) DecodeFromBytes(data []byte) error { r...
method Validate (line 78) | func (m *mockMasterSecretEvent) Validate() error { r...
method String (line 79) | func (m *mockMasterSecretEvent) String() string { r...
method StringHex (line 80) | func (m *mockMasterSecretEvent) StringHex() string { r...
method Clone (line 81) | func (m *mockMasterSecretEvent) Clone() domain.Event { r...
method Type (line 82) | func (m *mockMasterSecretEvent) Type() domain.EventType { r...
method UUID (line 83) | func (m *mockMasterSecretEvent) UUID() string { r...
function TestNewKeylogHandler (line 85) | func TestNewKeylogHandler(t *testing.T) {
function TestNewKeylogHandler_NilWriter (line 97) | func TestNewKeylogHandler_NilWriter(t *testing.T) {
function TestKeylogHandler_Handle_TLS12 (line 108) | func TestKeylogHandler_Handle_TLS12(t *testing.T) {
function TestKeylogHandler_Handle_TLS13 (line 141) | func TestKeylogHandler_Handle_TLS13(t *testing.T) {
function TestKeylogHandler_Handle_Deduplication (line 184) | func TestKeylogHandler_Handle_Deduplication(t *testing.T) {
function TestKeylogHandler_Handle_NilEvent (line 229) | func TestKeylogHandler_Handle_NilEvent(t *testing.T) {
type mockNonMasterSecretEvent (line 240) | type mockNonMasterSecretEvent struct
method DecodeFromBytes (line 242) | func (m *mockNonMasterSecretEvent) DecodeFromBytes(data []byte) error ...
method Validate (line 243) | func (m *mockNonMasterSecretEvent) Validate() error ...
method String (line 244) | func (m *mockNonMasterSecretEvent) String() string ...
method StringHex (line 245) | func (m *mockNonMasterSecretEvent) StringHex() string ...
method Clone (line 246) | func (m *mockNonMasterSecretEvent) Clone() domain.Event ...
method Type (line 247) | func (m *mockNonMasterSecretEvent) Type() domain.EventType ...
method UUID (line 248) | func (m *mockNonMasterSecretEvent) UUID() string ...
function TestKeylogHandler_Handle_InvalidEventType (line 250) | func TestKeylogHandler_Handle_InvalidEventType(t *testing.T) {
function TestKeylogHandler_Handle_ShortClientRandom (line 261) | func TestKeylogHandler_Handle_ShortClientRandom(t *testing.T) {
function TestKeylogHandler_Handle_ShortMasterKey (line 278) | func TestKeylogHandler_Handle_ShortMasterKey(t *testing.T) {
function TestKeylogHandler_Handle_TLS13_SkipZeroSecrets (line 295) | func TestKeylogHandler_Handle_TLS13_SkipZeroSecrets(t *testing.T) {
function TestKeylogHandler_Close (line 324) | func TestKeylogHandler_Close(t *testing.T) {
type mockKeylogClosableWriter (line 344) | type mockKeylogClosableWriter struct
method Close (line 349) | func (m *mockKeylogClosableWriter) Close() error {
method Name (line 354) | func (m *mockKeylogClosableWriter) Name() string {
method Flush (line 358) | func (m *mockKeylogClosableWriter) Flush() error {
function TestKeylogHandler_Close_ClosableWriter (line 362) | func TestKeylogHandler_Close_ClosableWriter(t *testing.T) {
function Test_isZeroBytes (line 376) | func Test_isZeroBytes(t *testing.T) {
function TestKeylogHandler_Concurrent (line 398) | func TestKeylogHandler_Concurrent(t *testing.T) {
FILE: internal/probe/base/handlers/pcap_handler.go
type PacketEvent (line 34) | type PacketEvent interface
type TcPacket (line 51) | type TcPacket struct
type NetCaptureData (line 56) | type NetCaptureData struct
type Option (line 61) | type Option
function WithInterfaceName (line 64) | func WithInterfaceName(ifName string) Option {
function WithFilter (line 72) | func WithFilter(filter string) Option {
function WithLogger (line 80) | func WithLogger(logger *logger.Logger) Option {
type PcapHandler (line 91) | type PcapHandler struct
method Writer (line 101) | func (h *PcapHandler) Writer() writers.OutputWriter {
method Handle (line 126) | func (h *PcapHandler) Handle(event domain.Event) error {
method Close (line 162) | func (h *PcapHandler) Close() error {
method Name (line 187) | func (h *PcapHandler) Name() string {
method PcapWriter (line 191) | func (h *PcapHandler) PcapWriter() *writers.PcapWriter {
function NewPcapHandler (line 106) | func NewPcapHandler(writer writers.OutputWriter, ifName, filter string, ...
FILE: internal/probe/base/handlers/pcap_handler_test.go
type mockPcapWriter (line 27) | type mockPcapWriter struct
method Close (line 35) | func (m *mockPcapWriter) Close() error {
method Name (line 39) | func (m *mockPcapWriter) Name() string {
method Flush (line 43) | func (m *mockPcapWriter) Flush() error {
function newMockPcapWriter (line 31) | func newMockPcapWriter() *mockPcapWriter {
type mockPacketEvent (line 48) | type mockPacketEvent struct
method GetTimestamp (line 59) | func (m *mockPacketEvent) GetTimestamp() uint64 { return ...
method GetPacketData (line 60) | func (m *mockPacketEvent) GetPacketData() []byte { return ...
method GetPacketLen (line 61) | func (m *mockPacketEvent) GetPacketLen() uint32 { return ...
method GetInterfaceIndex (line 62) | func (m *mockPacketEvent) GetInterfaceIndex() uint32 { return ...
method GetSrcIP (line 63) | func (m *mockPacketEvent) GetSrcIP() string { return ...
method GetDstIP (line 64) | func (m *mockPacketEvent) GetDstIP() string { return ...
method GetSrcPort (line 65) | func (m *mockPacketEvent) GetSrcPort() uint16 { return ...
method GetDstPort (line 66) | func (m *mockPacketEvent) GetDstPort() uint16 { return ...
method DecodeFromBytes (line 67) | func (m *mockPacketEvent) DecodeFromBytes(data []byte) error { return ...
method Validate (line 68) | func (m *mockPacketEvent) Validate() error { return ...
method String (line 69) | func (m *mockPacketEvent) String() string { return ...
method StringHex (line 70) | func (m *mockPacketEvent) StringHex() string { return ...
method Clone (line 71) | func (m *mockPacketEvent) Clone() domain.Event { return ...
method Type (line 72) | func (m *mockPacketEvent) Type() domain.EventType { return ...
method UUID (line 73) | func (m *mockPacketEvent) UUID() string { return ...
function newTestLogger (line 75) | func newTestLogger() *logger.Logger {
function TestNewPcapHandler (line 79) | func TestNewPcapHandler(t *testing.T) {
function TestNewPcapHandler_NilWriter (line 96) | func TestNewPcapHandler_NilWriter(t *testing.T) {
function TestPcapHandler_Handle (line 107) | func TestPcapHandler_Handle(t *testing.T) {
function TestPcapHandler_Handle_NilEvent (line 138) | func TestPcapHandler_Handle_NilEvent(t *testing.T) {
type mockNonPacketEvent (line 155) | type mockNonPacketEvent struct
method DecodeFromBytes (line 157) | func (m *mockNonPacketEvent) DecodeFromBytes(data []byte) error { retu...
method Validate (line 158) | func (m *mockNonPacketEvent) Validate() error { retu...
method String (line 159) | func (m *mockNonPacketEvent) String() string { retu...
method StringHex (line 160) | func (m *mockNonPacketEvent) StringHex() string { retu...
method Clone (line 161) | func (m *mockNonPacketEvent) Clone() domain.Event { retu...
method Type (line 162) | func (m *mockNonPacketEvent) Type() domain.EventType { retu...
method UUID (line 163) | func (m *mockNonPacketEvent) UUID() string { retu...
function TestPcapHandler_Handle_InvalidEventType (line 165) | func TestPcapHandler_Handle_InvalidEventType(t *testing.T) {
FILE: internal/probe/base/handlers/text_handler.go
type TextHandler (line 25) | type TextHandler struct
method Writer (line 30) | func (h *TextHandler) Writer() writers.OutputWriter {
method Handle (line 48) | func (h *TextHandler) Handle(event domain.Event) error {
method Close (line 91) | func (h *TextHandler) Close() error {
method Name (line 103) | func (h *TextHandler) Name() string {
function NewTextHandler (line 36) | func NewTextHandler(writer writers.OutputWriter, useHex bool) *TextHandl...
FILE: internal/probe/base/handlers/text_handler_test.go
type mockWriter (line 27) | type mockWriter struct
method Close (line 35) | func (m *mockWriter) Close() error {
method Name (line 39) | func (m *mockWriter) Name() string {
method Flush (line 43) | func (m *mockWriter) Flush() error {
function newMockWriter (line 31) | func newMockWriter() *mockWriter {
type mockTLSDataEvent (line 48) | type mockTLSDataEvent struct
method GetPid (line 57) | func (m *mockTLSDataEvent) GetPid() uint32 {
method GetComm (line 61) | func (m *mockTLSDataEvent) GetComm() string {
method GetData (line 65) | func (m *mockTLSDataEvent) GetData() []byte {
method GetDataLen (line 69) | func (m *mockTLSDataEvent) GetDataLen() uint32 {
method GetTimestamp (line 73) | func (m *mockTLSDataEvent) GetTimestamp() uint64 {
method IsRead (line 77) | func (m *mockTLSDataEvent) IsRead() bool {
method DecodeFromBytes (line 81) | func (m *mockTLSDataEvent) DecodeFromBytes(data []byte) error {
method Validate (line 85) | func (m *mockTLSDataEvent) Validate() error {
method String (line 89) | func (m *mockTLSDataEvent) String() string {
method StringHex (line 93) | func (m *mockTLSDataEvent) StringHex() string {
method Clone (line 97) | func (m *mockTLSDataEvent) Clone() domain.Event {
method Type (line 104) | func (m *mockTLSDataEvent) Type() domain.EventType {
method UUID (line 108) | func (m *mockTLSDataEvent) UUID() string {
function TestNewTextHandler (line 112) | func TestNewTextHandler(t *testing.T) {
function TestNewTextHandler_NilWriter (line 121) | func TestNewTextHandler_NilWriter(t *testing.T) {
function TestTextHandler_Handle_Write (line 133) | func TestTextHandler_Handle_Write(t *testing.T) {
function TestTextHandler_Handle_Read (line 159) | func TestTextHandler_Handle_Read(t *testing.T) {
function TestTextHandler_Handle_NilEvent (line 185) | func TestTextHandler_Handle_NilEvent(t *testing.T) {
type mockNonTLSEvent (line 196) | type mockNonTLSEvent struct
method DecodeFromBytes (line 198) | func (m *mockNonTLSEvent) DecodeFromBytes(data []byte) error { return ...
method Validate (line 199) | func (m *mockNonTLSEvent) Validate() error { return ...
method String (line 200) | func (m *mockNonTLSEvent) String() string { return ...
method StringHex (line 201) | func (m *mockNonTLSEvent) StringHex() string { return ...
method Clone (line 202) | func (m *mockNonTLSEvent) Clone() domain.Event { return ...
method Type (line 203) | func (m *mockNonTLSEvent) Type() domain.EventType { return ...
method UUID (line 204) | func (m *mockNonTLSEvent) UUID() string { return ...
function TestTextHandler_Handle_InvalidEventType (line 206) | func TestTextHandler_Handle_InvalidEventType(t *testing.T) {
function TestTextHandler_Close (line 219) | func TestTextHandler_Close(t *testing.T) {
type mockClosableWriter (line 231) | type mockClosableWriter struct
method Close (line 236) | func (m *mockClosableWriter) Close() error {
method Name (line 241) | func (m *mockClosableWriter) Name() string {
method Flush (line 245) | func (m *mockClosableWriter) Flush() error {
function TestTextHandler_Close_ClosableWriter (line 249) | func TestTextHandler_Close_ClosableWriter(t *testing.T) {
FILE: internal/probe/bash/bash_probe.go
type Probe (line 39) | type Probe struct
method Initialize (line 62) | func (p *Probe) Initialize(ctx context.Context, cfg domain.Configurati...
method Start (line 84) | func (p *Probe) Start(ctx context.Context) error {
method retrieveEventMaps (line 132) | func (p *Probe) retrieveEventMaps() error {
method Events (line 156) | func (p *Probe) Events() []*ebpf.Map {
method Close (line 161) | func (p *Probe) Close() error {
method handleEvent (line 171) | func (p *Probe) handleEvent(event *Event) {
method setupManager (line 212) | func (p *Probe) setupManager() error {
method getManagerOptions (line 273) | func (p *Probe) getManagerOptions() manager.Options {
method DecodeFun (line 306) | func (p *Probe) DecodeFun(em *ebpf.Map) (domain.EventDecoder, bool) {
function NewProbe (line 52) | func NewProbe() (*Probe, error) {
type bashEventDecoder (line 312) | type bashEventDecoder struct
method Decode (line 316) | func (d *bashEventDecoder) Decode(_ *ebpf.Map, data []byte) (domain.Ev...
method GetDecoder (line 329) | func (d *bashEventDecoder) GetDecoder(_ *ebpf.Map) (domain.Event, bool) {
FILE: internal/probe/bash/bash_test.go
function TestNewConfig (line 21) | func TestNewConfig(t *testing.T) {
function TestConfigValidation (line 33) | func TestConfigValidation(t *testing.T) {
function TestCommToString (line 44) | func TestCommToString(t *testing.T) {
function TestEventDecodeFromBytes (line 78) | func TestEventDecodeFromBytes(t *testing.T) {
function TestEventString (line 91) | func TestEventString(t *testing.T) {
function TestEventUUID (line 112) | func TestEventUUID(t *testing.T) {
function TestNewProbe (line 131) | func TestNewProbe(t *testing.T) {
function contains (line 141) | func contains(s, substr string) bool {
function containsSubstring (line 147) | func containsSubstring(s, substr string) bool {
FILE: internal/probe/bash/config.go
constant fallbackBashPath (line 29) | fallbackBashPath = "/bin/bash"
constant ElfTypeBin (line 30) | ElfTypeBin = 1
constant ElfTypeSo (line 31) | ElfTypeSo = 2
type Config (line 35) | type Config struct
method Validate (line 53) | func (c *Config) Validate() error {
method checkElf (line 72) | func (c *Config) checkElf() error {
method checkReadlineFunc (line 119) | func (c *Config) checkReadlineFunc() error {
method Bytes (line 163) | func (c *Config) Bytes() []byte {
function NewConfig (line 45) | func NewConfig() *Config {
function getDynPathByElf (line 172) | func getDynPathByElf(elfPath, soName string) (string, error) {
FILE: internal/probe/bash/event.go
constant BashEventTypeReadline (line 28) | BashEventTypeReadline = 0
constant BashEventTypeRetval (line 30) | BashEventTypeRetval = 1
constant BashEventTypeExitOrExec (line 32) | BashEventTypeExitOrExec = 2
constant MaxDataSizeBash (line 35) | MaxDataSizeBash = 256
type Event (line 39) | type Event struct
method DecodeFromBytes (line 50) | func (e *Event) DecodeFromBytes(data []byte) error {
method String (line 77) | func (e *Event) String() string {
method StringHex (line 86) | func (e *Event) StringHex() string {
method Clone (line 96) | func (e *Event) Clone() domain.Event {
method Type (line 101) | func (e *Event) Type() domain.EventType {
method UUID (line 106) | func (e *Event) UUID() string {
method Validate (line 111) | func (e *Event) Validate() error {
function commToString (line 117) | func commToString(comm []byte) string {
FILE: internal/probe/bash/register.go
function init (line 22) | func init() {
FILE: internal/probe/gnutls/config.go
constant Version_3_6 (line 34) | Version_3_6 = "3.6"
constant Version_3_7 (line 35) | Version_3_7 = "3.7"
constant Version_3_8 (line 36) | Version_3_8 = "3.8"
type Config (line 51) | type Config struct
method IsSupportedVersion (line 75) | func (c *Config) IsSupportedVersion() bool {
method GetBPFFileName (line 87) | func (c *Config) GetBPFFileName() string {
method Bytes (line 102) | func (c *Config) Bytes() []byte {
method Validate (line 111) | func (c *Config) Validate() error {
method validateCaptureMode (line 137) | func (c *Config) validateCaptureMode() error {
method detectGnuTLS (line 182) | func (c *Config) detectGnuTLS() error {
method detectVersion (line 202) | func (c *Config) detectVersion() error {
method validateNetworkInterface (line 278) | func (c *Config) validateNetworkInterface() error {
method checkTCSupport (line 296) | func (c *Config) checkTCSupport() error {
function NewConfig (line 67) | func NewConfig() *Config {
function readGnuTLSVersion (line 213) | func readGnuTLSVersion(binaryPath string) (string, error) {
FILE: internal/probe/gnutls/config_test.go
function TestConfig_IsSupportedVersion (line 23) | func TestConfig_IsSupportedVersion(t *testing.T) {
function TestConfig_GetBPFFileName (line 67) | func TestConfig_GetBPFFileName(t *testing.T) {
function TestConfig_Bytes (line 106) | func TestConfig_Bytes(t *testing.T) {
function TestConfig_ValidateNetworkInterface (line 117) | func TestConfig_ValidateNetworkInterface(t *testing.T) {
function TestConfig_CheckTCSupport (line 144) | func TestConfig_CheckTCSupport(t *testing.T) {
function TestConfig_ValidateCaptureMode_Text (line 164) | func TestConfig_ValidateCaptureMode_Text(t *testing.T) {
function TestConfig_ValidateCaptureMode_Keylog (line 177) | func TestConfig_ValidateCaptureMode_Keylog(t *testing.T) {
function TestConfig_ValidateCaptureMode_Pcap (line 198) | func TestConfig_ValidateCaptureMode_Pcap(t *testing.T) {
FILE: internal/probe/gnutls/event.go
constant DataTypeRead (line 29) | DataTypeRead = 0
constant DataTypeWrite (line 30) | DataTypeWrite = 1
constant MaxDataSize (line 33) | MaxDataSize = 4096
type Event (line 37) | type Event struct
method DecodeFromBytes (line 50) | func (e *Event) DecodeFromBytes(data []byte) error {
method String (line 86) | func (e *Event) String() string {
method StringHex (line 108) | func (e *Event) StringHex() string {
method Clone (line 130) | func (e *Event) Clone() domain.Event {
method Type (line 136) | func (e *Event) Type() domain.EventType {
method UUID (line 141) | func (e *Event) UUID() string {
method Validate (line 146) | func (e *Event) Validate() error {
method GetPid (line 159) | func (e *Event) GetPid() uint32 {
method GetComm (line 164) | func (e *Event) GetComm() string {
method GetData (line 169) | func (e *Event) GetData() []byte {
method GetDataLen (line 180) | func (e *Event) GetDataLen() uint32 {
method GetTimestamp (line 188) | func (e *Event) GetTimestamp() uint64 {
method IsRead (line 193) | func (e *Event) IsRead() bool {
function commToString (line 198) | func commToString(data []byte) string {
FILE: internal/probe/gnutls/event_masterkey.go
constant Ssl3RandomSize (line 30) | Ssl3RandomSize = handlers.Ssl3RandomSize
constant MasterSecretMaxLen (line 31) | MasterSecretMaxLen = handlers.MasterSecretMaxLen
constant EvpMaxMdSize (line 32) | EvpMaxMdSize = handlers.EvpMaxMdSize
type MasterSecretEvent (line 46) | type MasterSecretEvent struct
method DecodeFromBytes (line 64) | func (e *MasterSecretEvent) DecodeFromBytes(data []byte) error {
method String (line 129) | func (e *MasterSecretEvent) String() string {
method StringHex (line 146) | func (e *MasterSecretEvent) StringHex() string {
method Clone (line 154) | func (e *MasterSecretEvent) Clone() domain.Event {
method Type (line 160) | func (e *MasterSecretEvent) Type() domain.EventType {
method UUID (line 165) | func (e *MasterSecretEvent) UUID() string {
method Validate (line 170) | func (e *MasterSecretEvent) Validate() error {
method GetVersion (line 195) | func (e *MasterSecretEvent) GetVersion() int32 {
method GetClientRandom (line 200) | func (e *MasterSecretEvent) GetClientRandom() []byte {
method GetMasterKey (line 205) | func (e *MasterSecretEvent) GetMasterKey() []byte {
method GetCipherId (line 210) | func (e *MasterSecretEvent) GetCipherId() uint32 {
method GetClientHandshakeTrafficSecret (line 215) | func (e *MasterSecretEvent) GetClientHandshakeTrafficSecret() []byte {
method GetServerHandshakeTrafficSecret (line 220) | func (e *MasterSecretEvent) GetServerHandshakeTrafficSecret() []byte {
method GetClientAppTrafficSecret (line 225) | func (e *MasterSecretEvent) GetClientAppTrafficSecret() []byte {
method GetServerAppTrafficSecret (line 230) | func (e *MasterSecretEvent) GetServerAppTrafficSecret() []byte {
method GetExporterMasterSecret (line 235) | func (e *MasterSecretEvent) GetExporterMasterSecret() []byte {
FILE: internal/probe/gnutls/gnutls_probe.go
type Probe (line 36) | type Probe struct
method Initialize (line 60) | func (p *Probe) Initialize(ctx context.Context, cfg domain.Configurati...
method Start (line 88) | func (p *Probe) Start(ctx context.Context) error {
method retrieveEventMaps (line 126) | func (p *Probe) retrieveEventMaps() error {
method Stop (line 145) | func (p *Probe) Stop(ctx context.Context) error {
method Events (line 151) | func (p *Probe) Events() []*ebpf.Map {
method Close (line 156) | func (p *Probe) Close() error {
method DecodeFun (line 164) | func (p *Probe) DecodeFun(em *ebpf.Map) (domain.EventDecoder, bool) {
function NewProbe (line 50) | func NewProbe() (*Probe, error) {
type gnutlsEventDecoder (line 170) | type gnutlsEventDecoder struct
method Decode (line 174) | func (d *gnutlsEventDecoder) Decode(_ *ebpf.Map, data []byte) (domain....
method GetDecoder (line 182) | func (d *gnutlsEventDecoder) GetDecoder(_ *ebpf.Map) (domain.Event, bo...
FILE: internal/probe/gnutls/gnutls_probe_test.go
function TestNewProbe (line 25) | func TestNewProbe(t *testing.T) {
function TestProbe_Initialize_TextMode (line 35) | func TestProbe_Initialize_TextMode(t *testing.T) {
function TestProbe_Close (line 55) | func TestProbe_Close(t *testing.T) {
function TestProbe_Events (line 66) | func TestProbe_Events(t *testing.T) {
FILE: internal/probe/gnutls/register.go
function init (line 25) | func init() {
FILE: internal/probe/gotls/config.go
type Config (line 47) | type Config struct
method Validate (line 105) | func (c *Config) Validate() error {
method parserGoElf (line 129) | func (c *Config) parserGoElf() error {
method validateCaptureMode (line 245) | func (c *Config) validateCaptureMode() error {
method validateNetworkInterface (line 312) | func (c *Config) validateNetworkInterface() error {
method validateConf (line 334) | func (c *Config) validateConf() error {
method checkTCSupport (line 350) | func (c *Config) checkTCSupport() error {
method GetBPFFileName (line 374) | func (c *Config) GetBPFFileName() string {
method Bytes (line 437) | func (c *Config) Bytes() []byte {
method readGoSymbolTable (line 443) | func (c *Config) readGoSymbolTable(elfFile *elf.File, goVersion string...
method addrToOffset (line 516) | func (c *Config) addrToOffset(elfFile *elf.File, addr uint64) uint64 {
method GetCaptureMode (line 534) | func (c *Config) GetCaptureMode() string {
method GetPcapFile (line 539) | func (c *Config) GetPcapFile() string {
method GetKeylogFile (line 544) | func (c *Config) GetKeylogFile() string {
function NewConfig (line 95) | func NewConfig() *Config {
function detectGoVersion (line 381) | func detectGoVersion() string {
function isGoVersionSupported (line 390) | func isGoVersionSupported(version string) bool {
function isRegisterABI (line 414) | func isRegisterABI(version string) bool {
function magicNumber (line 490) | func magicNumber(goVersion string) []byte {
FILE: internal/probe/gotls/config_symbol.go
method findRetOffsets (line 17) | func (c *Config) findRetOffsets(symbolName string) ([]int, error) {
method ReadTable (line 85) | func (c *Config) ReadTable() (*gosym.Table, error) {
method findRetOffsetsPie (line 131) | func (c *Config) findRetOffsetsPie(lfunc string) ([]int, error) {
method findPieSymbolAddr (line 163) | func (c *Config) findPieSymbolAddr(lfunc string) (uint64, error) {
method findSymbolAddr (line 171) | func (c *Config) findSymbolAddr(lfunc string) (uint64, error) {
method findSymbolRetOffsets (line 184) | func (c *Config) findSymbolRetOffsets(lfunc string) ([]int, error) {
FILE: internal/probe/gotls/config_test.go
function TestNewConfig (line 26) | func TestNewConfig(t *testing.T) {
function TestConfig_Validate_GoVersion (line 40) | func TestConfig_Validate_GoVersion(t *testing.T) {
function TestConfig_Validate_TextMode (line 44) | func TestConfig_Validate_TextMode(t *testing.T) {
function TestConfig_Validate_KeylogMode (line 48) | func TestConfig_Validate_KeylogMode(t *testing.T) {
function TestConfig_Validate_KeylogMode_MissingFile (line 52) | func TestConfig_Validate_KeylogMode_MissingFile(t *testing.T) {
function TestConfig_Validate_InvalidCaptureMode (line 62) | func TestConfig_Validate_InvalidCaptureMode(t *testing.T) {
function TestConfig_GetBPFFileName (line 71) | func TestConfig_GetBPFFileName(t *testing.T) {
function TestDetectGoVersion (line 102) | func TestDetectGoVersion(t *testing.T) {
function TestIsGoVersionSupported (line 115) | func TestIsGoVersionSupported(t *testing.T) {
function TestConfig_ValidateNetworkInterface (line 141) | func TestConfig_ValidateNetworkInterface(t *testing.T) {
function TestConfig_CheckTCSupport (line 165) | func TestConfig_CheckTCSupport(t *testing.T) {
FILE: internal/probe/gotls/event.go
type GoTLSDataEvent (line 29) | type GoTLSDataEvent struct
method DecodeFromBytes (line 42) | func (e *GoTLSDataEvent) DecodeFromBytes(data []byte) error {
method GetTimestamp (line 91) | func (e *GoTLSDataEvent) GetTimestamp() uint64 {
method GetTimestampTime (line 96) | func (e *GoTLSDataEvent) GetTimestampTime() time.Time {
method GetPid (line 101) | func (e *GoTLSDataEvent) GetPid() uint32 {
method GetComm (line 106) | func (e *GoTLSDataEvent) GetComm() string {
method GetData (line 111) | func (e *GoTLSDataEvent) GetData() []byte {
method GetDataLen (line 123) | func (e *GoTLSDataEvent) GetDataLen() uint32 {
method IsRead (line 131) | func (e *GoTLSDataEvent) IsRead() bool {
method IsWrite (line 136) | func (e *GoTLSDataEvent) IsWrite() bool {
method String (line 152) | func (e *GoTLSDataEvent) String() string {
method StringHex (line 163) | func (e *GoTLSDataEvent) StringHex() string {
method Clone (line 175) | func (e *GoTLSDataEvent) Clone() domain.Event {
method Type (line 180) | func (e *GoTLSDataEvent) Type() domain.EventType {
method UUID (line 185) | func (e *GoTLSDataEvent) UUID() string {
method Validate (line 190) | func (e *GoTLSDataEvent) Validate() error {
function commToString (line 141) | func commToString(comm []byte) string {
FILE: internal/probe/gotls/event_masterkey.go
constant EvpMaxMdSize (line 30) | EvpMaxMdSize = handlers.EvpMaxMdSize
constant MasterSecretKeyLen (line 31) | MasterSecretKeyLen = 32
type MasterSecretEvent (line 36) | type MasterSecretEvent struct
method DecodeFromBytes (line 46) | func (e *MasterSecretEvent) DecodeFromBytes(data []byte) error {
method String (line 89) | func (e *MasterSecretEvent) String() string {
method StringHex (line 97) | func (e *MasterSecretEvent) StringHex() string {
method Clone (line 106) | func (e *MasterSecretEvent) Clone() domain.Event {
method Type (line 111) | func (e *MasterSecretEvent) Type() domain.EventType {
method UUID (line 116) | func (e *MasterSecretEvent) UUID() string {
method Validate (line 122) | func (e *MasterSecretEvent) Validate() error {
method GetTimestamp (line 136) | func (e *MasterSecretEvent) GetTimestamp() time.Time {
method GetPid (line 141) | func (e *MasterSecretEvent) GetPid() uint32 {
method GetLabel (line 146) | func (e *MasterSecretEvent) GetLabel() string {
method GetClientRandom (line 151) | func (e *MasterSecretEvent) GetClientRandom() []byte {
method GetSecret (line 156) | func (e *MasterSecretEvent) GetSecret() []byte {
method GetVersion (line 164) | func (e *MasterSecretEvent) GetVersion() int32 {
method GetMasterKey (line 169) | func (e *MasterSecretEvent) GetMasterKey() []byte {
method GetCipherId (line 174) | func (e *MasterSecretEvent) GetCipherId() uint32 {
method GetEarlySecret (line 179) | func (e *MasterSecretEvent) GetEarlySecret() []byte {
method GetHandshakeSecret (line 184) | func (e *MasterSecretEvent) GetHandshakeSecret() []byte {
method GetHandshakeTrafficHash (line 189) | func (e *MasterSecretEvent) GetHandshakeTrafficHash() []byte {
method GetClientAppTrafficSecret (line 194) | func (e *MasterSecretEvent) GetClientAppTrafficSecret() []byte {
method GetServerAppTrafficSecret (line 199) | func (e *MasterSecretEvent) GetServerAppTrafficSecret() []byte {
method GetExporterMasterSecret (line 204) | func (e *MasterSecretEvent) GetExporterMasterSecret() []byte {
FILE: internal/probe/gotls/event_packet.go
constant TaskCommLen (line 27) | TaskCommLen = 16
constant CmdlineLen (line 28) | CmdlineLen = 256
type PacketEvent (line 33) | type PacketEvent struct
method DecodeFromBytes (line 44) | func (e *PacketEvent) DecodeFromBytes(data []byte) error {
method Validate (line 79) | func (e *PacketEvent) Validate() error {
method String (line 87) | func (e *PacketEvent) String() string {
method StringHex (line 93) | func (e *PacketEvent) StringHex() string {
method Clone (line 98) | func (e *PacketEvent) Clone() domain.Event {
method Type (line 112) | func (e *PacketEvent) Type() domain.EventType {
method UUID (line 117) | func (e *PacketEvent) UUID() string {
method GetTimestamp (line 122) | func (e *PacketEvent) GetTimestamp() uint64 {
method GetPacketData (line 126) | func (e *PacketEvent) GetPacketData() []byte {
method GetPacketLen (line 130) | func (e *PacketEvent) GetPacketLen() uint32 {
method GetInterfaceIndex (line 134) | func (e *PacketEvent) GetInterfaceIndex() uint32 {
method GetSrcIP (line 140) | func (e *PacketEvent) GetSrcIP() string {
method GetDstIP (line 144) | func (e *PacketEvent) GetDstIP() string {
method GetSrcPort (line 148) | func (e *PacketEvent) GetSrcPort() uint16 {
method GetDstPort (line 152) | func (e *PacketEvent) GetDstPort() uint16 {
method Decode (line 157) | func (e *PacketEvent) Decode(data []byte) (domain.Event, error) {
FILE: internal/probe/gotls/go_instructions_amd64.go
function decodeInstruction (line 8) | func decodeInstruction(instHex []byte) ([]int, error) {
FILE: internal/probe/gotls/go_instructions_arm64.go
constant Arm64armInstSize (line 9) | Arm64armInstSize = 4
function decodeInstruction (line 13) | func decodeInstruction(instHex []byte) ([]int, error) {
FILE: internal/probe/gotls/gotls_probe.go
constant GoTlsReadFunc (line 46) | GoTlsReadFunc = "crypto/tls.(*Conn).Read"
constant GoTlsWriteFunc (line 47) | GoTlsWriteFunc = "crypto/tls.(*Conn).writeRecordLocked"
constant GoTlsMasterSecretFunc (line 48) | GoTlsMasterSecretFunc = "crypto/tls.(*Config).writeKeyLog"
type Probe (line 52) | type Probe struct
method Initialize (line 80) | func (p *Probe) Initialize(ctx context.Context, cfg domain.Configurati...
method Start (line 103) | func (p *Probe) Start(ctx context.Context) error {
method retrieveEventMaps (line 154) | func (p *Probe) retrieveEventMaps() error {
method Events (line 185) | func (p *Probe) Events() []*ebpf.Map {
method Close (line 190) | func (p *Probe) Close() error {
method GetDecoder (line 211) | func (p *Probe) GetDecoder(em *ebpf.Map) (domain.Event, bool) {
method setupManager (line 226) | func (p *Probe) setupManager() error {
method getManagerOptions (line 289) | func (p *Probe) getManagerOptions() manager.Options {
method setupManagersKeyLog (line 322) | func (p *Probe) setupManagersKeyLog(keySection, keyFunc string) error {
method setupManagerPcapNG (line 369) | func (p *Probe) setupManagerPcapNG(keySection, keyFunc string) error {
method setupManagersText (line 494) | func (p *Probe) setupManagersText(sec, readSec, fn, readFn string) err...
method DecodeFun (line 533) | func (p *Probe) DecodeFun(em *ebpf.Map) (domain.EventDecoder, bool) {
function NewProbe (line 70) | func NewProbe() (*Probe, error) {
type tlsDataEventDecoder (line 539) | type tlsDataEventDecoder struct
method Decode (line 543) | func (d *tlsDataEventDecoder) Decode(_ *ebpf.Map, data []byte) (domain...
method GetDecoder (line 552) | func (d *tlsDataEventDecoder) GetDecoder(_ *ebpf.Map) (domain.Event, b...
type masterSecretEventDecoder (line 557) | type masterSecretEventDecoder struct
method Decode (line 561) | func (d *masterSecretEventDecoder) Decode(_ *ebpf.Map, data []byte) (d...
method GetDecoder (line 573) | func (d *masterSecretEventDecoder) GetDecoder(_ *ebpf.Map) (domain.Eve...
type packetEventDecoder (line 578) | type packetEventDecoder struct
method Decode (line 580) | func (d *packetEventDecoder) Decode(_ *ebpf.Map, data []byte) (domain....
method GetDecoder (line 591) | func (d *packetEventDecoder) GetDecoder(_ *ebpf.Map) (domain.Event, bo...
FILE: internal/probe/gotls/gotls_probe_test.go
type mockDispatcher (line 24) | type mockDispatcher struct
method Register (line 26) | func (m *mockDispatcher) Register(handler domain.EventHandler) error {...
method Unregister (line 27) | func (m *mockDispatcher) Unregister(handlerName string) error {...
method Dispatch (line 28) | func (m *mockDispatcher) Dispatch(event domain.Event) error {...
method Close (line 29) | func (m *mockDispatcher) Close() error {...
function TestNewProbe (line 31) | func TestNewProbe(t *testing.T) {
function TestProbe_Initialize_TextMode (line 42) | func TestProbe_Initialize_TextMode(t *testing.T) {
function TestProbe_Initialize_KeylogMode (line 46) | func TestProbe_Initialize_KeylogMode(t *testing.T) {
function TestProbe_Initialize_PcapMode (line 50) | func TestProbe_Initialize_PcapMode(t *testing.T) {
function TestProbe_Close (line 54) | func TestProbe_Close(t *testing.T) {
FILE: internal/probe/gotls/register.go
function init (line 22) | func init() {
FILE: internal/probe/mysql/config.go
type MysqlVersion (line 30) | type MysqlVersion
method String (line 40) | func (v MysqlVersion) String() string {
constant MysqlVersionUnknown (line 33) | MysqlVersionUnknown MysqlVersion = iota
constant MysqlVersion56 (line 34) | MysqlVersion56
constant MysqlVersion57 (line 35) | MysqlVersion57
constant MysqlVersion80 (line 36) | MysqlVersion80
type Config (line 54) | type Config struct
method Validate (line 83) | func (c *Config) Validate() error {
method detectFunctionAndVersion (line 142) | func (c *Config) detectFunctionAndVersion() error {
method detectMysqlVersion (line 205) | func (c *Config) detectMysqlVersion(rodataData []byte) (MysqlVersion, ...
method detectBinaryPathFromPid (line 236) | func (c *Config) detectBinaryPathFromPid(pid uint64) (string, error) {
method GetFuncName (line 254) | func (c *Config) GetFuncName() string {
method GetOffset (line 259) | func (c *Config) GetOffset() uint64 {
method GetVersion (line 264) | func (c *Config) GetVersion() MysqlVersion {
method GetVersionInfo (line 269) | func (c *Config) GetVersionInfo() string {
method GetBinaryPath (line 274) | func (c *Config) GetBinaryPath() string {
method String (line 279) | func (c *Config) String() string {
function NewConfig (line 74) | func NewConfig() *Config {
FILE: internal/probe/mysql/event.go
constant MaxDataSize (line 29) | MaxDataSize = 256
constant DispatchCommandV57Failed (line 32) | DispatchCommandV57Failed = -2
constant DispatchCommandNotCaptured (line 33) | DispatchCommandNotCaptured = -1
constant DispatchCommandSuccess (line 34) | DispatchCommandSuccess = 0
constant DispatchCommandCloseConnection (line 35) | DispatchCommandCloseConnection = 1
constant DispatchCommandWouldblock (line 36) | DispatchCommandWouldblock = 2
type DispatchCommandReturn (line 40) | type DispatchCommandReturn
method String (line 43) | func (d DispatchCommandReturn) String() string {
type Event (line 62) | type Event struct
method DecodeFromBytes (line 73) | func (e *Event) DecodeFromBytes(data []byte) error {
method String (line 108) | func (e *Event) String() string {
method StringHex (line 120) | func (e *Event) StringHex() string {
method Clone (line 125) | func (e *Event) Clone() domain.Event {
method Type (line 130) | func (e *Event) Type() domain.EventType {
method UUID (line 135) | func (e *Event) UUID() string {
method Validate (line 140) | func (e *Event) Validate() error {
method GetPID (line 155) | func (e *Event) GetPID() uint64 {
method GetComm (line 160) | func (e *Event) GetComm() string {
method GetQuery (line 165) | func (e *Event) GetQuery() string {
method GetQueryLen (line 170) | func (e *Event) GetQueryLen() uint64 {
method GetTotalQueryLen (line 175) | func (e *Event) GetTotalQueryLen() uint64 {
method IsTruncated (line 180) | func (e *Event) IsTruncated() bool {
method GetReturnValue (line 185) | func (e *Event) GetReturnValue() DispatchCommandReturn {
FILE: internal/probe/mysql/mysql_probe.go
type Probe (line 37) | type Probe struct
method Initialize (line 53) | func (p *Probe) Initialize(ctx context.Context, cfg domain.Configurati...
method Start (line 88) | func (p *Probe) Start(ctx context.Context) error {
method Stop (line 139) | func (p *Probe) Stop(ctx context.Context) error {
method Close (line 148) | func (p *Probe) Close() error {
method loadBytecode (line 168) | func (p *Probe) loadBytecode() ([]byte, error) {
method setupManager (line 194) | func (p *Probe) setupManager() error {
method getManagerOptions (line 264) | func (p *Probe) getManagerOptions() manager.Options {
function NewProbe (line 46) | func NewProbe() *Probe {
type mysqlEventDecoder (line 297) | type mysqlEventDecoder struct
method Decode (line 302) | func (d *mysqlEventDecoder) Decode(em *ebpf.Map, data []byte) (domain....
method GetDecoder (line 311) | func (d *mysqlEventDecoder) GetDecoder(em *ebpf.Map) (domain.Event, bo...
FILE: internal/probe/mysql/mysql_test.go
function TestMysqlVersion_String (line 25) | func TestMysqlVersion_String(t *testing.T) {
function TestDispatchCommandReturn_String (line 45) | func TestDispatchCommandReturn_String(t *testing.T) {
function TestConfig_Validate (line 67) | func TestConfig_Validate(t *testing.T) {
function TestEvent_DecodeFromBytes (line 111) | func TestEvent_DecodeFromBytes(t *testing.T) {
function TestEvent_Validate (line 131) | func TestEvent_Validate(t *testing.T) {
function TestEvent_Methods (line 173) | func TestEvent_Methods(t *testing.T) {
function TestProbe_Creation (line 225) | func TestProbe_Creation(t *testing.T) {
function TestProbe_Initialize (line 233) | func TestProbe_Initialize(t *testing.T) {
function TestProbe_FactoryRegistration (line 254) | func TestProbe_FactoryRegistration(t *testing.T) {
FILE: internal/probe/mysql/register.go
function init (line 25) | func init() {
FILE: internal/probe/nspr/config.go
type Config (line 30) | type Config struct
method Validate (line 48) | func (c *Config) Validate() error {
method findNSSLibrary (line 105) | func (c *Config) findNSSLibrary() (string, error) {
method findNSPRLibrary (line 125) | func (c *Config) findNSPRLibrary() (string, error) {
method readNSSVersion (line 145) | func (c *Config) readNSSVersion(binaryPath string) (string, error) {
method isSupportedVersion (line 184) | func (c *Config) isSupportedVersion(version string) bool {
method selectBPFFileName (line 190) | func (c *Config) selectBPFFileName(version string) string {
method Bytes (line 197) | func (c *Config) Bytes() []byte {
function NewConfig (line 41) | func NewConfig() *Config {
FILE: internal/probe/nspr/config_test.go
function TestNewConfig (line 21) | func TestNewConfig(t *testing.T) {
function TestConfig_isSupportedVersion (line 38) | func TestConfig_isSupportedVersion(t *testing.T) {
function TestConfig_selectBPFFileName (line 62) | func TestConfig_selectBPFFileName(t *testing.T) {
FILE: internal/probe/nspr/event.go
constant MaxDataSize (line 29) | MaxDataSize = 4096
type TLSDataEvent (line 33) | type TLSDataEvent struct
method GetTimestamp (line 60) | func (e *TLSDataEvent) GetTimestamp() time.Time {
method GetPID (line 65) | func (e *TLSDataEvent) GetPID() uint32 {
method GetTID (line 70) | func (e *TLSDataEvent) GetTID() uint32 {
method GetComm (line 75) | func (e *TLSDataEvent) GetComm() string {
method GetFD (line 86) | func (e *TLSDataEvent) GetFD() int32 {
method GetDataLen (line 91) | func (e *TLSDataEvent) GetDataLen() uint32 {
method GetDirection (line 96) | func (e *TLSDataEvent) GetDirection() uint32 {
method GetData (line 101) | func (e *TLSDataEvent) GetData() []byte {
method IsRead (line 109) | func (e *TLSDataEvent) IsRead() bool {
method IsWrite (line 114) | func (e *TLSDataEvent) IsWrite() bool {
method DecodeFromBytes (line 119) | func (e *TLSDataEvent) DecodeFromBytes(data []byte) error {
method String (line 166) | func (e *TLSDataEvent) String() string {
method StringHex (line 177) | func (e *TLSDataEvent) StringHex() string {
method Clone (line 188) | func (e *TLSDataEvent) Clone() domain.Event {
method Type (line 193) | func (e *TLSDataEvent) Type() domain.EventType {
method UUID (line 198) | func (e *TLSDataEvent) UUID() string {
method Validate (line 203) | func (e *TLSDataEvent) Validate() error {
method Decode (line 211) | func (e *TLSDataEvent) Decode(data []byte) error {
method Encode (line 216) | func (e *TLSDataEvent) Encode() ([]byte, error) {
FILE: internal/probe/nspr/event_masterkey.go
constant ClientRandomSize (line 29) | ClientRandomSize = 32
constant MasterKeySize (line 32) | MasterKeySize = 48
constant TrafficSecretSize (line 35) | TrafficSecretSize = 64
type MasterSecretEvent (line 39) | type MasterSecretEvent struct
method GetClientRandom (line 63) | func (e *MasterSecretEvent) GetClientRandom() []byte {
method GetMasterKey (line 68) | func (e *MasterSecretEvent) GetMasterKey() []byte {
method GetClientHandshakeTrafficSecret (line 73) | func (e *MasterSecretEvent) GetClientHandshakeTrafficSecret() []byte {
method GetServerHandshakeTrafficSecret (line 78) | func (e *MasterSecretEvent) GetServerHandshakeTrafficSecret() []byte {
method GetClientAppTrafficSecret (line 83) | func (e *MasterSecretEvent) GetClientAppTrafficSecret() []byte {
method GetServerAppTrafficSecret (line 88) | func (e *MasterSecretEvent) GetServerAppTrafficSecret() []byte {
method GetExporterMasterSecret (line 93) | func (e *MasterSecretEvent) GetExporterMasterSecret() []byte {
method HasMasterKey (line 98) | func (e *MasterSecretEvent) HasMasterKey() bool {
method HasClientHandshakeTrafficSecret (line 109) | func (e *MasterSecretEvent) HasClientHandshakeTrafficSecret() bool {
method DecodeFromBytes (line 119) | func (e *MasterSecretEvent) DecodeFromBytes(data []byte) error {
method String (line 161) | func (e *MasterSecretEvent) String() string {
method StringHex (line 179) | func (e *MasterSecretEvent) StringHex() string {
method Clone (line 185) | func (e *MasterSecretEvent) Clone() domain.Event {
method Type (line 190) | func (e *MasterSecretEvent) Type() domain.EventType {
method UUID (line 195) | func (e *MasterSecretEvent) UUID() string {
method Validate (line 200) | func (e *MasterSecretEvent) Validate() error {
method Decode (line 209) | func (e *MasterSecretEvent) Decode(data []byte) error {
method Encode (line 214) | func (e *MasterSecretEvent) Encode() ([]byte, error) {
FILE: internal/probe/nspr/nspr_probe.go
type Probe (line 31) | type Probe struct
method Initialize (line 49) | func (p *Probe) Initialize(ctx context.Context, cfg domain.Configurati...
method Start (line 89) | func (p *Probe) Start(ctx context.Context) error {
method retrieveEventMaps (line 116) | func (p *Probe) retrieveEventMaps() error {
method Stop (line 135) | func (p *Probe) Stop(ctx context.Context) error {
method Events (line 145) | func (p *Probe) Events() []*ebpf.Map {
method Close (line 150) | func (p *Probe) Close() error {
method DecodeFun (line 155) | func (p *Probe) DecodeFun(em *ebpf.Map) (domain.EventDecoder, bool) {
function NewProbe (line 40) | func NewProbe() (*Probe, error) {
type nsprEventDecoder (line 161) | type nsprEventDecoder struct
method Decode (line 165) | func (d *nsprEventDecoder) Decode(_ *ebpf.Map, data []byte) (domain.Ev...
method GetDecoder (line 175) | func (d *nsprEventDecoder) GetDecoder(_ *ebpf.Map) (domain.Event, bool) {
FILE: internal/probe/nspr/nspr_probe_test.go
function TestNewProbe (line 24) | func TestNewProbe(t *testing.T) {
function TestProbe_Initialize_InvalidConfig (line 39) | func TestProbe_Initialize_InvalidConfig(t *testing.T) {
function TestProbe_Initialize_TextMode (line 55) | func TestProbe_Initialize_TextMode(t *testing.T) {
function TestProbe_Name (line 76) | func TestProbe_Name(t *testing.T) {
function TestTLSDataEventDecode (line 88) | func TestTLSDataEventDecode(t *testing.T) {
function TestTLSDataEventString (line 128) | func TestTLSDataEventString(t *testing.T) {
function TestTLSDataEventUUID (line 151) | func TestTLSDataEventUUID(t *testing.T) {
function TestTLSDataEventValidate (line 167) | func TestTLSDataEventValidate(t *testing.T) {
function TestMasterSecretEventDecode (line 183) | func TestMasterSecretEventDecode(t *testing.T) {
function TestMasterSecretEventString (line 215) | func TestMasterSecretEventString(t *testing.T) {
function TestMasterSecretEventValidate (line 230) | func TestMasterSecretEventValidate(t *testing.T) {
function contains (line 254) | func contains(s, substr string) bool {
function containsSubstring (line 260) | func containsSubstring(s, substr string) bool {
FILE: internal/probe/nspr/register.go
function init (line 25) | func init() {
FILE: internal/probe/openssl/config.go
constant Version_1_1_1 (line 36) | Version_1_1_1 = "1.1.1"
constant Version_3_0 (line 37) | Version_3_0 = "3.0"
constant Version_3_1 (line 38) | Version_3_1 = "3.1"
type Config (line 42) | type Config struct
method Validate (line 73) | func (c *Config) Validate() error {
method validateConfig (line 110) | func (c *Config) validateConfig() error {
method validateCaptureMode (line 118) | func (c *Config) validateCaptureMode() error {
method IsSupportedVersion (line 172) | func (c *Config) IsSupportedVersion() bool {
method GetBPFFileName (line 177) | func (c *Config) GetBPFFileName() string {
method Bytes (line 183) | func (c *Config) Bytes() []byte {
method validateNetworkInterface (line 192) | func (c *Config) validateNetworkInterface() error {
method checkTCSupport (line 221) | func (c *Config) checkTCSupport() error {
method GetCaptureMode (line 246) | func (c *Config) GetCaptureMode() string {
method GetPcapFile (line 251) | func (c *Config) GetPcapFile() string {
method GetKeylogFile (line 256) | func (c *Config) GetKeylogFile() string {
method getSslBpfFile (line 261) | func (c *Config) getSslBpfFile(soPath, sslVersion string) error {
method autoDetectBytecode (line 456) | func (c *Config) autoDetectBytecode(ver, soPath string, isAndroid bool...
method downgradeOpensslVersion (line 512) | func (c *Config) downgradeOpensslVersion(ver string, soPath string) (s...
function NewConfig (line 65) | func NewConfig() *Config {
function detectOpenssl (line 361) | func detectOpenssl(soPath string) (string, error) {
function getImpNeeded (line 490) | func getImpNeeded(soPath string) ([]string, error) {
FILE: internal/probe/openssl/config_ecandroid.go
constant DefaultLibcPath (line 29) | DefaultLibcPath = "/apex/com.android.runtime/lib64/bionic/libc.so"
constant BuildPropPath (line 30) | BuildPropPath = "/system/build.prop"
constant ReleasePrefix (line 31) | ReleasePrefix = "ro.build.version.release="
constant DefaultIfname (line 32) | DefaultIfname = "wlan0"
method detectOpenSSL (line 36) | func (c *Config) detectOpenSSL() error {
method detectOS (line 65) | func (c *Config) detectOS() error {
function detectAndroidVersion (line 89) | func detectAndroidVersion() (string, error) {
method setDefaultIfname (line 108) | func (c *Config) setDefaultIfname() {
FILE: internal/probe/openssl/config_linux.go
method detectOpenSSL (line 27) | func (c *Config) detectOpenSSL() error {
method detectOS (line 65) | func (c *Config) detectOS() error {
method setDefaultIfname (line 87) | func (c *Config) setDefaultIfname() {
FILE: internal/probe/openssl/config_test.go
function TestNewConfig (line 24) | func TestNewConfig(t *testing.T) {
function TestConfig_IsSupportedVersion (line 35) | func TestConfig_IsSupportedVersion(t *testing.T) {
function TestConfig_GetBPFFileName (line 59) | func TestConfig_GetBPFFileName(t *testing.T) {
function TestConfig_Bytes (line 67) | func TestConfig_Bytes(t *testing.T) {
function TestConfig_DetectOpenSSL (line 78) | func TestConfig_DetectOpenSSL(t *testing.T) {
function TestConfig_DetectVersion (line 101) | func TestConfig_DetectVersion(t *testing.T) {
function TestConfig_Validate (line 128) | func TestConfig_Validate(t *testing.T) {
function TestConfig_ValidateNetworkInterface (line 150) | func TestConfig_ValidateNetworkInterface(t *testing.T) {
function TestConfig_CheckTCSupport (line 177) | func TestConfig_CheckTCSupport(t *testing.T) {
function TestConfig_ValidateCaptureMode_Pcap (line 197) | func TestConfig_ValidateCaptureMode_Pcap(t *testing.T) {
FILE: internal/probe/openssl/event.go
constant DataTypeRead (line 31) | DataTypeRead = 0
constant DataTypeWrite (line 32) | DataTypeWrite = 1
constant MaxDataSize (line 36) | MaxDataSize = 1024 * 16
constant ChunkSize (line 37) | ChunkSize = 32
constant ChunkSizeHalf (line 38) | ChunkSizeHalf = ChunkSize / 2
type AttachType (line 41) | type AttachType
constant ProbeEntry (line 44) | ProbeEntry AttachType = iota
constant ProbeRet (line 45) | ProbeRet
constant Ssl2Version (line 49) | Ssl2Version = 0x0002
constant Ssl3Version (line 50) | Ssl3Version = 0x0300
constant Tls1Version (line 51) | Tls1Version = 0x0301
constant Tls11Version (line 52) | Tls11Version = 0x0302
constant Tls12Version (line 53) | Tls12Version = 0x0303
constant Tls13Version (line 54) | Tls13Version = 0x0304
constant Dtls1Version (line 55) | Dtls1Version = 0xFEFF
constant Dtls12Version (line 56) | Dtls12Version = 0xFEFD
type TlsVersion (line 59) | type TlsVersion struct
method String (line 63) | func (t TlsVersion) String() string {
type Event (line 100) | type Event struct
method DecodeFromBytes (line 116) | func (e *Event) DecodeFromBytes(data []byte) error {
method String (line 154) | func (e *Event) String() string {
method StringHex (line 187) | func (e *Event) StringHex() string {
method BaseInfo (line 209) | func (e *Event) BaseInfo() string {
method Clone (line 229) | func (e *Event) Clone() domain.Event {
method Type (line 235) | func (e *Event) Type() domain.EventType {
method UUID (line 240) | func (e *Event) UUID() string {
method Validate (line 245) | func (e *Event) Validate() error {
method GetPid (line 258) | func (e *Event) GetPid() uint32 {
method GetComm (line 263) | func (e *Event) GetComm() string {
method GetData (line 268) | func (e *Event) GetData() []byte {
method GetDataLen (line 279) | func (e *Event) GetDataLen() uint32 {
method GetTimestamp (line 287) | func (e *Event) GetTimestamp() uint64 {
method IsRead (line 292) | func (e *Event) IsRead() bool {
function commToString (line 297) | func commToString(data []byte) string {
function dumpByteSlice (line 319) | func dumpByteSlice(b []byte, prefix string) *bytes.Buffer {
function getClockOffset (line 364) | func getClockOffset() (int64, error) {
FILE: internal/probe/openssl/event_connect.go
type connDataEvent (line 20) | type connDataEvent struct
type Type (line 40) | type Type
type ConnDataEvent (line 41) | type ConnDataEvent struct
method Type (line 47) | func (ce *ConnDataEvent) Type() domain.EventType {
method DecodeFromBytes (line 51) | func (e *ConnDataEvent) DecodeFromBytes(payload []byte) (err error) {
method Validate (line 101) | func (ce *ConnDataEvent) Validate() error {
method Clone (line 111) | func (ce *ConnDataEvent) Clone() domain.Event {
method UUID (line 116) | func (ce *ConnDataEvent) UUID() string {
method StringHex (line 139) | func (ce *ConnDataEvent) StringHex() string {
method String (line 144) | func (ce *ConnDataEvent) String() string {
method EventType (line 149) | func (ce *ConnDataEvent) EventType() Type {
method GetUUID (line 153) | func (ce *ConnDataEvent) GetUUID() string {
method ToProtobufEvent (line 161) | func (ce *ConnDataEvent) ToProtobufEvent() *pb.Event {
method Payload (line 195) | func (ce *ConnDataEvent) Payload() []byte {
method PayloadLen (line 199) | func (ce *ConnDataEvent) PayloadLen() int {
function CToGoString (line 124) | func CToGoString(c []byte) string {
function commStr (line 135) | func commStr(comm []byte) string {
FILE: internal/probe/openssl/event_connect_test.go
function buildConnPayload (line 43) | func buildConnPayload(t *testing.T,
function TestConnDataEvent_DecodeFromBytes_IPv4 (line 82) | func TestConnDataEvent_DecodeFromBytes_IPv4(t *testing.T) {
function TestConnDataEvent_DecodeFromBytes_IPv6 (line 155) | func TestConnDataEvent_DecodeFromBytes_IPv6(t *testing.T) {
function TestConnDataEvent_DecodeFromBytes_ShortPayload (line 205) | func TestConnDataEvent_DecodeFromBytes_ShortPayload(t *testing.T) {
FILE: internal/probe/openssl/event_masterkey.go
constant Ssl3RandomSize (line 30) | Ssl3RandomSize = handlers.Ssl3RandomSize
constant MasterSecretMaxLen (line 31) | MasterSecretMaxLen = handlers.MasterSecretMaxLen
constant EvpMaxMdSize (line 32) | EvpMaxMdSize = handlers.EvpMaxMdSize
type MasterSecretEvent (line 48) | type MasterSecretEvent struct
method DecodeFromBytes (line 67) | func (e *MasterSecretEvent) DecodeFromBytes(data []byte) error {
method String (line 127) | func (e *MasterSecretEvent) String() string {
method StringHex (line 144) | func (e *MasterSecretEvent) StringHex() string {
method Clone (line 152) | func (e *MasterSecretEvent) Clone() domain.Event {
method Type (line 158) | func (e *MasterSecretEvent) Type() domain.EventType {
method UUID (line 163) | func (e *MasterSecretEvent) UUID() string {
method Validate (line 171) | func (e *MasterSecretEvent) Validate() error {
method GetVersion (line 196) | func (e *MasterSecretEvent) GetVersion() int32 {
method GetClientRandom (line 201) | func (e *MasterSecretEvent) GetClientRandom() []byte {
method GetMasterKey (line 206) | func (e *MasterSecretEvent) GetMasterKey() []byte {
method GetCipherId (line 211) | func (e *MasterSecretEvent) GetCipherId() uint32 {
method GetEarlySecret (line 216) | func (e *MasterSecretEvent) GetEarlySecret() []byte {
method GetHandshakeSecret (line 221) | func (e *MasterSecretEvent) GetHandshakeSecret() []byte {
method GetHandshakeTrafficHash (line 226) | func (e *MasterSecretEvent) GetHandshakeTrafficHash() []byte {
method GetClientAppTrafficSecret (line 231) | func (e *MasterSecretEvent) GetClientAppTrafficSecret() []byte {
method GetServerAppTrafficSecret (line 236) | func (e *MasterSecretEvent) GetServerAppTrafficSecret() []byte {
method GetExporterMasterSecret (line 241) | func (e *MasterSecretEvent) GetExporterMasterSecret() []byte {
method Decode (line 246) | func (e *MasterSecretEvent) Decode(data []byte) (domain.Event, error) {
FILE: internal/probe/openssl/event_packet.go
constant TaskCommLen (line 27) | TaskCommLen = 16
constant CmdlineLen (line 28) | CmdlineLen = 256
type PacketEvent (line 33) | type PacketEvent struct
method DecodeFromBytes (line 44) | func (e *PacketEvent) DecodeFromBytes(data []byte) error {
method Validate (line 79) | func (e *PacketEvent) Validate() error {
method String (line 87) | func (e *PacketEvent) String() string {
method StringHex (line 93) | func (e *PacketEvent) StringHex() string {
method Clone (line 98) | func (e *PacketEvent) Clone() domain.Event {
method Type (line 112) | func (e *PacketEvent) Type() domain.EventType {
method UUID (line 117) | func (e *PacketEvent) UUID() string {
method GetTimestamp (line 122) | func (e *PacketEvent) GetTimestamp() uint64 {
method GetPacketData (line 126) | func (e *PacketEvent) GetPacketData() []byte {
method GetPacketLen (line 130) | func (e *PacketEvent) GetPacketLen() uint32 {
method GetInterfaceIndex (line 134) | func (e *PacketEvent) GetInterfaceIndex() uint32 {
method GetSrcIP (line 140) | func (e *PacketEvent) GetSrcIP() string {
method GetDstIP (line 144) | func (e *PacketEvent) GetDstIP() string {
method GetSrcPort (line 148) | func (e *PacketEvent) GetSrcPort() uint16 {
method GetDstPort (line 152) | func (e *PacketEvent) GetDstPort() uint16 {
method Decode (line 157) | func (e *PacketEvent) Decode(data []byte) (domain.Event, error) {
FILE: internal/probe/openssl/event_test.go
function TestEvent_DecodeFromBytes (line 27) | func TestEvent_DecodeFromBytes(t *testing.T) {
function TestEvent_String (line 97) | func TestEvent_String(t *testing.T) {
function TestEvent_String_Read (line 122) | func TestEvent_String_Read(t *testing.T) {
function TestEvent_StringHex (line 140) | func TestEvent_StringHex(t *testing.T) {
function TestEvent_Clone (line 159) | func TestEvent_Clone(t *testing.T) {
function TestEvent_Type (line 187) | func TestEvent_Type(t *testing.T) {
function TestEvent_UUID (line 194) | func TestEvent_UUID(t *testing.T) {
function TestEvent_Validate (line 209) | func TestEvent_Validate(t *testing.T) {
function TestEvent_GetPid (line 267) | func TestEvent_GetPid(t *testing.T) {
function TestEvent_GetComm (line 274) | func TestEvent_GetComm(t *testing.T) {
function TestEvent_GetData (line 284) | func TestEvent_GetData(t *testing.T) {
function TestEvent_GetDataLen (line 299) | func TestEvent_GetDataLen(t *testing.T) {
function TestEvent_GetTimestamp (line 312) | func TestEvent_GetTimestamp(t *testing.T) {
function TestEvent_IsRead (line 320) | func TestEvent_IsRead(t *testing.T) {
function Test_commToString (line 332) | func Test_commToString(t *testing.T) {
FILE: internal/probe/openssl/libs.go
constant MasterKeyHookFuncOpenSSL (line 13) | MasterKeyHookFuncOpenSSL = "SSL_write"
constant MasterKeyHookFuncBoringSSL (line 20) | MasterKeyHookFuncBoringSSL = "SSL_in_init"
constant MasterKeyHookFuncSSLBefore (line 21) | MasterKeyHookFuncSSLBefore = "SSL_in_before"
constant MasterKeyHookFuncSSLState (line 22) | MasterKeyHookFuncSSLState = "SSL_state"
constant LinuxDefaultFilename102 (line 52) | LinuxDefaultFilename102 = "linux_default_1_0_2"
constant LinuxDefaultFilename110 (line 53) | LinuxDefaultFilename110 = "linux_default_1_1_0"
constant LinuxDefaultFilename111 (line 54) | LinuxDefaultFilename111 = "linux_default_1_1_1"
constant LinuxDefaultFilename30 (line 55) | LinuxDefaultFilename30 = "linux_default_3_0"
constant LinuxDefaultFilename31 (line 56) | LinuxDefaultFilename31 = "linux_default_3_0"
constant LinuxDefaultFilename320 (line 57) | LinuxDefaultFilename320 = "linux_default_3_2"
constant LinuxDefaultFilename330 (line 58) | LinuxDefaultFilename330 = "linux_default_3_3"
constant LinuxdDfaultFilename340 (line 59) | LinuxdDfaultFilename340 = "linux_default_3_4"
constant AndroidDefaultFilename (line 60) | AndroidDefaultFilename = "android_default"
constant OpenSslVersionLen (line 62) | OpenSslVersionLen = 30
constant MaxSupportedOpenSSL102Version (line 66) | MaxSupportedOpenSSL102Version = 'u'
constant MaxSupportedOpenSSL110Version (line 67) | MaxSupportedOpenSSL110Version = 'l'
constant MaxSupportedOpenSSL111Version (line 68) | MaxSupportedOpenSSL111Version = 'w'
constant SupportedOpenSSL30Version12 (line 69) | SupportedOpenSSL30Version12 = 12
constant MaxSupportedOpenSSL30Version (line 70) | MaxSupportedOpenSSL30Version = 17
constant MaxSupportedOpenSSL31Version (line 71) | MaxSupportedOpenSSL31Version = 8
constant SupportedOpenSSL32Version2 (line 72) | SupportedOpenSSL32Version2 = 2
constant SupportedOpenSSL32Version3 (line 73) | SupportedOpenSSL32Version3 = 3
constant SupportedOpenSSL32Version4 (line 74) | SupportedOpenSSL32Version4 = 5
constant MaxSupportedOpenSSL32Version (line 75) | MaxSupportedOpenSSL32Version = 3
constant SupportedOpenSSL33Version1 (line 76) | SupportedOpenSSL33Version1 = 1
constant SupportedOpenSSL33Version2 (line 77) | SupportedOpenSSL33Version2 = 2
constant MaxSupportedOpenSSL33Version (line 78) | MaxSupportedOpenSSL33Version = 4
constant SupportedOpenSSL34Version0 (line 79) | SupportedOpenSSL34Version0 = 0
constant MaxSupportedOpenSSL34Version (line 80) | MaxSupportedOpenSSL34Version = 2
constant SupportedOpenSSL35Version0 (line 81) | SupportedOpenSSL35Version0 = 4
constant MaxSupportedOpenSSL35Version (line 82) | MaxSupportedOpenSSL35Version = 4
function isVersionLessOrEqual (line 94) | func isVersionLessOrEqual(v1, v2 string) bool {
function extractVersionPart (line 147) | func extractVersionPart(s string) (int, string) {
function init (line 175) | func init() {
FILE: internal/probe/openssl/openssl_probe.go
type Probe (line 45) | type Probe struct
method Initialize (line 71) | func (p *Probe) Initialize(ctx context.Context, cfg domain.Configurati...
method Start (line 101) | func (p *Probe) Start(ctx context.Context) error {
method retrieveEventMaps (line 163) | func (p *Probe) retrieveEventMaps() error {
method Stop (line 191) | func (p *Probe) Stop(ctx context.Context) error {
method Events (line 197) | func (p *Probe) Events() []*ebpf.Map {
method Close (line 205) | func (p *Probe) Close() error {
method SetOutput (line 228) | func (p *Probe) SetOutput(w io.Writer) {
method setupManagerText (line 232) | func (p *Probe) setupManagerText() error {
method setupManagerPcapNG (line 359) | func (p *Probe) setupManagerPcapNG() error {
method setupManagerKeyLog (line 484) | func (p *Probe) setupManagerKeyLog() error {
method setupManager (line 539) | func (p *Probe) setupManager() error {
method getManagerOptions (line 573) | func (p *Probe) getManagerOptions() manager.Options {
method DecodeFun (line 605) | func (p *Probe) DecodeFun(em *ebpf.Map) (domain.EventDecoder, bool) {
function NewProbe (line 61) | func NewProbe() (*Probe, error) {
type connectDecoder (line 611) | type connectDecoder struct
method Decode (line 615) | func (d *connectDecoder) Decode(_ *ebpf.Map, data []byte) (domain.Even...
method GetDecoder (line 626) | func (d *connectDecoder) GetDecoder(_ *ebpf.Map) (domain.Event, bool) {
type packetEventDecoder (line 631) | type packetEventDecoder struct
method Decode (line 633) | func (d *packetEventDecoder) Decode(_ *ebpf.Map, data []byte) (domain....
method GetDecoder (line 644) | func (d *packetEventDecoder) GetDecoder(_ *ebpf.Map) (domain.Event, bo...
type tlsEventDecoder (line 649) | type tlsEventDecoder struct
method Decode (line 653) | func (d *tlsEventDecoder) Decode(_ *ebpf.Map, data []byte) (domain.Eve...
method GetDecoder (line 664) | func (d *tlsEventDecoder) GetDecoder(_ *ebpf.Map) (domain.Event, bool) {
type masterSecretEventDecoder (line 669) | type masterSecretEventDecoder struct
method Decode (line 673) | func (d *masterSecretEventDecoder) Decode(_ *ebpf.Map, data []byte) (d...
method GetDecoder (line 688) | func (d *masterSecretEventDecoder) GetDecoder(_ *ebpf.Map) (domain.Eve...
FILE: internal/probe/openssl/openssl_probe_test.go
function TestNewProbe (line 24) | func TestNewProbe(t *testing.T) {
function TestProbe_Initialize (line 38) | func TestProbe_Initialize(t *testing.T) {
function TestProbe_Initialize_InvalidConfig (line 56) | func TestProbe_Initialize_InvalidConfig(t *testing.T) {
function TestProbe_SetOutput (line 74) | func TestProbe_SetOutput(t *testing.T) {
function TestProbe_Close (line 88) | func TestProbe_Close(t *testing.T) {
function TestProbe_Events (line 102) | func TestProbe_Events(t *testing.T) {
function TestProbe_Lifecycle (line 115) | func TestProbe_Lifecycle(t *testing.T) {
function TestProbe_WithRealOutput (line 132) | func TestProbe_WithRealOutput(t *testing.T) {
FILE: internal/probe/openssl/register.go
function init (line 22) | func init() {
FILE: internal/probe/postgres/config.go
type Config (line 28) | type Config struct
method Validate (line 44) | func (c *Config) Validate() error {
method detectPostgresPath (line 80) | func (c *Config) detectPostgresPath() error {
method verifyFunction (line 107) | func (c *Config) verifyFunction() error {
method GetPostgresPath (line 148) | func (c *Config) GetPostgresPath() string {
method GetFuncName (line 153) | func (c *Config) GetFuncName() string {
method GetOffset (line 158) | func (c *Config) GetOffset() uint64 {
method SetPostgresPath (line 163) | func (c *Config) SetPostgresPath(path string) {
method SetFuncName (line 168) | func (c *Config) SetFuncName(name string) {
method SetOffset (line 173) | func (c *Config) SetOffset(offset uint64) {
function NewConfig (line 36) | func NewConfig() *Config {
FILE: internal/probe/postgres/event.go
constant MaxDataSizePostgres (line 30) | MaxDataSizePostgres = 256
type Event (line 42) | type Event struct
method Type (line 50) | func (e *Event) Type() domain.EventType {
method UUID (line 55) | func (e *Event) UUID() string {
method Validate (line 60) | func (e *Event) Validate() error {
method DecodeFromBytes (line 71) | func (e *Event) DecodeFromBytes(data []byte) error {
method String (line 104) | func (e *Event) String() string {
method StringHex (line 118) | func (e *Event) StringHex() string {
method Clone (line 124) | func (e *Event) Clone() domain.Event {
method GetQuery (line 135) | func (e *Event) GetQuery() string {
method GetComm (line 140) | func (e *Event) GetComm() string {
method GetPid (line 145) | func (e *Event) GetPid() uint64 {
method GetTimestamp (line 150) | func (e *Event) GetTimestamp() uint64 {
method IsTruncated (line 155) | func (e *Event) IsTruncated() bool {
FILE: internal/probe/postgres/postgres_probe.go
type Probe (line 37) | type Probe struct
method Initialize (line 51) | func (p *Probe) Initialize(ctx context.Context, cfg domain.Configurati...
method Start (line 68) | func (p *Probe) Start(ctx context.Context) error {
method Stop (line 114) | func (p *Probe) Stop(ctx context.Context) error {
method Close (line 124) | func (p *Probe) Close() error {
method setupManager (line 141) | func (p *Probe) setupManager() error {
method loadBytecode (line 171) | func (p *Probe) loadBytecode() ([]byte, error) {
method getManagerOptions (line 192) | func (p *Probe) getManagerOptions() manager.Options {
function NewProbe (line 44) | func NewProbe() *Probe {
type postgresEventDecoder (line 225) | type postgresEventDecoder struct
method Decode (line 230) | func (d *postgresEventDecoder) Decode(em *ebpf.Map, rawData []byte) (d...
method GetDecoder (line 239) | func (d *postgresEventDecoder) GetDecoder(em *ebpf.Map) (domain.Event,...
FILE: internal/probe/postgres/postgres_test.go
function TestNewConfig (line 26) | func TestNewConfig(t *testing.T) {
function TestConfigValidateWithoutPath (line 39) | func TestConfigValidateWithoutPath(t *testing.T) {
function TestConfigValidateWithInvalidPath (line 50) | func TestConfigValidateWithInvalidPath(t *testing.T) {
function TestConfigGettersSetters (line 61) | func TestConfigGettersSetters(t *testing.T) {
function TestNewProbe (line 87) | func TestNewProbe(t *testing.T) {
function TestProbeInitialize (line 102) | func TestProbeInitialize(t *testing.T) {
function TestProbeInitializeWithInvalidConfig (line 115) | func TestProbeInitializeWithInvalidConfig(t *testing.T) {
type mockDispatcher (line 129) | type mockDispatcher struct
method Register (line 131) | func (m *mockDispatcher) Register(handler domain.EventHandler) error {
method Unregister (line 135) | func (m *mockDispatcher) Unregister(handlerName string) error {
method Dispatch (line 139) | func (m *mockDispatcher) Dispatch(event domain.Event) error {
method Close (line 143) | func (m *mockDispatcher) Close() error {
function TestEventDecode (line 148) | func TestEventDecode(t *testing.T) {
function TestEventValidate (line 195) | func TestEventValidate(t *testing.T) {
function TestEventClone (line 226) | func TestEventClone(t *testing.T) {
function TestEventTypeAndUUID (line 262) | func TestEventTypeAndUUID(t *testing.T) {
function TestEventIsTruncated (line 288) | func TestEventIsTruncated(t *testing.T) {
FILE: internal/probe/postgres/register.go
function init (line 25) | func init() {
FILE: internal/probe/zsh/config.go
constant fallbackZshPath (line 29) | fallbackZshPath = "/bin/zsh"
constant ElfTypeBin (line 30) | ElfTypeBin = 1
type Config (line 34) | type Config struct
method Validate (line 51) | func (c *Config) Validate() error {
method checkElf (line 68) | func (c *Config) checkElf() error {
method checkReadlineFunc (line 93) | func (c *Config) checkReadlineFunc() error {
method Bytes (line 124) | func (c *Config) Bytes() []byte {
function NewConfig (line 43) | func NewConfig() *Config {
FILE: internal/probe/zsh/event.go
constant MaxDataSizeZsh (line 31) | MaxDataSizeZsh = 256
constant ZshEventTypeReadline (line 32) | ZshEventTypeReadline = 0
type Event (line 36) | type Event struct
method DecodeFromBytes (line 45) | func (e *Event) DecodeFromBytes(data []byte) error {
method Validate (line 76) | func (e *Event) Validate() error {
method String (line 82) | func (e *Event) String() string {
method StringHex (line 89) | func (e *Event) StringHex() string {
method Clone (line 97) | func (e *Event) Clone() domain.Event {
method Type (line 102) | func (e *Event) Type() domain.EventType {
method UUID (line 107) | func (e *Event) UUID() string {
method Bytes (line 112) | func (e *Event) Bytes() []byte {
function commToString (line 121) | func commToString(comm []byte) string {
FILE: internal/probe/zsh/register.go
function init (line 25) | func init() {
FILE: internal/probe/zsh/zsh_probe.go
type Probe (line 37) | type Probe struct
method Initialize (line 57) | func (p *Probe) Initialize(ctx context.Context, cfg domain.Configurati...
method Start (line 82) | func (p *Probe) Start(ctx context.Context) error {
method retrieveEventMaps (line 126) | func (p *Probe) retrieveEventMaps() error {
method Close (line 150) | func (p *Probe) Close() error {
method Events (line 160) | func (p *Probe) Events() []*ebpf.Map {
method loadBytecode (line 165) | func (p *Probe) loadBytecode() ([]byte, error) {
method getBPFName (line 178) | func (p *Probe) getBPFName(baseName string) string {
method setupManager (line 190) | func (p *Probe) setupManager() error {
method getManagerOptions (line 226) | func (p *Probe) getManagerOptions() manager.Options {
method DecodeFun (line 283) | func (p *Probe) DecodeFun(em *ebpf.Map) (domain.EventDecoder, bool) {
function NewProbe (line 47) | func NewProbe() *Probe {
type zshEventDecoder (line 289) | type zshEventDecoder struct
method Decode (line 291) | func (d *zshEventDecoder) Decode(_ *ebpf.Map, data []byte) (domain.Eve...
method GetDecoder (line 299) | func (d *zshEventDecoder) GetDecoder(_ *ebpf.Map) (domain.Event, bool) {
FILE: internal/probe/zsh/zsh_test.go
function TestNewConfig (line 24) | func TestNewConfig(t *testing.T) {
function TestConfig_Validate (line 31) | func TestConfig_Validate(t *testing.T) {
function TestEvent_DecodeFromBytes (line 73) | func TestEvent_DecodeFromBytes(t *testing.T) {
function TestEvent_Validate (line 104) | func TestEvent_Validate(t *testing.T) {
function TestEvent_String (line 140) | func TestEvent_String(t *testing.T) {
function TestEvent_Clone (line 155) | func TestEvent_Clone(t *testing.T) {
function TestNewProbe (line 173) | func TestNewProbe(t *testing.T) {
FILE: kern/bash_kern.c
type event (line 17) | struct event {
type event (line 36) | struct event
type event (line 40) | struct event
function uretprobe_bash_readline (line 43) | int uretprobe_bash_readline(struct pt_regs *ctx) {
function uretprobe_bash_retval (line 66) | int uretprobe_bash_retval(struct pt_regs *ctx) {
function __always_inline (line 102) | static __always_inline int send_bash_exit_event(struct pt_regs *ctx) {
function uprobe_exec_builtin (line 118) | int uprobe_exec_builtin(struct pt_regs *ctx) { return send_bash_exit_eve...
function uprobe_exit_builtin (line 121) | int uprobe_exit_builtin(struct pt_regs *ctx) { return send_bash_exit_eve...
FILE: kern/boringssl_masterkey.h
type mastersecret_bssl_t (line 37) | struct mastersecret_bssl_t {
type ssl3_state_st (line 59) | struct ssl3_state_st {
type ssl3_handshake_st (line 90) | struct ssl3_handshake_st {
type mastersecret_bssl_t (line 117) | struct mastersecret_bssl_t
type mastersecret_bssl_t (line 124) | struct mastersecret_bssl_t
function mastersecret_bssl_t (line 130) | mastersecret_bssl_t *make_event() {
function __always_inline (line 141) | static __always_inline u64 get_session_addr(void *ssl_st_ptr, u64 s3_add...
function probe_ssl_master_key (line 170) | int probe_ssl_master_key(struct pt_regs *ctx) {
FILE: kern/bpf/arm64/vmlinux_614.h
type BIT_DStream_status (line 31411) | typedef enum {
type EFI_PCI_IO_PROTOCOL_WIDTH (line 31418) | typedef enum {
type EFI_TIMER_DELAY (line 31434) | typedef enum {
type ZSTD_ErrorCode (line 31440) | typedef enum {
type ZSTD_ErrorCode (line 31471) | typedef ZSTD_ErrorCode ERR_enum;
type ZSTD_ResetDirective (line 31473) | typedef enum {
type ZSTD_bufferMode_e (line 31479) | typedef enum {
type ZSTD_dParameter (line 31484) | typedef enum {
type ZSTD_dStage (line 31492) | typedef enum {
type ZSTD_dStreamStage (line 31503) | typedef enum {
type ZSTD_dictContentType_e (line 31511) | typedef enum {
type ZSTD_dictLoadMethod_e (line 31517) | typedef enum {
type ZSTD_dictUses_e (line 31522) | typedef enum {
type ZSTD_forceIgnoreChecksum_e (line 31528) | typedef enum {
type ZSTD_format_e (line 31533) | typedef enum {
type ZSTD_frameType_e (line 31538) | typedef enum {
type ZSTD_litLocation_e (line 31543) | typedef enum {
type ZSTD_longOffset_e (line 31549) | typedef enum {
type ZSTD_nextInputType_e (line 31554) | typedef enum {
type ZSTD_overlap_e (line 31563) | typedef enum {
type ZSTD_refMultipleDDicts_e (line 31568) | typedef enum {
type acpi_execute_type (line 31573) | typedef enum {
type acpi_interpreter_mode (line 31583) | typedef enum {
type acpi_trace_event_type (line 31589) | typedef enum {
type blockType_e (line 31595) | typedef enum {
type block_state (line 31602) | typedef enum {
type codetype (line 31609) | typedef enum {
type cpuset_filetype_t (line 31615) | typedef enum {
type cpuset_flagbits_t (line 31637) | typedef enum {
type dict_directive (line 31648) | typedef enum {
type dirblock_type_t (line 31654) | typedef enum {
type e1000_1000t_rx_status (line 31661) | typedef enum {
type e1000_10bt_ext_dist_enable (line 31667) | typedef enum {
type e1000_auto_x_mode (line 31673) | typedef enum {
type e1000_bus_speed (line 31681) | typedef enum {
type e1000_bus_type (line 31691) | typedef enum {
type e1000_bus_width (line 31698) | typedef enum {
type e1000_cable_length (line 31705) | typedef enum {
type e1000_downshift (line 31714) | typedef enum {
type e1000_dsp_config (line 31720) | typedef enum {
type e1000_eeprom_type (line 31727) | typedef enum {
type e1000_fc_type (line 31736) | typedef enum {
type e1000_ffe_config (line 31744) | typedef enum {
type e1000_mac_type (line 31750) | typedef enum {
type e1000_media_type (line 31769) | typedef enum {
type e1000_ms_type (line 31776) | typedef enum {
type e1000_phy_type (line 31783) | typedef enum {
type e1000_polarity_reversal (line 31791) | typedef enum {
type e1000_rev_polarity (line 31797) | typedef enum {
type e1000_smart_speed (line 31803) | typedef enum {
type earlyEnd_directive (line 31809) | typedef enum {
type endCondition_directive (line 31814) | typedef enum {
type ext4_iget_flags (line 31819) | typedef enum {
type flstate_t (line 31827) | typedef enum {
type inflate_mode (line 31858) | typedef enum {
type isolate_migrate_t (line 31891) | typedef enum {
type map_chg_state (line 31897) | typedef enum {
type pageout_t (line 31903) | typedef enum {
type pci_bridge_emul_read_status_t (line 31910) | typedef enum {
type phy_interface_t (line 31915) | typedef enum {
type psmouse_ret_t (line 31953) | typedef enum {
type socket_state (line 31959) | typedef enum {
type streaming_operation (line 31967) | typedef enum {
type symbolEncodingType_e (line 31972) | typedef enum {
type ZSTD_ErrorCode (line 31979) | typedef ZSTD_ErrorCode zstd_error_code;
type APSR_BIT (line 31981) | enum APSR_BIT {
type ARSTR_BIT (line 31989) | enum ARSTR_BIT {
type CCC_BIT (line 31993) | enum CCC_BIT {
type CIE_BIT (line 32007) | enum CIE_BIT {
type CMD_RET_VALUES (line 32016) | enum CMD_RET_VALUES {
type CSI_J (line 32022) | enum CSI_J {
type CSI_right_square_bracket (line 32029) | enum CSI_right_square_bracket {
type CSR0_BIT (line 32043) | enum CSR0_BIT {
type CSR1_BIT (line 32048) | enum CSR1_BIT {
type CSR2_BIT (line 32062) | enum CSR2_BIT {
type CSR_BIT (line 32076) | enum CSR_BIT {
type CXR31_BIT (line 32090) | enum CXR31_BIT {
type CXR35_BIT (line 32095) | enum CXR35_BIT {
type DCMD_RETURN_STATUS (line 32102) | enum DCMD_RETURN_STATUS {
type DCMD_TIMEOUT_ACTION (line 32110) | enum DCMD_TIMEOUT_ACTION {
type DIE_DT (line 32116) | enum DIE_DT {
type DIE_DT___2 (line 32136) | enum DIE_DT___2 {
type DIE_DT___3 (line 32157) | enum DIE_DT___3 {
type DMA_REGS_OFFSET (line 32173) | enum DMA_REGS_OFFSET {
type E1000_INVM_STRUCTURE_TYPE (line 32187) | enum E1000_INVM_STRUCTURE_TYPE {
type ECMR_BIT (line 32196) | enum ECMR_BIT {
type ECMR_BIT___2 (line 32213) | enum ECMR_BIT___2 {
type ECSIPR_BIT (line 32234) | enum ECSIPR_BIT {
type ECSIPR_BIT___2 (line 32240) | enum ECSIPR_BIT___2 {
type ECSR_BIT (line 32248) | enum ECSR_BIT {
type ECSR_BIT___2 (line 32256) | enum ECSR_BIT___2 {
type EDMR_BIT (line 32264) | enum EDMR_BIT {
type EDRRR_BIT (line 32273) | enum EDRRR_BIT {
type EDSR_BIT (line 32277) | enum EDSR_BIT {
type EDTRR_BIT (line 32282) | enum EDTRR_BIT {
type EESIPR_BIT (line 32287) | enum EESIPR_BIT {
type EESR_BIT (line 32318) | enum EESR_BIT {
type EIS_BIT (line 32349) | enum EIS_BIT {
type EXT_INFO_DS_BIT (line 32363) | enum EXT_INFO_DS_BIT {
type FCFTR_BIT (line 32367) | enum FCFTR_BIT {
type FW_BOOT_CONTEXT (line 32376) | enum FW_BOOT_CONTEXT {
type GCCR_BIT (line 32381) | enum GCCR_BIT {
type GECMR_BIT (line 32396) | enum GECMR_BIT {
type GECMR_BIT___2 (line 32402) | enum GECMR_BIT___2 {
type GIC_BIT (line 32412) | enum GIC_BIT {
type GID_BIT (line 32417) | enum GID_BIT {
type GIE_BIT (line 32446) | enum GIE_BIT {
type GIS_BIT (line 32475) | enum GIS_BIT {
type GTI_BIT (line 32481) | enum GTI_BIT {
type HCLGE_COMM_API_CAP_BITS (line 32485) | enum HCLGE_COMM_API_CAP_BITS {
type HCLGE_COMM_CAP_BITS (line 32489) | enum HCLGE_COMM_CAP_BITS {
type HCLGE_DEV_STATE (line 32518) | enum HCLGE_DEV_STATE {
type HCLGE_FD_ACTION (line 32543) | enum HCLGE_FD_ACTION {
type HCLGE_FD_ACTIVE_RULE_TYPE (line 32549) | enum HCLGE_FD_ACTIVE_RULE_TYPE {
type HCLGE_FD_KEY_OPT (line 32556) | enum HCLGE_FD_KEY_OPT {
type HCLGE_FD_KEY_TYPE (line 32565) | enum HCLGE_FD_KEY_TYPE {
type HCLGE_FD_META_DATA (line 32570) | enum HCLGE_FD_META_DATA {
type HCLGE_FD_MODE (line 32582) | enum HCLGE_FD_MODE {
type HCLGE_FD_NODE_STATE (line 32589) | enum HCLGE_FD_NODE_STATE {
type HCLGE_FD_PACKET_TYPE (line 32596) | enum HCLGE_FD_PACKET_TYPE {
type HCLGE_FD_STAGE (line 32601) | enum HCLGE_FD_STAGE {
type HCLGE_FD_TUPLE (line 32607) | enum HCLGE_FD_TUPLE {
type HCLGE_FD_USER_DEF_LAYER (line 32641) | enum HCLGE_FD_USER_DEF_LAYER {
type HCLGE_FIRMWARE_MAC_SPEED (line 32648) | enum HCLGE_FIRMWARE_MAC_SPEED {
type HCLGE_MAC_ADDR_TYPE (line 32660) | enum HCLGE_MAC_ADDR_TYPE {
type HCLGE_MAC_DUPLEX (line 32665) | enum HCLGE_MAC_DUPLEX {
type HCLGE_MAC_NODE_STATE (line 32670) | enum HCLGE_MAC_NODE_STATE {
type HCLGE_MAC_SPEED (line 32676) | enum HCLGE_MAC_SPEED {
type HCLGE_MBX_OPCODE (line 32689) | enum HCLGE_MBX_OPCODE {
type HCLGE_VPORT_NEED_NOTIFY (line 32734) | enum HCLGE_VPORT_NEED_NOTIFY {
type HCLGE_VPORT_STATE (line 32739) | enum HCLGE_VPORT_STATE {
type HLCGE_PORT_TYPE (line 32748) | enum HLCGE_PORT_TYPE {
type HNAE3_DEV_CAP_BITS (line 32753) | enum HNAE3_DEV_CAP_BITS {
type HNAE3_PF_CAP_BITS (line 32784) | enum HNAE3_PF_CAP_BITS {
type I2C_REGS_OFFSET (line 32788) | enum I2C_REGS_OFFSET {
type ISS_BIT (line 32823) | enum ISS_BIT {
type KTHREAD_BITS (line 32849) | enum KTHREAD_BITS {
type LMAC_TYPE (line 32855) | enum LMAC_TYPE {
type MAX77686_RTC_OP (line 32869) | enum MAX77686_RTC_OP {
type MCAST_MODE (line 32874) | enum MCAST_MODE {
type MEGASAS_LD_TARGET_ID_STATUS (line 32881) | enum MEGASAS_LD_TARGET_ID_STATUS {
type MEGASAS_OCR_CAUSE (line 32887) | enum MEGASAS_OCR_CAUSE {
type MFI_CMD_OP (line 32893) | enum MFI_CMD_OP {
type MFI_STAT (line 32909) | enum MFI_STAT {
type MR_ADAPTER_TYPE (line 32971) | enum MR_ADAPTER_TYPE {
type MR_EVT_CLASS (line 32979) | enum MR_EVT_CLASS {
type MR_EVT_LOCALE (line 32989) | enum MR_EVT_LOCALE {
type MR_FW_CRASH_DUMP_STATE (line 33001) | enum MR_FW_CRASH_DUMP_STATE {
type MR_LD_QUERY_TYPE (line 33009) | enum MR_LD_QUERY_TYPE {
type MR_PD_QUERY_TYPE (line 33017) | enum MR_PD_QUERY_TYPE {
type MR_PD_STATE (line 33026) | enum MR_PD_STATE {
type MR_PD_TYPE (line 33038) | enum MR_PD_TYPE {
type MR_PERF_MODE (line 33047) | enum MR_PERF_MODE {
type MR_RAID_FLAGS_IO_SUB_TYPE (line 33053) | enum MR_RAID_FLAGS_IO_SUB_TYPE {
type MR_RAID_MAP_DESC_TYPE (line 33064) | enum MR_RAID_MAP_DESC_TYPE {
type MR_SCSI_CMD_TYPE (line 33072) | enum MR_SCSI_CMD_TYPE {
type MSC_BIT (line 33079) | enum MSC_BIT {
type MT6323_IRQ_STATUS_numbers (line 33090) | enum MT6323_IRQ_STATUS_numbers {
type OID (line 33114) | enum OID {
type Opt_errors (line 33221) | enum Opt_errors {
type PIR_BIT (line 33226) | enum PIR_BIT {
type PIR_BIT___2 (line 33233) | enum PIR_BIT___2 {
type PSR_BIT (line 33240) | enum PSR_BIT {
type RAVB_QUEUE (line 33244) | enum RAVB_QUEUE {
type RCR_BIT (line 33249) | enum RCR_BIT {
type RD_LEN_BIT (line 33258) | enum RD_LEN_BIT {
type RD_STS_BIT (line 33263) | enum RD_STS_BIT {
type REGION_TYPE (line 33281) | enum REGION_TYPE {
type RIC0_BIT (line 33288) | enum RIC0_BIT {
type RIC2_BIT (line 33309) | enum RIC2_BIT {
type RIS0_BIT (line 33331) | enum RIS0_BIT {
type RIS2_BIT (line 33353) | enum RIS2_BIT {
type RMCR_BIT (line 33376) | enum RMCR_BIT {
type RX_DS_CC_BIT (line 33380) | enum RX_DS_CC_BIT {
type S2MPU02_reg (line 33387) | enum S2MPU02_reg {
type S2MPU02_regulators (line 33476) | enum S2MPU02_regulators {
type SCI_CLKS (line 33515) | enum SCI_CLKS {
type SHIFT_DIRECTION (line 33523) | enum SHIFT_DIRECTION {
type SS4_PACKET_ID (line 33528) | enum SS4_PACKET_ID {
type TCCR_BIT (line 33536) | enum TCCR_BIT {
type TD_STS_BIT (line 33545) | enum TD_STS_BIT {
type TFA2_BIT (line 33554) | enum TFA2_BIT {
type TGC_BIT (line 33559) | enum TGC_BIT {
type TIC_BIT (line 33574) | enum TIC_BIT {
type TIS_BIT (line 33581) | enum TIS_BIT {
type TPAUSER_BIT (line 33589) | enum TPAUSER_BIT {
type TPM_OPS_FLAGS (line 33594) | enum TPM_OPS_FLAGS {
type TRSCER_BIT (line 33598) | enum TRSCER_BIT {
type TSR_BIT (line 33611) | enum TSR_BIT {
type TSU_ADSBSY_BIT (line 33617) | enum TSU_ADSBSY_BIT {
type TSU_FWSLC_BIT (line 33621) | enum TSU_FWSLC_BIT {
type TX_DS_TAGL_BIT (line 33634) | enum TX_DS_TAGL_BIT {
type TX_FS_TAGL_BIT (line 33639) | enum TX_FS_TAGL_BIT {
type TX_TAGH_TSR_BIT (line 33644) | enum TX_TAGH_TSR_BIT {
type UART_TX_FLAGS (line 33649) | enum UART_TX_FLAGS {
type V7_PACKET_ID (line 33653) | enum V7_PACKET_ID {
type _MR_CRASH_BUF_STATUS (line 33661) | enum _MR_CRASH_BUF_STATUS {
type __kvm_host_smccc_func (line 33666) | enum __kvm_host_smccc_func {
type __sk_action (line 33701) | enum __sk_action {
type _dsm_op_index (line 33708) | enum _dsm_op_index {
type _dsm_rst_type (line 33717) | enum _dsm_rst_type {
type _pmux_input (line 33726) | enum _pmux_input {
type _slab_flag_bits (line 33734) | enum _slab_flag_bits {
type aarch32_map (line 33757) | enum aarch32_map {
type aarch64_insn_adr_type (line 33763) | enum aarch64_insn_adr_type {
type aarch64_insn_adsb_type (line 33768) | enum aarch64_insn_adsb_type {
type aarch64_insn_bitfield_type (line 33775) | enum aarch64_insn_bitfield_type {
type aarch64_insn_branch_type (line 33781) | enum aarch64_insn_branch_type {
type aarch64_insn_condition (line 33789) | enum aarch64_insn_condition {
type aarch64_insn_data1_type (line 33807) | enum aarch64_insn_data1_type {
type aarch64_insn_data2_type (line 33813) | enum aarch64_insn_data2_type {
type aarch64_insn_data3_type (line 33822) | enum aarch64_insn_data3_type {
type aarch64_insn_hint_cr_op (line 33827) | enum aarch64_insn_hint_cr_op {
type aarch64_insn_imm_type (line 33858) | enum aarch64_insn_imm_type {
type aarch64_insn_ldst_type (line 33874) | enum aarch64_insn_ldst_type {
type aarch64_insn_logic_type (line 33891) | enum aarch64_insn_logic_type {
type aarch64_insn_mb_type (line 33902) | enum aarch64_insn_mb_type {
type aarch64_insn_mem_atomic_op (line 33917) | enum aarch64_insn_mem_atomic_op {
type aarch64_insn_mem_order_type (line 33925) | enum aarch64_insn_mem_order_type {
type aarch64_insn_movewide_type (line 33932) | enum aarch64_insn_movewide_type {
type aarch64_insn_movw_imm_type (line 33938) | enum aarch64_insn_movw_imm_type {
type aarch64_insn_register (line 33943) | enum aarch64_insn_register {
type aarch64_insn_register_type (line 33981) | enum aarch64_insn_register_type {
type aarch64_insn_size_type (line 33991) | enum aarch64_insn_size_type {
type aarch64_insn_special_register (line 33998) | enum aarch64_insn_special_register {
type aarch64_insn_system_register (line 34021) | enum aarch64_insn_system_register {
type aarch64_insn_variant (line 34027) | enum aarch64_insn_variant {
type aarch64_regset (line 34032) | enum aarch64_regset {
type aarch64_reloc_op (line 34047) | enum aarch64_reloc_op {
type access_coordinate_class (line 34054) | enum access_coordinate_class {
type acpi_attr_enum (line 34060) | enum acpi_attr_enum {
type acpi_bridge_type (line 34065) | enum acpi_bridge_type {
type acpi_bus_device_type (line 34070) | enum acpi_bus_device_type {
type acpi_cdat_type (line 34081) | enum acpi_cdat_type {
type acpi_cedt_type (line 34091) | enum acpi_cedt_type {
type acpi_device_swnode_dev_props (line 34099) | enum acpi_device_swnode_dev_props {
type acpi_device_swnode_ep_props (line 34109) | enum acpi_device_swnode_ep_props {
type acpi_device_swnode_port_props (line 34121) | enum acpi_device_swnode_port_props {
type acpi_einj_actions (line 34127) | enum acpi_einj_actions {
type acpi_einj_instructions (line 34142) | enum acpi_einj_instructions {
type acpi_erst_actions (line 34152) | enum acpi_erst_actions {
type acpi_erst_instructions (line 34173) | enum acpi_erst_instructions {
type acpi_gtdt_type (line 34196) | enum acpi_gtdt_type {
type acpi_hest_notify_types (line 34202) | enum acpi_hest_notify_types {
type acpi_hest_types (line 34218) | enum acpi_hest_types {
type acpi_hmat_type (line 34234) | enum acpi_hmat_type {
type acpi_iort_node_type (line 34241) | enum acpi_iort_node_type {
type acpi_irq_model_id (line 34251) | enum acpi_irq_model_id {
type acpi_madt_gic_version (line 34262) | enum acpi_madt_gic_version {
type acpi_madt_multiproc_wakeup_version (line 34271) | enum acpi_madt_multiproc_wakeup_version {
type acpi_madt_type (line 34277) | enum acpi_madt_type {
type acpi_pcct_type (line 34310) | enum acpi_pcct_type {
type acpi_pptt_type (line 34320) | enum acpi_pptt_type {
type acpi_predicate (line 34327) | enum acpi_predicate {
type acpi_reconfig_event (line 34334) | enum acpi_reconfig_event {
type acpi_return_package_types (line 34339) | enum acpi_return_package_types {
type acpi_srat_type (line 34355) | enum acpi_srat_type {
type acpi_subtable_type (line 34367) | enum acpi_subtable_type {
type actions (line 34375) | enum actions {
type ahci_qoriq_type (line 34381) | enum ahci_qoriq_type {
type alarmtimer_type (line 34392) | enum alarmtimer_type {
type ale_fields (line 34400) | enum ale_fields {
type altera_pcie_version (line 34449) | enum altera_pcie_version {
type am65_cpsw_tx_buf_type (line 34454) | enum am65_cpsw_tx_buf_type {
type aqr_fw_src (line 34460) | enum aqr_fw_src {
type arch_timer_erratum_match_type (line 34465) | enum arch_timer_erratum_match_type {
type arch_timer_ppi_nr (line 34471) | enum arch_timer_ppi_nr {
type arch_timer_reg (line 34480) | enum arch_timer_reg {
type arch_timer_spi_nr (line 34485) | enum arch_timer_spi_nr {
type arm64_bp_harden_el1_vectors (line 34491) | enum arm64_bp_harden_el1_vectors {
type arm64_hyp_spectre_vector (line 34498) | enum arm64_hyp_spectre_vector {
type arm_smccc_conduit (line 34505) | enum arm_smccc_conduit {
type arm_smmu_arch_version (line 34511) | enum arm_smmu_arch_version {
type arm_smmu_cbar_type (line 34517) | enum arm_smmu_cbar_type {
type arm_smmu_context_fmt (line 34524) | enum arm_smmu_context_fmt {
type arm_smmu_domain_stage (line 34531) | enum arm_smmu_domain_stage {
type arm_smmu_domain_stage___2 (line 34536) | enum arm_smmu_domain_stage___2 {
type arm_smmu_implementation (line 34542) | enum arm_smmu_implementation {
type arm_smmu_msi_index (line 34549) | enum arm_smmu_msi_index {
type arm_smmu_s2cr_privcfg (line 34556) | enum arm_smmu_s2cr_privcfg {
type arm_smmu_s2cr_type (line 34563) | enum arm_smmu_s2cr_type {
type armpmu_attr_groups (line 34569) | enum armpmu_attr_groups {
type asn1_class (line 34577) | enum asn1_class {
type asn1_method (line 34584) | enum asn1_method {
type asn1_opcode (line 34589) | enum asn1_opcode {
type asn1_tag (line 34623) | enum asn1_tag {
type asp_netfilt_reg_type (line 34656) | enum asp_netfilt_reg_type {
type asp_rx_filter_id (line 34662) | enum asp_rx_filter_id {
type asp_rx_net_filter_block (line 34670) | enum asp_rx_net_filter_block {
type assoc_array_walk_status (line 34678) | enum assoc_array_walk_status {
type asymmetric_payload_bits (line 34684) | enum asymmetric_payload_bits {
type ata_completion_errors (line 34691) | enum ata_completion_errors {
type ata_dev_iter_mode (line 34706) | enum ata_dev_iter_mode {
type ata_link_iter_mode (line 34713) | enum ata_link_iter_mode {
type ata_lpm_hints (line 34719) | enum ata_lpm_hints {
type ata_lpm_policy (line 34725) | enum ata_lpm_policy {
type ata_prot_flags (line 34734) | enum ata_prot_flags {
type ata_quirks (line 34750) | enum ata_quirks {
type ata_xfer_mask (line 34785) | enum ata_xfer_mask {
type attr_idn (line 34791) | enum attr_idn {
type audit_nfcfgop (line 34826) | enum audit_nfcfgop {
type audit_nlgrps (line 34851) | enum audit_nlgrps {
type audit_ntp_type (line 34857) | enum audit_ntp_type {
type audit_state (line 34867) | enum audit_state {
type auditsc_class_t (line 34873) | enum auditsc_class_t {
type autofs_notify (line 34884) | enum autofs_notify {
type axp15060_irqs (line 34890) | enum axp15060_irqs {
type axp192_irqs (line 34907) | enum axp192_irqs {
type axp20x_variants (line 34943) | enum axp20x_variants {
type axp22x_irqs (line 34962) | enum axp22x_irqs {
type axp288_irqs (line 34990) | enum axp288_irqs {
type axp313a_irqs (line 35027) | enum axp313a_irqs {
type axp717_irqs (line 35037) | enum axp717_irqs {
type axp803_irqs (line 35071) | enum axp803_irqs {
type axp806_irqs (line 35108) | enum axp806_irqs {
type axp809_irqs (line 35123) | enum axp809_irqs {
type bam_command_type (line 35158) | enum bam_command_type {
type bam_reg (line 35163) | enum bam_reg {
type base_type (line 35192) | enum base_type {
type batadv_packettype (line 35199) | enum batadv_packettype {
type bcm2835_fsel (line 35213) | enum bcm2835_fsel {
type bcm_iproc_i2c_type (line 35218) | enum bcm_iproc_i2c_type {
type bcm_usb_phy_ctrl_bits (line 35223) | enum bcm_usb_phy_ctrl_bits {
type bcm_usb_phy_reg (line 35229) | enum bcm_usb_phy_reg {
type bcm_usb_phy_type (line 35235) | enum bcm_usb_phy_type {
type bcm_usb_phy_version (line 35240) | enum bcm_usb_phy_version {
type bcma_hosttype (line 35245) | enum bcma_hosttype {
type bcmasp_stat_type (line 35251) | enum bcmasp_stat_type {
type bd9571mwv_irqs (line 35258) | enum bd9571mwv_irqs {
type bd9571mwv_regulators (line 35269) | enum bd9571mwv_regulators {
type bdc_ep0_state (line 35277) | enum bdc_ep0_state {
type bdc_link_state (line 35286) | enum bdc_link_state {
type bdcr_cmd_class (line 35293) | enum bdcr_cmd_class {
type behavior (line 35309) | enum behavior {
type bfqq_expiration (line 35315) | enum bfqq_expiration {
type bfqq_state_flags (line 35323) | enum bfqq_state_flags {
type bgmac_dma_ring_type (line 35338) | enum bgmac_dma_ring_type {
type bh_state_bits (line 35343) | enum bh_state_bits {
type bhb_mitigation_bits (line 35363) | enum bhb_mitigation_bits {
type bio_merge_status (line 35370) | enum bio_merge_status {
type bio_post_read_step (line 35376) | enum bio_post_read_step {
type bios_platform_class (line 35383) | enum bios_platform_class {
type bip_flags (line 35388) | enum bip_flags {
type bkops_status (line 35399) | enum bkops_status {
type blacklist_hash_type (line 35407) | enum blacklist_hash_type {
type blake2s_iv (line 35412) | enum blake2s_iv {
type blake2s_lengths (line 35423) | enum blake2s_lengths {
type blk_crypto_mode_num (line 35433) | enum blk_crypto_mode_num {
type blk_default_limits (line 35442) | enum blk_default_limits {
type blk_eh_timer_return (line 35449) | enum blk_eh_timer_return {
type blk_integrity_checksum (line 35454) | enum blk_integrity_checksum {
type blk_integrity_flags (line 35461) | enum blk_integrity_flags {
type blk_req_status (line 35469) | enum blk_req_status {
type blk_unique_id (line 35477) | enum blk_unique_id {
type blkg_iostat_type (line 35483) | enum blkg_iostat_type {
type blkg_rwstat_type (line 35490) | enum blkg_rwstat_type {
type blkif_state (line 35500) | enum blkif_state {
type blktrace_act (line 35507) | enum blktrace_act {
type bm_rcr_cmode (line 35528) | enum bm_rcr_cmode {
type bm_rcr_pmode (line 35533) | enum bm_rcr_pmode {
type board_ids (line 35539) | enum board_ids {
type bp_state (line 35564) | enum bp_state {
type bp_type_idx (line 35571) | enum bp_type_idx {
type bpf_access_src (line 35577) | enum bpf_access_src {
type bpf_access_type (line 35582) | enum bpf_access_type {
type bpf_addr_space_cast (line 35587) | enum bpf_addr_space_cast {
type bpf_adj_room_mode (line 35591) | enum bpf_adj_room_mode {
type bpf_arg_type (line 35596) | enum bpf_arg_type {
type bpf_async_type (line 35633) | enum bpf_async_type {
type bpf_attach_type (line 35638) | enum bpf_attach_type {
type bpf_audit (line 35700) | enum bpf_audit {
type bpf_cgroup_iter_order (line 35706) | enum bpf_cgroup_iter_order {
type bpf_cgroup_storage_type (line 35714) | enum bpf_cgroup_storage_type {
type bpf_check_mtu_flags (line 35720) | enum bpf_check_mtu_flags {
type bpf_check_mtu_ret (line 35724) | enum bpf_check_mtu_ret {
type bpf_cmd (line 35730) | enum bpf_cmd {
type bpf_cond_pseudo_jmp (line 35772) | enum bpf_cond_pseudo_jmp {
type bpf_core_relo_kind (line 35776) | enum bpf_core_relo_kind {
type bpf_dynptr_type (line 35792) | enum bpf_dynptr_type {
type bpf_func_id (line 35800) | enum bpf_func_id {
type bpf_hdr_start_off (line 36016) | enum bpf_hdr_start_off {
type bpf_iter_feature (line 36021) | enum bpf_iter_feature {
type bpf_iter_state (line 36025) | enum bpf_iter_state {
type bpf_iter_task_type (line 36031) | enum bpf_iter_task_type {
type bpf_jit_poke_reason (line 36037) | enum bpf_jit_poke_reason {
type bpf_kfunc_flags (line 36041) | enum bpf_kfunc_flags {
type bpf_link_type (line 36045) | enum bpf_link_type {
type bpf_lru_list_type (line 36064) | enum bpf_lru_list_type {
type bpf_map_type (line 36072) | enum bpf_map_type {
type bpf_netdev_command (line 36112) | enum bpf_netdev_command {
type bpf_perf_event_type (line 36120) | enum bpf_perf_event_type {
type bpf_prog_type (line 36130) | enum bpf_prog_type {
type bpf_reg_liveness (line 36167) | enum bpf_reg_liveness {
type bpf_reg_type (line 36176) | enum bpf_reg_type {
type bpf_ret_code (line 36208) | enum bpf_ret_code {
type bpf_return_type (line 36216) | enum bpf_return_type {
type bpf_stack_build_id_status (line 36238) | enum bpf_stack_build_id_status {
type bpf_stack_slot_type (line 36244) | enum bpf_stack_slot_type {
type bpf_stats_type (line 36254) | enum bpf_stats_type {
type bpf_struct_ops_state (line 36258) | enum bpf_struct_ops_state {
type bpf_struct_walk_result (line 36265) | enum bpf_struct_walk_result {
type bpf_task_fd_type (line 36271) | enum bpf_task_fd_type {
type bpf_task_vma_iter_find_op (line 36280) | enum bpf_task_vma_iter_find_op {
type bpf_text_poke_type (line 36286) | enum bpf_text_poke_type {
type bpf_tramp_prog_type (line 36291) | enum bpf_tramp_prog_type {
type bpf_type (line 36299) | enum bpf_type {
type bpf_type_flag (line 36306) | enum bpf_type_flag {
type bpf_xdp_mode (line 36330) | enum bpf_xdp_mode {
type bq27xxx_chip (line 36337) | enum bq27xxx_chip {
type bq27xxx_dm_reg_id (line 36371) | enum bq27xxx_dm_reg_id {
type bq27xxx_reg_index (line 36377) | enum bq27xxx_reg_index {
type brcm_family_type (line 36405) | enum brcm_family_type {
type brcm_sata_phy_rxaeq_mode (line 36420) | enum brcm_sata_phy_rxaeq_mode {
type brcm_sata_phy_version (line 36426) | enum brcm_sata_phy_version {
type brcm_usb_phy_id (line 36436) | enum brcm_usb_phy_id {
type brcmstb_memc_hwtype (line 36442) | enum brcmstb_memc_hwtype {
type brcmusb_reg_sel (line 36448) | enum brcmusb_reg_sel {
type bsc_xfer_cmd (line 36458) | enum bsc_xfer_cmd {
type btf_arg_tag (line 36465) | enum btf_arg_tag {
type btf_field_iter_kind (line 36473) | enum btf_field_iter_kind {
type btf_field_type (line 36478) | enum btf_field_type {
type btf_func_linkage (line 36496) | enum btf_func_linkage {
type btf_kfunc_hook (line 36502) | enum btf_kfunc_hook {
type buf_type (line 36520) | enum buf_type {
type buffer_map_state (line 36526) | enum buffer_map_state {
type bug_trap_type (line 36532) | enum bug_trap_type {
type bus_notifier_event (line 36538) | enum bus_notifier_event {
type bus_speeds (line 36549) | enum bus_speeds {
type cache_indexing (line 36560) | enum cache_indexing {
type cache_type (line 36566) | enum cache_type {
type cache_write_policy (line 36574) | enum cache_write_policy {
type cavium_mdiobus_mode (line 36580) | enum cavium_mdiobus_mode {
type cc_attr (line 36586) | enum cc_attr {
type cd_types (line 36597) | enum cd_types {
type cfi_quirks (line 36604) | enum cfi_quirks {
type cgroup1_param (line 36608) | enum cgroup1_param {
type cgroup2_param (line 36621) | enum cgroup2_param {
type cgroup_bpf_attach_type (line 36631) | enum cgroup_bpf_attach_type {
type cgroup_filetype (line 36666) | enum cgroup_filetype {
type cgroup_opt_features (line 36671) | enum cgroup_opt_features {
type cgroup_subsys_id (line 36675) | enum cgroup_subsys_id {
type cgt_group_id (line 36689) | enum cgt_group_id {
type ch_command (line 36767) | enum ch_command {
type ch_state (line 36774) | enum ch_state {
type chacha_constants (line 36782) | enum chacha_constants {
type chip_id (line 36789) | enum chip_id {
type chips (line 36802) | enum chips {
type ci_hw_regs (line 36809) | enum ci_hw_regs {
type ci_revision (line 36837) | enum ci_revision {
type ci_role (line 36849) | enum ci_role {
type clear_refs_types (line 36855) | enum clear_refs_types {
type clk_gating_state (line 36864) | enum clk_gating_state {
type clk_id (line 36871) | enum clk_id {
type clk_id___2 (line 37188) | enum clk_id___2 {
type clk_ids (line 37202) | enum clk_ids {
type clk_ids___2 (line 37237) | enum clk_ids___2 {
type clk_ids___3 (line 37262) | enum clk_ids___3 {
type clk_ids___4 (line 37305) | enum clk_ids___4 {
type clk_ids___5 (line 37331) | enum clk_ids___5 {
type clk_ids___6 (line 37344) | enum clk_ids___6 {
type clk_ids___7 (line 37377) | enum clk_ids___7 {
type clk_ids___8 (line 37406) | enum clk_ids___8 {
type clk_ids___9 (line 37428) | enum clk_ids___9 {
type clk_ids___10 (line 37451) | enum clk_ids___10 {
type clk_ids___11 (line 37474) | enum clk_ids___11 {
type clk_ids___12 (line 37497) | enum clk_ids___12 {
type clk_ids___13 (line 37526) | enum clk_ids___13 {
type clk_ids___14 (line 37551) | enum clk_ids___14 {
type clk_ids___15 (line 37576) | enum clk_ids___15 {
type clk_ids___16 (line 37600) | enum clk_ids___16 {
type clk_ids___17 (line 37622) | enum clk_ids___17 {
type clk_ids___18 (line 37642) | enum clk_ids___18 {
type clk_ids___19 (line 37663) | enum clk_ids___19 {
type clk_ids___20 (line 37679) | enum clk_ids___20 {
type clk_reg_layout (line 37714) | enum clk_reg_layout {
type clk_sel (line 37720) | enum clk_sel {
type clk_state (line 37733) | enum clk_state {
type clk_type (line 37740) | enum clk_type {
type clk_type_t (line 37745) | enum clk_type_t {
type clk_types (line 37751) | enum clk_types {
type clk_types___2 (line 37758) | enum clk_types___2 {
type clk_types___3 (line 37772) | enum clk_types___3 {
type clock_event_state (line 37781) | enum clock_event_state {
type clocksource_ids (line 37789) | enum clocksource_ids {
type cmd_db_hw_type (line 37800) | enum cmd_db_hw_type {
type cmis_cdb_fw_write_mechanism (line 37810) | enum cmis_cdb_fw_write_mechanism {
type cmu_type_t (line 37817) | enum cmu_type_t {
type compact_priority (line 37822) | enum compact_priority {
type compact_result (line 37832) | enum compact_result {
type compat_regset (line 37844) | enum compat_regset {
type con_flush_mode (line 37849) | enum con_flush_mode {
type con_msg_format_flags (line 37854) | enum con_msg_format_flags {
type con_scroll (line 37859) | enum con_scroll {
type cons_flags (line 37864) | enum cons_flags {
type cpi_algorithm_type (line 37876) | enum cpi_algorithm_type {
type cpio_fields (line 37883) | enum cpio_fields {
type cppc_regs (line 37901) | enum cppc_regs {
type cppi5_tr_event_size (line 37925) | enum cppi5_tr_event_size {
type cppi5_tr_trigger (line 37933) | enum cppi5_tr_trigger {
type cppi5_tr_trigger_type (line 37941) | enum cppi5_tr_trigger_type {
type cppi5_tr_types (line 37949) | enum cppi5_tr_types {
type cpsw_ale_control (line 37964) | enum cpsw_ale_control {
type cpsw_ale_port_state (line 37995) | enum cpsw_ale_port_state {
type cpsw_sl_regs (line 38002) | enum cpsw_sl_regs {
type cpu_idle_type (line 38016) | enum cpu_idle_type {
type cpu_led_event (line 38023) | enum cpu_led_event {
type cpu_mitigations (line 38031) | enum cpu_mitigations {
type cpu_pm_event (line 38037) | enum cpu_pm_event {
type cpu_usage_stat (line 38046) | enum cpu_usage_stat {
type cpuacct_stat_index (line 38060) | enum cpuacct_stat_index {
type cpubiuctrl_regs (line 38066) | enum cpubiuctrl_regs {
type cpufreq_table_sorting (line 38075) | enum cpufreq_table_sorting {
type cpuhp_smt_control (line 38081) | enum cpuhp_smt_control {
type cpuhp_state (line 38089) | enum cpuhp_state {
type cpuhp_sync_state (line 38275) | enum cpuhp_sync_state {
type createmode4 (line 38284) | enum createmode4 {
type criteria (line 38291) | enum criteria {
type crypto_attr_type_t (line 38300) | enum crypto_attr_type_t {
type csr_regs (line 38327) | enum csr_regs {
type csr_target (line 38417) | enum csr_target {
type ct_dccp_states (line 38421) | enum ct_dccp_states {
type cti_port_type (line 38435) | enum cti_port_type {
type ctx_state (line 38446) | enum ctx_state {
type cxl_event_type (line 38455) | enum cxl_event_type {
type d_real_type (line 38462) | enum d_real_type {
type d_walk_ret (line 38467) | enum d_walk_ret {
type dart_type (line 38474) | enum dart_type {
type data_content4 (line 38480) | enum data_content4 {
type dbc_state (line 38485) | enum dbc_state {
type dbg_active_el (line 38494) | enum dbg_active_el {
type dbgfs_get_mode (line 38499) | enum dbgfs_get_mode {
type dccp_state (line 38505) | enum dccp_state {
type dd_data_dir (line 38521) | enum dd_data_dir {
type dd_prio (line 38526) | enum dd_prio {
type debug_counters (line 38533) | enum debug_counters {
type dentry_d_lock_class (line 38551) | enum dentry_d_lock_class {
type depot_counter_id (line 38556) | enum depot_counter_id {
type desc_header_offset (line 38566) | enum desc_header_offset {
type desc_id (line 38571) | enum desc_id {
type desc_idn (line 38576) | enum desc_idn {
type desc_state (line 38590) | enum desc_state {
type desc_state___2 (line 38598) | enum desc_state___2 {
type desc_status (line 38605) | enum desc_status {
type dev_cmd_type (line 38613) | enum dev_cmd_type {
type dev_dma_attr (line 38619) | enum dev_dma_attr {
type dev_pm_opp_event (line 38625) | enum dev_pm_opp_event {
type dev_pm_qos_req_type (line 38633) | enum dev_pm_qos_req_type {
type dev_prop_type (line 38641) | enum dev_prop_type {
type dev_status (line 38650) | enum dev_status {
type dev_type (line 38656) | enum dev_type {
type devcg_behavior (line 38667) | enum devcg_behavior {
type devfreq_parent_dev_type (line 38673) | enum devfreq_parent_dev_type {
type devfreq_timer (line 38678) | enum devfreq_timer {
type device_desc_param (line 38684) | enum device_desc_param {
type device_id (line 38728) | enum device_id {
type device_link_state (line 38733) | enum device_link_state {
type device_physical_location_horizontal_position (line 38742) | enum device_physical_location_horizontal_position {
type device_physical_location_panel (line 38748) | enum device_physical_location_panel {
type device_physical_location_vertical_position (line 38758) | enum device_physical_location_vertical_position {
type device_removable (line 38764) | enum device_removable {
type devkmsg_log_bits (line 38771) | enum devkmsg_log_bits {
type devkmsg_log_masks (line 38777) | enum devkmsg_log_masks {
type devlink_attr (line 38783) | enum devlink_attr {
type devlink_attr_selftest_id (line 38968) | enum devlink_attr_selftest_id {
type devlink_attr_selftest_result (line 38975) | enum devlink_attr_selftest_result {
type devlink_command (line 38984) | enum devlink_command {
type devlink_dpipe_action_type (line 39074) | enum devlink_dpipe_action_type {
type devlink_dpipe_field_ethernet_id (line 39078) | enum devlink_dpipe_field_ethernet_id {
type devlink_dpipe_field_ipv4_id (line 39082) | enum devlink_dpipe_field_ipv4_id {
type devlink_dpipe_field_ipv6_id (line 39086) | enum devlink_dpipe_field_ipv6_id {
type devlink_dpipe_field_mapping_type (line 39090) | enum devlink_dpipe_field_mapping_type {
type devlink_dpipe_header_id (line 39095) | enum devlink_dpipe_header_id {
type devlink_dpipe_match_type (line 39101) | enum devlink_dpipe_match_type {
type devlink_eswitch_encap_mode (line 39105) | enum devlink_eswitch_encap_mode {
type devlink_health_reporter_state (line 39110) | enum devlink_health_reporter_state {
type devlink_info_version_type (line 39115) | enum devlink_info_version_type {
type devlink_linecard_state (line 39120) | enum devlink_linecard_state {
type devlink_multicast_groups (line 39132) | enum devlink_multicast_groups {
type devlink_param_cmode (line 39136) | enum devlink_param_cmode {
type devlink_param_generic_id (line 39144) | enum devlink_param_generic_id {
type devlink_param_type (line 39166) | enum devlink_param_type {
type devlink_port_flavour (line 39174) | enum devlink_port_flavour {
type devlink_port_fn_attr_cap (line 39185) | enum devlink_port_fn_attr_cap {
type devlink_port_fn_opstate (line 39193) | enum devlink_port_fn_opstate {
type devlink_port_fn_state (line 39198) | enum devlink_port_fn_state {
type devlink_port_function_attr (line 39203) | enum devlink_port_function_attr {
type devlink_port_type (line 39215) | enum devlink_port_type {
type devlink_rate_type (line 39222) | enum devlink_rate_type {
type devlink_reload_action (line 39227) | enum devlink_reload_action {
type devlink_reload_limit (line 39235) | enum devlink_reload_limit {
type devlink_resource_unit (line 39242) | enum devlink_resource_unit {
type devlink_sb_pool_type (line 39246) | enum devlink_sb_pool_type {
type devlink_sb_threshold_type (line 39251) | enum devlink_sb_threshold_type {
type devlink_selftest_status (line 39256) | enum devlink_selftest_status {
type devlink_trap_action (line 39262) | enum devlink_trap_action {
type devlink_trap_generic_id (line 39268) | enum devlink_trap_generic_id {
type devlink_trap_group_generic_id (line 39367) | enum devlink_trap_group_generic_id {
type devlink_trap_type (line 39399) | enum devlink_trap_type {
type devm_ioremap_type (line 39405) | enum devm_ioremap_type {
type dew_regs (line 39412) | enum dew_regs {
type dfll_ctrl_mode (line 39472) | enum dfll_ctrl_mode {
type dfll_tune_range (line 39479) | enum dfll_tune_range {
type die_val (line 39484) | enum die_val {
type dim_cq_period_mode (line 39489) | enum dim_cq_period_mode {
type dim_state (line 39495) | enum dim_state {
type dim_stats_state (line 39501) | enum dim_stats_state {
type dim_step_result (line 39507) | enum dim_step_result {
type dim_tune_state (line 39513) | enum dim_tune_state {
type discover_event (line 39520) | enum discover_event {
type display_flags (line 39528) | enum display_flags {
type dl_bw_request (line 39544) | enum dl_bw_request {
type dl_dev_state (line 39550) | enum dl_dev_state {
type dll_reset_type (line 39557) | enum dll_reset_type {
type dma_channel_status (line 39563) | enum dma_channel_status {
type dma_ctrl_flags (line 39571) | enum dma_ctrl_flags {
type dma_data_direction (line 39584) | enum dma_data_direction {
type dma_desc_metadata_mode (line 39591) | enum dma_desc_metadata_mode {
type dma_fence_flag_bits (line 39597) | enum dma_fence_flag_bits {
type dma_residue_granularity (line 39604) | enum dma_residue_granularity {
type dma_resv_usage (line 39610) | enum dma_resv_usage {
type dma_rx_status (line 39617) | enum dma_rx_status {
type dma_slave_buswidth (line 39623) | enum dma_slave_buswidth {
type dma_status (line 39636) | enum dma_status {
type dma_transaction_type (line 39644) | enum dma_transaction_type {
type dma_transfer_direction (line 39664) | enum dma_transfer_direction {
type dmaengine_alignment (line 39672) | enum dmaengine_alignment {
type dmaengine_tx_result (line 39684) | enum dmaengine_tx_result {
type dmamov_dst (line 39691) | enum dmamov_dst {
type dmi_device_type (line 39697) | enum dmi_device_type {
type dmi_entry_type (line 39715) | enum dmi_entry_type {
type dmi_field (line 39762) | enum dmi_field {
type dns_lookup_status (line 39790) | enum dns_lookup_status {
type dns_payload_content_type (line 39802) | enum dns_payload_content_type {
type dpaa2_eth_fq_type (line 39806) | enum dpaa2_eth_fq_type {
type dpaa2_eth_rx_dist (line 39812) | enum dpaa2_eth_rx_dist {
type dpaa2_eth_swa_type (line 39817) | enum dpaa2_eth_swa_type {
type dpaa2_fd_format (line 39825) | enum dpaa2_fd_format {
type dpaa_fq_type (line 39831) | enum dpaa_fq_type {
type dpfe_commands (line 39841) | enum dpfe_commands {
type dpfe_msg_fields (line 39848) | enum dpfe_msg_fields {
type dpio_channel_mode (line 39856) | enum dpio_channel_mode {
type dpkg_extract_from_hdr_type (line 39861) | enum dpkg_extract_from_hdr_type {
type dpkg_extract_type (line 39867) | enum dpkg_extract_type {
type dpm_order (line 39873) | enum dpm_order {
type dpmac_counter_id (line 39880) | enum dpmac_counter_id {
type dpmac_eth_if (line 39911) | enum dpmac_eth_if {
type dpmac_link_type (line 39926) | enum dpmac_link_type {
type dpni_congestion_point (line 39933) | enum dpni_congestion_point {
type dpni_congestion_unit (line 39938) | enum dpni_congestion_unit {
type dpni_dest (line 39943) | enum dpni_dest {
type dpni_dist_mode (line 39949) | enum dpni_dist_mode {
type dpni_error_action (line 39955) | enum dpni_error_action {
type dpni_fs_miss_action (line 39961) | enum dpni_fs_miss_action {
type dpni_offload (line 39967) | enum dpni_offload {
type dpni_queue_type (line 39974) | enum dpni_queue_type {
type dprc_region_type (line 39981) | enum dprc_region_type {
type drbg_prefixes (line 39987) | enum drbg_prefixes {
type drbg_seed_state (line 39994) | enum drbg_seed_state {
type drm_panel_orientation (line 40000) | enum drm_panel_orientation {
type drvtype (line 40008) | enum drvtype {
type dsa_db_type (line 40013) | enum dsa_db_type {
type dsa_tag_protocol (line 40019) | enum dsa_tag_protocol {
type dsaf_mode (line 40051) | enum dsaf_mode {
type dsaf_port_rate_mode (line 40072) | enum dsaf_port_rate_mode {
type dsaf_stp_port_type (line 40078) | enum dsaf_stp_port_type {
type dsaf_sw_port_type (line 40086) | enum dsaf_sw_port_type {
type dspi_trans_mode (line 40092) | enum dspi_trans_mode {
type dw_edma_chip_flags (line 40097) | enum dw_edma_chip_flags {
type dw_edma_map_format (line 40101) | enum dw_edma_map_format {
type dw_mci_cookie (line 40108) | enum dw_mci_cookie {
type dw_mci_exynos_type (line 40114) | enum dw_mci_exynos_type {
type dw_mci_state (line 40125) | enum dw_mci_state {
type dw_pcie_app_clk (line 40136) | enum dw_pcie_app_clk {
type dw_pcie_app_rst (line 40143) | enum dw_pcie_app_rst {
type dw_pcie_core_clk (line 40150) | enum dw_pcie_core_clk {
type dw_pcie_core_rst (line 40158) | enum dw_pcie_core_rst {
type dw_pcie_device_mode (line 40169) | enum dw_pcie_device_mode {
type dw_pcie_ltssm (line 40176) | enum dw_pcie_ltssm {
type dw_wdt_rmod (line 40185) | enum dw_wdt_rmod {
type dwc2_control_phase (line 40190) | enum dwc2_control_phase {
type dwc2_ep0_state (line 40196) | enum dwc2_ep0_state {
type dwc2_halt_status (line 40204) | enum dwc2_halt_status {
type dwc2_hsotg_dmamode (line 40221) | enum dwc2_hsotg_dmamode {
type dwc2_lx_state (line 40227) | enum dwc2_lx_state {
type dwc2_transaction_type (line 40234) | enum dwc2_transaction_type {
type dwc3_ep0_next (line 40241) | enum dwc3_ep0_next {
type dwc3_ep0_state (line 40248) | enum dwc3_ep0_state {
type dwc3_link_state (line 40255) | enum dwc3_link_state {
type dwcmshc_rk_type (line 40273) | enum dwcmshc_rk_type {
type dynevent_type (line 40278) | enum dynevent_type {
type e1000_1000t_rx_status (line 40284) | enum e1000_1000t_rx_status {
type e1000_boards (line 40290) | enum e1000_boards {
type e1000_bus_speed (line 40310) | enum e1000_bus_speed {
type e1000_bus_type (line 40322) | enum e1000_bus_type {
type e1000_bus_width (line 40330) | enum e1000_bus_width {
type e1000_fc_mode (line 40341) | enum e1000_fc_mode {
type e1000_mac_type (line 40349) | enum e1000_mac_type {
type e1000_mac_type___2 (line 40356) | enum e1000_mac_type___2 {
type e1000_mac_type___3 (line 40379) | enum e1000_mac_type___3 {
type e1000_media_type (line 40391) | enum e1000_media_type {
type e1000_mng_mode (line 40399) | enum e1000_mng_mode {
type e1000_ms_type (line 40407) | enum e1000_ms_type {
type e1000_nvm_override (line 40414) | enum e1000_nvm_override {
type e1000_nvm_type (line 40420) | enum e1000_nvm_type {
type e1000_nvm_type___2 (line 40429) | enum e1000_nvm_type___2 {
type e1000_phy_type (line 40437) | enum e1000_phy_type {
type e1000_phy_type___2 (line 40453) | enum e1000_phy_type___2 {
type e1000_rev_polarity (line 40467) | enum e1000_rev_polarity {
type e1000_ring_flags_t (line 40473) | enum e1000_ring_flags_t {
type e1000_serdes_link_state (line 40483) | enum e1000_serdes_link_state {
type e1000_smart_speed (line 40490) | enum e1000_smart_speed {
type e1000_state_t (line 40496) | enum e1000_state_t {
type e1000_state_t___2 (line 40503) | enum e1000_state_t___2 {
type e1000_state_t___3 (line 40510) | enum e1000_state_t___3 {
type e1000_ulp_state (line 40517) | enum e1000_ulp_state {
type ec_charge_control_cmd (line 40523) | enum ec_charge_control_cmd {
type ec_charge_control_mode (line 40528) | enum ec_charge_control_mode {
type ec_comms_status (line 40535) | enum ec_comms_status {
type ec_console_read_subcmd (line 40539) | enum ec_console_read_subcmd {
type ec_feature_code (line 40544) | enum ec_feature_code {
type ec_led_colors (line 40601) | enum ec_led_colors {
type ec_mkbp_event (line 40611) | enum ec_mkbp_event {
type ec_mkbp_info_type (line 40626) | enum ec_mkbp_info_type {
type ec_reboot_cmd (line 40632) | enum ec_reboot_cmd {
type ec_status (line 40643) | enum ec_status {
type ec_temp_thresholds (line 40667) | enum ec_temp_thresholds {
type ec_vbnvcontext_op (line 40674) | enum ec_vbnvcontext_op {
type edac_mc_layer_type (line 40679) | enum edac_mc_layer_type {
type edac_type (line 40687) | enum edac_type {
type efi_cmdline_option (line 40700) | enum efi_cmdline_option {
type efi_rts_ids (line 40708) | enum efi_rts_ids {
type efi_secureboot_mode (line 40725) | enum efi_secureboot_mode {
type efistub_event_type (line 40732) | enum efistub_event_type {
type ehci_hrtimer_event (line 40738) | enum ehci_hrtimer_event {
type ehci_rh_state (line 40754) | enum ehci_rh_state {
type eint_type (line 40761) | enum eint_type {
type elv_merge (line 40768) | enum elv_merge {
type enable_type (line 40775) | enum enable_type {
type enetc_active_offloads (line 40783) | enum enetc_active_offloads {
type enetc_bdr_type (line 40794) | enum enetc_bdr_type {
type enetc_errata (line 40799) | enum enetc_errata {
type enetc_flags_bit (line 40804) | enum enetc_flags_bit {
type enetc_ic_mode (line 40809) | enum enetc_ic_mode {
type enetc_mac_addr_type (line 40816) | enum enetc_mac_addr_type {
type enetc_msg_cmd_action_type (line 40822) | enum enetc_msg_cmd_action_type {
type enetc_msg_cmd_status (line 40827) | enum enetc_msg_cmd_status {
type enetc_msg_cmd_type (line 40832) | enum enetc_msg_cmd_type {
type enetc_txbd_flags (line 40838) | enum enetc_txbd_flags {
type enetc_vf_flags (line 40849) | enum enetc_vf_flags {
type enum_gate_cfg (line 40853) | enum enum_gate_cfg {
type enum_mux_cfg (line 40975) | enum enum_mux_cfg {
type err_code (line 40990) | enum err_code {
type error_detector (line 40995) | enum error_detector {
type ether_type_algorithm (line 41001) | enum ether_type_algorithm {
type ethnl_sock_type (line 41009) | enum ethnl_sock_type {
type ethtool_c33_pse_admin_state (line 41013) | enum ethtool_c33_pse_admin_state {
type ethtool_c33_pse_ext_state (line 41019) | enum ethtool_c33_pse_ext_state {
type ethtool_c33_pse_ext_substate_error_condition (line 41031) | enum ethtool_c33_pse_ext_substate_error_condition {
type ethtool_c33_pse_ext_substate_mr_pse_enable (line 41043) | enum ethtool_c33_pse_ext_substate_mr_pse_enable {
type ethtool_c33_pse_ext_substate_option_detect_ted (line 41047) | enum ethtool_c33_pse_ext_substate_option_detect_ted {
type ethtool_c33_pse_ext_substate_option_vport_lim (line 41052) | enum ethtool_c33_pse_ext_substate_option_vport_lim {
type ethtool_c33_pse_ext_substate_ovld_detected (line 41058) | enum ethtool_c33_pse_ext_substate_ovld_detected {
type ethtool_c33_pse_ext_substate_power_not_available (line 41062) | enum ethtool_c33_pse_ext_substate_power_not_available {
type ethtool_c33_pse_ext_substate_short_detected (line 41069) | enum ethtool_c33_pse_ext_substate_short_detected {
type ethtool_c33_pse_pw_d_status (line 41073) | enum ethtool_c33_pse_pw_d_status {
type ethtool_cmis_cdb_cmd_id (line 41083) | enum ethtool_cmis_cdb_cmd_id {
type ethtool_fec_config_bits (line 41095) | enum ethtool_fec_config_bits {
type ethtool_flags (line 41104) | enum ethtool_flags {
type ethtool_header_flags (line 41112) | enum ethtool_header_flags {
type ethtool_link_ext_state (line 41118) | enum ethtool_link_ext_state {
type ethtool_link_ext_substate_autoneg (line 41132) | enum ethtool_link_ext_substate_autoneg {
type ethtool_link_ext_substate_bad_signal_integrity (line 41141) | enum ethtool_link_ext_substate_bad_signal_integrity {
type ethtool_link_ext_substate_cable_issue (line 41148) | enum ethtool_link_ext_substate_cable_issue {
type ethtool_link_ext_substate_link_logical_mismatch (line 41153) | enum ethtool_link_ext_substate_link_logical_mismatch {
type ethtool_link_ext_substate_link_training (line 41161) | enum ethtool_link_ext_substate_link_training {
type ethtool_link_ext_substate_module (line 41168) | enum ethtool_link_ext_substate_module {
type ethtool_link_mode_bit_indices (line 41172) | enum ethtool_link_mode_bit_indices {
type ethtool_mac_stats_src (line 41279) | enum ethtool_mac_stats_src {
type ethtool_mm_verify_status (line 41285) | enum ethtool_mm_verify_status {
type ethtool_module_fw_flash_status (line 41294) | enum ethtool_module_fw_flash_status {
type ethtool_module_power_mode (line 41301) | enum ethtool_module_power_mode {
type ethtool_module_power_mode_policy (line 41306) | enum ethtool_module_power_mode_policy {
type ethtool_multicast_groups (line 41311) | enum ethtool_multicast_groups {
type ethtool_phys_id_state (line 41315) | enum ethtool_phys_id_state {
type ethtool_podl_pse_admin_state (line 41322) | enum ethtool_podl_pse_admin_state {
type ethtool_podl_pse_pw_d_status (line 41328) | enum ethtool_podl_pse_pw_d_status {
type ethtool_reset_flags (line 41338) | enum ethtool_reset_flags {
type ethtool_sfeatures_retval_bits (line 41352) | enum ethtool_sfeatures_retval_bits {
type ethtool_stringset (line 41358) | enum ethtool_stringset {
type ethtool_supported_ring_param (line 41385) | enum ethtool_supported_ring_param {
type ethtool_tcp_data_split (line 41395) | enum ethtool_tcp_data_split {
type ethtool_test_flags (line 41401) | enum ethtool_test_flags {
type event_command_flags (line 41408) | enum event_command_flags {
type event_trigger_type (line 41413) | enum event_trigger_type {
type event_type_t (line 41424) | enum event_type_t {
type ex_phy_state (line 41435) | enum ex_phy_state {
type exact_level (line 41442) | enum exact_level {
type exception_type (line 41448) | enum exception_type {
type exec_status (line 41455) | enum exec_status {
type execmem_range_flags (line 41475) | enum execmem_range_flags {
type execmem_type (line 41480) | enum execmem_type {
type ext4_journal_trigger_type (line 41490) | enum ext4_journal_trigger_type {
type ext4_li_mode (line 41495) | enum ext4_li_mode {
type exynos5_usbdrd_phy_id (line 41500) | enum exynos5_usbdrd_phy_id {
type exynos5_usbdrd_phy_tuning_state (line 41506) | enum exynos5_usbdrd_phy_tuning_state {
type exynos_cpuclk_layout (line 41515) | enum exynos_cpuclk_layout {
type exynos_mipi_phy_id (line 41522) | enum exynos_mipi_phy_id {
type exynos_mipi_phy_regmap_id (line 41532) | enum exynos_mipi_phy_regmap_id {
type exynos_usi_ver (line 41540) | enum exynos_usi_ver {
type fail_dup_mod_reason (line 41544) | enum fail_dup_mod_reason {
type fan53555_vendor (line 41549) | enum fan53555_vendor {
type fanotify_event_type (line 41558) | enum fanotify_event_type {
type fault_flag (line 41568) | enum fault_flag {
type fbq_type (line 41584) | enum fbq_type {
type fec_txbuf_type (line 41590) | enum fec_txbuf_type {
type fetch_op (line 41596) | enum fetch_op {
type fg_filter_id (line 41624) | enum fg_filter_id {
type fgt_group_id (line 41630) | enum fgt_group_id {
type fh_pll_id (line 41640) | enum fh_pll_id {
type fh_pll_id___2 (line 41655) | enum fh_pll_id___2 {
type fh_pll_id___3 (line 41668) | enum fh_pll_id___3 {
type fh_pll_id___4 (line 41687) | enum fh_pll_id___4 {
type fh_pll_id___5 (line 41706) | enum fh_pll_id___5 {
type fhctl_variant (line 41723) | enum fhctl_variant {
type fib_event_type (line 41728) | enum fib_event_type {
type fid_type (line 41741) | enum fid_type {
type fifo_dump_mode_v3_hw (line 41763) | enum fifo_dump_mode_v3_hw {
type fifo_trigger_mode_v3_hw (line 41769) | enum fifo_trigger_mode_v3_hw {
type file_time_flags (line 41775) | enum file_time_flags {
type filter_op_ids (line 41782) | enum filter_op_ids {
type filter_pred_fn (line 41794) | enum filter_pred_fn {
type fiq_hwirq (line 41827) | enum fiq_hwirq {
type fit_type (line 41838) | enum fit_type {
type fixed_addresses (line 41846) | enum fixed_addresses {
type flag_idn (line 41869) | enum flag_idn {
type flow_action_hw_stats (line 41888) | enum flow_action_hw_stats {
type flow_action_hw_stats_bit (line 41896) | enum flow_action_hw_stats_bit {
type flow_action_id (line 41903) | enum flow_action_id {
type flow_action_mangle_base (line 41943) | enum flow_action_mangle_base {
type flow_block_binder_type (line 41952) | enum flow_block_binder_type {
type flow_block_command (line 41960) | enum flow_block_command {
type flow_cls_command (line 41965) | enum flow_cls_command {
type flow_control (line 41973) | enum flow_control {
type flow_dissect_ret (line 41980) | enum flow_dissect_ret {
type flow_dissector_ctrl_flags (line 41988) | enum flow_dissector_ctrl_flags {
type flow_dissector_key_id (line 41998) | enum flow_dissector_key_id {
type fman_dma_aid_mode (line 42035) | enum fman_dma_aid_mode {
type fman_event_modules (line 42040) | enum fman_event_modules {
type fman_exceptions (line 42046) | enum fman_exceptions {
type fman_inter_module_event (line 42066) | enum fman_inter_module_event {
type fman_intr_type (line 42094) | enum fman_intr_type {
type fman_mac_exceptions (line 42099) | enum fman_mac_exceptions {
type fman_port_color (line 42138) | enum fman_port_color {
type fman_port_deq_prefetch (line 42145) | enum fman_port_deq_prefetch {
type fman_port_deq_type (line 42151) | enum fman_port_deq_type {
type fman_port_dma_swap (line 42157) | enum fman_port_dma_swap {
type fman_port_type (line 42163) | enum fman_port_type {
type folio_references (line 42168) | enum folio_references {
type folio_walk_level (line 42175) | enum folio_walk_level {
type format_state (line 42181) | enum format_state {
type forward_type (line 42193) | enum forward_type {
type fp_type (line 42199) | enum fp_type {
type fpga_mgr_states (line 42205) | enum fpga_mgr_states {
type freeze_holder (line 42223) | enum freeze_holder {
type freezer_state_flags (line 42229) | enum freezer_state_flags {
type freq_policy (line 42237) | enum freq_policy {
type freq_qos_req_type (line 42242) | enum freq_qos_req_type {
type fs_context_phase (line 42247) | enum fs_context_phase {
type fs_context_purpose (line 42257) | enum fs_context_purpose {
type fs_value_type (line 42263) | enum fs_value_type {
type fscache_cache_state (line 42272) | enum fscache_cache_state {
type fscache_cookie_state (line 42280) | enum fscache_cookie_state {
type fscache_want_state (line 42293) | enum fscache_want_state {
type fsconfig_command (line 42299) | enum fsconfig_command {
type fsl_edma_pm_state (line 42311) | enum fsl_edma_pm_state {
type fsl_mc_pool_type (line 42316) | enum fsl_mc_pool_type {
type fsnotify_data_type (line 42324) | enum fsnotify_data_type {
type fsnotify_group_prio (line 42333) | enum fsnotify_group_prio {
type fsnotify_iter_type (line 42340) | enum fsnotify_iter_type {
type fsnotify_obj_type (line 42349) | enum fsnotify_obj_type {
type ftr_type (line 42358) | enum ftr_type {
type ftrace_dump_mode (line 42365) | enum ftrace_dump_mode {
type futex_access (line 42372) | enum futex_access {
type fw_opt (line 42377) | enum fw_opt {
type fw_resource_type (line 42388) | enum fw_resource_type {
type fw_status (line 42398) | enum fw_status {
type fwh_lock_state (line 42405) | enum fwh_lock_state {
type gdsc_status (line 42412) | enum gdsc_status {
type geni_icc_path_index (line 42417) | enum geni_icc_path_index {
type geni_se_protocol_type (line 42423) | enum geni_se_protocol_type {
type geni_se_xfer_mode (line 42432) | enum geni_se_xfer_mode {
type genl_validate_flags (line 42439) | enum genl_validate_flags {
type genpd_notication (line 42445) | enum genpd_notication {
type geometry_desc_param (line 42452) | enum geometry_desc_param {
type gic_intid_range (line 42496) | enum gic_intid_range {
type gic_type (line 42506) | enum gic_type {
type gio_reg_index (line 42511) | enum gio_reg_index {
type gpd_status (line 42523) | enum gpd_status {
type gpio_lookup_flags (line 42528) | enum gpio_lookup_flags {
type gpio_v2_line_attr_id (line 42541) | enum gpio_v2_line_attr_id {
type gpio_v2_line_changed_type (line 42547) | enum gpio_v2_line_changed_type {
type gpio_v2_line_event_id (line 42553) | enum gpio_v2_line_event_id {
type gpio_v2_line_flag (line 42558) | enum gpio_v2_line_flag {
type gpiod_flags (line 42574) | enum gpiod_flags {
type gro_result (line 42583) | enum gro_result {
type gro_result_t (line 42591) | typedef enum gro_result gro_result_t;
type group_type (line 42593) | enum group_type {
type hal_dsaf_mode (line 42603) | enum hal_dsaf_mode {
type hal_dsaf_tc_mode (line 42608) | enum hal_dsaf_tc_mode {
type handle_to_path_flags (line 42613) | enum handle_to_path_flags {
type handshake_auth (line 42618) | enum handshake_auth {
type handshake_handler_class (line 42625) | enum handshake_handler_class {
type handshake_msg_type (line 42631) | enum handshake_msg_type {
type hash_algo (line 42637) | enum hash_algo {
type hclge_comm_cmd_return_status (line 42664) | enum hclge_comm_cmd_return_status {
type hclge_comm_cmd_state (line 42679) | enum hclge_comm_cmd_state {
type hclge_comm_cmd_status (line 42683) | enum hclge_comm_cmd_status {
type hclge_err_type_list (line 42690) | enum hclge_err_type_list {
type hclge_evt_cause (line 42711) | enum hclge_evt_cause {
type hclge_fc_mode (line 42719) | enum hclge_fc_mode {
type hclge_hilink_version (line 42728) | enum hclge_hilink_version {
type hclge_led_status (line 42733) | enum hclge_led_status {
type hclge_link_fail_code (line 42739) | enum hclge_link_fail_code {
type hclge_mac_vlan_add_resp_code (line 42746) | enum hclge_mac_vlan_add_resp_code {
type hclge_mac_vlan_cfg_sel (line 42751) | enum hclge_mac_vlan_cfg_sel {
type hclge_mac_vlan_tbl_opcode (line 42756) | enum hclge_mac_vlan_tbl_opcode {
type hclge_mbx_mac_vlan_subcode (line 42763) | enum hclge_mbx_mac_vlan_subcode {
type hclge_mbx_tbl_cfg_subcode (line 42772) | enum hclge_mbx_tbl_cfg_subcode {
type hclge_mbx_vlan_cfg_subcode (line 42776) | enum hclge_mbx_vlan_cfg_subcode {
type hclge_mdio_c22_op_seq (line 42785) | enum hclge_mdio_c22_op_seq {
type hclge_mod_name_list (line 42790) | enum hclge_mod_name_list {
type hclge_opcode_type (line 42819) | enum hclge_opcode_type {
type hclge_ptp_msg0_type (line 43014) | enum hclge_ptp_msg0_type {
type hclge_ptp_msg_type (line 43021) | enum hclge_ptp_msg_type {
type hclge_ptp_udp_type (line 43027) | enum hclge_ptp_udp_type {
type hclge_reg_tag (line 43034) | enum hclge_reg_tag {
type hclge_shap_bucket (line 43056) | enum hclge_shap_bucket {
type hclge_shaper_level (line 43061) | enum hclge_shaper_level {
type hclge_vlan_fltr_cap (line 43071) | enum hclge_vlan_fltr_cap {
type hctx_type (line 43076) | enum hctx_type {
type hdmi_3d_structure (line 43083) | enum hdmi_3d_structure {
type hdmi_active_aspect (line 43095) | enum hdmi_active_aspect {
type hdmi_audio_coding_type (line 43108) | enum hdmi_audio_coding_type {
type hdmi_audio_coding_type_ext (line 43127) | enum hdmi_audio_coding_type_ext {
type hdmi_audio_sample_frequency (line 43140) | enum hdmi_audio_sample_frequency {
type hdmi_audio_sample_size (line 43151) | enum hdmi_audio_sample_size {
type hdmi_colorimetry (line 43158) | enum hdmi_colorimetry {
type hdmi_colorspace (line 43165) | enum hdmi_colorspace {
type hdmi_content_type (line 43176) | enum hdmi_content_type {
type hdmi_eotf (line 43183) | enum hdmi_eotf {
type hdmi_extended_colorimetry (line 43190) | enum hdmi_extended_colorimetry {
type hdmi_infoframe_type (line 43201) | enum hdmi_infoframe_type {
type hdmi_metadata_type (line 43209) | enum hdmi_metadata_type {
type hdmi_nups (line 43213) | enum hdmi_nups {
type hdmi_picture_aspect (line 43220) | enum hdmi_picture_aspect {
type hdmi_quantization_range (line 43229) | enum hdmi_quantization_range {
type hdmi_scan_mode (line 43236) | enum hdmi_scan_mode {
type hdmi_spd_sdi (line 43243) | enum hdmi_spd_sdi {
type hdmi_ycc_quantization_range (line 43260) | enum hdmi_ycc_quantization_range {
type health_desc_param (line 43265) | enum health_desc_param {
type hest_status (line 43273) | enum hest_status {
type hi6220_reset_ctrl_type (line 43279) | enum hi6220_reset_ctrl_type {
type hi6421_type (line 43285) | enum hi6421_type {
type hi6421v530_regulator_id (line 43290) | enum hi6421v530_regulator_id {
type hi655x_regulator_id (line 43298) | enum hi655x_regulator_id {
type hid_class_request (line 43324) | enum hid_class_request {
type hid_report_type (line 43333) | enum hid_report_type {
type hid_type (line 43340) | enum hid_type {
type hidma_cap (line 43346) | enum hidma_cap {
type hisi_sas_debugfs_bist_ffe_cfg (line 43351) | enum hisi_sas_debugfs_bist_ffe_cfg {
type hisi_sas_debugfs_bist_fixed_code (line 43363) | enum hisi_sas_debugfs_bist_fixed_code {
type hisi_sas_debugfs_cache_type (line 43369) | enum hisi_sas_debugfs_cache_type {
type hisi_sas_debugfs_reg_array_member (line 43374) | enum hisi_sas_debugfs_reg_array_member {
type hisi_sas_dev_type (line 43381) | enum hisi_sas_dev_type {
type hisi_sas_phy_event (line 43387) | enum hisi_sas_phy_event {
type hk_flags (line 43394) | enum hk_flags {
type hk_type (line 43400) | enum hk_type {
type hn_flags_bits (line 43413) | enum hn_flags_bits {
type hnae3_client_type (line 43417) | enum hnae3_client_type {
type hnae3_dbg_cmd (line 43422) | enum hnae3_dbg_cmd {
type hnae3_fec_mode (line 43471) | enum hnae3_fec_mode {
type hnae3_hw_error_type (line 43480) | enum hnae3_hw_error_type {
type hnae3_loop (line 43487) | enum hnae3_loop {
type hnae3_media_type (line 43496) | enum hnae3_media_type {
type hnae3_module_type (line 43504) | enum hnae3_module_type {
type hnae3_pflag (line 43514) | enum hnae3_pflag {
type hnae3_port_base_vlan_state (line 43519) | enum hnae3_port_base_vlan_state {
type hnae3_reset_notify_type (line 43526) | enum hnae3_reset_notify_type {
type hnae3_reset_type (line 43533) | enum hnae3_reset_type {
type hnae3_tc_map_mode (line 43547) | enum hnae3_tc_map_mode {
type hnae_led_state (line 43552) | enum hnae_led_state {
type hnae_loop (line 43559) | enum hnae_loop {
type hnae_media_type (line 43567) | enum hnae_media_type {
type hnae_port_type (line 43574) | enum hnae_port_type {
type hns3_dbg_dentry_type (line 43579) | enum hns3_dbg_dentry_type {
type hns3_desc_type (line 43590) | enum hns3_desc_type {
type hns3_flow_level_range (line 43601) | enum hns3_flow_level_range {
type hns3_nic_state (line 43608) | enum hns3_nic_state {
type hns3_pkt_l2t_type (line 43624) | enum hns3_pkt_l2t_type {
type hns3_pkt_l3t_type (line 43631) | enum hns3_pkt_l3t_type {
type hns3_pkt_l3type (line 43638) | enum hns3_pkt_l3type {
type hns3_pkt_l4t_type (line 43653) | enum hns3_pkt_l4t_type {
type hns3_pkt_l4type (line 43660) | enum hns3_pkt_l4type {
type hns3_pkt_ol3t_type (line 43670) | enum hns3_pkt_ol3t_type {
type hns3_pkt_ol4type (line 43677) | enum hns3_pkt_ol4type {
type hns3_pkt_tun_type (line 43684) | enum hns3_pkt_tun_type {
type hns_desc_type (line 43691) | enum hns_desc_type {
type hns_gmac_duplex_mdoe (line 43696) | enum hns_gmac_duplex_mdoe {
type hns_nic_state (line 43701) | enum hns_nic_state {
type hns_port_mode (line 43714) | enum hns_port_mode {
type host_event_code (line 43727) | enum host_event_code {
type host_sleep_event (line 43762) | enum host_sleep_event {
type hp_flags_bits (line 43770) | enum hp_flags_bits {
type hprobe_state (line 43774) | enum hprobe_state {
type hpx_type3_cfg_loc (line 43781) | enum hpx_type3_cfg_loc {
type hpx_type3_dev_type (line 43790) | enum hpx_type3_dev_type {
type hpx_type3_fn_type (line 43802) | enum hpx_type3_fn_type {
type hr_flags_bits (line 43808) | enum hr_flags_bits {
type hrtimer_base_type (line 43813) | enum hrtimer_base_type {
type hrtimer_mode (line 43825) | enum hrtimer_mode {
type hrtimer_restart (line 43843) | enum hrtimer_restart {
type hsm_task_states (line 43848) | enum hsm_task_states {
type hte_edge (line 43856) | enum hte_edge {
type hte_return (line 43862) | enum hte_return {
type hub_activation_type (line 43867) | enum hub_activation_type {
type hub_led_mode (line 43876) | enum hub_led_mode {
type hub_quiescing_type (line 43887) | enum hub_quiescing_type {
type hugetlb_memory_event (line 43893) | enum hugetlb_memory_event {
type hugetlb_page_flags (line 43898) | enum hugetlb_page_flags {
type hugetlb_param (line 43908) | enum hugetlb_param {
type hugetlbfs_size_type (line 43918) | enum hugetlbfs_size_type {
type hw_breakpoint_ops (line 43924) | enum hw_breakpoint_ops {
type hw_event_mc_err_type (line 43930) | enum hw_event_mc_err_type {
type hwmon_chip_attributes (line 43938) | enum hwmon_chip_attributes {
type hwmon_curr_attributes (line 43955) | enum hwmon_curr_attributes {
type hwmon_energy_attributes (line 43977) | enum hwmon_energy_attributes {
type hwmon_fan_attributes (line 43983) | enum hwmon_fan_attributes {
type hwmon_humidity_attributes (line 43999) | enum hwmon_humidity_attributes {
type hwmon_in_attributes (line 44015) | enum hwmon_in_attributes {
type hwmon_intrusion_attributes (line 44038) | enum hwmon_intrusion_attributes {
type hwmon_power_attributes (line 44043) | enum hwmon_power_attributes {
type hwmon_pwm_attributes (line 44077) | enum hwmon_pwm_attributes {
type hwmon_sensor_types (line 44085) | enum hwmon_sensor_types {
type hwmon_temp_attributes (line 44099) | enum hwmon_temp_attributes {
type hwparam_type (line 44130) | enum hwparam_type {
type hwtstamp_flags (line 44140) | enum hwtstamp_flags {
type hwtstamp_provider_qualifier (line 44146) | enum hwtstamp_provider_qualifier {
type hwtstamp_rx_filters (line 44152) | enum hwtstamp_rx_filters {
type hwtstamp_source (line 44172) | enum hwtstamp_source {
type hwtstamp_tx_types (line 44178) | enum hwtstamp_tx_types {
type i2c_alert_protocol (line 44186) | enum i2c_alert_protocol {
type i2c_chip_type (line 44191) | enum i2c_chip_type {
type i2c_driver_flags (line 44197) | enum i2c_driver_flags {
type i2c_mt65xx_clks (line 44201) | enum i2c_mt65xx_clks {
type i2c_slave_event (line 44209) | enum i2c_slave_event {
type i2c_slave_read_status (line 44217) | enum i2c_slave_read_status {
type i2c_type_exynos (line 44224) | enum i2c_type_exynos {
type ib_atomic_cap (line 44231) | enum ib_atomic_cap {
type ib_cq_notify_flags (line 44237) | enum ib_cq_notify_flags {
type ib_event_type (line 44244) | enum ib_event_type {
type ib_flow_action_type (line 44267) | enum ib_flow_action_type {
type ib_flow_attr_type (line 44272) | enum ib_flow_attr_type {
type ib_flow_spec_type (line 44279) | enum ib_flow_spec_type {
type ib_gid_type (line 44297) | enum ib_gid_type {
type ib_mig_state (line 44304) | enum ib_mig_state {
type ib_mr_type (line 44310) | enum ib_mr_type {
type ib_mtu (line 44319) | enum ib_mtu {
type ib_mw_type (line 44327) | enum ib_mw_type {
type ib_poll_context (line 44332) | enum ib_poll_context {
type ib_port_state (line 44340) | enum ib_port_state {
type ib_qp_state (line 44349) | enum ib_qp_state {
type ib_qp_type (line 44359) | enum ib_qp_type {
type ib_sig_err_type (line 44384) | enum ib_sig_err_type {
type ib_sig_type (line 44390) | enum ib_sig_type {
type ib_signature_type (line 44395) | enum ib_signature_type {
type ib_srq_attr_mask (line 44400) | enum ib_srq_attr_mask {
type ib_srq_type (line 44405) | enum ib_srq_type {
type ib_t10_dif_bg_type (line 44411) | enum ib_t10_dif_bg_type {
type ib_uverbs_access_flags (line 44416) | enum ib_uverbs_access_flags {
type ib_uverbs_advise_mr_advice (line 44431) | enum ib_uverbs_advise_mr_advice {
type ib_uverbs_create_qp_mask (line 44437) | enum ib_uverbs_create_qp_mask {
type ib_uverbs_device_cap_flags (line 44441) | enum ib_uverbs_device_cap_flags {
type ib_uverbs_gid_type (line 44472) | enum ib_uverbs_gid_type {
type ib_uverbs_qp_create_flags (line 44478) | enum ib_uverbs_qp_create_flags {
type ib_uverbs_qp_type (line 44486) | enum ib_uverbs_qp_type {
type ib_uverbs_raw_packet_caps (line 44496) | enum ib_uverbs_raw_packet_caps {
type ib_uverbs_srq_type (line 44503) | enum ib_uverbs_srq_type {
type ib_uverbs_wc_opcode (line 44509) | enum ib_uverbs_wc_opcode {
type ib_uverbs_wq_flags (line 44522) | enum ib_uverbs_wq_flags {
type ib_uverbs_wq_type (line 44529) | enum ib_uverbs_wq_type {
type ib_uverbs_wr_opcode (line 44533) | enum ib_uverbs_wr_opcode {
type ib_uverbs_write_cmds (line 44552) | enum ib_uverbs_write_cmds {
type ib_wc_opcode (line 44596) | enum ib_wc_opcode {
type ib_wc_status (line 44614) | enum ib_wc_status {
type ib_wq_state (line 44639) | enum ib_wq_state {
type ib_wq_type (line 44645) | enum ib_wq_type {
type ib_wr_opcode (line 44649) | enum ib_wr_opcode {
type ifc_nand_fir_opcodes (line 44680) | enum ifc_nand_fir_opcodes {
type igb_boards (line 44717) | enum igb_boards {
type igb_diagnostics_results (line 44721) | enum igb_diagnostics_results {
type igb_filter_match_flags (line 44729) | enum igb_filter_match_flags {
type igb_tx_buf_type (line 44736) | enum igb_tx_buf_type {
type igb_tx_flags (line 44742) | enum igb_tx_flags {
type igbvf_boards (line 44750) | enum igbvf_boards {
type igbvf_state_t (line 44755) | enum igbvf_state_t {
type iio_available_type (line 44761) | enum iio_available_type {
type iio_buffer_direction (line 44766) | enum iio_buffer_direction {
type iio_chan_info_enum (line 44771) | enum iio_chan_info_enum {
type iio_chan_type (line 44804) | enum iio_chan_type {
type iio_endian (line 44847) | enum iio_endian {
type iio_event_direction (line 44853) | enum iio_event_direction {
type iio_event_info (line 44862) | enum iio_event_info {
type iio_event_type (line 44876) | enum iio_event_type {
type iio_modifier (line 44887) | enum iio_modifier {
type iio_shared_by (line 44943) | enum iio_shared_by {
type imx7_src_registers (line 44950) | enum imx7_src_registers {
type imx8_pcie_phy_type (line 44962) | enum imx8_pcie_phy_type {
type imx8mm_pads (line 44967) | enum imx8mm_pads {
type imx8mn_pads (line 45119) | enum imx8mn_pads {
type imx8mp_pads (line 45271) | enum imx8mp_pads {
type imx8mp_src_registers (line 45422) | enum imx8mp_src_registers {
type imx8mq_pads (line 45434) | enum imx8mq_pads {
type imx8mq_src_registers (line 45586) | enum imx8mq_src_registers {
type imx8ulp_pads (line 45598) | enum imx8ulp_pads {
type imx93_pads (line 45697) | enum imx93_pads {
type imx_i2c_state (line 45808) | enum imx_i2c_state {
type imx_i2c_type (line 45819) | enum imx_i2c_type {
type imx_misc_func (line 45826) | enum imx_misc_func {
type imx_mu_chan_type (line 45849) | enum imx_mu_chan_type {
type imx_mu_type (line 45858) | enum imx_mu_type {
type imx_mu_xcr (line 45865) | enum imx_mu_xcr {
type imx_mu_xsr (line 45874) | enum imx_mu_xsr {
type imx_pcie_variants (line 45882) | enum imx_pcie_variants {
type imx_pfdv2_type (line 45899) | enum imx_pfdv2_type {
type imx_pll14xx_type (line 45904) | enum imx_pll14xx_type {
type imx_pllv1_type (line 45909) | enum imx_pllv1_type {
type imx_pllv3_type (line 45918) | enum imx_pllv3_type {
type imx_pllv4_type (line 45931) | enum imx_pllv4_type {
type imx_rproc_method (line 45937) | enum imx_rproc_method {
type imx_sc_error_codes (line 45944) | enum imx_sc_error_codes {
type imx_sc_pm_func (line 45960) | enum imx_sc_pm_func {
type imx_sc_rm_func (line 45983) | enum imx_sc_rm_func {
type imx_sc_rpc_svc (line 46020) | enum imx_sc_rpc_svc {
type imx_tx_state (line 46031) | enum imx_tx_state {
type imx_uart_type (line 46038) | enum imx_uart_type {
type inet_csk_ack_state_t (line 46043) | enum inet_csk_ack_state_t {
type inode_i_mutex_lock_class (line 46052) | enum inode_i_mutex_lock_class {
type input_clock_type (line 46061) | enum input_clock_type {
type interconnect_desc_param (line 46068) | enum interconnect_desc_param {
type io_pgtable_caps (line 46075) | enum io_pgtable_caps {
type io_pgtable_fmt (line 46079) | enum io_pgtable_fmt {
type io_uring_cmd_flags (line 46093) | enum io_uring_cmd_flags {
type io_uring_msg_ring_flags (line 46107) | enum io_uring_msg_ring_flags {
type io_uring_napi_op (line 46112) | enum io_uring_napi_op {
type io_uring_napi_tracking_strategy (line 46118) | enum io_uring_napi_tracking_strategy {
type io_uring_op (line 46124) | enum io_uring_op {
type io_uring_register_op (line 46186) | enum io_uring_register_op {
type io_uring_register_pbuf_ring_flags (line 46225) | enum io_uring_register_pbuf_ring_flags {
type io_uring_register_restriction_op (line 46230) | enum io_uring_register_restriction_op {
type io_uring_socket_op (line 46238) | enum io_uring_socket_op {
type io_uring_sqe_flags_bit (line 46245) | enum io_uring_sqe_flags_bit {
type io_wq_cancel (line 46255) | enum io_wq_cancel {
type io_wq_type (line 46261) | enum io_wq_type {
type ioctrl_regs (line 46266) | enum ioctrl_regs {
type ioctrl_regs___2 (line 46277) | enum ioctrl_regs___2 {
type ioctrl_regs___3 (line 46290) | enum ioctrl_regs___3 {
type ioctrl_regs___4 (line 46300) | enum ioctrl_regs___4 {
type ioctrl_regs___5 (line 46305) | enum ioctrl_regs___5 {
type ioctrl_regs___6 (line 46313) | enum ioctrl_regs___6 {
type ioctrl_regs___7 (line 46319) | enum ioctrl_regs___7 {
type ioctrl_regs___8 (line 46326) | enum ioctrl_regs___8 {
type iodev_type (line 46333) | enum iodev_type {
type iommu_atf_cmd (line 46340) | enum iommu_atf_cmd {
type iommu_cap (line 46346) | enum iommu_cap {
type iommu_dev_features (line 46355) | enum iommu_dev_features {
type iommu_dma_cookie_type (line 46360) | enum iommu_dma_cookie_type {
type iommu_dma_queue_type (line 46365) | enum iommu_dma_queue_type {
type iommu_fault_type (line 46370) | enum iommu_fault_type {
type iommu_page_response_code (line 46374) | enum iommu_page_response_code {
type iommu_resv_type (line 46380) | enum iommu_resv_type {
type iommufd_hwpt_alloc_flags (line 46388) | enum iommufd_hwpt_alloc_flags {
type iommufd_object_type (line 46395) | enum iommufd_object_type {
type ip_conntrack_dir (line 46409) | enum ip_conntrack_dir {
type ip_conntrack_info (line 46415) | enum ip_conntrack_info {
type ip_conntrack_status (line 46426) | enum ip_conntrack_status {
type ip_defrag_users (line 46467) | enum ip_defrag_users {
type ipi_msg_type (line 46483) | enum ipi_msg_type {
type ipi_vector (line 46496) | enum ipi_vector {
type ipmi_addr_space (line 46501) | enum ipmi_addr_space {
type ipmi_addr_src (line 46506) | enum ipmi_addr_src {
type ipmi_plat_interface_type (line 46519) | enum ipmi_plat_interface_type {
type ipq5018_functions (line 46524) | enum ipq5018_functions {
type ipq5332_functions (line 46612) | enum ipq5332_functions {
type ipq6018_functions (line 46711) | enum ipq6018_functions {
type ipq806x_versions (line 46837) | enum ipq806x_versions {
type ipq8074_functions (line 46843) | enum ipq8074_functions {
type ipq8074_versions (line 46959) | enum ipq8074_versions {
type ipq9574_functions (line 46964) | enum ipq9574_functions {
type iproc_arm_pll_fid (line 47048) | enum iproc_arm_pll_fid {
type iproc_msi_reg (line 47055) | enum iproc_msi_reg {
type iproc_pcie_ib_map_type (line 47067) | enum iproc_pcie_ib_map_type {
type iproc_pcie_reg (line 47073) | enum iproc_pcie_reg {
type iproc_pcie_type (line 47110) | enum iproc_pcie_type {
type iproc_pinconf_ctrl_type (line 47118) | enum iproc_pinconf_ctrl_type {
type iproc_pinconf_param (line 47124) | enum iproc_pinconf_param {
type irq_domain_bus_token (line 47132) | enum irq_domain_bus_token {
type irq_gc_flags (line 47152) | enum irq_gc_flags {
type irq_source (line 47160) | enum irq_source {
type irqchip_irq_state (line 47165) | enum irqchip_irq_state {
type irqreturn (line 47172) | enum irqreturn {
type irqreturn_t (line 47178) | typedef enum irqreturn irqreturn_t;
type isp1760_ctrl_state (line 47180) | enum isp1760_ctrl_state {
type isp1760_queue_head_types (line 47187) | enum isp1760_queue_head_types {
type isp176x_device_controller_fields (line 47194) | enum isp176x_device_controller_fields {
type isp176x_host_controller_fields (line 47238) | enum isp176x_host_controller_fields {
type iter_type (line 47320) | enum iter_type {
type its_vcpu_info_cmd_type (line 47330) | enum its_vcpu_info_cmd_type {
type jbd2_shrink_type (line 47342) | enum jbd2_shrink_type {
type jbd_state_bits (line 47348) | enum jbd_state_bits {
type jump_label_type (line 47361) | enum jump_label_type {
type k3_dma_type (line 47366) | enum k3_dma_type {
type k3_ring_mode (line 47372) | enum k3_ring_mode {
type k3_ring_size (line 47379) | enum k3_ring_size {
type k3_ringacc_access_mode (line 47390) | enum k3_ringacc_access_mode {
type k3_ringacc_proxy_access_mode (line 47399) | enum k3_ringacc_proxy_access_mode {
type kcmp_type (line 47406) | enum kcmp_type {
type kernel_load_data_id (line 47418) | enum kernel_load_data_id {
type kernel_pkey_operation (line 47429) | enum kernel_pkey_operation {
type kernel_read_file_id (line 47436) | enum kernel_read_file_id {
type kernfs_node_flag (line 47447) | enum kernfs_node_flag {
type kernfs_node_type (line 47461) | enum kernfs_node_type {
type kernfs_root_flag (line 47467) | enum kernfs_root_flag {
type key_being_used_for (line 47474) | enum key_being_used_for {
type key_lookup_flag (line 47484) | enum key_lookup_flag {
type key_need_perm (line 47490) | enum key_need_perm {
type key_notification_subtype (line 47504) | enum key_notification_subtype {
type key_state (line 47515) | enum key_state {
type kfunc_ptr_arg_type (line 47520) | enum kfunc_ptr_arg_type {
type kmalloc_cache_type (line 47541) | enum kmalloc_cache_type {
type kmsg_dump_reason (line 47551) | enum kmsg_dump_reason {
type kobj_ns_type (line 47560) | enum kobj_ns_type {
type kobject_action (line 47566) | enum kobject_action {
type kp_band (line 47577) | enum kp_band {
type ksm_advisor_type (line 47583) | enum ksm_advisor_type {
type ksm_get_folio_flags (line 47588) | enum ksm_get_folio_flags {
type kunwind_source (line 47594) | enum kunwind_source {
type kvm_arch_timer_regs (line 47602) | enum kvm_arch_timer_regs {
type kvm_arch_timers (line 47610) | enum kvm_arch_timers {
type kvm_bus (line 47619) | enum kvm_bus {
type kvm_device_type (line 47628) | enum kvm_device_type {
type kvm_gfn_range_filter (line 47646) | enum kvm_gfn_range_filter {
type kvm_mode (line 47651) | enum kvm_mode {
type kvm_mr_change (line 47658) | enum kvm_mr_change {
type kvm_pgtable_prot (line 47665) | enum kvm_pgtable_prot {
type kvm_pgtable_stage2_flags (line 47677) | enum kvm_pgtable_stage2_flags {
type kvm_pgtable_walk_flags (line 47682) | enum kvm_pgtable_walk_flags {
type kvm_smccc_filter_action (line 47692) | enum kvm_smccc_filter_action {
type kvm_stat_kind (line 47699) | enum kvm_stat_kind {
type kvm_wfx_trap_policy (line 47704) | enum kvm_wfx_trap_policy {
type l2tp_debug_flags (line 47710) | enum l2tp_debug_flags {
type latency_range (line 47717) | enum latency_range {
type layoutdriver_policy_flags (line 47724) | enum layoutdriver_policy_flags {
type led_brightness (line 47731) | enum led_brightness {
type led_default_state (line 47738) | enum led_default_state {
type led_mode (line 47744) | enum led_mode {
type led_trigger_netdev_modes (line 47751) | enum led_trigger_netdev_modes {
type legacy_fs_param (line 47768) | enum legacy_fs_param {
type legacy_scpi_std_cmd (line 47774) | enum legacy_scpi_std_cmd {
type lg_g15_led_type (line 47810) | enum lg_g15_led_type {
type lg_g15_model (line 47821) | enum lg_g15_model {
type lightbar_command (line 47829) | enum lightbar_command {
type limit_by4 (line 47867) | enum limit_by4 {
type link_inband_signalling (line 47872) | enum link_inband_signalling {
type locality_types (line 47878) | enum locality_types {
type lock_type4 (line 47885) | enum lock_type4 {
type lockdep_ok (line 47893) | enum lockdep_ok {
type lockdown_reason (line 47898) | enum lockdown_reason {
type lpi2c_imx_mode (line 47931) | enum lpi2c_imx_mode {
type lpi2c_imx_pincfg (line 47939) | enum lpi2c_imx_pincfg {
type lpuart_type (line 47946) | enum lpuart_type {
type lru_list (line 47956) | enum lru_list {
type lru_status (line 47965) | enum lru_status {
type lruvec_flags (line 47974) | enum lruvec_flags {
type lsm_event (line 47979) | enum lsm_event {
type lsm_integrity_type (line 47983) | enum lsm_integrity_type {
type lsm_order (line 47989) | enum lsm_order {
type lw_bits (line 47995) | enum lw_bits {
type lwtunnel_encap_types (line 47999) | enum lwtunnel_encap_types {
type lwtunnel_ip6_t (line 48014) | enum lwtunnel_ip6_t {
type lwtunnel_ip_t (line 48027) | enum lwtunnel_ip_t {
type lzma2_seq (line 48040) | enum lzma2_seq {
type lzma_state (line 48052) | enum lzma_state {
type mac_commom_mode (line 48067) | enum mac_commom_mode {
type mac_intf (line 48074) | enum mac_intf {
type mac_mode (line 48088) | enum mac_mode {
type mac_speed (line 48109) | enum mac_speed {
type macb_bd_control (line 48116) | enum macb_bd_control {
type maple_status (line 48123) | enum maple_status {
type maple_type (line 48134) | enum maple_type {
type mapping_flags (line 48141) | enum mapping_flags {
type max77620_alternate_pinmux_option (line 48156) | enum max77620_alternate_pinmux_option {
type max77620_chip_id (line 48166) | enum max77620_chip_id {
type max77620_fps_src (line 48172) | enum max77620_fps_src {
type max77620_pin_ppdrv (line 48180) | enum max77620_pin_ppdrv {
type max77620_regulator_type (line 48186) | enum max77620_regulator_type {
type max77620_regulators (line 48192) | enum max77620_regulators {
type max77686_irq (line 48210) | enum max77686_irq {
type max77686_irq_source (line 48229) | enum max77686_irq_source {
type max77686_pmic_reg (line 48236) | enum max77686_pmic_reg {
type max77686_rtc_reg (line 48345) | enum max77686_rtc_reg {
type max77686_rtc_reg_offset (line 48375) | enum max77686_rtc_reg_offset {
type max77802_rtc_reg (line 48405) | enum max77802_rtc_reg {
type mc_cmd_status (line 48439) | enum mc_cmd_status {
type mctrl_gpio_idx (line 48454) | enum mctrl_gpio_idx {
type mdio_c22_op_seq (line 48465) | enum mdio_c22_op_seq {
type mdio_c45_op_seq (line 48470) | enum mdio_c45_op_seq {
type mdio_st_clause (line 48477) | enum mdio_st_clause {
type mem_type (line 48482) | enum mem_type {
type membarrier_cmd (line 48515) | enum membarrier_cmd {
type membarrier_cmd_flag (line 48530) | enum membarrier_cmd_flag {
type memblock_flags (line 48534) | enum memblock_flags {
type memcg_memory_event (line 48543) | enum memcg_memory_event {
type memcg_stat_item (line 48556) | enum memcg_stat_item {
type meminit_context (line 48567) | enum meminit_context {
type memory_type (line 48572) | enum memory_type {
type meson_pinconf_drv (line 48580) | enum meson_pinconf_drv {
type meson_reg_type (line 48587) | enum meson_reg_type {
type meson_sar_adc_avg_mode (line 48597) | enum meson_sar_adc_avg_mode {
type meson_sar_adc_chan7_mux_sel (line 48603) | enum meson_sar_adc_chan7_mux_sel {
type meson_sar_adc_channel_index (line 48612) | enum meson_sar_adc_channel_index {
type meson_sar_adc_num_samples (line 48629) | enum meson_sar_adc_num_samples {
type meson_sar_adc_vref_sel (line 48636) | enum meson_sar_adc_vref_sel {
type meson_soc_id (line 48641) | enum meson_soc_id {
type metadata_type (line 48646) | enum metadata_type {
type mf_action_page_type (line 48653) | enum mf_action_page_type {
type mf_flags (line 48677) | enum mf_flags {
type mf_result (line 48688) | enum mf_result {
type mfi_evt_class (line 48695) | enum mfi_evt_class {
type migrate_mode (line 48705) | enum migrate_mode {
type migrate_reason (line 48711) | enum migrate_reason {
type migratetype (line 48725) | enum migratetype {
type migration_type (line 48736) | enum migration_type {
type mipi_dsi_compression_algo (line 48743) | enum mipi_dsi_compression_algo {
type mipi_dsi_dcs_tear_mode (line 48748) | enum mipi_dsi_dcs_tear_mode {
type mipi_dsi_pixel_format (line 48753) | enum mipi_dsi_pixel_format {
type mitigation_state (line 48760) | enum mitigation_state {
type mm_cid_state (line 48766) | enum mm_cid_state {
type mmc_busy_cmd (line 48771) | enum mmc_busy_cmd {
type mmc_drv_op (line 48779) | enum mmc_drv_op {
type mmc_err_stat (line 48787) | enum mmc_err_stat {
type mmc_issue_type (line 48806) | enum mmc_issue_type {
type mmc_issued (line 48813) | enum mmc_issued {
type mmci_busy_state (line 48820) | enum mmci_busy_state {
type mminit_level (line 48826) | enum mminit_level {
type mmu_notifier_event (line 48832) | enum mmu_notifier_event {
type mnt_tree_flags_t (line 48843) | enum mnt_tree_flags_t {
type mod_license (line 48848) | enum mod_license {
type mod_mem_type (line 48853) | enum mod_mem_type {
type module_state (line 48865) | enum module_state {
type motionsense_command (line 48872) | enum motionsense_command {
type motionsensor_type (line 48895) | enum motionsensor_type {
type mountstat (line 48907) | enum mountstat {
type mountstat3 (line 48915) | enum mountstat3 {
type mq_rq_state (line 48928) | enum mq_rq_state {
type mrq_bwmgr_int_cmd (line 48934) | enum mrq_bwmgr_int_cmd {
type mrq
Copy disabled (too large)
Download .json
Condensed preview — 333 files, each showing path, character count, and a content snippet. Download the .json file for the full structured content (10,908K chars).
[
{
"path": ".github/ISSUE_TEMPLATE/bug_report.md",
"chars": 654,
"preview": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n> [!IMPORTANT] "
},
{
"path": ".github/agents/pr-agent.md",
"chars": 3949,
"preview": "---\nname: eCapture-PR-Agent\ndisplay_name: eCapture PR Agent\ndescription: >\n 本 Agent 专门服务于 `gojue/ecapture` 仓库,用于自动创建 **"
},
{
"path": ".github/workflows/android_e2e.yml",
"chars": 6624,
"preview": "name: Android E2E Tests\n\non:\n pull_request:\n branches: [ master, v2, v1 ]\n\n push:\n branches: [ master, v2, v1 ]\n"
},
{
"path": ".github/workflows/codeql-analysis.yml",
"chars": 3357,
"preview": "# For most projects, this workflow file will not need changing; you simply need\n# to commit it to your repository.\n#\n# Y"
},
{
"path": ".github/workflows/e2e.yml",
"chars": 5244,
"preview": "name: E2E Tests\n\non:\n pull_request:\n branches: [ master, v2, v1 ]\n types: [ opened, synchronize, reopened ]\n pus"
},
{
"path": ".github/workflows/go-c-cpp.yml",
"chars": 4123,
"preview": "name: GO/C/C++ CI\non:\n push:\n branches: [ master, v2, v1 ]\n pull_request:\n branches: [ master, v2, v1 ]\n\njobs:\n "
},
{
"path": ".github/workflows/pr_build_debug.yml",
"chars": 2700,
"preview": "name: PR Build (Debug)\non:\n pull_request:\n branches: [ master, v2, v1 ]\n types: [ opened, synchronize, reopened ]"
},
{
"path": ".github/workflows/pr_build_debug_comment.yml",
"chars": 1943,
"preview": "name: PR Comment on Build\n\non:\n workflow_run:\n workflows: [\"PR Build (Debug)\"]\n types:\n - completed\n\npermiss"
},
{
"path": ".github/workflows/release.yml",
"chars": 6248,
"preview": "name: Release\non:\n push:\n tags:\n - \"v*\"\n\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cance"
},
{
"path": ".gitignore",
"chars": 562,
"preview": "# Binaries for programs and plugins\n*.exe\n*.exe~\n*.dll\n*.so\n*.dylib\n*.d\n*.o\n\n# Test binary, built with `go test -c`\n*.te"
},
{
"path": ".gitmodules",
"chars": 102,
"preview": "[submodule \"lib/libpcap\"]\n\tpath = lib/libpcap\n\turl = https://github.com/the-tcpdump-group/libpcap.git\n"
},
{
"path": ".golangci.yml",
"chars": 1853,
"preview": "# This configuration file is not a recommendation.\n#\n# We intentionally use a limited set of linters.\n# This configurati"
},
{
"path": "CHANGELOG.md",
"chars": 65750,
"preview": "# v2.0.0 (2026-03-14)\n\n## What's Changed\n\n### ⚠️ Breaking Changes\n* **Architecture refactoring**: Completely migrated fr"
},
{
"path": "CODE_OF_CONDUCT.md",
"chars": 5220,
"preview": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nWe as members, contributors, and leaders pledge to make participa"
},
{
"path": "CONTRIBUTING.md",
"chars": 2853,
"preview": "# How to contribute\n\neCapture is AGPL-3.0 licensed and accepts contributions via GitHub pull requests. This document out"
},
{
"path": "LICENSE",
"chars": 11348,
"preview": "\n Apache License\n Version 2.0, January 2004\n "
},
{
"path": "Makefile",
"chars": 10467,
"preview": "include variables.mk\ninclude functions.mk\n\n.PHONY: all | env nocore\n# include core and non-core ebpf bytecode\nall: ebpf "
},
{
"path": "README-zh_Hans.md",
"chars": 11813,
"preview": "<img src=\"./images/ecapture-logo.png\" alt=\"eCapture Logo\" width=\"300\" height=\"300\"/>\n\n 汉字 | [English](./README.md) \n\n[ | English "
},
{
"path": "SECURITY.md",
"chars": 553,
"preview": "# Security Policy\n\n## Supported Versions\n\nUse this section to tell people about which versions of your project are\ncurre"
},
{
"path": "assets/ebpf_probe_stub.go",
"chars": 1430,
"preview": "//go:build !ebpfassets\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apac"
},
{
"path": "builder/Dockerfile",
"chars": 1297,
"preview": "FROM ubuntu:22.04 as ecapture_builder\n\n# Install Compilers\nRUN apt-get update &&\\\n apt-get install --yes git build-esse"
},
{
"path": "builder/Makefile.release",
"chars": 3964,
"preview": "include variables.mk\ninclude functions.mk\n\n#\n# Responsible for creating ecapture snapshots for testing and releasing\n#\n\n"
},
{
"path": "builder/init_env.sh",
"chars": 3164,
"preview": "#!/usr/bin/env bash\n\n# /bin/bash -c \"$(curl -fsSL https://raw.githubusercontent.com/gojue/ecapture/master/builder/init_e"
},
{
"path": "builder/rpmBuild.spec",
"chars": 2990,
"preview": "Name: ecapture\nVersion: v1.1.0\nRelease: 2025%{?dist}\nSummary: Capture SSL/TLS plaintext content without C"
},
{
"path": "bytecode/.gitkeep",
"chars": 0,
"preview": ""
},
{
"path": "cli/LICENSE",
"chars": 0,
"preview": ""
},
{
"path": "cli/cmd/bash.go",
"chars": 2163,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "cli/cmd/ecaptureq.go",
"chars": 1037,
"preview": "// Copyright 2025 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "cli/cmd/env_detection.go",
"chars": 2294,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "cli/cmd/gnutls.go",
"chars": 3429,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "cli/cmd/gotls.go",
"chars": 3077,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "cli/cmd/mysqld.go",
"chars": 2134,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "cli/cmd/nss.go",
"chars": 1805,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "cli/cmd/postgres.go",
"chars": 2022,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "cli/cmd/root.go",
"chars": 13364,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "cli/cmd/tls.go",
"chars": 3928,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "cli/cmd/upgrade.go",
"chars": 2144,
"preview": "package cmd\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"regexp\"\n\t\"strings\"\n\n\t\"golang.org/x/sys/unix\"\n\n\t\"github.com/gojue/eca"
},
{
"path": "cli/cmd/zsh.go",
"chars": 2024,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "cli/cobrautl/help.go",
"chars": 3987,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "cli/http/config_factory.go",
"chars": 1746,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "cli/http/config_factory_ecandroid.go",
"chars": 1592,
"preview": "//go:build ecap_android\n// +build ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n//"
},
{
"path": "cli/http/config_factory_linux.go",
"chars": 2147,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "cli/http/logger.go",
"chars": 1284,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "cli/http/resp.go",
"chars": 1228,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "cli/http/server.go",
"chars": 4463,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "cli/http/status_string.go",
"chars": 900,
"preview": "// Code generated by \"stringer -type=Status\"; DO NOT EDIT.\n\npackage http\n\nimport \"strconv\"\n\nfunc _() {\n\t// An \"invalid a"
},
{
"path": "cli/main.go",
"chars": 718,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "dist/.gitkeep",
"chars": 0,
"preview": ""
},
{
"path": "docs/README.md",
"chars": 2698,
"preview": "# eCapture Documentation\n\nThis directory contains comprehensive documentation for the eCapture project.\n\n## Documentatio"
},
{
"path": "docs/beta-release-guide.md",
"chars": 2672,
"preview": "# Beta/预发布版本指南\n\n## 📋 Tag 命名规范\n\n本项目已支持自动识别并处理预发布版本。请按照以下规范命名 Git tags:\n\n### 预发布版本(Pre-release)\n\n- **Beta 版本**: `v2.0.0-be"
},
{
"path": "docs/compilation-zh_Hans.md",
"chars": 2666,
"preview": "<!-- MarkdownTOC autolink=\"true\" -->\n\n- [eCapture 工作原理](#ecapture-工作原理)\n- [eCapture 系统架构](#ecapture-系统架构)\n- [编译方法](#编译方法"
},
{
"path": "docs/compilation.md",
"chars": 3797,
"preview": "<!-- MarkdownTOC autolink=\"true\" -->\n\n- [How eCapture works](#how-ecapture-works)\n- [eCapture Architecture](#ecapture-ar"
},
{
"path": "docs/e2e-tests.md",
"chars": 11517,
"preview": "# eCapture End-to-End (E2E) Tests\n\nThis document describes the comprehensive end-to-end test suite for eCapture modules."
},
{
"path": "docs/event-forward-api-zh_Hans.md",
"chars": 4370,
"preview": "# eCapture 事件转发 API\n\n本文档简要说明:**作为客户端,如何接收 eCapture 导出的事件和运行日志**,以及应该去看哪些已有文档和 Demo。\n\n> 说明:\n> \n> - 默认监听地址:`ws://127.0.0.1"
},
{
"path": "docs/event-forward-api.md",
"chars": 7356,
"preview": "# eCapture Event Forwarding API\n\nThis document briefly explains **how to receive events and runtime logs from eCapture a"
},
{
"path": "docs/event-forward.md",
"chars": 652,
"preview": "# eCapture Event Forwarding\n\n## Application (GUI Client)\n### eCaptureQ\n作者 zenyanle\n星标 : ⭐️ 213\n> eCaptureQ 是 eCapture 的跨"
},
{
"path": "docs/refactoring-guide.md",
"chars": 19226,
"preview": "# eCapture Probe Refactoring Guide\n\nThis guide documents the strategy, patterns, and key considerations for refactoring "
},
{
"path": "docs/remote-config-update-api-zh_Hans.md",
"chars": 8407,
"preview": "# eCapture 远程配置修改 API\n\n本文档介绍 **eCapture 运行过程中如何通过 HTTP 接口远程修改配置**,面向调用方(HTTP Client),说明如何构造请求和 payload 与 eCapture 通讯。\n\n>"
},
{
"path": "docs/remote-config-update-api.md",
"chars": 12328,
"preview": "# eCapture Remote Configuration Update API\n\nThis document describes how to update eCapture’s runtime configuration via H"
},
{
"path": "examples/ecaptureq_client/README.md",
"chars": 5449,
"preview": "# eCapture WebSocket Client\n\nThis is a standalone Go client that connects to an eCapture WebSocket server (ecaptureq) to"
},
{
"path": "examples/ecaptureq_client/TESTING.md",
"chars": 6839,
"preview": "# Testing the eCapture WebSocket Client\n\nThis guide helps you test the ecaptureq WebSocket client with a running eCaptur"
},
{
"path": "examples/ecaptureq_client/go.mod",
"chars": 224,
"preview": "module github.com/gojue/ecapture/examples/ecaptureq_client\n\ngo 1.24.3\n\nrequire (\n\tgithub.com/gojue/ecapture v0.0.0\n\tgola"
},
{
"path": "examples/ecaptureq_client/go.sum",
"chars": 493,
"preview": "github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=\ngithub.com/google/go-cmp v0.7.0/go.mod h"
},
{
"path": "examples/ecaptureq_client/main.go",
"chars": 6268,
"preview": "// Copyright 2025 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "examples/https_client/golang_https.go",
"chars": 890,
"preview": "package main\n\n/*\n#include <stdio.h>\n#include <stdlib.h>\n\nvoid test() {\n\tprintf(\"hello CGO!\\n\");\n}\n*/\nimport \"C\"\nimport ("
},
{
"path": "examples/https_client/node_https.js",
"chars": 746,
"preview": "const https = require('https');\n\nasync function httpsGet(hostname, path, headers) {\n return new Promise(async (resolve,"
},
{
"path": "examples/https_client/python3_https.py",
"chars": 411,
"preview": "# python3 https_client.py\nimport urllib.request\nimport urllib.error\n\ntry:\n response = urllib.request.urlopen('https:/"
},
{
"path": "functions.mk",
"chars": 2379,
"preview": "\n.check_%:\n\t@command -v $* >/dev/null\n\tif [ $$? -ne 0 ]; then\n\t\techo \"eCapture Makefile: missing required tool $*\"\n\t\texi"
},
{
"path": "go.mod",
"chars": 2556,
"preview": "module github.com/gojue/ecapture\n\ngo 1.24.3\n\nrequire (\n\tgithub.com/cilium/ebpf v0.18.0\n\tgithub.com/gin-gonic/gin v1.10.0"
},
{
"path": "go.sum",
"chars": 24755,
"preview": "github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0=\ngithub.com/avast/retry-go "
},
{
"path": "internal/README.md",
"chars": 5979,
"preview": "# eCapture Internal Architecture\n\nThis directory contains the refactored internal architecture for eCapture, implementin"
},
{
"path": "internal/builder/config_builder.go",
"chars": 2679,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/builder/config_builder_test.go",
"chars": 2567,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/config/base_config.go",
"chars": 6104,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/config/base_config_test.go",
"chars": 2806,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/domain/configuration.go",
"chars": 1801,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/domain/event.go",
"chars": 2460,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/domain/probe.go",
"chars": 2048,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/errors/errors.go",
"chars": 4658,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/errors/errors_test.go",
"chars": 2718,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/events/dispatcher.go",
"chars": 4543,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/events/dispatcher_test.go",
"chars": 6792,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/factory/probe_factory.go",
"chars": 3917,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/factory/probe_factory_test.go",
"chars": 4237,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/logger/logger.go",
"chars": 3194,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/encoders/encoder.go",
"chars": 1098,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/encoders/json_encoder.go",
"chars": 1547,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/encoders/plain_encoder.go",
"chars": 1382,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/encoders/protobuf_encoder.go",
"chars": 1551,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/writers/factory.go",
"chars": 2493,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/writers/file_writer.go",
"chars": 3150,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/writers/keylog_writer.go",
"chars": 1232,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/writers/logger_writer.go",
"chars": 711,
"preview": "package writers\n\nimport (\n\t\"github.com/gojue/ecapture/internal/logger\"\n)\n\ntype LoggerWriter struct {\n\tlogger *logger.Log"
},
{
"path": "internal/output/writers/pcap_writer.go",
"chars": 7467,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/writers/stdout_writer.go",
"chars": 1240,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/writers/tcp_writer.go",
"chars": 2172,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/writers/websocket_writer.go",
"chars": 1915,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/output/writers/writer.go",
"chars": 1097,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/base/base_probe.go",
"chars": 9760,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/base/base_probe_test.go",
"chars": 4411,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/base/handlers/handlers.go",
"chars": 566,
"preview": "package handlers\n\nconst (\n\t// ModeText Capture mode types for handlers\n\tModeText = \"text\"\n\tModePcap = \"pcap\"\n\tModePc"
},
{
"path": "internal/probe/base/handlers/keylog_handler.go",
"chars": 9067,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/base/handlers/keylog_handler_dedup_test.go",
"chars": 4616,
"preview": "package handlers\n\nimport (\n\t\"testing\"\n\n\t\"github.com/gojue/ecapture/internal/output/writers\"\n)\n\n// Test that all-zero mas"
},
{
"path": "internal/probe/base/handlers/keylog_handler_test.go",
"chars": 11865,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/base/handlers/pcap_handler.go",
"chars": 5290,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/base/handlers/pcap_handler_test.go",
"chars": 5974,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/base/handlers/text_handler.go",
"chars": 2882,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/base/handlers/text_handler_test.go",
"chars": 6133,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/bash/bash_probe.go",
"chars": 8811,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/bash/bash_test.go",
"chars": 3414,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/bash/config.go",
"chars": 5471,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/bash/event.go",
"chars": 3797,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/bash/register.go",
"chars": 903,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gnutls/config.go",
"chars": 8414,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gnutls/config_test.go",
"chars": 5340,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gnutls/event.go",
"chars": 5822,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gnutls/event_masterkey.go",
"chars": 7780,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gnutls/gnutls_probe.go",
"chars": 5978,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gnutls/gnutls_probe_test.go",
"chars": 2108,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gnutls/register.go",
"chars": 959,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "internal/probe/gotls/config.go",
"chars": 15001,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gotls/config_symbol.go",
"chars": 5849,
"preview": "package gotls\n\nimport (\n\t\"bytes\"\n\t\"debug/elf\"\n\t\"debug/gosym\"\n\t\"encoding/binary\"\n\t\"fmt\"\n\n\t\"errors\"\n)\n\n// FindRetOffsets s"
},
{
"path": "internal/probe/gotls/config_symbol_test.go",
"chars": 638,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gotls/config_test.go",
"chars": 4649,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gotls/event.go",
"chars": 6148,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gotls/event_masterkey.go",
"chars": 6725,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gotls/event_packet.go",
"chars": 4383,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gotls/go_instructions_amd64.go",
"chars": 471,
"preview": "package gotls\n\nimport (\n\t\"golang.org/x/arch/x86/x86asm\"\n)\n\n// decodeInstruction Decode into assembly instructions and id"
},
{
"path": "internal/probe/gotls/go_instructions_arm64.go",
"chars": 608,
"preview": "package gotls\n\nimport (\n\t\"golang.org/x/arch/arm64/arm64asm\"\n)\n\nconst (\n\t// Arm64armInstSize via : arm64/arm64asm/decode"
},
{
"path": "internal/probe/gotls/gotls_probe.go",
"chars": 18477,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gotls/gotls_probe_test.go",
"chars": 1802,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/gotls/register.go",
"chars": 906,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/mysql/config.go",
"chars": 7546,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/mysql/event.go",
"chars": 5248,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/mysql/mysql_probe.go",
"chars": 7952,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/mysql/mysql_test.go",
"chars": 6445,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/mysql/register.go",
"chars": 961,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "internal/probe/nspr/config.go",
"chars": 6059,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/nspr/config_test.go",
"chars": 2005,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/nspr/event.go",
"chars": 6930,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/nspr/event_masterkey.go",
"chars": 8026,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/nspr/nspr_probe.go",
"chars": 5143,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/nspr/nspr_probe_test.go",
"chars": 7173,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/nspr/register.go",
"chars": 953,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "internal/probe/openssl/config.go",
"chars": 17417,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/openssl/config_ecandroid.go",
"chars": 2830,
"preview": "//go:build ecap_android\n// +build ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n//"
},
{
"path": "internal/probe/openssl/config_linux.go",
"chars": 2474,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "internal/probe/openssl/config_test.go",
"chars": 6337,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/openssl/event.go",
"chars": 9755,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/openssl/event_connect.go",
"chars": 6125,
"preview": "package openssl\n\nimport (\n\t\"bytes\"\n\t\"encoding/binary\"\n\t\"fmt\"\n\t\"net/netip\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"golang.org/x/sys/unix"
},
{
"path": "internal/probe/openssl/event_connect_test.go",
"chars": 6599,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/openssl/event_masterkey.go",
"chars": 8088,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/openssl/event_packet.go",
"chars": 4385,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/openssl/event_test.go",
"chars": 8529,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/openssl/libs.go",
"chars": 8799,
"preview": "package openssl\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"runtime\"\n\t\"strconv\"\n\t\"strings\"\n)\n\nconst (\n\t// 备选 HOOK的函数 SSL_is_init_finis"
},
{
"path": "internal/probe/openssl/openssl_probe.go",
"chars": 22104,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/openssl/openssl_probe_test.go",
"chars": 3424,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/openssl/register.go",
"chars": 912,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/postgres/config.go",
"chars": 4776,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/postgres/event.go",
"chars": 4583,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/postgres/postgres_probe.go",
"chars": 7024,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/postgres/postgres_test.go",
"chars": 7890,
"preview": "// Copyright 2024 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/postgres/register.go",
"chars": 972,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "internal/probe/zsh/config.go",
"chars": 3299,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/zsh/event.go",
"chars": 3659,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/zsh/register.go",
"chars": 915,
"preview": "//go:build !ecap_android\n// +build !ecap_android\n\n// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n"
},
{
"path": "internal/probe/zsh/zsh_probe.go",
"chars": 7920,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "internal/probe/zsh/zsh_test.go",
"chars": 3553,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "kern/README.md",
"chars": 6490,
"preview": "# application source doc.\n\n## openssl 1.1.*\n### version\n* define SSL3_VERSION 0x0300\n* define TLS1_VE"
},
{
"path": "kern/bash_kern.c",
"chars": 3993,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "kern/boringssl_a_13_kern.c",
"chars": 1767,
"preview": "#ifndef ECAPTURE_BORINGSSL_A_13_KERN_H\n#define ECAPTURE_BORINGSSL_A_13_KERN_H\n\n/* OPENSSL_VERSION_TEXT: OpenSSL 1.1.1 (c"
},
{
"path": "kern/boringssl_a_14_kern.c",
"chars": 1766,
"preview": "#ifndef ECAPTURE_BORINGSSL_A_14_KERN_H\n#define ECAPTURE_BORINGSSL_A_14_KERN_H\n\n/* OPENSSL_VERSION_TEXT: OpenSSL 1.1.1 (c"
},
{
"path": "kern/boringssl_a_15_kern.c",
"chars": 1766,
"preview": "#ifndef ECAPTURE_BORINGSSL_A_15_KERN_H\n#define ECAPTURE_BORINGSSL_A_15_KERN_H\n\n/* OPENSSL_VERSION_TEXT: OpenSSL 1.1.1 (c"
},
{
"path": "kern/boringssl_a_16_kern.c",
"chars": 1757,
"preview": "#ifndef ECAPTURE_BORINGSSL_A_16_KERN_H\n#define ECAPTURE_BORINGSSL_A_16_KERN_H\n\n/* OPENSSL_VERSION_TEXT: OpenSSL 1.1.1 (c"
},
{
"path": "kern/boringssl_const.h",
"chars": 2436,
"preview": "#ifndef ECAPTURE_BORINGSSL_CONST_H\n#define ECAPTURE_BORINGSSL_CONST_H\n\n/////////////////////////////////////////// DON'T"
},
{
"path": "kern/boringssl_masterkey.h",
"chars": 16208,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "kern/boringssl_na_kern.c",
"chars": 1762,
"preview": "#ifndef ECAPTURE_BORINGSSL_NA_KERN_H\n#define ECAPTURE_BORINGSSL_NA_KERN_H\n\n/* OPENSSL_VERSION_TEXT: OpenSSL 1.1.1 (compa"
},
{
"path": "kern/bpf/arm64/vmlinux_614.h",
"chars": 4854744,
"preview": "#ifndef __VMLINUX_H__\n#define __VMLINUX_H__\n\n#ifndef BPF_NO_PRESERVE_ACCESS_INDEX\n#pragma clang attribute push (__attrib"
},
{
"path": "kern/bpf/bpf_core_read.h",
"chars": 22647,
"preview": "/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */\n#ifndef __BPF_CORE_READ_H__\n#define __BPF_CORE_READ_H__\n\n#incl"
},
{
"path": "kern/bpf/bpf_endian.h",
"chars": 3750,
"preview": "/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */\n#ifndef __BPF_ENDIAN__\n#define __BPF_ENDIAN__\n\n/*\n * Isolate b"
},
{
"path": "kern/bpf/bpf_helper_defs.h",
"chars": 175716,
"preview": "/* This is auto-generated file. See bpf_doc.py for details. */\n\n/* Forward declarations of BPF structs */\nstruct bpf_fib"
},
{
"path": "kern/bpf/bpf_helpers.h",
"chars": 16084,
"preview": "/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */\n#ifndef __BPF_HELPERS__\n#define __BPF_HELPERS__\n\n/*\n * Note th"
},
{
"path": "kern/bpf/bpf_tracing.h",
"chars": 38530,
"preview": "/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */\n#ifndef __BPF_TRACING_H__\n#define __BPF_TRACING_H__\n\n#include "
},
{
"path": "kern/bpf/x86/.gitkeep",
"chars": 0,
"preview": ""
},
{
"path": "kern/bpf/x86/vmlinux_614.h",
"chars": 3442026,
"preview": "#ifndef __VMLINUX_H__\n#define __VMLINUX_H__\n\n#ifndef BPF_NO_PRESERVE_ACCESS_INDEX\n#pragma clang attribute push (__attrib"
},
{
"path": "kern/common.h",
"chars": 2847,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "kern/core_fixes.bpf.h",
"chars": 8639,
"preview": "/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */\n/* Copyright (c) 2021 Hengqi Chen */\n\n#ifndef __CORE_FIXES_BPF"
},
{
"path": "kern/ecapture.h",
"chars": 3186,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "kern/gnutls.h",
"chars": 6478,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "kern/gnutls_3_6_12_kern.c",
"chars": 1429,
"preview": "#ifndef ECAPTURE_GNUTLS_3_6_12_KERN_H\n#define ECAPTURE_GNUTLS_3_6_12_KERN_H\n\n// version 3.6.12\n\n// gnutls_session_int->s"
},
{
"path": "kern/gnutls_3_6_13_kern.c",
"chars": 1453,
"preview": "#ifndef ECAPTURE_GNUTLS_3_6_13_KERN_H\n#define ECAPTURE_GNUTLS_3_6_13_KERN_H\n\n// version 3.6.13, 3.6.14, 3.6.15, 3.6.16\n\n"
},
{
"path": "kern/gnutls_3_7_0_kern.c",
"chars": 1440,
"preview": "#ifndef ECAPTURE_GNUTLS_3_7_0_KERN_H\n#define ECAPTURE_GNUTLS_3_7_0_KERN_H\n\n// version 3.7.0, 3.7.1, 3.7.2\n\n// gnutls_ses"
},
{
"path": "kern/gnutls_3_7_3_kern.c",
"chars": 1447,
"preview": "#ifndef ECAPTURE_GNUTLS_3_7_3_KERN_H\n#define ECAPTURE_GNUTLS_3_7_3_KERN_H\n\n// version 3.7.3, 3.7.4, 3.7.5, 3.7.6\n\n// gnu"
},
{
"path": "kern/gnutls_3_7_7_kern.c",
"chars": 1494,
"preview": "#ifndef ECAPTURE_GNUTLS_3_7_7_KERN_H\n#define ECAPTURE_GNUTLS_3_7_7_KERN_H\n\n// version 3.7.7, 3.7.8, 3.7.9, 3.7.10, 3.7.1"
},
{
"path": "kern/gnutls_3_8_4_kern.c",
"chars": 1440,
"preview": "#ifndef ECAPTURE_GNUTLS_3_8_4_KERN_H\n#define ECAPTURE_GNUTLS_3_8_4_KERN_H\n\n// version 3.8.4, 3.8.5, 3.8.6\n\n// gnutls_ses"
},
{
"path": "kern/gnutls_3_8_7_kern.c",
"chars": 1440,
"preview": "#ifndef ECAPTURE_GNUTLS_3_8_7_KERN_H\n#define ECAPTURE_GNUTLS_3_8_7_KERN_H\n\n// version 3.8.7, 3.8.8, 3.8.9\n\n// gnutls_ses"
},
{
"path": "kern/gnutls_masterkey.h",
"chars": 12796,
"preview": "// Author: yuweizzz <yuwei764969238@gmail.com>.\n//\n// Licensed under the Apache License, Version 2.0 (the \"License\");\n//"
},
{
"path": "kern/go_argument.h",
"chars": 3415,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
},
{
"path": "kern/gotls_kern.c",
"chars": 12325,
"preview": "// Copyright 2022 CFC4N <cfc4n.cs@gmail.com>. All Rights Reserved.\n//\n// Licensed under the Apache License, Version 2.0 "
}
]
// ... and 133 more files (download for full content)
About this extraction
This page contains the full source code of the gojue/ecapture GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 333 files (9.6 MB), approximately 2.5M tokens, and a symbol index with 44077 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.