|
|
|
|
@ -1,6 +1,7 @@
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"context"
|
|
|
|
|
"fmt"
|
|
|
|
|
"log"
|
|
|
|
|
@ -8,7 +9,6 @@ import (
|
|
|
|
|
"os"
|
|
|
|
|
"os/signal"
|
|
|
|
|
"syscall"
|
|
|
|
|
"bytes"
|
|
|
|
|
|
|
|
|
|
"github.com/cilium/ebpf"
|
|
|
|
|
"github.com/cilium/ebpf/link"
|
|
|
|
|
@ -22,6 +22,28 @@ const progName = "{{crate_name}}"
|
|
|
|
|
//go:embed .ebpf/{{project-name}}
|
|
|
|
|
var ebpfBytes []byte
|
|
|
|
|
|
|
|
|
|
func extractPrintableStrings(raw []byte) []string {
|
|
|
|
|
var result []string
|
|
|
|
|
var current []byte
|
|
|
|
|
|
|
|
|
|
for _, b := range raw {
|
|
|
|
|
if b >= 0x20 && b <= 0x7E {
|
|
|
|
|
current = append(current, b)
|
|
|
|
|
} else {
|
|
|
|
|
if len(current) > 0 {
|
|
|
|
|
result = append(result, string(current))
|
|
|
|
|
current = nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(current) > 0 {
|
|
|
|
|
result = append(result, string(current))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
|
defaultIface := "{{default_iface}}"
|
|
|
|
|
ifaceName := defaultIface
|
|
|
|
|
@ -86,7 +108,8 @@ func main() {
|
|
|
|
|
if err != nil {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
fmt.Printf("Aya log: %s\n", string(record.RawSample))
|
|
|
|
|
msg := extractPrintableStrings(record.RawSample)
|
|
|
|
|
fmt.Printf("[INFO %s] %s\n", msg[1], msg[len(msg)-1])
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
Joseph Ligier
1 month ago