Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial implementation of ebpf plugin #3882

Merged
merged 3 commits into from
Nov 6, 2024
Merged

Initial implementation of ebpf plugin #3882

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
eeb005d
Initial implementation of ebpf plugin
scudette Oct 29, 2024
0b77ddb
Initial implementation of ebpf plugin.
scudette Nov 6, 2024
8631783
Added build rules to exclude windows build.
scudette Nov 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,3 +125,6 @@ deadcode:

api_check:
python ./scripts/api_checker.py .

ebpf:
go generate ./vql/linux/ebpf/
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ Velociraptor is also useful as a local triage tool. You can create a self contai
## Building from source

To build from source, make sure you have:
- a recent Golang installed from https://golang.org/dl/ (Currently at least Go 1.17)
- a recent Golang installed from https://golang.org/dl/ (Currently at least Go 1.23.2)
- the `go` binary is in your path.
- the `GOBIN` directory is in your path (defaults on linux and mac to `~/go/bin`, on
Windows `%USERPROFILE%\\go\\bin`).
Expand Down
4 changes: 3 additions & 1 deletion accessors/zip/zip.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -472,8 +472,10 @@ loop:

// A directory has no member file
} else {
// Preserve the original casing for the directory
basename := cd_cache.full_path.Components[depth]
seen[member_name] = &ZipFileInfo{
_full_path: full_path.Append(member_name),
_full_path: full_path.Append(basename),
}
}
}
Expand Down
52 changes: 32 additions & 20 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
module www.velocidex.com/golang/velociraptor

require (
cloud.google.com/go/pubsub v1.33.0
cloud.google.com/go/storage v1.33.0
cloud.google.com/go/pubsub v1.36.1
cloud.google.com/go/storage v1.38.0
github.com/Depado/bfchroma v1.3.0
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Showmax/go-fqdn v1.0.0
Expand All @@ -28,7 +28,7 @@ require (
github.com/crewjam/saml v0.4.14
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
github.com/dimchansky/utfbom v1.1.1
github.com/dustin/go-humanize v1.0.0
github.com/dustin/go-humanize v1.0.1
github.com/elastic/go-elasticsearch/v7 v7.3.0 // indirect
github.com/go-ole/go-ole v1.2.6
github.com/go-sql-driver/mysql v1.7.1
Expand Down Expand Up @@ -61,7 +61,7 @@ require (
github.com/oschwald/maxminddb-golang v1.8.0
github.com/pkg/sftp v1.13.6
github.com/prometheus/client_golang v1.15.1
github.com/prometheus/client_model v0.4.0
github.com/prometheus/client_model v0.6.0
github.com/qri-io/starlib v0.5.0
github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
github.com/robertkrimen/otto v0.3.0
Expand All @@ -74,13 +74,13 @@ require (
github.com/xor-gate/debpkg v1.0.0
go.starlark.net v0.0.0-20230925163745-10651d5192ab
golang.org/x/crypto v0.28.0
golang.org/x/mod v0.17.0
golang.org/x/mod v0.21.0
golang.org/x/net v0.30.0
golang.org/x/sys v0.26.0
golang.org/x/text v0.19.0
golang.org/x/time v0.3.0
google.golang.org/api v0.146.0
google.golang.org/genproto v0.0.0-20231009173412-8bfb1ae86b6c // indirect
golang.org/x/time v0.5.0
google.golang.org/api v0.169.0
google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
google.golang.org/grpc v1.67.1
google.golang.org/protobuf v1.35.1
gopkg.in/alecthomas/kingpin.v2 v2.2.6
Expand All @@ -101,7 +101,7 @@ require (
require (
github.com/AlecAivazis/survey/v2 v2.3.6
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0
github.com/Masterminds/semver/v3 v3.2.1
github.com/Masterminds/semver/v3 v3.3.0
github.com/Masterminds/sprig/v3 v3.2.2
github.com/Velocidex/WinPmem/go-winpmem v0.0.0-20240711041142-80f6ecbbeb7f
github.com/Velocidex/file-rotatelogs v0.0.0-20211221020724-d12e4dae4e11
Expand All @@ -115,10 +115,11 @@ require (
github.com/Velocidex/grok v0.0.1
github.com/Velocidex/ordereddict v0.0.0-20230909174157-2aa49cc5d11d
github.com/Velocidex/sigma-go v0.0.0-20241025122940-1b771d3d57a9
github.com/Velocidex/tracee_velociraptor v0.0.0-20241106121949-8da0b4c4f2e6
github.com/VirusTotal/gyp v0.9.0
github.com/alecthomas/kingpin/v2 v2.4.0
github.com/alitto/pond v1.8.3
github.com/andybalholm/brotli v1.0.4
github.com/andybalholm/brotli v1.0.5
github.com/aws/aws-sdk-go-v2 v1.25.2
github.com/aws/aws-sdk-go-v2/config v1.27.6
github.com/aws/aws-sdk-go-v2/credentials v1.17.6
Expand Down Expand Up @@ -157,17 +158,18 @@ require (
)

require (
cloud.google.com/go v0.110.8 // indirect
cloud.google.com/go v0.112.1 // indirect
cloud.google.com/go/compute/metadata v0.5.0 // indirect
cloud.google.com/go/iam v1.1.2 // indirect
cloud.google.com/go/iam v1.1.6 // indirect
github.com/360EntSecGroup-Skylar/excelize v1.4.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.1 // indirect
github.com/PuerkitoBio/goquery v1.8.1 // indirect
github.com/alecthomas/colour v0.1.0 // indirect
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
github.com/alecthomas/units v0.0.0-20240626203959-61d1e3462e30 // indirect
github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b // indirect
github.com/andybalholm/cascadia v1.3.2 // indirect
github.com/aquasecurity/tracee/types v0.0.0-20241031161530-c8032d24da01 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 // indirect
Expand All @@ -187,18 +189,22 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/cavaliergopher/cpio v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/cilium/ebpf v0.16.0 // indirect
github.com/crewjam/httperr v0.2.0 // indirect
github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 // indirect
github.com/dlclark/regexp2 v1.7.0 // indirect
github.com/dustmop/soup v1.1.2-0.20190516214245-38228baa104e // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/geoffgarside/ber v1.1.0 // indirect
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
github.com/go-logr/logr v1.4.1 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/golang/gddo v0.0.0-20210115222349-20d68f94ee1f // indirect
github.com/golang/glog v1.2.2 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.2 // indirect
github.com/gorilla/css v1.0.0 // indirect
github.com/gorilla/securecookie v1.1.1 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
Expand Down Expand Up @@ -234,12 +240,19 @@ require (
github.com/yusufpapurcu/wmi v1.2.2 // indirect
go.mongodb.org/mongo-driver v1.12.1 // indirect
go.opencensus.io v0.24.0 // indirect
go.uber.org/goleak v1.2.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
go.opentelemetry.io/otel v1.24.0 // indirect
go.opentelemetry.io/otel/metric v1.24.0 // indirect
go.opentelemetry.io/otel/trace v1.24.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/term v0.25.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
kernel.org/pub/linux/libs/security/libcap/cap v1.2.71 // indirect
kernel.org/pub/linux/libs/security/libcap/psx v1.2.71 // indirect
www.velocidex.com/golang/binparsergen v0.1.1-0.20240404114946-8f66c7cf586e // indirect
)

Expand Down Expand Up @@ -273,14 +286,13 @@ require (
// replace github.com/Velocidex/go-mscfb => ../go-mscfb
// replace github.com/Velocidex/WinPmem/go-winpmem => ../WinPmem/go-winpmem
// replace github.com/Velocidex/sigma-go => ../sigma-go
// replace github.com/Velocidex/tracee_velociraptor => ../tracee_velociraptor

// Remove search for html end block. This allows inserting unbalanced
// HTML tags into the markdown
replace github.com/russross/blackfriday/v2 => github.com/Velocidex/blackfriday/v2 v2.0.2-0.20200811050547-4f26a09e2b3b

go 1.23

toolchain go1.23.1
go 1.23.2

// Needed for syntax highlighting VQL. Removes extra fat.
replace github.com/alecthomas/chroma => github.com/Velocidex/chroma v0.6.8-0.20200418131129-82edc291369c
Expand Down
Loading
Loading