internal

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 20, 2019 License: AGPL-3.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Logger *log.Logger

Functions

func BuildNFFilter added in v0.3.1 

func BuildNFFilter(s string) (*regexp.Regexp, error)

BuildNFFilter compiles a regular expression out of "s". Some manipulation may be performed on "s" before it is compiled, depending on the hosting operating system: on macOS for example, if "s" ends with ".app", it will be trated as the root path to an application.

func ExtractAppName added in v0.3.1 

func ExtractAppName(r io.Reader) (string, error)

ExtractAppName is used to find the value of the "CFBundleExecutable" key. "r" is expected to be an ".plist" encoded file.

Types

type OpenFile 

type OpenFile struct {
	Command string
	Pid     int
	User    string
	Fd      string
	Type    string
	Device  string
	Node    string // contains L4 proto
	Name    string // contains src->dst addresses
	State   string // (ENSTABLISHED), (LISTEN), ...
}

func DecodeLsofOutput 

func DecodeLsofOutput(r io.Reader) ([]*OpenFile, error)

DecodeLsofOutput expects "r" to contain the output of an “lsof -i -n -P” call. The output is splitted into each new line, and each line that “UnmarshalLsofLine” is able to Unmarshal is appended to the final output. Returns an error only if reading from "r" produces an error different from “io.EOF”.

func DecodeNetstatOutput added in v0.3.1 

func DecodeNetstatOutput(r io.Reader) ([]*OpenFile, error)

DecodeNetstatOutput expects "r" to contain the output of a “netstat -ano” call. The output is splitted into lines, and each line that “UnmarshalNetstatLine” is able to Unmarshal is appended to the final output. As of “DecodeLsofOutput”, this function returns an error only if reading from "r" produces an error different from “io.EOF”.

func OpenNetFiles added in v0.3.1 

func OpenNetFiles(rgx *regexp.Regexp) ([]*OpenFile, error)

OpenNetFiles uses “lsof” (or its platform dependent equivalent) to find the list of open network files. It then filters the result using "rgx": each line that does not match is discarded.

func UnmarshalLsofLine 

func UnmarshalLsofLine(line string) (*OpenFile, error)

UnmarshalLsofLine expectes "line" to be a single line output from “lsof -i -n -P” call. The line is unmarshaled into an “OpenFile” only if is splittable by " " into a slice of at least 9 items. "line" should not end with a "\n" delimitator, otherwise it will end up in the last unmarshaled item.

"line" examples: "postgres 676 danielmorandini 10u IPv6 0x25c5bf0997ca88e3 0t0 UDP [::1]:60051->[::1]:60051" "Dropbox 614 danielmorandini 247u IPv4 0x25c5bf09a393d583 0t0 TCP 192.168.0.61:58282->162.125.18.133:https (ESTABLISHED)"

func UnmarshalNetstatLine added in v0.3.1 

func UnmarshalNetstatLine(line string) (*OpenFile, error)

UnmarshalNetstatLine expectes "line" to be a single line output from “netstat -ano” call. The line is unmarshaled into an “OpenFile” only if is splittable by " " into a slice of at least 4 items. "line" should not end with a "\n" delimitator, otherwise it will end up in the last unmarshaled item.

"line" examples: " TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4" " UDP [::1]:62261 *:* 1036"

func (*OpenFile) String added in v0.3.1 

func (f *OpenFile) String() string

func (*OpenFile) UnmarshalName 

func (f *OpenFile) UnmarshalName() (net.Addr, net.Addr)

UnmarshalName unmarshals `lsof`'s name field, which by default is in the form: [46][protocol][@hostname|hostaddr][:service|port] but we're disabling hostname conversion with the “-n” option and port conversion with the “-P” option, so the output in printed in the more decodable format: “addr:port->addr:port”.

type Runtime added in v0.3.1 

type Runtime struct {
	OFCmd             pipe.Pipe                            // Open Files Command
	OFDecoder         func(io.Reader) ([]*OpenFile, error) // Open Files Decoder
	PrepareNFExprFunc func(string) string
}

type Task added in v0.3.1 

type Task struct {
	Pid   int
	Image string
}

func DecodeTasklistOutput added in v0.3.1 

func DecodeTasklistOutput(r io.Reader) ([]*Task, error)

DecodeTasklistOutput expects "r" to contain the output of a “tasklist” call. The output is splitted into lines, and each line that “UnmarshakTasklistLine” is able to Unmarshal is appended to the final output, with the expections of the first lines that come before the separator line composed by only "=". Those lines are considered part of the "header".

As of “DecodeLsofOutput”, this function returns an error only if reading from "r" produces an error different from “io.EOF”.

func FilterTasks added in v0.5.1 

func FilterTasks(tasks []*Task, image string) []*Task

FilterTasks takes "tasks", iterates over them and filters out tasks that do not have their image field == "image".

func UnmarshalTasklistLine added in v0.3.1 

func UnmarshalTasklistLine(line string, segLengths []int) (*Task, error)

UnmarshalTasklistLine expectes "line" to be a single line output from “tasklist” call. The line is unmarshaled into a “Task” and the operation is performed by readying bytes equal to "segLengths"[i], in order. "segLengths" should be computed using the header delimitator and counting the number of "=" in each segment of the header (split it by " ")

"line" should not end with a "\n" delimitator, otherwise it will end up in the last unmarshaled item. The "header" lines (see below) should not be passed to this function.

Example header: Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============

Example line: svchost.exe 940 Services 0 52,336 K

func (*Task) String added in v0.3.1 

func (t *Task) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.