Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var Logger *log.Logger
Functions ¶
func BuildNFFilter ¶ added in v0.3.1
BuildNFFilter compiles a regular expression out of "s". Some manipulation may be performed on "s" before it is compiled, depending on the hosting operating system: on macOS for example, if "s" ends with ".app", it will be trated as the root path to an application.
Types ¶
type OpenFile ¶
type OpenFile struct { Command string Pid int User string Fd string Type string Device string Node string // contains L4 proto Name string // contains src->dst addresses State string // (ENSTABLISHED), (LISTEN), ... }
func DecodeLsofOutput ¶
DecodeLsofOutput expects "r" to contain the output of an “lsof -i -n -P” call. The output is splitted into each new line, and each line that “UnmarshalLsofLine” is able to Unmarshal is appended to the final output. Returns an error only if reading from "r" produces an error different from “io.EOF”.
func DecodeNetstatOutput ¶ added in v0.3.1
DecodeNetstatOutput expects "r" to contain the output of a “netstat -ano” call. The output is splitted into lines, and each line that “UnmarshalNetstatLine” is able to Unmarshal is appended to the final output. As of “DecodeLsofOutput”, this function returns an error only if reading from "r" produces an error different from “io.EOF”.
func OpenNetFiles ¶ added in v0.3.1
OpenNetFiles uses “lsof” (or its platform dependent equivalent) to find the list of open network files. It then filters the result using "rgx": each line that does not match is discarded.
func UnmarshalLsofLine ¶
UnmarshalLsofLine expectes "line" to be a single line output from “lsof -i -n -P” call. The line is unmarshaled into an “OpenFile” only if is splittable by " " into a slice of at least 9 items. "line" should not end with a "\n" delimitator, otherwise it will end up in the last unmarshaled item.
"line" examples: "postgres 676 danielmorandini 10u IPv6 0x25c5bf0997ca88e3 0t0 UDP [::1]:60051->[::1]:60051" "Dropbox 614 danielmorandini 247u IPv4 0x25c5bf09a393d583 0t0 TCP 192.168.0.61:58282->162.125.18.133:https (ESTABLISHED)"
func UnmarshalNetstatLine ¶ added in v0.3.1
UnmarshalNetstatLine expectes "line" to be a single line output from “netstat -ano” call. The line is unmarshaled into an “OpenFile” only if is splittable by " " into a slice of at least 4 items. "line" should not end with a "\n" delimitator, otherwise it will end up in the last unmarshaled item.
"line" examples: " TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4" " UDP [::1]:62261 *:* 1036"
func (*OpenFile) UnmarshalName ¶
UnmarshalName unmarshals `lsof`'s name field, which by default is in the form: [46][protocol][@hostname|hostaddr][:service|port] but we're disabling hostname conversion with the “-n” option and port conversion with the “-P” option, so the output in printed in the more decodable format: “addr:port->addr:port”.
type Task ¶ added in v0.3.1
func DecodeTasklistOutput ¶ added in v0.3.1
DecodeTasklistOutput expects "r" to contain the output of a “tasklist” call. The output is splitted into lines, and each line that “UnmarshakTasklistLine” is able to Unmarshal is appended to the final output, with the expections of the first lines that come before the separator line composed by only "=". Those lines are considered part of the "header".
As of “DecodeLsofOutput”, this function returns an error only if reading from "r" produces an error different from “io.EOF”.
func FilterTasks ¶ added in v0.5.1
FilterTasks takes "tasks", iterates over them and filters out tasks that do not have their image field == "image".
func UnmarshalTasklistLine ¶ added in v0.3.1
UnmarshalTasklistLine expectes "line" to be a single line output from “tasklist” call. The line is unmarshaled into a “Task” and the operation is performed by readying bytes equal to "segLengths"[i], in order. "segLengths" should be computed using the header delimitator and counting the number of "=" in each segment of the header (split it by " ")
"line" should not end with a "\n" delimitator, otherwise it will end up in the last unmarshaled item. The "header" lines (see below) should not be passed to this function.
Example header: Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============
Example line: svchost.exe 940 Services 0 52,336 K