socket

package
v5.6.13+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 19, 2018 License: Apache-2.0 Imports: 20 Imported by: 153

Documentation

Overview

Package socket captures active sockets and the processes that own them.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New

func New(base mb.BaseMetricSet) (mb.MetricSet, error)

Types

type Config

type Config struct {
	ReverseLookup *ReverseLookupConfig `config:"socket.reverse_lookup"`
}

Config is the configuration specific to the socket MetricSet.

type Direction

type Direction uint8

Direction indicates how a socket was initiated.

const (

	// Incoming indicates a connection was established from the outside to
	// listening socket on this host.
	Incoming Direction
	// Outgoing indicates a connection was established from this socket to an
	// external listening socket.
	Outgoing
	// Listening indicates a socket that is listening.
	Listening
)

func (Direction) String

func (d Direction) String() string

type ListenerTable

type ListenerTable struct {
	// contains filtered or unexported fields
}

ListenerTable tracks sockets that are listening. It can then be used to identify if a socket is listening, incoming, or outgoing.

func NewListenerTable

func NewListenerTable() *ListenerTable

NewListenerTable returns a new ListenerTable.

func (*ListenerTable) Direction

func (t *ListenerTable) Direction(
	proto uint8,
	localIP net.IP, localPort int,
	remoteIP net.IP, remotePort int,
) Direction

Direction returns whether the connection was incoming or outgoing based on the protocol and local address. It compares the given local address to the listeners in the table for the protocol and returns Incoming if there is a match. If remotePort is 0 then Listening is returned.

func (*ListenerTable) Put

func (t *ListenerTable) Put(proto uint8, ip net.IP, port int)

Put puts a new listening address into the table.

func (*ListenerTable) Reset

func (t *ListenerTable) Reset()

Reset resets all data in the table.

type MetricSet

type MetricSet struct {
	mb.BaseMetricSet
	// contains filtered or unexported fields
}

func (*MetricSet) Fetch

func (m *MetricSet) Fetch() ([]common.MapStr, error)

type Proc

type Proc struct {
	PID        int
	Command    string
	Executable string
	CmdLine    string
}

Proc contains static process information.

type ProcTable

type ProcTable struct {
	// contains filtered or unexported fields
}

ProcTable contains all of the active processes (if the current user is root).

func NewProcTable

func NewProcTable(mountpoint string) (*ProcTable, error)

NewProcTable returns a new ProcTable that reads data from the /proc directory by default. An alternative proc filesystem mountpoint can be specified through the mountpoint parameter.

func (*ProcTable) ProcessBySocketInode

func (t *ProcTable) ProcessBySocketInode(inode uint32) *Proc

ProcessBySocketInode returns the Proc associated with the given socket inode.

func (*ProcTable) Refresh

func (t *ProcTable) Refresh() error

Refresh updates the process table with new processes and removes processes that have exited. It collects the PID, command, and socket inode information. If running as non-root, only information from the current process will be collected.

type ReverseLookupCache

type ReverseLookupCache struct {
	// contains filtered or unexported fields
}

ReverseLookupCache is a cache for storing and retrieving the results of reverse DNS queries. It caches the results of queries regardless of their outcome (success or failure). The result is cached for the amount of time specified by parameters and not based on the TTL from the PTR record.

func NewReverseLookupCache

func NewReverseLookupCache(successTTL, failureTTL time.Duration) *ReverseLookupCache

NewReverseLookupCache returns a new cache.

func (*ReverseLookupCache) Cleanup

func (c *ReverseLookupCache) Cleanup()

Cleanup removes expired entries from the cache.

func (ReverseLookupCache) Lookup

func (c ReverseLookupCache) Lookup(ip net.IP) (string, error)

Lookup performs a reverse lookup on the given IP address. A cached result will be returned if it is contained in the cache, otherwise a lookup is performed.

type ReverseLookupConfig

type ReverseLookupConfig struct {
	Enabled    *bool         `config:"enabled"`
	SuccessTTL time.Duration `config:"success_ttl"`
	FailureTTL time.Duration `config:"failure_ttl"`
}

ReverseLookupConfig contains the configuration that controls the reverse DNS lookup behavior.

func (*ReverseLookupConfig) IsEnabled

func (c *ReverseLookupConfig) IsEnabled() bool

IsEnabled returns true if reverse_lookup is defined and 'enabled' is either not set or set to true.

type UserCache

type UserCache map[int]string

UserCache is a cache of UID to username.

func NewUserCache

func NewUserCache() UserCache

NewUserCache returns a new UserCache.

func (UserCache) LookupUID

func (c UserCache) LookupUID(uid int) string

LookupUID looks up a UID and returns the username associated with it. If no username could be found an empty string is returned. The value will be cached forever.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL