aboutsummaryrefslogtreecommitdiffstats
path: root/filter/global.go
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--filter/global.go92
1 files changed, 92 insertions, 0 deletions
diff --git a/filter/global.go b/filter/global.go
new file mode 100644
index 0000000..45706d4
--- /dev/null
+++ b/filter/global.go
@@ -0,0 +1,92 @@
1package main
2
3import (
4 "fmt"
5 "time"
6)
7
8type Exec struct {
9 Timestamp time.Time `bson:"timestamp"`
10 ExecArgs []string `bson:"execArgs"`
11}
12
13type Process struct {
14 Star bool `bson:"star"`
15 StartTimestamp time.Time `bson:"start_timestamp"`
16 Ppid int `bson:"ppid"`
17 ParentTgid int `bson:"parentTgid"`
18 Pid int `bson:"pid"`
19 Tgid int `bson:"tgid"`
20 Args []string `bson:"args"`
21 Comm string `bson:"comm"`
22 RootFS string `bson:"rootfs"`
23 Cwd string `bson:"cwd"`
24 Children []int `bson:"children"`
25 Execve []Exec `bson:"execve"`
26 ExitCode int `bson:"exit_code"`
27 ExitSignal int `bson:"exit_signal"`
28 ExitTimestamp time.Time `bson:"exit_timestamp"`
29}
30
31func (p Process) String() string {
32 var res string
33 res = ""
34 res += fmt.Sprintf("timestamp\t%v\n", p.StartTimestamp)
35 res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", p.Ppid, p.ParentTgid)
36 res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.Pid, p.Tgid)
37 for i := 0; i < len(p.Args); i++ {
38 res += fmt.Sprintf("%s ", p.Args[i])
39 }
40 res += fmt.Sprintf("\ncomm\t%s\ncwd\t%s\n", p.Comm, p.Cwd)
41 if len(p.Execve) != 0 {
42 res += fmt.Sprintf("exec:\n")
43 for i := 0; i < len(p.Execve); i++ {
44 res += fmt.Sprintf("\ttimestamp: %v\n\texecArgs:\t", p.Execve[i].Timestamp)
45 for j := 0; j < len(p.Execve[i].ExecArgs); j++ {
46 res += fmt.Sprintf("%s ", p.Execve[i].ExecArgs[j])
47 }
48 res += fmt.Sprintf("\n")
49 }
50 }
51 res += fmt.Sprintf("children: ")
52 for i := 0; i < len(p.Children); i++ {
53 res += fmt.Sprintf("%d ", p.Children[i])
54 }
55 res += fmt.Sprintf("\n")
56 return res
57}
58
59// Queue 定义一个队列结构体
60type Queue struct {
61 items []interface{}
62}
63
64// NewQueue 创建一个新的队列
65func NewQueue() *Queue {
66 return &Queue{items: make([]interface{}, 0)}
67}
68
69// Enqueue 向队列中添加一个元素
70func (q *Queue) Enqueue(item interface{}) {
71 q.items = append(q.items, item)
72}
73
74// Dequeue 从队列中移除并返回队列前面的元素
75func (q *Queue) Dequeue() (interface{}, bool) {
76 if len(q.items) == 0 {
77 return nil, false
78 }
79 item := q.items[0]
80 q.items = q.items[1:]
81 return item, true
82}
83
84// Size 返回队列中的元素数量
85func (q *Queue) Size() int {
86 return len(q.items)
87}
88
89// IsEmpty 检查队列是否为空
90func (q *Queue) IsEmpty() bool {
91 return len(q.items) == 0
92}