diff options
Diffstat (limited to '')
-rw-r--r-- | filter/global.go | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/filter/global.go b/filter/global.go new file mode 100644 index 0000000..45706d4 --- /dev/null +++ b/filter/global.go | |||
@@ -0,0 +1,92 @@ | |||
1 | package main | ||
2 | |||
3 | import ( | ||
4 | "fmt" | ||
5 | "time" | ||
6 | ) | ||
7 | |||
8 | type Exec struct { | ||
9 | Timestamp time.Time `bson:"timestamp"` | ||
10 | ExecArgs []string `bson:"execArgs"` | ||
11 | } | ||
12 | |||
13 | type Process struct { | ||
14 | Star bool `bson:"star"` | ||
15 | StartTimestamp time.Time `bson:"start_timestamp"` | ||
16 | Ppid int `bson:"ppid"` | ||
17 | ParentTgid int `bson:"parentTgid"` | ||
18 | Pid int `bson:"pid"` | ||
19 | Tgid int `bson:"tgid"` | ||
20 | Args []string `bson:"args"` | ||
21 | Comm string `bson:"comm"` | ||
22 | RootFS string `bson:"rootfs"` | ||
23 | Cwd string `bson:"cwd"` | ||
24 | Children []int `bson:"children"` | ||
25 | Execve []Exec `bson:"execve"` | ||
26 | ExitCode int `bson:"exit_code"` | ||
27 | ExitSignal int `bson:"exit_signal"` | ||
28 | ExitTimestamp time.Time `bson:"exit_timestamp"` | ||
29 | } | ||
30 | |||
31 | func (p Process) String() string { | ||
32 | var res string | ||
33 | res = "" | ||
34 | res += fmt.Sprintf("timestamp\t%v\n", p.StartTimestamp) | ||
35 | res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", p.Ppid, p.ParentTgid) | ||
36 | res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.Pid, p.Tgid) | ||
37 | for i := 0; i < len(p.Args); i++ { | ||
38 | res += fmt.Sprintf("%s ", p.Args[i]) | ||
39 | } | ||
40 | res += fmt.Sprintf("\ncomm\t%s\ncwd\t%s\n", p.Comm, p.Cwd) | ||
41 | if len(p.Execve) != 0 { | ||
42 | res += fmt.Sprintf("exec:\n") | ||
43 | for i := 0; i < len(p.Execve); i++ { | ||
44 | res += fmt.Sprintf("\ttimestamp: %v\n\texecArgs:\t", p.Execve[i].Timestamp) | ||
45 | for j := 0; j < len(p.Execve[i].ExecArgs); j++ { | ||
46 | res += fmt.Sprintf("%s ", p.Execve[i].ExecArgs[j]) | ||
47 | } | ||
48 | res += fmt.Sprintf("\n") | ||
49 | } | ||
50 | } | ||
51 | res += fmt.Sprintf("children: ") | ||
52 | for i := 0; i < len(p.Children); i++ { | ||
53 | res += fmt.Sprintf("%d ", p.Children[i]) | ||
54 | } | ||
55 | res += fmt.Sprintf("\n") | ||
56 | return res | ||
57 | } | ||
58 | |||
59 | // Queue 定义一个队列结构体 | ||
60 | type Queue struct { | ||
61 | items []interface{} | ||
62 | } | ||
63 | |||
64 | // NewQueue 创建一个新的队列 | ||
65 | func NewQueue() *Queue { | ||
66 | return &Queue{items: make([]interface{}, 0)} | ||
67 | } | ||
68 | |||
69 | // Enqueue 向队列中添加一个元素 | ||
70 | func (q *Queue) Enqueue(item interface{}) { | ||
71 | q.items = append(q.items, item) | ||
72 | } | ||
73 | |||
74 | // Dequeue 从队列中移除并返回队列前面的元素 | ||
75 | func (q *Queue) Dequeue() (interface{}, bool) { | ||
76 | if len(q.items) == 0 { | ||
77 | return nil, false | ||
78 | } | ||
79 | item := q.items[0] | ||
80 | q.items = q.items[1:] | ||
81 | return item, true | ||
82 | } | ||
83 | |||
84 | // Size 返回队列中的元素数量 | ||
85 | func (q *Queue) Size() int { | ||
86 | return len(q.items) | ||
87 | } | ||
88 | |||
89 | // IsEmpty 检查队列是否为空 | ||
90 | func (q *Queue) IsEmpty() bool { | ||
91 | return len(q.items) == 0 | ||
92 | } | ||