1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
package main
import (
"fmt"
"time"
)
type Exec struct {
Timestamp time.Time `bson:"timestamp"`
ExecArgs []string `bson:"execArgs"`
}
type Process struct {
Star bool `bson:"star"`
StartTimestamp time.Time `bson:"start_timestamp"`
Ppid int `bson:"ppid"`
ParentTgid int `bson:"parentTgid"`
Pid int `bson:"pid"`
Tgid int `bson:"tgid"`
Args []string `bson:"args"`
Comm string `bson:"comm"`
RootFS string `bson:"rootfs"`
Cwd string `bson:"cwd"`
Children []int `bson:"children"`
Execve []Exec `bson:"execve"`
ExitCode int `bson:"exit_code"`
ExitSignal int `bson:"exit_signal"`
ExitTimestamp time.Time `bson:"exit_timestamp"`
}
type tgidNode struct {
Tgid int `bson:"tgid"`
FindPid map[int]int `bson:"findPid"`
Threads []Process `bson:"threads"`
ChildTgid []int `bson:"child_tgid"`
}
func (p Process) String() string {
var res string
res = "---------------------\n"
res += fmt.Sprintf("timestamp\t%v\n", p.StartTimestamp)
res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", p.Ppid, p.ParentTgid)
res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.Pid, p.Tgid)
for i := 0; i < len(p.Args); i++ {
res += fmt.Sprintf("%s ", p.Args[i])
}
res += fmt.Sprintf("\ncomm\t%s\ncwd\t%s\n", p.Comm, p.Cwd)
if len(p.Execve) != 0 {
res += fmt.Sprintf("exec:\n")
for i := 0; i < len(p.Execve); i++ {
res += fmt.Sprintf("\ttimestamp: %v\n\texecArgs:\t", p.Execve[i].Timestamp)
for j := 0; j < len(p.Execve[i].ExecArgs); j++ {
res += fmt.Sprintf("%s ", p.Execve[i].ExecArgs[j])
}
res += fmt.Sprintf("\n")
}
}
res += fmt.Sprintf("children: ")
for i := 0; i < len(p.Children); i++ {
res += fmt.Sprintf("%d ", p.Children[i])
}
res += fmt.Sprintf("\n")
res += fmt.Sprintf("exit_timestamp:\t%v\nexit_code:\t%d\nexit_signal:\t%d\n", p.ExitTimestamp, p.ExitCode, p.ExitSignal)
return res
}
type File struct {
OpenTimestamp time.Time `bson:"timestamp"`
FileName string `bson:"fileName"`
Pid int `bson:"pid"`
Fd int `bson:"fd"`
Flags [4]uint64 `bson:"flags"`
Written []time.Time `bson:"written"`
CloseTimestamp time.Time `bson:"close_timestamp"`
}
// Queue 定义一个队列结构体
type Queue struct {
items []interface{}
}
// NewQueue 创建一个新的队列
func NewQueue() *Queue {
return &Queue{items: make([]interface{}, 0)}
}
// Enqueue 向队列中添加一个元素
func (q *Queue) Enqueue(item interface{}) {
q.items = append(q.items, item)
}
// Dequeue 从队列中移除并返回队列前面的元素
func (q *Queue) Dequeue() (interface{}, bool) {
if len(q.items) == 0 {
return nil, false
}
item := q.items[0]
q.items = q.items[1:]
return item, true
}
// Size 返回队列中的元素数量
func (q *Queue) Size() int {
return len(q.items)
}
// IsEmpty 检查队列是否为空
func (q *Queue) IsEmpty() bool {
return len(q.items) == 0
}
|
