Match tries to match parts of a connection with the given operator.
(con *conman.Connection, hasChecksums bool)
| 334 | |
| 335 | // Match tries to match parts of a connection with the given operator. |
| 336 | func (o *Operator) Match(con *conman.Connection, hasChecksums bool) bool { |
| 337 | |
| 338 | if o.Operand == OpTrue { |
| 339 | return true |
| 340 | } else if o.Operand == OpList { |
| 341 | return o.listMatch(con, hasChecksums) |
| 342 | } else if o.Operand == OpProcessPath { |
| 343 | return o.cb(con.Process.Path) |
| 344 | } else if o.Operand == OpProcessParentPath { |
| 345 | p := con.Process |
| 346 | for pp := p.Parent; pp != nil; pp = pp.Parent { |
| 347 | if o.cb(pp.Path) { |
| 348 | return true |
| 349 | } |
| 350 | } |
| 351 | return false |
| 352 | } else if o.Operand == OpProcessCmd { |
| 353 | return o.cb(strings.Join(con.Process.Args, " ")) |
| 354 | } else if o.Operand == OpDstHost { |
| 355 | return o.cb(con.DstHost) |
| 356 | } else if o.Operand == OpDstIP { |
| 357 | return o.cb(con.DstIP.String()) |
| 358 | } else if o.Operand == OpDstPort { |
| 359 | return o.cb(strconv.FormatUint(uint64(con.DstPort), 10)) |
| 360 | } else if o.Operand == OpDomainsLists { |
| 361 | return o.cb(con.DstHost) |
| 362 | } else if o.Operand == OpIPLists { |
| 363 | return o.cb(con.DstIP.String()) |
| 364 | } else if o.Operand == OpHashMD5Lists { |
| 365 | return o.cb(con.Process.Checksums[procmon.HashMD5]) |
| 366 | } else if o.Operand == OpUserID || o.Operand == OpUserName { |
| 367 | return o.cb(strconv.Itoa(con.Entry.UserId)) |
| 368 | } else if o.Operand == OpDstNetwork { |
| 369 | return o.cb(con.DstIP) |
| 370 | } else if o.Operand == OpSrcNetwork { |
| 371 | return o.cb(con.SrcIP) |
| 372 | } else if o.Operand == OpNetLists { |
| 373 | return o.cb(con.DstIP) |
| 374 | } else if o.Operand == OpDomainsRegexpLists { |
| 375 | return o.cb(con.DstHost) |
| 376 | } else if o.Operand == OpIfaceIn { |
| 377 | if ifname, err := net.InterfaceByIndex(con.Pkt.IfaceInIdx); err == nil { |
| 378 | return o.cb(ifname.Name) |
| 379 | } |
| 380 | } else if o.Operand == OpIfaceOut { |
| 381 | if ifname, err := net.InterfaceByIndex(con.Pkt.IfaceOutIdx); err == nil { |
| 382 | return o.cb(ifname.Name) |
| 383 | } |
| 384 | } else if o.Operand == OpProcessHashMD5 || o.Operand == OpProcessHashSHA1 { |
| 385 | ret := true |
| 386 | if !hasChecksums { |
| 387 | return ret |
| 388 | } |
| 389 | con.Process.RLock() |
| 390 | for algo := range con.Process.Checksums { |
| 391 | ret = o.cb(con.Process.Checksums[algo]) |
| 392 | if ret { |
| 393 | break |