mirror/rustnet
1
0
Fork 0
mirror of https://github.com/domcyrus/rustnet.git synced 2026-02-05 05:38:41 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: reorganize platform code into per-platform directories (#81)

Browse Source 
* feat: reorganize platform code into per-platform directories

- Move platform files into linux/, macos/, windows/, freebsd/ subdirectories
- Unify create_process_lookup() API with _use_pktap parameter across all platforms
- Update build.rs paths for eBPF program location
- Reduce cfg attributes in main mod.rs from ~42 to 8

* fix: widen tolerance for test_sliding_window_no_skip_first_sample

Increase acceptable range from 9000-11000 to 5000-15000 to account
for timing variability on macOS ARM CI runners.

* docs: update Linux build dependencies and remove EBPF_BUILD.md

- Add missing build-essential, pkg-config, zlib1g-dev to documentation
- Update rust.yml CI with complete dependencies
- Remove EBPF_BUILD.md (info already in INSTALL.md)
- Update references in README.md and ARCHITECTURE.md
This commit is contained in:
Marco Cadetg
2025-11-30 18:08:11 +01:00
committed by GitHub
parent fed1efaa30
commit 3a8e8614bc
32 changed files with 526 additions and 445 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/aur-update.yml vendored
View File

@@ -6,6 +6,9 @@ on:
- "v[0-9]+.[0-9]+.[0-9]+"
workflow_dispatch:
permissions:
contents: read
jobs:
update-aur:
name: update-aur

3
.github/workflows/ppa-release.yml vendored
View File

@@ -20,6 +20,9 @@ on:
tags:
- 'v*'
permissions:
contents: read
env:
DEBEMAIL: cadetg@gmail.com
DEBFULLNAME: Marco Cadetg

3
.github/workflows/publish.yml vendored
View File

@@ -6,6 +6,9 @@ on:
- "v[0-9]+.[0-9]+.[0-9]+"
workflow_dispatch:
permissions:
contents: read
jobs:
publish:
runs-on: ubuntu-latest

3
.github/workflows/release.yml vendored
View File

@@ -25,6 +25,9 @@ on:
- "v[0-9]+.[0-9]+.[0-9]+"
workflow_dispatch:
permissions:
contents: write
env:
RUST_BACKTRACE: 1
RUSTNET_ASSET_DIR: assets

5
.github/workflows/rust.yml vendored
View File

@@ -21,6 +21,9 @@ on:
- '.github/workflows/rust.yml'
workflow_dispatch:
permissions:
contents: read
env:
CARGO_TERM_COLOR: always
@@ -30,7 +33,7 @@ jobs:
steps:
- uses: actions/checkout@v6
- name: Install dependencies
run: sudo apt-get update && sudo apt-get install -y libpcap-dev libelf-dev clang llvm
run: sudo apt-get update && sudo apt-get install -y libpcap-dev libelf-dev zlib1g-dev clang llvm pkg-config
- name: Build
run: cargo build --verbose
- name: Run tests

48
.github/workflows/test-freebsd.yml vendored
View File

@@ -1,48 +0,0 @@
name: Test FreeBSD Build
on:
workflow_dispatch:
pull_request:
paths:
- 'Cargo.toml'
- 'build.rs'
- 'src/**'
- '.github/workflows/test-freebsd.yml'
env:
RUST_BACKTRACE: 1
jobs:
test-freebsd-build:
name: Test FreeBSD x64 Build
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Build and test on FreeBSD
uses: vmactions/freebsd-vm@b9c3f24600acdef618ef1c9e2d3c6eeda4dce712 # v1.2.7
with:
usesh: true
prepare: |
pkg install -y curl libpcap rust
run: |
echo "Building for FreeBSD without default features (no eBPF)"
cargo build --verbose --release --no-default-features
echo "Verifying binary was created"
if [ -f "target/release/rustnet" ]; then
echo "✅ FreeBSD binary successfully built"
ls -lh target/release/rustnet
else
echo "❌ FreeBSD binary not found"
exit 1
fi
- name: Upload binary as artifact
uses: actions/upload-artifact@v5
with:
name: rustnet-freebsd-x64
path: target/release/rustnet
if-no-files-found: error

190
.github/workflows/test-platform-builds.yml vendored Normal file
View File

@@ -0,0 +1,190 @@
name: Test Platform Builds
# Test builds on all supported platforms.
# Runs automatically on PRs and can be triggered manually for specific platforms.
on:
workflow_dispatch:
inputs:
platform:
description: 'Platform to build'
required: true
type: choice
options:
- all
- linux
- macos
- windows
- freebsd
pull_request:
paths:
- 'Cargo.toml'
- 'build.rs'
- 'src/**'
- '.github/workflows/test-platform-builds.yml'
permissions:
contents: read
env:
RUST_BACKTRACE: 1
CARGO_TERM_COLOR: always
jobs:
build-linux:
name: Build Linux (x64)
if: ${{ github.event_name == 'pull_request' || github.event.inputs.platform == 'all' || github.event.inputs.platform == 'linux' }}
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Install dependencies
run: |
sudo apt-get update -y
sudo apt-get install -y libpcap-dev libelf-dev zlib1g-dev clang llvm pkg-config
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Build
run: cargo build --verbose --release
- name: Run tests
run: cargo test --verbose
- name: Upload artifact
uses: actions/upload-artifact@v5
with:
name: rustnet-linux-x64
path: target/release/rustnet
if-no-files-found: error
build-macos-intel:
name: Build macOS (Intel)
if: ${{ github.event_name == 'pull_request' || github.event.inputs.platform == 'all' || github.event.inputs.platform == 'macos' }}
runs-on: macos-14
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: x86_64-apple-darwin
- name: Build
run: cargo build --verbose --release --target x86_64-apple-darwin --no-default-features
- name: Upload artifact
uses: actions/upload-artifact@v5
with:
name: rustnet-macos-intel
path: target/x86_64-apple-darwin/release/rustnet
if-no-files-found: error
build-macos-arm:
name: Build macOS (Apple Silicon)
if: ${{ github.event_name == 'pull_request' || github.event.inputs.platform == 'all' || github.event.inputs.platform == 'macos' }}
runs-on: macos-14
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: aarch64-apple-darwin
- name: Build
run: cargo build --verbose --release --target aarch64-apple-darwin --no-default-features
- name: Run tests
run: cargo test --verbose
- name: Upload artifact
uses: actions/upload-artifact@v5
with:
name: rustnet-macos-arm
path: target/aarch64-apple-darwin/release/rustnet
if-no-files-found: error
build-windows-x64:
name: Build Windows (64-bit)
if: ${{ github.event_name == 'pull_request' || github.event.inputs.platform == 'all' || github.event.inputs.platform == 'windows' }}
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: x86_64-pc-windows-msvc
- name: Build
run: cargo build --verbose --release --target x86_64-pc-windows-msvc --no-default-features
- name: Upload artifact
uses: actions/upload-artifact@v5
with:
name: rustnet-windows-x64
path: target/x86_64-pc-windows-msvc/release/rustnet.exe
if-no-files-found: error
build-windows-x86:
name: Build Windows (32-bit)
if: ${{ github.event_name == 'pull_request' || github.event.inputs.platform == 'all' || github.event.inputs.platform == 'windows' }}
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: i686-pc-windows-msvc
- name: Build
run: cargo build --verbose --release --target i686-pc-windows-msvc --no-default-features
- name: Upload artifact
uses: actions/upload-artifact@v5
with:
name: rustnet-windows-x86
path: target/i686-pc-windows-msvc/release/rustnet.exe
if-no-files-found: error
build-freebsd:
name: Build FreeBSD (x64)
if: ${{ github.event_name == 'pull_request' || github.event.inputs.platform == 'all' || github.event.inputs.platform == 'freebsd' }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Build on FreeBSD
uses: vmactions/freebsd-vm@b9c3f24600acdef618ef1c9e2d3c6eeda4dce712 # v1.2.7
with:
usesh: true
prepare: |
pkg install -y curl libpcap rust
run: |
echo "Building for FreeBSD without default features (no eBPF)"
cargo build --verbose --release --no-default-features
echo "Verifying binary was created"
if [ -f "target/release/rustnet" ]; then
echo "FreeBSD binary successfully built"
ls -lh target/release/rustnet
else
echo "FreeBSD binary not found"
exit 1
fi
- name: Upload artifact
uses: actions/upload-artifact@v5
with:
name: rustnet-freebsd-x64
path: target/release/rustnet
if-no-files-found: error

2
ARCHITECTURE.md
View File

@@ -180,8 +180,6 @@ RustNet uses platform-specific APIs to associate network connections with proces
- If eBPF fails to load (permissions, kernel compatibility), automatically falls back to procfs mode
- TUI Statistics panel shows active detection method
See [EBPF_BUILD.md](EBPF_BUILD.md) for detailed eBPF build and deployment information.
#### macOS
**PKTAP Mode (with sudo):**

156
EBPF_BUILD.md
View File

@@ -1,156 +0,0 @@
# eBPF Build Guide
This document explains how to work with eBPF kernel headers in this project.
**Note:** eBPF is now enabled by default on Linux builds. This guide provides detailed information about the eBPF implementation and how to customize the build.
## Current Setup
The project bundles **architecture-specific vmlinux.h files** from the [libbpf/vmlinux.h](https://github.com/libbpf/vmlinux.h) repository. This eliminates network dependencies during builds and ensures reproducible builds.
### Bundled vmlinux.h Files
Pre-downloaded vmlinux.h files (based on Linux kernel 6.14) are included in the repository at:
- `resources/ebpf/vmlinux/x86/vmlinux.h` (for x86_64, ~1.1MB)
- `resources/ebpf/vmlinux/aarch64/vmlinux.h` (for aarch64, ~1.0MB)
- `resources/ebpf/vmlinux/arm/vmlinux.h` (for armv7, ~981KB)
These files are automatically used during the build process based on the target architecture. **No network access is required** during compilation.
**Benefits:**
- **Zero network dependency**: Works in restricted build environments (COPR, Fedora build systems, etc.)
- **Reproducible builds**: Same headers every time, no external dependencies
- **Complete kernel definitions**: All kernel structures available, no missing types
- **No manual maintenance**: Auto-generated from kernel BTF
- **Cross-kernel compatibility**: CO-RE/BTF ensures portability across kernel versions
**Trade-offs:**
- Repository size: ~3MB total for all architectures (acceptable for modern git)
- Not immediately clear which kernel structures are actually used by the code
## Updating Bundled vmlinux.h Files
The bundled vmlinux.h files are based on kernel 6.14 from the libbpf repository. To update them to a newer kernel version:
```bash
# Update all architectures at once
for arch in x86 aarch64 arm; do
# Get the symlink target (e.g., vmlinux_6.14.h)
target=$(curl -sL "https://raw.githubusercontent.com/libbpf/vmlinux.h/main/include/${arch}/vmlinux.h")
# Download the actual file
curl -sL "https://raw.githubusercontent.com/libbpf/vmlinux.h/main/include/${arch}/${target}" \
-o "resources/ebpf/vmlinux/${arch}/vmlinux.h"
echo "Updated ${arch} to ${target}"
done
```
Or update a single architecture:
```bash
# Example: Update x86 only
arch="x86"
target=$(curl -sL "https://raw.githubusercontent.com/libbpf/vmlinux.h/main/include/${arch}/vmlinux.h")
curl -sL "https://raw.githubusercontent.com/libbpf/vmlinux.h/main/include/${arch}/${target}" \
-o "resources/ebpf/vmlinux/${arch}/vmlinux.h"
```
After updating, commit the changes to the repository.
## Building with eBPF Support
eBPF is enabled by default on Linux. To build rustnet:
```bash
# Install build dependencies
sudo apt-get install libelf-dev clang llvm # Debian/Ubuntu
sudo yum install elfutils-libelf-devel clang llvm # RedHat/CentOS/Fedora
# Build in release mode (eBPF is enabled by default)
cargo build --release
# The bundled vmlinux.h files will be used automatically
# No network access required!
```
To build **without** eBPF support (procfs-only mode):
```bash
# Build without eBPF
cargo build --release --no-default-features
```
## Testing eBPF Functionality
After building (eBPF is enabled by default), test that it works correctly:
```bash
# Option 1: Run with sudo (always works)
sudo cargo run --release
# Option 2: Set capabilities (Linux only, see INSTALL.md Permissions section)
# Modern Linux (5.8+):
sudo setcap 'cap_net_raw,cap_bpf,cap_perfmon=eip' ./target/release/rustnet
./target/release/rustnet
# Legacy Linux (older kernels):
sudo setcap 'cap_net_raw,cap_sys_admin=eip' ./target/release/rustnet
./target/release/rustnet
# Check the TUI Statistics panel to verify it shows "Process Detection: eBPF + procfs"
```
**Note**: eBPF kprobe programs require specific Linux capabilities. RustNet uses read-only packet capture (CAP_NET_RAW) without promiscuous mode, so CAP_NET_ADMIN is not required. Modern kernels (5.8+) need CAP_BPF and CAP_PERFMON for eBPF, while older kernels require CAP_SYS_ADMIN. See [INSTALL.md - Permissions Setup](INSTALL.md#permissions-setup) for detailed capability requirements.
## Generating vmlinux.h from Your Local Kernel (Optional)
If you need to generate a vmlinux.h file for your specific kernel (e.g., for debugging or custom kernel builds):
```bash
# Method 1: Using bpftool (requires root/CAP_BPF)
sudo bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h
# Method 2: Using pahole (if available)
pahole -J /boot/vmlinux-$(uname -r)
pahole --btf_encode_detached vmlinux.btf /boot/vmlinux-$(uname -r)
bpftool btf dump file vmlinux.btf format c > vmlinux.h
# Method 3: From kernel source
cd /path/to/kernel/source
make scripts_gdb
bpftool btf dump file vmlinux format c > vmlinux.h
```
This is typically not needed since the bundled headers work across kernel versions thanks to CO-RE/BTF.
## Troubleshooting
### Compilation Errors
**"Bundled vmlinux.h not found"**:
- Ensure the `resources/ebpf/vmlinux/` directory exists
- Verify you've cloned the full repository (not a partial checkout)
- Check that the vmlinux.h file exists for your target architecture
**Missing build dependencies**:
- Install clang, llvm, and libelf-dev
- Ensure rustfmt is installed: `rustup component add rustfmt`
### Runtime Errors
**"BTF verification failed"**:
- Your kernel may not have BTF support enabled
- Linux kernel 4.19+ with BTF support is recommended
- Check if BTF is available: `ls /sys/kernel/btf/vmlinux`
**"Permission denied" when loading eBPF**:
- See [INSTALL.md - Permissions Setup](INSTALL.md#permissions-setup) for capability setup
- Required capabilities (modern kernel 5.8+): `CAP_NET_RAW`, `CAP_BPF`, `CAP_PERFMON`
- Required capabilities (legacy kernel): `CAP_NET_RAW`, `CAP_SYS_ADMIN`
- Note: CAP_NET_ADMIN is NOT required (RustNet uses read-only packet capture)
**eBPF fails to load, falls back to procfs**:
- This is expected behavior when eBPF can't load
- Check the TUI Statistics panel to see which detection method is active
- Common reasons: insufficient capabilities, incompatible kernel, BTF not available

39
INSTALL.md
View File

@@ -315,16 +315,18 @@ After installation, see the [Permissions Setup](#permissions-setup) section to c
### Prerequisites
- Rust 2024 edition or later (install from [rustup.rs](https://rustup.rs/))
- libpcap or similar packet capture library:
- **Linux**: `sudo apt-get install libpcap-dev` (Debian/Ubuntu) or `sudo yum install libpcap-devel` (RedHat/CentOS)
- **macOS**: Included by default
- **FreeBSD**: `pkg install libpcap` (included in base system, but headers needed for building)
- Platform-specific dependencies:
- **Linux (Debian/Ubuntu)**:
```bash
sudo apt-get install build-essential pkg-config libpcap-dev libelf-dev zlib1g-dev clang llvm
```
- **Linux (RedHat/CentOS/Fedora)**:
```bash
sudo yum install make pkgconfig libpcap-devel elfutils-libelf-devel zlib-devel clang llvm
```
- **macOS**: Install Xcode Command Line Tools: `xcode-select --install`
- **FreeBSD**: `pkg install rust libpcap`
- **Windows**: Install Npcap and Npcap SDK (see [Windows Build Setup](#windows-build-setup) below)
- **For eBPF support (enabled by default on Linux)**:
- `sudo apt-get install libelf-dev clang llvm` (Debian/Ubuntu)
- `sudo yum install elfutils-libelf-devel clang llvm` (RedHat/CentOS)
- Linux kernel 4.19+ with BTF support recommended
- Note: eBPF automatically falls back to procfs if unavailable
### Basic Build
@@ -342,7 +344,7 @@ cargo build --release --no-default-features
# The executable will be in target/release/rustnet
```
See [EBPF_BUILD.md](EBPF_BUILD.md) for detailed eBPF information.
To build without eBPF (procfs-only mode), use `cargo build --release --no-default-features`.
### Windows Build Setup
@@ -682,28 +684,19 @@ rustnet --help
#### Build Errors
**Linux - Missing libpcap:**
```bash
# Debian/Ubuntu
sudo apt-get install libpcap-dev
# RedHat/CentOS/Fedora
sudo yum install libpcap-devel
```
**Windows - Npcap SDK not found:**
- Ensure the `LIB` environment variable includes the Npcap SDK path
- Check that the SDK is extracted to a directory without spaces
- Use the correct architecture (x64 vs x86) for your Rust toolchain
**eBPF build fails:**
**Linux build fails:**
```bash
# Install required dependencies
# Install all required dependencies
# Debian/Ubuntu
sudo apt-get install libelf-dev clang llvm
sudo apt-get install build-essential pkg-config libpcap-dev libelf-dev zlib1g-dev clang llvm
# RedHat/CentOS/Fedora
sudo yum install elfutils-libelf-devel clang llvm
sudo yum install make pkgconfig libpcap-devel elfutils-libelf-devel zlib-devel clang llvm
```
### Getting Help

3
README.md
View File

@@ -53,7 +53,7 @@ To disable eBPF and use procfs-only mode, build with:
cargo build --release --no-default-features
```
See [EBPF_BUILD.md](EBPF_BUILD.md) for more details and [ARCHITECTURE.md](ARCHITECTURE.md) for technical information.
See [ARCHITECTURE.md](ARCHITECTURE.md) for technical information.
</details>
@@ -236,7 +236,6 @@ See [USAGE.md](USAGE.md) for complete timeout details.
- **[PROFILING.md](PROFILING.md)** - Performance profiling guide with flamegraph setup and optimization tips
- **[ROADMAP.md](ROADMAP.md)** - Planned features and future improvements
- **[RELEASE.md](RELEASE.md)** - Release process for maintainers
- **[EBPF_BUILD.md](EBPF_BUILD.md)** - eBPF build instructions and requirements
## Contributing

4
build.rs
View File

@@ -18,7 +18,7 @@ fn main() -> Result<()> {
#[cfg(target_os = "windows")]
download_windows_npcap_sdk()?;
println!("cargo:rerun-if-changed=src/network/platform/linux_ebpf/programs/");
println!("cargo:rerun-if-changed=src/network/platform/linux/ebpf/programs/");
println!("cargo:rerun-if-changed=src/cli.rs");
println!("cargo:rerun-if-changed=resources/ebpf/vmlinux/");
@@ -184,7 +184,7 @@ fn compile_ebpf_programs() {
let mut out = PathBuf::from(env::var("OUT_DIR").unwrap());
out.push("socket_tracker.skel.rs");
let src = "src/network/platform/linux_ebpf/programs/socket_tracker.bpf.c";
let src = "src/network/platform/linux/ebpf/programs/socket_tracker.bpf.c";
println!("cargo:warning=Building eBPF program using libbpf-cargo");

6
src/network/platform/freebsd_interface_stats.rs → src/network/platform/freebsd/interface_stats.rs
View File

@@ -1,3 +1,5 @@
// network/platform/freebsd/interface_stats.rs - FreeBSD getifaddrs-based interface stats
use crate::network::interface_stats::{InterfaceStats, InterfaceStatsProvider};
use std::ffi::CStr;
use std::io;
@@ -36,9 +38,7 @@ impl InterfaceStatsProvider for FreeBSDStatsProvider {
let ifa = &*current;
// Only process AF_LINK entries (data link layer)
if !ifa.ifa_addr.is_null()
&& (*ifa.ifa_addr).sa_family as i32 == libc::AF_LINK
{
if !ifa.ifa_addr.is_null() && (*ifa.ifa_addr).sa_family as i32 == libc::AF_LINK {
let name = CStr::from_ptr(ifa.ifa_name)
.to_string_lossy()
.to_string();

18
src/network/platform/freebsd/mod.rs Normal file
View File

@@ -0,0 +1,18 @@
// network/platform/freebsd/mod.rs - FreeBSD platform implementation
mod interface_stats;
mod process;
pub use interface_stats::FreeBSDStatsProvider;
pub use process::FreeBSDProcessLookup;
use super::ProcessLookup;
use anyhow::Result;
/// Create a FreeBSD process lookup implementation
/// The `_use_pktap` parameter is ignored on FreeBSD (only used on macOS)
pub fn create_process_lookup(_use_pktap: bool) -> Result<Box<dyn ProcessLookup>> {
log::info!("Using FreeBSD process lookup (sockstat)");
Ok(Box::new(FreeBSDProcessLookup::new()?))
}

15
src/network/platform/freebsd.rs → src/network/platform/freebsd/process.rs
View File

@@ -1,5 +1,6 @@
// network/platform/freebsd.rs - FreeBSD process lookup
use super::{ConnectionKey, ProcessLookup};
// network/platform/freebsd/process.rs - FreeBSD sockstat-based process lookup
use crate::network::platform::{ConnectionKey, ProcessLookup};
use crate::network::types::{Connection, Protocol};
use anyhow::{Context, Result};
use std::collections::HashMap;
@@ -269,10 +270,7 @@ mod tests {
let addr = FreeBSDProcessLookup::parse_address("*:80");
assert_eq!(
addr,
Some(SocketAddr::new(
IpAddr::V4(Ipv4Addr::UNSPECIFIED),
80
))
Some(SocketAddr::new(IpAddr::V4(Ipv4Addr::UNSPECIFIED), 80))
);
}
@@ -281,10 +279,7 @@ mod tests {
let addr = FreeBSDProcessLookup::parse_address("*:65535");
assert_eq!(
addr,
Some(SocketAddr::new(
IpAddr::V4(Ipv4Addr::UNSPECIFIED),
65535
))
Some(SocketAddr::new(IpAddr::V4(Ipv4Addr::UNSPECIFIED), 65535))
);
}

0
src/network/platform/linux_ebpf/loader.rs → src/network/platform/linux/ebpf/loader.rs
View File

0
src/network/platform/linux_ebpf/maps_libbpf.rs → src/network/platform/linux/ebpf/maps_libbpf.rs
View File

0
src/network/platform/linux_ebpf/mod.rs → src/network/platform/linux/ebpf/mod.rs
View File

0
src/network/platform/linux_ebpf/programs/socket_tracker.bpf.c → src/network/platform/linux/ebpf/programs/socket_tracker.bpf.c
View File

2
src/network/platform/linux_ebpf/tracker_libbpf.rs → src/network/platform/linux/ebpf/tracker_libbpf.rs
View File

@@ -1,9 +1,9 @@
//! eBPF socket tracker implementation using libbpf-rs
use super::{
ProcessInfo,
loader::EbpfLoader,
maps_libbpf::{ConnKey, MapReader},
ProcessInfo,
};
use anyhow::Result;
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};

11
src/network/platform/linux_enhanced.rs → src/network/platform/linux/enhanced.rs
View File

@@ -1,8 +1,8 @@
//! Enhanced Linux process lookup combining eBPF and procfs approaches
use super::{ConnectionKey, ProcessLookup};
use crate::network::platform::{ConnectionKey, ProcessLookup};
use super::linux::LinuxProcessLookup;
use super::process::LinuxProcessLookup;
use crate::network::types::{Connection, Protocol};
use anyhow::Result;
use log::{debug, info, warn};
@@ -12,7 +12,7 @@ use std::sync::RwLock;
use std::time::{Duration, Instant};
#[cfg(feature = "ebpf")]
use super::linux_ebpf::EbpfSocketTracker;
use super::ebpf::EbpfSocketTracker;
// When eBPF is enabled, use the full enhanced implementation
#[cfg(feature = "ebpf")]
@@ -441,6 +441,11 @@ mod procfs_only {
stats: RwLock::new(LookupStats::default()),
})
}
/// Check if eBPF is available (always false when feature disabled)
pub fn is_ebpf_available(&self) -> bool {
false
}
}
impl ProcessLookup for EnhancedLinuxProcessLookup {

15
src/network/platform/linux_interface_stats.rs → src/network/platform/linux/interface_stats.rs
View File

@@ -1,3 +1,5 @@
// network/platform/linux/interface_stats.rs - Linux sysfs-based interface stats
use crate::network::interface_stats::{InterfaceStats, InterfaceStatsProvider};
use std::fs;
use std::io;
@@ -54,10 +56,7 @@ impl InterfaceStatsProvider for LinuxStatsProvider {
fn read_stat(base_path: &str, stat_name: &str) -> Result<u64, io::Error> {
let path = format!("{}/{}", base_path, stat_name);
let content = fs::read_to_string(&path).map_err(|e| {
io::Error::new(
e.kind(),
format!("Failed to read {}: {}", path, e),
)
io::Error::new(e.kind(), format!("Failed to read {}: {}", path, e))
})?;
content
@@ -102,11 +101,9 @@ mod tests {
match result {
Ok(stats) => {
// Should have at least loopback
assert!(
!stats.is_empty(),
"Expected at least one interface (lo)"
);
let interface_names: Vec<String> = stats.iter().map(|s| s.interface_name.clone()).collect();
assert!(!stats.is_empty(), "Expected at least one interface (lo)");
let interface_names: Vec<String> =
stats.iter().map(|s| s.interface_name.clone()).collect();
assert!(
interface_names.iter().any(|name| name == "lo"),
"Expected loopback interface"

41
src/network/platform/linux/mod.rs Normal file
View File

@@ -0,0 +1,41 @@
// network/platform/linux/mod.rs - Linux platform implementation
mod interface_stats;
mod process;
#[cfg(feature = "ebpf")]
pub mod ebpf;
#[cfg(feature = "ebpf")]
mod enhanced;
pub use interface_stats::LinuxStatsProvider;
pub use process::LinuxProcessLookup;
use super::ProcessLookup;
use anyhow::Result;
/// Create a Linux process lookup implementation
/// Tries enhanced eBPF lookup first (if feature enabled), falls back to procfs
/// The `_use_pktap` parameter is ignored on Linux (only used on macOS)
pub fn create_process_lookup(_use_pktap: bool) -> Result<Box<dyn ProcessLookup>> {
#[cfg(feature = "ebpf")]
{
// Try enhanced lookup first (with eBPF if available), fall back to basic
match enhanced::EnhancedLinuxProcessLookup::new() {
Ok(enhanced) => {
log::info!("Using enhanced Linux process lookup (eBPF + procfs)");
return Ok(Box::new(enhanced));
}
Err(e) => {
log::warn!(
"Enhanced lookup failed, falling back to basic procfs: {}",
e
);
}
}
}
// Use basic procfs lookup (either as fallback or when eBPF is not enabled)
log::info!("Using Linux process lookup (procfs)");
Ok(Box::new(LinuxProcessLookup::new()?))
}

5
src/network/platform/linux.rs → src/network/platform/linux/process.rs
View File

@@ -1,5 +1,6 @@
// network/platform/linux.rs - Linux process lookup
use super::{ConnectionKey, ProcessLookup};
// network/platform/linux/process.rs - Linux procfs-based process lookup
use crate::network::platform::{ConnectionKey, ProcessLookup};
use crate::network::types::{Connection, Protocol};
use anyhow::Result;
use std::collections::HashMap;

48
src/network/platform/macos_interface_stats.rs → src/network/platform/macos/interface_stats.rs
View File

@@ -1,3 +1,5 @@
// network/platform/macos/interface_stats.rs - macOS getifaddrs-based interface stats
use crate::network::interface_stats::{InterfaceStats, InterfaceStatsProvider};
use std::ffi::CStr;
use std::io;
@@ -12,7 +14,6 @@ pub struct MacOSStatsProvider;
/// statistics fields, particularly ifi_iqdrops. We detect these by checking if:
/// 1. The value is suspiciously large (> 2^31, suggesting signed overflow or garbage)
/// 2. The value is larger than total packets (logically impossible for drops/errors)
#[cfg(target_os = "macos")]
fn sanitize_counter(value: u32, total_packets: u32) -> u64 {
const MAX_REASONABLE_U32: u32 = 0x7FFF_FFFF; // 2^31 - 1
@@ -67,29 +68,29 @@ impl InterfaceStatsProvider for MacOSStatsProvider {
// Get if_data from ifa_data
if !ifa.ifa_data.is_null() {
#[cfg(target_os = "macos")]
{
let if_data = &*(ifa.ifa_data as *const libc::if_data);
let if_data = &*(ifa.ifa_data as *const libc::if_data);
// Calculate total packets for validation
let total_rx_packets = if_data.ifi_ipackets;
let total_tx_packets = if_data.ifi_opackets;
// Calculate total packets for validation
let total_rx_packets = if_data.ifi_ipackets;
let total_tx_packets = if_data.ifi_opackets;
stats.push(InterfaceStats {
interface_name: name,
rx_bytes: if_data.ifi_ibytes as u64,
tx_bytes: if_data.ifi_obytes as u64,
rx_packets: total_rx_packets as u64,
tx_packets: total_tx_packets as u64,
// Sanitize error and drop counters (may contain garbage on virtual interfaces)
rx_errors: sanitize_counter(if_data.ifi_ierrors, total_rx_packets),
tx_errors: sanitize_counter(if_data.ifi_oerrors, total_tx_packets),
rx_dropped: sanitize_counter(if_data.ifi_iqdrops, total_rx_packets),
tx_dropped: 0, // Limited on macOS
collisions: sanitize_counter(if_data.ifi_collisions, total_rx_packets + total_tx_packets),
timestamp: SystemTime::now(),
});
}
stats.push(InterfaceStats {
interface_name: name,
rx_bytes: if_data.ifi_ibytes as u64,
tx_bytes: if_data.ifi_obytes as u64,
rx_packets: total_rx_packets as u64,
tx_packets: total_tx_packets as u64,
// Sanitize error and drop counters (may contain garbage on virtual interfaces)
rx_errors: sanitize_counter(if_data.ifi_ierrors, total_rx_packets),
tx_errors: sanitize_counter(if_data.ifi_oerrors, total_tx_packets),
rx_dropped: sanitize_counter(if_data.ifi_iqdrops, total_rx_packets),
tx_dropped: 0, // Limited on macOS
collisions: sanitize_counter(
if_data.ifi_collisions,
total_rx_packets + total_tx_packets,
),
timestamp: SystemTime::now(),
});
}
}
@@ -115,7 +116,8 @@ mod tests {
match result {
Ok(stats) => {
assert!(!stats.is_empty(), "Expected at least one interface");
let interface_names: Vec<String> = stats.iter().map(|s| s.interface_name.clone()).collect();
let interface_names: Vec<String> =
stats.iter().map(|s| s.interface_name.clone()).collect();
// macOS should have at least loopback (lo0)
assert!(
interface_names.iter().any(|i| i.starts_with("lo")),

43
src/network/platform/macos/mod.rs Normal file
View File

@@ -0,0 +1,43 @@
// network/platform/macos/mod.rs - macOS platform implementation
mod interface_stats;
mod process;
pub use interface_stats::MacOSStatsProvider;
pub use process::MacOSProcessLookup;
use super::ProcessLookup;
use anyhow::Result;
/// No-op process lookup for when PKTAP is providing process metadata
pub struct NoOpProcessLookup;
impl ProcessLookup for NoOpProcessLookup {
fn get_process_for_connection(
&self,
_conn: &crate::network::types::Connection,
) -> Option<(u32, String)> {
None // PKTAP provides this information directly
}
fn refresh(&self) -> Result<()> {
Ok(()) // Nothing to refresh
}
fn get_detection_method(&self) -> &str {
"pktap"
}
}
/// Create a macOS process lookup implementation
/// Uses NoOp when PKTAP is active, otherwise falls back to lsof
pub fn create_process_lookup(use_pktap: bool) -> Result<Box<dyn ProcessLookup>> {
if use_pktap {
log::info!("Using no-op process lookup - PKTAP provides process metadata");
Ok(Box::new(NoOpProcessLookup))
} else {
log::info!("Using macOS process lookup (lsof)");
Ok(Box::new(MacOSProcessLookup::new()?))
}
}

4
src/network/platform/macos.rs → src/network/platform/macos/process.rs
View File

@@ -1,4 +1,6 @@
use super::{ConnectionKey, ProcessLookup};
// network/platform/macos/process.rs - macOS lsof-based process lookup
use crate::network::platform::{ConnectionKey, ProcessLookup};
use crate::network::types::{Connection, Protocol};
use anyhow::Result;
use log::{debug, error, info, warn};

127
src/network/platform/mod.rs
View File

@@ -1,53 +1,33 @@
// network/platform/mod.rs - Platform process lookup
// network/platform/mod.rs - Platform-specific process lookup
//
// Each platform is organized in its own subdirectory with consistent exports:
// - {platform}/mod.rs: create_process_lookup() factory function
// - {platform}/process.rs: ProcessLookup implementation
// - {platform}/interface_stats.rs: InterfaceStatsProvider implementation
use crate::network::types::{Connection, Protocol};
use anyhow::Result;
use std::net::SocketAddr;
// Platform-specific modules
#[cfg(target_os = "freebsd")]
mod freebsd;
// Platform-specific modules (one cfg per platform instead of many)
#[cfg(target_os = "linux")]
mod linux;
#[cfg(all(target_os = "linux", feature = "ebpf"))]
mod linux_ebpf;
#[cfg(all(target_os = "linux", feature = "ebpf"))]
mod linux_enhanced;
#[cfg(target_os = "macos")]
mod macos;
#[cfg(target_os = "windows")]
mod windows;
// Platform-specific interface stats modules
#[cfg(target_os = "linux")]
mod linux_interface_stats;
#[cfg(target_os = "freebsd")]
mod freebsd_interface_stats;
#[cfg(target_os = "macos")]
mod macos_interface_stats;
#[cfg(target_os = "windows")]
mod windows_interface_stats;
mod freebsd;
// Re-export the appropriate implementation
#[cfg(target_os = "freebsd")]
pub use freebsd::FreeBSDProcessLookup;
// Re-export factory functions and types from platform modules
#[cfg(target_os = "linux")]
pub use linux::LinuxProcessLookup;
#[cfg(target_os = "linux")]
// pub use linux_enhanced::EnhancedLinuxProcessLookup;
pub use linux::{create_process_lookup, LinuxStatsProvider};
#[cfg(target_os = "macos")]
pub use macos::MacOSProcessLookup;
pub use macos::{create_process_lookup, MacOSStatsProvider};
#[cfg(target_os = "windows")]
pub use windows::WindowsProcessLookup;
// Re-export interface stats providers
#[cfg(target_os = "linux")]
pub use linux_interface_stats::LinuxStatsProvider;
pub use windows::{create_process_lookup, WindowsProcessLookup, WindowsStatsProvider};
#[cfg(target_os = "freebsd")]
pub use freebsd_interface_stats::FreeBSDStatsProvider;
#[cfg(target_os = "macos")]
pub use macos_interface_stats::MacOSStatsProvider;
#[cfg(target_os = "windows")]
pub use windows_interface_stats::WindowsStatsProvider;
pub use freebsd::{create_process_lookup, FreeBSDProcessLookup, FreeBSDStatsProvider};
/// Trait for platform-specific process lookup
pub trait ProcessLookup: Send + Sync {
@@ -64,85 +44,6 @@ pub trait ProcessLookup: Send + Sync {
fn get_detection_method(&self) -> &str;
}
/// No-op process lookup for when PKTAP is providing process metadata
#[cfg(target_os = "macos")]
pub struct NoOpProcessLookup;
#[cfg(target_os = "macos")]
impl ProcessLookup for NoOpProcessLookup {
fn get_process_for_connection(&self, _conn: &Connection) -> Option<(u32, String)> {
None // PKTAP provides this information directly
}
fn refresh(&self) -> Result<()> {
Ok(()) // Nothing to refresh
}
fn get_detection_method(&self) -> &str {
"pktap"
}
}
/// Create a platform-specific process lookup with PKTAP status awareness
pub fn create_process_lookup(_use_pktap: bool) -> Result<Box<dyn ProcessLookup>> {
#[cfg(target_os = "macos")]
{
use crate::network::platform::macos::MacOSProcessLookup;
if _use_pktap {
log::info!("Using no-op process lookup - PKTAP provides process metadata");
Ok(Box::new(NoOpProcessLookup))
} else {
Ok(Box::new(MacOSProcessLookup::new()?))
}
}
#[cfg(target_os = "linux")]
{
#[cfg(feature = "ebpf")]
{
// Try enhanced lookup first (with eBPF if available), fall back to basic
match linux_enhanced::EnhancedLinuxProcessLookup::new() {
Ok(enhanced) => {
log::info!("Using enhanced Linux process lookup (eBPF + procfs)");
return Ok(Box::new(enhanced));
}
Err(e) => {
log::warn!(
"Enhanced lookup failed, falling back to basic procfs: {}",
e
);
}
}
}
// Use basic procfs lookup (either as fallback or when eBPF is not enabled)
log::info!("Using Linux process lookup (procfs)");
Ok(Box::new(LinuxProcessLookup::new()?))
}
#[cfg(target_os = "windows")]
{
log::info!("Using Windows process lookup (IP Helper API)");
Ok(Box::new(WindowsProcessLookup::new()?))
}
#[cfg(target_os = "freebsd")]
{
log::info!("Using FreeBSD process lookup (sockstat)");
Ok(Box::new(FreeBSDProcessLookup::new()?))
}
#[cfg(not(any(
target_os = "linux",
target_os = "windows",
target_os = "macos",
target_os = "freebsd"
)))]
{
Err(anyhow::anyhow!("Unsupported platform"))
}
}
/// Connection identifier for lookups
#[derive(Debug, Clone, Hash, PartialEq, Eq)]
pub struct ConnectionKey {

16
src/network/platform/windows_interface_stats.rs → src/network/platform/windows/interface_stats.rs
View File

@@ -1,3 +1,5 @@
// network/platform/windows/interface_stats.rs - Windows IP Helper API interface stats
use crate::network::interface_stats::{InterfaceStats, InterfaceStatsProvider};
use std::collections::HashMap;
use std::io;
@@ -32,15 +34,14 @@ impl InterfaceStatsProvider for WindowsStatsProvider {
let result = GetIfTable2(&mut table);
if result.is_err() {
return Err(io::Error::other(
format!("GetIfTable2 failed with error code: {:?}", result),
));
return Err(io::Error::other(format!(
"GetIfTable2 failed with error code: {:?}",
result
)));
}
if table.is_null() {
return Err(io::Error::other(
"Failed to get interface table",
));
return Err(io::Error::other("Failed to get interface table"));
}
let num_entries = (*table).NumEntries as usize;
@@ -76,7 +77,8 @@ impl InterfaceStatsProvider for WindowsStatsProvider {
}
// Skip "Local Area Con" with zero traffic (these are usually disconnected adapters)
let total_traffic = row.InOctets + row.OutOctets + row.InUcastPkts + row.OutUcastPkts;
let total_traffic =
row.InOctets + row.OutOctets + row.InUcastPkts + row.OutUcastPkts;
if name_lower.starts_with("local area con") && total_traffic == 0 {
continue;
}

18
src/network/platform/windows/mod.rs Normal file
View File

@@ -0,0 +1,18 @@
// network/platform/windows/mod.rs - Windows platform implementation
mod interface_stats;
mod process;
pub use interface_stats::WindowsStatsProvider;
pub use process::WindowsProcessLookup;
use super::ProcessLookup;
use anyhow::Result;
/// Create a Windows process lookup implementation
/// The `_use_pktap` parameter is ignored on Windows (only used on macOS)
pub fn create_process_lookup(_use_pktap: bool) -> Result<Box<dyn ProcessLookup>> {
log::info!("Using Windows process lookup (IP Helper API)");
Ok(Box::new(WindowsProcessLookup::new()?))
}

110
src/network/platform/windows.rs → src/network/platform/windows/process.rs
View File

@@ -1,4 +1,6 @@
use super::{ConnectionKey, ProcessLookup};
// network/platform/windows/process.rs - Windows IP Helper API process lookup
use crate::network::platform::{ConnectionKey, ProcessLookup};
use crate::network::types::{Connection, Protocol};
use anyhow::Result;
use std::collections::HashMap;
@@ -10,8 +12,8 @@ use std::time::{Duration, Instant};
use windows::Win32::Foundation::{CloseHandle, ERROR_INSUFFICIENT_BUFFER, WIN32_ERROR};
use windows::Win32::NetworkManagement::IpHelper::{
GetExtendedTcpTable, GetExtendedUdpTable, MIB_TCP6ROW_OWNER_PID, MIB_TCP6TABLE_OWNER_PID,
MIB_TCPROW_OWNER_PID, MIB_TCPTABLE_OWNER_PID, MIB_UDPROW_OWNER_PID,
MIB_UDPTABLE_OWNER_PID, TCP_TABLE_OWNER_PID_ALL, UDP_TABLE_OWNER_PID,
MIB_TCPROW_OWNER_PID, MIB_TCPTABLE_OWNER_PID, MIB_UDPROW_OWNER_PID, MIB_UDPTABLE_OWNER_PID,
TCP_TABLE_OWNER_PID_ALL, UDP_TABLE_OWNER_PID,
};
use windows::Win32::Networking::WinSock::{AF_INET, AF_INET6};
use windows::Win32::System::Threading::{
@@ -55,7 +57,10 @@ impl WindowsProcessLookup {
Ok(())
}
fn refresh_tcp_table_v4(&self, cache: &mut HashMap<ConnectionKey, (u32, String)>) -> Result<()> {
fn refresh_tcp_table_v4(
&self,
cache: &mut HashMap<ConnectionKey, (u32, String)>,
) -> Result<()> {
unsafe {
let mut size: u32 = 0;
let mut table: Vec<u8>;
@@ -71,13 +76,19 @@ impl WindowsProcessLookup {
);
if WIN32_ERROR(result) != ERROR_INSUFFICIENT_BUFFER {
log::debug!("GetExtendedTcpTable (IPv4) returned no data or error: {}", result);
log::debug!(
"GetExtendedTcpTable (IPv4) returned no data or error: {}",
result
);
return Ok(()); // No connections or error
}
if size == 0 || size > 100_000_000 {
// Sanity check: reject unreasonably large sizes (100MB limit)
log::warn!("GetExtendedTcpTable (IPv4) returned invalid size: {}", size);
log::warn!(
"GetExtendedTcpTable (IPv4) returned invalid size: {}",
size
);
return Ok(());
}
@@ -93,7 +104,10 @@ impl WindowsProcessLookup {
);
if result != 0 {
log::debug!("GetExtendedTcpTable (IPv4) second call failed: {}", result);
log::debug!(
"GetExtendedTcpTable (IPv4) second call failed: {}",
result
);
return Ok(()); // Error getting table
}
@@ -161,7 +175,10 @@ impl WindowsProcessLookup {
Ok(())
}
fn refresh_tcp_table_v6(&self, cache: &mut HashMap<ConnectionKey, (u32, String)>) -> Result<()> {
fn refresh_tcp_table_v6(
&self,
cache: &mut HashMap<ConnectionKey, (u32, String)>,
) -> Result<()> {
unsafe {
let mut size: u32 = 0;
let mut table: Vec<u8>;
@@ -177,13 +194,19 @@ impl WindowsProcessLookup {
);
if WIN32_ERROR(result) != ERROR_INSUFFICIENT_BUFFER {
log::debug!("GetExtendedTcpTable (IPv6) returned no data or error: {}", result);
log::debug!(
"GetExtendedTcpTable (IPv6) returned no data or error: {}",
result
);
return Ok(()); // No connections or error
}
if size == 0 || size > 100_000_000 {
// Sanity check: reject unreasonably large sizes (100MB limit)
log::warn!("GetExtendedTcpTable (IPv6) returned invalid size: {}", size);
log::warn!(
"GetExtendedTcpTable (IPv6) returned invalid size: {}",
size
);
return Ok(());
}
@@ -199,7 +222,10 @@ impl WindowsProcessLookup {
);
if result != 0 {
log::debug!("GetExtendedTcpTable (IPv6) second call failed: {}", result);
log::debug!(
"GetExtendedTcpTable (IPv6) second call failed: {}",
result
);
return Ok(()); // Error getting table
}
@@ -278,7 +304,10 @@ impl WindowsProcessLookup {
Ok(())
}
fn refresh_udp_table_v4(&self, cache: &mut HashMap<ConnectionKey, (u32, String)>) -> Result<()> {
fn refresh_udp_table_v4(
&self,
cache: &mut HashMap<ConnectionKey, (u32, String)>,
) -> Result<()> {
unsafe {
let mut size: u32 = 0;
let mut table: Vec<u8>;
@@ -294,13 +323,19 @@ impl WindowsProcessLookup {
);
if WIN32_ERROR(result) != ERROR_INSUFFICIENT_BUFFER {
log::debug!("GetExtendedUdpTable (IPv4) returned no data or error: {}", result);
log::debug!(
"GetExtendedUdpTable (IPv4) returned no data or error: {}",
result
);
return Ok(()); // No connections or error
}
if size == 0 || size > 100_000_000 {
// Sanity check: reject unreasonably large sizes (100MB limit)
log::warn!("GetExtendedUdpTable (IPv4) returned invalid size: {}", size);
log::warn!(
"GetExtendedUdpTable (IPv4) returned invalid size: {}",
size
);
return Ok(());
}
@@ -316,7 +351,10 @@ impl WindowsProcessLookup {
);
if result != 0 {
log::debug!("GetExtendedUdpTable (IPv4) second call failed: {}", result);
log::debug!(
"GetExtendedUdpTable (IPv4) second call failed: {}",
result
);
return Ok(()); // Error getting table
}
@@ -382,7 +420,10 @@ impl WindowsProcessLookup {
Ok(())
}
fn refresh_udp_table_v6(&self, _cache: &mut HashMap<ConnectionKey, (u32, String)>) -> Result<()> {
fn refresh_udp_table_v6(
&self,
_cache: &mut HashMap<ConnectionKey, (u32, String)>,
) -> Result<()> {
// IPv6 UDP table structures are not available in current windows crate version
// This will be implemented when the structures are available
Ok(())
@@ -406,13 +447,23 @@ impl ProcessLookup for WindowsProcessLookup {
if cache.last_refresh.elapsed() < Duration::from_secs(2)
&& let Some(process_info) = cache.lookup.get(&key)
{
log::trace!("✓ Cache hit: {:?} {} -> {} => {:?}",
key.protocol, key.local_addr, key.remote_addr, process_info);
log::trace!(
"✓ Cache hit: {:?} {} -> {} => {:?}",
key.protocol,
key.local_addr,
key.remote_addr,
process_info
);
return Some(process_info.clone());
} else {
log::trace!("✗ Cache miss: {:?} {} -> {} (cache: {} entries, age: {}s)",
key.protocol, key.local_addr, key.remote_addr,
cache.lookup.len(), cache.last_refresh.elapsed().as_secs());
log::trace!(
"✗ Cache miss: {:?} {} -> {} (cache: {} entries, age: {}s)",
key.protocol,
key.local_addr,
key.remote_addr,
cache.lookup.len(),
cache.last_refresh.elapsed().as_secs()
);
}
}
@@ -429,8 +480,12 @@ impl ProcessLookup for WindowsProcessLookup {
if result.is_some() {
log::trace!("✓ Found after refresh: {:?} => {:?}", key, result);
} else {
log::trace!("✗ Still no match after refresh for: {:?} {} -> {}",
key.protocol, key.local_addr, key.remote_addr);
log::trace!(
"✗ Still no match after refresh for: {:?} {} -> {}",
key.protocol,
key.local_addr,
key.remote_addr
);
}
result
} else {
@@ -447,7 +502,9 @@ impl ProcessLookup for WindowsProcessLookup {
let mut cache = match self.cache.write() {
Ok(cache) => cache,
Err(poisoned) => {
log::warn!("Process cache write lock was poisoned, recovering and replacing cache");
log::warn!(
"Process cache write lock was poisoned, recovering and replacing cache"
);
poisoned.into_inner()
}
};
@@ -456,7 +513,10 @@ impl ProcessLookup for WindowsProcessLookup {
cache.lookup = new_cache;
cache.last_refresh = Instant::now();
log::debug!("Windows process lookup refresh complete: {} entries cached", total_entries);
log::debug!(
"Windows process lookup refresh complete: {} entries cached",
total_entries
);
Ok(())
}

33
src/network/types.rs
View File

@@ -1102,13 +1102,14 @@ mod tests {
// Should converge to actual sustained rate
// 1000 bytes / 0.1s = 10,000 bytes/sec outgoing
// 500 bytes / 0.1s = 5,000 bytes/sec incoming
// Note: Wide tolerance due to thread::sleep timing variability in CI
assert!(
outgoing_rate > 9000.0 && outgoing_rate < 11000.0,
outgoing_rate > 5000.0 && outgoing_rate < 15000.0,
"Outgoing rate should be ~10KB/s, got: {}",
outgoing_rate
);
assert!(
incoming_rate > 4500.0 && incoming_rate < 5500.0,
incoming_rate > 2500.0 && incoming_rate < 7500.0,
"Incoming rate should be ~5KB/s, got: {}",
incoming_rate
);
@@ -1181,16 +1182,15 @@ mod tests {
let incoming_rate = tracker.get_incoming_rate_bps();
// Expected: 1500 bytes / 0.01s = 150,000 bytes/sec = ~150 KB/s
// However, thread::sleep is not precise and can sleep longer than requested,
// especially under system load. We use wider tolerance to avoid flaky tests.
// The actual rate will be lower if sleep takes longer (e.g., 128KB/s if sleep ~11.7ms)
// However, thread::sleep is not precise and can sleep much longer than requested,
// especially on CI runners (macOS ARM can be 5x slower). Very wide tolerance needed.
assert!(
outgoing_rate > 100_000.0 && outgoing_rate < 180_000.0,
outgoing_rate > 25_000.0 && outgoing_rate < 200_000.0,
"High packet rate should still give reasonable average, got: {}",
outgoing_rate
);
assert!(
incoming_rate > 50_000.0 && incoming_rate < 90_000.0,
incoming_rate > 12_000.0 && incoming_rate < 100_000.0,
"High packet rate should still give reasonable average, got: {}",
incoming_rate
);
@@ -1209,10 +1209,11 @@ mod tests {
// Now we have 2 samples spanning 1 second with 10,000 bytes transferred
// This should give us 10,000 bytes/sec
// If we were .skip(1), we'd get 0 because we'd skip the only data sample!
// Note: Wide tolerance due to thread::sleep timing variability in CI
let outgoing_rate = tracker.get_outgoing_rate_bps();
assert!(
outgoing_rate > 9_000.0 && outgoing_rate < 11_000.0,
outgoing_rate > 5_000.0 && outgoing_rate < 15_000.0,
"Should include all samples (not skip first), got: {}",
outgoing_rate
);
@@ -1293,13 +1294,14 @@ mod tests {
let incoming_rate = tracker.get_incoming_rate_bps();
// Should be approximately 10000 bytes/sec outgoing, 5000 bytes/sec incoming
// Note: Wide tolerance due to thread::sleep timing variability in CI
assert!(
outgoing_rate > 8000.0 && outgoing_rate < 12000.0,
outgoing_rate > 4000.0 && outgoing_rate < 15000.0,
"Outgoing rate: {}",
outgoing_rate
);
assert!(
incoming_rate > 4000.0 && incoming_rate < 6000.0,
incoming_rate > 2000.0 && incoming_rate < 8000.0,
"Incoming rate: {}",
incoming_rate
);
@@ -1439,15 +1441,17 @@ mod tests {
let incoming_rate = tracker.get_incoming_rate_bps();
// Should be approximately 1MB/s outgoing (1_000_000 bytes/sec)
// Note: Wide tolerance due to thread::sleep timing variability in CI
assert!(
outgoing_rate > 800_000.0 && outgoing_rate < 1_200_000.0,
outgoing_rate > 500_000.0 && outgoing_rate < 1_500_000.0,
"Outgoing rate should be ~1MB/s, got: {}",
outgoing_rate
);
// Should be approximately 500KB/s incoming (500_000 bytes/sec)
// Note: Wide tolerance due to thread::sleep timing variability in CI
assert!(
incoming_rate > 400_000.0 && incoming_rate < 600_000.0,
incoming_rate > 250_000.0 && incoming_rate < 750_000.0,
"Incoming rate should be ~500KB/s, got: {}",
incoming_rate
);
@@ -1480,13 +1484,14 @@ mod tests {
let incoming_rate = tracker.get_incoming_rate_bps();
// We're sending at ~1MB/s and receiving at ~500KB/s consistently
// Note: Wide tolerance due to thread::sleep timing variability in CI
assert!(
outgoing_rate > 800_000.0 && outgoing_rate < 1_200_000.0,
outgoing_rate > 400_000.0 && outgoing_rate < 1_500_000.0,
"Outgoing rate after window slide: {}",
outgoing_rate
);
assert!(
incoming_rate > 400_000.0 && incoming_rate < 600_000.0,
incoming_rate > 200_000.0 && incoming_rate < 750_000.0,
"Incoming rate after window slide: {}",
incoming_rate
);