top | item 46091984

(no title)

heybrendan | 3 months ago

I see that you're parsing `ss` output in 'src/services/network.rs' (L22-L31) [1]. I find this to be a rather shaky foundation as any future drift or deviation in the `ss` utility's output could potentially yield unforeseen consequences.

I'm vaguely aware that there are crates available in the Rust ecosystem for interrogating and manipulating sockets much more directly as well as high level abstractions for all things netlink (read: AF_NETLINK). Is wielding Rust's socket/netlink libraries unsuitable in some way, or was it merely deemed out of the design scope?

Very cool project, please keep going!

[1] https://github.com/grigio/network-monitor/blob/master/src/se...

discuss

gdevenyi|3 months ago

Instead of directly parsing ss, use the jc program to produce JSON.

https://kellyjonbrazil.github.io/jc/docs/parsers/ss.html

lsferreira42|3 months ago

It will suffer from the same problem if the output from ss changes

a-dub|3 months ago

maybe consider support for the opensnitch ebpf backend?

grigio|3 months ago

I tried to do the most simple thing, thanks for the feedback

grigio|3 months ago

Thanks, I use native rust libs now