-
Notifications
You must be signed in to change notification settings - Fork 205
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Netstat issue with spaces in program name #578
Comments
While running our monitoring script which uses First one was to see the data comming in def parse_network(headers, entry):
LIST_OF_STATES = [
"ESTABLISHED", "SYN_SENT", "SYN_RECV", "FIN_WAIT1", "FIN_WAIT2",
"TIME_WAIT", "CLOSED", "CLOSE_WAIT", "LAST_ACK", "LISTEN", "CLOSING",
"UNKNOWN", "7"
]
# split entry based on presence of value in "State" column
contains_state = any(state in entry for state in LIST_OF_STATES)
split_modifier = 1 if contains_state else 2
### DEBUG PRINT ###
print(entry)
entry = entry.split(maxsplit=len(headers) - split_modifier) output: tcp 0 0 0.0.0.0:9898 0.0.0.0:* LISTEN 1178/pgpool
tcp 0 0 192.168.68.116:9102 0.0.0.0:* LISTEN 584/bareos-fd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 600/sshd: /usr/sbin
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 1178/pgpool
tcp 0 0 0.0.0.0:5433 0.0.0.0:* LISTEN 1676/postgres
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 928/exim4
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 1817931/zabbix_agen
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN 1187/pgpool: watchd
tcp6 0 0 :::9898 :::* LISTEN 1178/pgpool
tcp6 0 0 :::22 :::* LISTEN 600/sshd: /usr/sbin
tcp6 0 0 :::5432 :::* LISTEN 1178/pgpool
tcp6 0 0 :::5433 :::* LISTEN 1676/postgres
tcp6 0 0 :::10050 :::* LISTEN 1817931/zabbix_agen
udp 0 0 0.0.0.0:68 0.0.0.0:* 535/dhclient
udp 0 0 0.0.0.0:37300 0.0.0.0:* 1204/pgpool: heartb
udp 0 0 0.0.0.0:9694 0.0.0.0:* 1205/pgpool: heartb
udp 0 0 0.0.0.0:9694 0.0.0.0:* 1203/pgpool: heartb
udp 0 0 0.0.0.0:44649 0.0.0.0:* 1206/pgpool: heartb
udp 0 0 0.0.0.0:52868 0.0.0.0:* 494/rsyslogd The interesting part comes here, It is clear that none of the def parse_network(headers, entry):
LIST_OF_STATES = [
"ESTABLISHED", "SYN_SENT", "SYN_RECV", "FIN_WAIT1", "FIN_WAIT2",
"TIME_WAIT", "CLOSED", "CLOSE_WAIT", "LAST_ACK", "LISTEN", "CLOSING",
"UNKNOWN", "7"
]
# split entry based on presence of value in "State" column
contains_state = any(state in entry for state in LIST_OF_STATES)
split_modifier = 1 if contains_state else 2
entry = entry.split(maxsplit=len(headers) - split_modifier)
### DEBUG PRINT ###
print(entry, len(entry))
The row with the The "index out of range error" I'm getting is because I take the output of jc and split the column PID/Program name on I was localy able to fix the problem when I removed the number 7 from the LIST_OF_STATES. I remember tho, that without the 7 present in it, some tests of yours were failing. What I would like to do, is to remove the number 7 from LIST_OF_STATES because according to the documentation it is not a valid state that can appear as output of the netstat command, and to try and debug why the tests are failing. |
Oh, dear - that's a nasty little bug. Thanks for looking into this - looking forward to working with you on this! |
@HervisDaubeny any update on this? If not, I can take a look. Thanks! |
Hello, unfortunately I'm currently flooded with work from every side. If
you don't mind waiting I would love to look into it,
but I can't promise you I will be able to do it soon. My estimate is that I
could get to it in november.
Best regards,
Sebastian
… Message ID: ***@***.***>
|
DescriptionThe current code for checking if an entry contains a specific state has a bug where partial matches can mistakenly trigger the condition. The current implementation:
does not enforce word boundaries, which means that it can match unintended portions of text, like matching "7" within "0.0.0.0:37300". Suggested FixOne potential quick fix to enforce word boundaries is to modify the code as follows:
|
It looks like the tests fail because we do see
Looks like we'll have to tighten up the splitting logic per @Luigi31415 's comment above. |
@kellyjonbrazil I think my suggested fix does solve the problem. Let me know if you agree so that I can put in a PR. |
@Luigi31415 sounds good - go ahead and use |
Originally posted by @HervisDaubeny in #447 (comment)
The text was updated successfully, but these errors were encountered: