parse all sections

jc/parsers/netstat_osx.py

@@ -41,6 +41,47 @@ def parse_socket(headers, entry):
     return output_line
 
 
+def parse_reg_kernel_control(headers, entry):
+    # Count words in header
+    # if len of line is one less than len of header, then insert None in field 5
+    entry = entry.split(maxsplit=len(headers) - 1)
+
+    if len(entry) == len(headers) - 1:
+        entry.insert(5, None)
+
+    output_line = dict(zip(headers, entry))
+    output_line['kind'] = 'Registered kernel control module'
+
+    return output_line
+
+
+def parse_active_kernel_event(headers, entry):
+    # Count words in header
+    # if len of line is one less than len of header, then insert None in field 5
+    entry = entry.split(maxsplit=len(headers) - 1)
+
+    if len(entry) == len(headers) - 1:
+        entry.insert(5, None)
+
+    output_line = dict(zip(headers, entry))
+    output_line['kind'] = 'Active kernel event socket'
+
+    return output_line
+
+def parse_active_kernel_control(headers, entry):
+    # Count words in header
+    # if len of line is one less than len of header, then insert None in field 5
+    entry = entry.split(maxsplit=len(headers) - 1)
+
+    if len(entry) == len(headers) - 1:
+        entry.insert(5, None)
+
+    output_line = dict(zip(headers, entry))
+    output_line['kind'] = 'Active kernel control socket'
+
+    return output_line
+
+
 def parse_post(raw_data):
     # clean up trailing whitespace on each item in each entry
     # flags --- = null
@@ -49,28 +90,6 @@ def parse_post(raw_data):
     # create network and transport protocol fields
 
     for entry in raw_data:
-        for item in entry:
-            try:
-                entry[item] = entry[item].rstrip()
-            except (AttributeError):
-                # skips trying to rstrip Null entries
-                pass
-
-        if 'flags' in entry:
-            if entry['flags'] == '---':
-                entry['flags'] = None
-
-        if 'program_name' in entry:
-            entry['program_name'] = entry['program_name'].strip()
-            if entry['program_name'] == '-':
-                entry['program_name'] = None
-
-            if entry['program_name']:
-                pid = entry['program_name'].split('/', maxsplit=1)[0]
-                name = entry['program_name'].split('/', maxsplit=1)[1]
-                entry['pid'] = pid
-                entry['program_name'] = name
-
         if 'local_address' in entry:
             if entry['local_address']:
                 ladd = entry['local_address'].rsplit(':', maxsplit=1)[0]
@@ -116,59 +135,130 @@ def parse(cleandata):
     """
     raw_output = []
     network = False
+    multipath = False
+    reg_kernel_control = False
+    active_kernel_event = False
+    active_kernel_control = False
     socket = False
-    bluetooth = False
     headers = ''
     network_list = []
     socket_list = []
+    reg_kernel_control_list = []
+    active_kernel_event_list = []
+    active_kernel_control_list = []
 
     for line in cleandata:
 
         if line.startswith('Active Internet'):
             network_list = []
             network = True
+            multipath = False
             socket = False
-            bluetooth = False
+            reg_kernel_control = False
+            active_kernel_event = False
+            active_kernel_control = False
+            continue
+
+        if line.startswith('Active Multipath Internet connections'):
+            # skip for now
+            network = False
+            multipath = True
+            socket = False
+            reg_kernel_control = False
+            active_kernel_event = False
+            active_kernel_control = False
             continue
 
         if line.startswith('Active LOCAL (UNIX) domain sockets'):
             socket_list = []
             network = False
+            multipath = False
             socket = True
-            bluetooth = False
+            reg_kernel_control = False
+            active_kernel_event = False
+            active_kernel_control = False
             continue
 
-        if line.startswith('Active Bluetooth'):
+        if line.startswith('Registered kernel control modules'):
             network = False
+            multipath = False
             socket = False
-            bluetooth = True
+            reg_kernel_control = True
+            active_kernel_event = False
+            active_kernel_control = False
             continue
 
-        if line.startswith('Socket ') or line.startswith('Proto '):
+        if line.startswith('Active kernel event sockets'):
+            network = False
+            multipath = False
+            socket = False
+            reg_kernel_control = False
+            active_kernel_event = True
+            active_kernel_control = False
+            continue
+
+        if line.startswith('Active kernel control sockets'):
+            network = False
+            multipath = False
+            socket = False
+            reg_kernel_control = False
+            active_kernel_event = False
+            active_kernel_control = True
+            continue
+
+        # get headers
+        if network and (line.startswith('Socket ') or line.startswith('Proto ')):
             header_text = normalize_headers(line)
             headers = header_text.split()
             continue
 
-        if line.startswith('Address '):
+        if socket and line.startswith('Address '):
             header_text = normalize_headers(line)
             headers = header_text.split()
             continue
 
+        if reg_kernel_control and line.startswith('id '):
+            header_text = normalize_headers(line)
+            headers = header_text.split()
+            continue
+
+        if active_kernel_event and line.startswith('id '):
+            header_text = normalize_headers(line)
+            headers = header_text.split()
+            continue
+
+        if active_kernel_control and line.startswith('Proto '):
+            header_text = normalize_headers(line)
+            headers = header_text.split()
+            continue
+
+        # get items
         if network:
             network_list.append(parse_network(headers, line))
             continue
 
+        if multipath:
+            # skip for now
+            continue
+
         if socket:
             socket_list.append(parse_socket(headers, line))
             continue
 
-        if bluetooth:
+        if reg_kernel_control:
-            # maybe implement later if requested
+            reg_kernel_control_list.append(parse_reg_kernel_control(headers, line))
             continue
 
-    for item in [network_list, socket_list]:
+        if active_kernel_event:
-        for entry in item:
+            active_kernel_event_list.append(parse_active_kernel_event(headers, line))
-            raw_output.append(entry)
+            continue
+
+        if active_kernel_control:
+            active_kernel_control_list.append(parse_active_kernel_control(headers, line))
+            continue
+
+    for item in [network_list, socket_list, reg_kernel_control_list, active_kernel_event_list, active_kernel_control_list]:
+        raw_output.extend(item)
 
     return raw_output