util

package
v0.0.0-...-5a3c2f8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2025 License: BSD-3-Clause Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateFilePair 

func CreateFilePair(number int, contents []byte, blockSize int, dir string)

CreateFilePair creates a file with given contents in a given directory, named "file.<number>" as well as a meta file "file.<number>.meta", emulating Suricata's file extraction behaviour. A random delay of up to 200ms is used before writing to slow down file creation a bit. Files are written in chunks, opening and closing the file for each individual chunk just as Suricata does.

func CreateFilePairMoved 

func CreateFilePairMoved(number int, contents []byte, dir string)

CreateFilePairMoved creates a file with given contents in a given directory, named "file.<number>" as well as a metafile "file.<number>.meta". However, unlike CreateFilePair, CreateFilePairMoved creates the files outside the target directory and moves it in later, simulating 'atomic' file creation.

func CreateFilePairV2 

func CreateFilePairV2(number int, contents []byte, blockSize int, dir string)

CreateFilePairV2 creates a file with given contents in a given directory, matching the naming scheme of filestore v2.

func CreateFilePairWithTime 

func CreateFilePairWithTime(number int, contents []byte, blockSize int,
	dir string, mtime time.Time)

CreateFilePairWithTime creates a file pair like CreateFilePair, but also sets atime and mtime of the resulting file to the given value.

func MakeYARARuleFile 

func MakeYARARuleFile(outfile string) error

MakeYARARuleFile compiles a given YARA rule source and writes the compiled version to a given file name.

func Min 

func Min(a, b int) int

Min returns the smaller of the passed int values.

Types

type FilestoreVersion 

type FilestoreVersion int

FilestoreVersion signifies the version of the filestore directory layout 

const (
	// V1 means file store version 1, pre-4.1 Suricata
	V1 FilestoreVersion = 1
	// V2 means file store version 2, Suricata 4.1 or later
	V2 FilestoreVersion = 2
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.