mquire 1.2.7

Memory forensics and analysis tool for querying Linux kernel memory dumps using SQL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

//
// Copyright (c) 2025-present, Trail of Bits, Inc.
// All rights reserved.
//
// This source code is licensed in accordance with the terms specified in
// the LICENSE file found in the root directory of this source tree.
//

use crate::{core::entities::ip_address::IPAddress, memory::virtual_address::VirtualAddress};

/// Network protocol type
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum Protocol {
    /// TCP protocol
    TCP,

    /// UDP protocol
    UDP,
}

/// IP type
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum IPAddressType {
    /// IPv4 ip address type
    IPv4,

    /// IPv6 ip address type
    IPv6,
}

/// Represents a network connection
#[derive(Debug, Clone)]
pub struct NetworkConnection {
    /// Virtual address of the sock structure
    pub virtual_address: VirtualAddress,

    /// Protocol type
    pub protocol: Option<Protocol>,

    /// TCP connection state (operating system specific)
    pub state: Option<String>,

    /// Local IP address
    pub local_address: Option<IPAddress>,

    /// Local port number
    pub local_port: Option<u16>,

    /// Remote IP address
    pub remote_address: Option<IPAddress>,

    /// Remote port number
    pub remote_port: Option<u16>,

    /// IP address type
    pub ip_address_type: Option<IPAddressType>,

    /// Socket inode number
    pub inode: Option<u64>,
}