Expand description
netls is a network connections viewer for daily use and automation.
This crate exposes the same functionality as the netls CLI tool through
a programmatic API. The entry points are snapshot (gathered with a
Filter) and the various enrich_* functions that populate optional
fields on each Connection.
Modules§
- config
- Configuration file (TOML) loading:
[defaults],[profiles.<name>],[ports]. Configuration file support.
Structs§
- Connection
- A single network connection.
- Connection
Diff - Result of
diff_connections. - Connection
Key - Stable identity key for a
Connection. Internal representation is opaque; onlyDisplay,Hash, and equality are guaranteed. - FdUsage
- Open file descriptors and the soft limit for a process.
Populated on a
Connectionbyenrich_fd. - Filter
- Builder-style filter for
snapshot. - Parse
Enum Error - Error returned when a string cannot be parsed into one of the
library’s enum types (
Proto,State,SortKey). - Snapshot
Result - Result of
snapshot_with_containers: connections plus any non-fatal warnings that occurred while enriching from container runtimes. - Summary
- Aggregated counts of connections by protocol and TCP state.
Returned by
summary. - TopProcess
- A single entry returned by
top_connections.
Enums§
- Error
- Errors returned by
netlslibrary functions. - Proto
- Transport protocol of a connection.
- SortKey
- Column key accepted by
sort_connections. - State
- TCP connection state. Mirrors the standard TCP state machine
(RFC 793). Only meaningful for
Proto::Tcp.
Constants§
- VALID_
GROUP_ BY - Fields accepted by
--group-byand thegroup_byconfig field. - VALID_
PROTOS - Protocols accepted by
--protoand theprotoconfig field. - VALID_
SORT - Columns accepted by
--sortand thesortconfig field. - VALID_
STATES - Connection states accepted by
--stateand thestateconfig field.
Functions§
- compact_
addr - Replace verbose IPv6 addresses with human-friendly aliases.
[::1]:port->localhost:port,[::]:port/[0:…:0]:port->*:port - diff_
connections - Compute the diff between two connection snapshots.
- docker_
proxy_ service - For a
docker-proxyconnection, resolve the compose/container service name behind it. ReturnsNoneif the connection is notdocker-proxyor if resolution fails (no PID, cmdline unreadable, daemon unreachable). - enrich_
age - Populate
age_secsfor each connection by reading the mtime of the socket fd in/proc/<pid>/fd/. Uses the stored inode to find the exact fd symlink. Linux only - no clean equivalent on macOS. - enrich_
cmdline - Populate
cmdlinefield for each connection. On Linux: reads/proc/<pid>/cmdline(full args joined with spaces). On macOS: usespidpath()to get the full binary path. - enrich_
fd - Populate
fd_usagefor each connection: (open_fds, soft_limit). On Linux: reads/proc/<pid>/fd/and/proc/<pid>/limits. On macOS: useslistpidinfo::<ListFDs>andgetrlimit. - enrich_
process_ tree - Populate
parent_chainfor each connection. On Linux: walks PPid links in/proc/<pid>/status. On macOS: usesBSDInfo.pbi_ppidvia libproc. Result format: “parent <- grandparent <- …” (up to 4 levels). - enrich_
systemd - Populate
systemd_unitfor each connection from/proc/<pid>/cgroup. Extracts the last path component ending in “.service”, “.scope”, or “.slice”. Not applicable on macOS (uses launchd). - fmt_age
- Format age in seconds as a human-readable string: “5s”, “3m12s”, “2h34m”, “1d3h”.
- resolve_
dns - Resolve remote IP addresses to hostnames in-place.
Skips wildcard (
*), loopback, and addresses that fail to resolve. All unique IPs are looked up concurrently under a single 2-second deadline, so total latency stays bounded regardless of how many connections are passed in. - resolve_
proxy_ origins - For each external connection that passes through a local proxy, return the list of originating process names (one or more).
- snapshot
- Return a snapshot of current network connections, optionally filtered.
- snapshot_
all - Return all connections without any filtering. Used internally for proxy chain analysis which needs the full picture.
- snapshot_
with_ containers - Collect connections from the host plus all running Docker containers. Linux only - Docker runs in a VM on macOS; namespace trick does not apply.
- sort_
connections - Sort connections in-place by one of the supported keys.
- summary
- Return a summary of connections grouped by proto and state.
- top_
connections - Return top N processes by connection count, descending. Ties are broken by name (ascending).
Type Aliases§
- Result
- Convenience alias for
std::result::Result<T, netls::Error>.