processlist

package
v0.0.0-...-44211a0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 9, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package processlist holds process context

Package processlist holds process context

Package processlist holds process context

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ExecNode 

type ExecNode struct {
	sync.Mutex
	model.Process

	// Key represents the key used to retrieve the exec from the cache
	// if the owner is able to define a key we use it, otherwise we'll put
	// a random generated uint64 cookie
	Key interface{}

	ProcessLink *ProcessNode

	MatchedRules []*model.MatchedRule
}

ExecNode defines an exec

func NewEmptyExecNode 

func NewEmptyExecNode() *ExecNode

NewEmptyExecNode returns a new empty ExecNode instance

func NewExecNodeFromEvent 

func NewExecNodeFromEvent(event *model.Event, key interface{}) *ExecNode

NewExecNodeFromEvent returns a new exec node from a given event, and if any, use the provided key to assign it (otherwise it will choose a random one)

func (*ExecNode) Debug 

func (e *ExecNode) Debug(w io.Writer, prefix string)

Debug prints out recursively content of each node

func (*ExecNode) Insert 

func (e *ExecNode) Insert(event *model.Event, imageTag string) (newEntryAdded bool, err error)

Insert will inserts the given event to the exec node, returns true if an entry were inserted nolint: all

func (*ExecNode) Scrub 

func (e *ExecNode) Scrub() error

Scrub scrubs args and envs nolint: all

type Owner 

type Owner interface {
	// is valid root node
	IsAValidRootNode(event *model.Process) bool

	// matches
	ExecMatches(e1, e2 *ExecNode) bool
	ProcessMatches(p1, p2 *ProcessNode) bool

	// send custom stats
	SendStats(client statsd.ClientInterface) error

	// returns the key related to an exec
	GetExecCacheKey(process *model.Process) interface{}

	// returns the key related to a process
	GetProcessCacheKey(process *model.Process) interface{}

	// returns the keys related to a process parent, given an event
	GetParentProcessCacheKey(event *model.Event) interface{}
}

Owner defines the interface to implement prior to use ProcessList

type ProcessList 

type ProcessList struct {
	sync.Mutex

	// internals
	Stats ProcessStats
	// contains filtered or unexported fields
}

ProcessList defines a process graph/cache of processes and their related execs

func NewProcessList 

func NewProcessList(selector cgroupModel.WorkloadSelector, validEventTypes []model.EventType, owner Owner,
	statsdClient statsd.ClientInterface, scrubber *procutil.DataScrubber) *ProcessList

NewProcessList returns a new process list

func NewProcessListFromFile 

func NewProcessListFromFile(owner Owner) (*ProcessList, error)

NewProcessListFromFile returns a new process list from a file nolint: all

func (*ProcessList) AppendChild 

func (pl *ProcessList) AppendChild(node *ProcessNode, currentParrent bool)

AppendChild appends a new root node in the ProcessList

func (*ProcessList) Contains 

func (pl *ProcessList) Contains(event *model.Event, insertMissingProcesses bool, imageTag string) (newEntryAdded bool, err error)

nolint: all

func (*ProcessList) Debug 

func (pl *ProcessList) Debug(w io.Writer)

Debug prints out recursively content of each node

func (*ProcessList) DeleteCachedProcess 

func (pl *ProcessList) DeleteCachedProcess(key interface{}, imageTag string) (entryDeleted bool, err error)

DeleteCachedProcess deletes the process matching the provided key, and all its children

func (*ProcessList) GetCacheExec 

func (pl *ProcessList) GetCacheExec(key interface{}) *ExecNode

GetCacheExec retrieve the cached exec matching the given key

func (*ProcessList) GetCacheProcess 

func (pl *ProcessList) GetCacheProcess(key interface{}) *ProcessNode

GetCacheProcess retrieve the cached process matching the given key

func (*ProcessList) GetChildren 

func (pl *ProcessList) GetChildren() *[]*ProcessNode

GetChildren returns the root nodes

func (*ProcessList) GetCurrentParent 

func (pl *ProcessList) GetCurrentParent() ProcessNodeIface

GetCurrentParent returns nil (process list don't have parent)

func (*ProcessList) GetCurrentSiblings 

func (pl *ProcessList) GetCurrentSiblings() *[]*ProcessNode

GetCurrentSiblings returns nil (process list don't have siblings)

func (*ProcessList) GetExecCacheSize 

func (pl *ProcessList) GetExecCacheSize() int

GetExecCacheSize returns the exec cache size

func (*ProcessList) GetPossibleParents 

func (pl *ProcessList) GetPossibleParents() []ProcessNodeIface

GetPossibleParents returns nil (process list don't have parent)

func (*ProcessList) GetProcessCacheSize 

func (pl *ProcessList) GetProcessCacheSize() int

GetProcessCacheSize returns the process cache size

func (*ProcessList) Insert 

func (pl *ProcessList) Insert(event *model.Event, insertMissingProcesses bool, imageTag string) (newEntryAdded bool, err error)

Insert tries to insert (or delete) the given event ot the process list graph, using cache if possible

func (*ProcessList) MatchesSelector 

func (pl *ProcessList) MatchesSelector(event *model.Event) bool

nolint: all

func (*ProcessList) SaveToFile 

func (pl *ProcessList) SaveToFile(filePath, format string) error

marshall and save processes to the given file nolint: all

func (*ProcessList) ToDOT 

func (pl *ProcessList) ToDOT() ([]byte, error)

nolint: all

func (*ProcessList) ToJSON 

func (pl *ProcessList) ToJSON() ([]byte, error)

nolint: all

func (*ProcessList) UnlinkChild 

func (pl *ProcessList) UnlinkChild(_ Owner, child *ProcessNode) bool

UnlinkChild unlinks a root node

func (*ProcessList) Walk 

func (pl *ProcessList) Walk(f func(node *ProcessNode) (stop bool)) (stop bool)

Walk walks recursively the process nodes

type ProcessNode 

type ProcessNode struct {
	sync.Mutex

	// represent the key used to retrieve the process from the cache
	// if the owner is able to define a key we use it, otherwise we'll put
	// a random generated uint64 cookie
	Key interface{}

	// mainly used by dump/profiles
	ImageTags []string

	// for runtime cache: possible parents represents an agregated view of what we saw at runtime (ex: if a process
	// loose its parent and being attached to the closest sub-reaper, it would have 1 current parrent but
	// 2 possible ones).
	// for AD: same logic as for runtime
	CurrentParent   ProcessNodeIface
	PossibleParents []ProcessNodeIface

	// for runtime cache: possible execs represents the ancestors, in a unsorted way
	// for AD: possible execs represents, after a fork, what exec we already seen (and so,
	//         possible ones)
	CurrentExec   *ExecNode
	PossibleExecs []*ExecNode

	Children []*ProcessNode

	// Used to store custom fields, depending on the owner, basically:
	// == Fields used by process resolver:
	// refCount?
	// onRelase CB?
	// (would be great if we finally can get rid of it!)
	UserData interface{}
}

ProcessNode holds the activity of a process

func NewProcessExecNodeFromEvent 

func NewProcessExecNodeFromEvent(event *model.Event, processKey, execKey interface{}) *ProcessNode

NewProcessExecNodeFromEvent returns a process node filled with an exec node corresponding to the given event

func (*ProcessNode) AppendChild 

func (pn *ProcessNode) AppendChild(child *ProcessNode, currentParent bool)

AppendChild appends a new node in the process node

func (*ProcessNode) AppendExec 

func (pn *ProcessNode) AppendExec(exec *ExecNode, currentExec bool)

AppendExec adds a new exec to the process node, and mark it as current if currentExec is specified

func (*ProcessNode) Debug 

func (pn *ProcessNode) Debug(w io.Writer, prefix string)

Debug prints out recursively content of each node

func (*ProcessNode) GetChildren 

func (pn *ProcessNode) GetChildren() *[]*ProcessNode

GetChildren returns the list of children of the ProcessNode

func (*ProcessNode) GetCurrentParent 

func (pn *ProcessNode) GetCurrentParent() ProcessNodeIface

GetCurrentParent returns the current parent

func (*ProcessNode) GetCurrentSiblings 

func (pn *ProcessNode) GetCurrentSiblings() *[]*ProcessNode

GetCurrentSiblings returns the list of siblings of the current node

func (*ProcessNode) GetPossibleParents 

func (pn *ProcessNode) GetPossibleParents() []ProcessNodeIface

GetPossibleParents returns the possible parents

func (*ProcessNode) UnlinkChild 

func (pn *ProcessNode) UnlinkChild(owner Owner, child *ProcessNode) bool

UnlinkChild unlinks a child from the children list

func (*ProcessNode) Walk 

func (pn *ProcessNode) Walk(f func(node *ProcessNode) (stop bool)) (stop bool)

Walk walks the process node and childs recursively

type ProcessNodeIface 

type ProcessNodeIface interface {
	GetCurrentParent() ProcessNodeIface
	GetPossibleParents() []ProcessNodeIface
	GetChildren() *[]*ProcessNode
	GetCurrentSiblings() *[]*ProcessNode
	AppendChild(child *ProcessNode, currentParent bool)
	UnlinkChild(owner Owner, child *ProcessNode) bool
}

ProcessNodeIface is an interface used to identify the parent of a process context

type ProcessStats 

type ProcessStats struct {
	// Total metric since startup
	TotalProcessNodes int64
	TotalExecNodes    int64

	// Current number of nodes per type
	CurrentProcessNodes int64
	CurrentExecNodes    int64
}

ProcessStats stores stats

Source Files

View all Source files

Directories

Path Synopsis
Package activitytree holds activitytree related files
 Package activitytree holds activitytree related files
Package processresolver holds processresolver related files
 Package processresolver holds processresolver related files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.