processlist

package
v0.0.0-...-17d25f2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 13, 2025 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package processlist holds process context

Package processlist holds process context

Package processlist holds process context

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ExecNode

type ExecNode struct {
	sync.Mutex
	model.Process

	// Key represents the key used to retrieve the exec from the cache
	// if the owner is able to define a key we use it, otherwise we'll put
	// a random generated uint64 cookie
	Key interface{}

	ProcessLink *ProcessNode

	MatchedRules []*model.MatchedRule
}

ExecNode defines an exec

func NewEmptyExecNode

func NewEmptyExecNode() *ExecNode

NewEmptyExecNode returns a new empty ExecNode instance

func NewExecNodeFromEvent

func NewExecNodeFromEvent(event *model.Event, key interface{}) *ExecNode

NewExecNodeFromEvent returns a new exec node from a given event, and if any, use the provided key to assign it (otherwise it will choose a random one)

func (*ExecNode) Debug

func (e *ExecNode) Debug(w io.Writer, prefix string)

Debug prints out recursively content of each node

func (*ExecNode) Insert

func (e *ExecNode) Insert(event *model.Event, imageTag string) (newEntryAdded bool, err error)

Insert will inserts the given event to the exec node, returns true if an entry were inserted nolint: all

func (*ExecNode) Scrub

func (e *ExecNode) Scrub() error

Scrub scrubs args and envs nolint: all

type Owner

type Owner interface {
	// is valid root node
	IsAValidRootNode(event *model.Process) bool

	// matches
	ExecMatches(e1, e2 *ExecNode) bool
	ProcessMatches(p1, p2 *ProcessNode) bool

	// send custom stats
	SendStats(client statsd.ClientInterface) error

	// returns the key related to an exec
	GetExecCacheKey(process *model.Process) interface{}

	// returns the key related to a process
	GetProcessCacheKey(process *model.Process) interface{}

	// returns the keys related to a process parent, given an event
	GetParentProcessCacheKey(event *model.Event) interface{}
}

Owner defines the interface to implement prior to use ProcessList

type ProcessList

type ProcessList struct {
	sync.Mutex

	// internals
	Stats ProcessStats
	// contains filtered or unexported fields
}

ProcessList defines a process graph/cache of processes and their related execs

func NewProcessList

func NewProcessList(selector cgroupModel.WorkloadSelector, validEventTypes []model.EventType, owner Owner,
	statsdClient statsd.ClientInterface, scrubber *procutil.DataScrubber) *ProcessList

NewProcessList returns a new process list

func NewProcessListFromFile

func NewProcessListFromFile(owner Owner) (*ProcessList, error)

NewProcessListFromFile returns a new process list from a file nolint: all

func (*ProcessList) AppendChild

func (pl *ProcessList) AppendChild(node *ProcessNode, currentParrent bool)

AppendChild appends a new root node in the ProcessList

func (*ProcessList) Contains

func (pl *ProcessList) Contains(event *model.Event, insertMissingProcesses bool, imageTag string) (newEntryAdded bool, err error)

nolint: all

func (*ProcessList) Debug

func (pl *ProcessList) Debug(w io.Writer)

Debug prints out recursively content of each node

func (*ProcessList) DeleteCachedProcess

func (pl *ProcessList) DeleteCachedProcess(key interface{}, imageTag string) (entryDeleted bool, err error)

DeleteCachedProcess deletes the process matching the provided key, and all its children

func (*ProcessList) GetCacheExec

func (pl *ProcessList) GetCacheExec(key interface{}) *ExecNode

GetCacheExec retrieve the cached exec matching the given key

func (*ProcessList) GetCacheProcess

func (pl *ProcessList) GetCacheProcess(key interface{}) *ProcessNode

GetCacheProcess retrieve the cached process matching the given key

func (*ProcessList) GetChildren

func (pl *ProcessList) GetChildren() *[]*ProcessNode

GetChildren returns the root nodes

func (*ProcessList) GetCurrentParent

func (pl *ProcessList) GetCurrentParent() ProcessNodeIface

GetCurrentParent returns nil (process list don't have parent)

func (*ProcessList) GetCurrentSiblings

func (pl *ProcessList) GetCurrentSiblings() *[]*ProcessNode

GetCurrentSiblings returns nil (process list don't have siblings)

func (*ProcessList) GetExecCacheSize

func (pl *ProcessList) GetExecCacheSize() int

GetExecCacheSize returns the exec cache size

func (*ProcessList) GetPossibleParents

func (pl *ProcessList) GetPossibleParents() []ProcessNodeIface

GetPossibleParents returns nil (process list don't have parent)

func (*ProcessList) GetProcessCacheSize

func (pl *ProcessList) GetProcessCacheSize() int

GetProcessCacheSize returns the process cache size

func (*ProcessList) Insert

func (pl *ProcessList) Insert(event *model.Event, insertMissingProcesses bool, imageTag string) (newEntryAdded bool, err error)

Insert tries to insert (or delete) the given event ot the process list graph, using cache if possible

func (*ProcessList) MatchesSelector

func (pl *ProcessList) MatchesSelector(event *model.Event) bool

nolint: all

func (*ProcessList) SaveToFile

func (pl *ProcessList) SaveToFile(filePath, format string) error

marshall and save processes to the given file nolint: all

func (*ProcessList) ToDOT

func (pl *ProcessList) ToDOT() ([]byte, error)

nolint: all

func (*ProcessList) ToJSON

func (pl *ProcessList) ToJSON() ([]byte, error)

nolint: all

func (*ProcessList) UnlinkChild

func (pl *ProcessList) UnlinkChild(_ Owner, child *ProcessNode) bool

UnlinkChild unlinks a root node

func (*ProcessList) Walk

func (pl *ProcessList) Walk(f func(node *ProcessNode) (stop bool)) (stop bool)

Walk walks recursively the process nodes

type ProcessNode

type ProcessNode struct {
	sync.Mutex

	// represent the key used to retrieve the process from the cache
	// if the owner is able to define a key we use it, otherwise we'll put
	// a random generated uint64 cookie
	Key interface{}

	// mainly used by dump/profiles
	ImageTags []string

	// for runtime cache: possible parents represents an agregated view of what we saw at runtime (ex: if a process
	// loose its parent and being attached to the closest sub-reaper, it would have 1 current parrent but
	// 2 possible ones).
	// for AD: same logic as for runtime
	CurrentParent   ProcessNodeIface
	PossibleParents []ProcessNodeIface

	// for runtime cache: possible execs represents the ancestors, in a unsorted way
	// for AD: possible execs represents, after a fork, what exec we already seen (and so,
	//         possible ones)
	CurrentExec   *ExecNode
	PossibleExecs []*ExecNode

	Children []*ProcessNode

	// Used to store custom fields, depending on the owner, basically:
	// == Fields used by process resolver:
	// refCount?
	// onRelase CB?
	// (would be great if we finally can get rid of it!)
	UserData interface{}
}

ProcessNode holds the activity of a process

func NewProcessExecNodeFromEvent

func NewProcessExecNodeFromEvent(event *model.Event, processKey, execKey interface{}) *ProcessNode

NewProcessExecNodeFromEvent returns a process node filled with an exec node corresponding to the given event

func (*ProcessNode) AppendChild

func (pn *ProcessNode) AppendChild(child *ProcessNode, currentParent bool)

AppendChild appends a new node in the process node

func (*ProcessNode) AppendExec

func (pn *ProcessNode) AppendExec(exec *ExecNode, currentExec bool)

AppendExec adds a new exec to the process node, and mark it as current if currentExec is specified

func (*ProcessNode) Debug

func (pn *ProcessNode) Debug(w io.Writer, prefix string)

Debug prints out recursively content of each node

func (*ProcessNode) GetChildren

func (pn *ProcessNode) GetChildren() *[]*ProcessNode

GetChildren returns the list of children of the ProcessNode

func (*ProcessNode) GetCurrentParent

func (pn *ProcessNode) GetCurrentParent() ProcessNodeIface

GetCurrentParent returns the current parent

func (*ProcessNode) GetCurrentSiblings

func (pn *ProcessNode) GetCurrentSiblings() *[]*ProcessNode

GetCurrentSiblings returns the list of siblings of the current node

func (*ProcessNode) GetPossibleParents

func (pn *ProcessNode) GetPossibleParents() []ProcessNodeIface

GetPossibleParents returns the possible parents

func (*ProcessNode) UnlinkChild

func (pn *ProcessNode) UnlinkChild(owner Owner, child *ProcessNode) bool

UnlinkChild unlinks a child from the children list

func (*ProcessNode) Walk

func (pn *ProcessNode) Walk(f func(node *ProcessNode) (stop bool)) (stop bool)

Walk walks the process node and childs recursively

type ProcessNodeIface

type ProcessNodeIface interface {
	GetCurrentParent() ProcessNodeIface
	GetPossibleParents() []ProcessNodeIface
	GetChildren() *[]*ProcessNode
	GetCurrentSiblings() *[]*ProcessNode
	AppendChild(child *ProcessNode, currentParent bool)
	UnlinkChild(owner Owner, child *ProcessNode) bool
}

ProcessNodeIface is an interface used to identify the parent of a process context

type ProcessStats

type ProcessStats struct {
	// Total metric since startup
	TotalProcessNodes int64
	TotalExecNodes    int64

	// Current number of nodes per type
	CurrentProcessNodes int64
	CurrentExecNodes    int64
}

ProcessStats stores stats

Directories

Path Synopsis
Package activitytree holds activitytree related files
Package activitytree holds activitytree related files
Package processresolver holds processresolver related files
Package processresolver holds processresolver related files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL