process

package
v0.4.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 27, 2020 License: AGPL-3.0 Imports: 22 Imported by: 0

Documentation

Overview

Package process fetches process and socket information from the operating system. It can find the process owning a network connection.

Index

Constants

View Source
const (
	UnidentifiedProcessID = -1
	SystemProcessID       = 0
)

Special Process IDs

Variables

View Source
var (
	CfgOptionEnableProcessDetectionKey = "core/enableProcessDetection"
)

Configuration Keys

View Source
var (
	ErrProcessNotFound = errors.New("could not find process in system state tables")
)

Errors

Functions

func All

func All() map[int]*Process

All returns a copy of all process objects.

func CleanProcessStorage

func CleanProcessStorage(activePIDs map[int]struct{})

CleanProcessStorage cleans the storage from old processes.

func SetDBController

func SetDBController(controller *database.Controller)

SetDBController sets the database controller and allows the package to push database updates on a save. It must be set by the package that registers the "network" database.

Types

type Process

type Process struct {
	record.Base
	sync.Mutex

	UserID    int
	UserName  string
	UserHome  string
	Pid       int
	ParentPid int
	Path      string
	Cwd       string
	CmdLine   string
	FirstArg  string

	ExecName   string
	ExecHashes map[string]string

	LocalProfileKey string

	Name string
	Icon string

	FirstSeen int64
	LastSeen  int64

	Virtual bool   // This process is either merged into another process or is not needed.
	Error   string // Cache errors
	// contains filtered or unexported fields
}

A Process represents a process running on the operating system

func GetOrFindPrimaryProcess added in v0.2.5

func GetOrFindPrimaryProcess(ctx context.Context, pid int) (*Process, error)

GetOrFindPrimaryProcess returns the highest process in the tree that matches the given PID.

func GetOrFindProcess

func GetOrFindProcess(ctx context.Context, pid int) (*Process, error)

GetOrFindProcess returns the process for the given PID.

func GetProcessByConnection added in v0.4.4

func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process *Process, connInbound bool, err error)

GetProcessByConnection returns the process that owns the described connection.

func GetProcessFromStorage

func GetProcessFromStorage(pid int) (*Process, bool)

GetProcessFromStorage returns a process from the internal storage.

func GetSystemProcess added in v0.4.1

func GetSystemProcess(ctx context.Context) *Process

GetSystemProcess returns the special process used for the Kernel.

func GetUnidentifiedProcess added in v0.4.1

func GetUnidentifiedProcess(ctx context.Context) *Process

GetUnidentifiedProcess returns the special process assigned to unidentified processes.

func (*Process) Delete

func (p *Process) Delete()

Delete deletes a process from the storage and propagates the change.

func (*Process) GetExecHash

func (p *Process) GetExecHash(algorithm string) (string, error)

GetExecHash returns the hash of the executable with the given algorithm.

func (*Process) GetProfile added in v0.4.0

func (p *Process) GetProfile(ctx context.Context) error

GetProfile finds and assigns a profile set to the process.

func (*Process) IsAdmin

func (p *Process) IsAdmin() bool

IsAdmin returns whether the process is run by an admin user.

func (*Process) IsKernel

func (p *Process) IsKernel() bool

IsKernel returns whether the process is the Kernel.

func (*Process) IsSystem

func (p *Process) IsSystem() bool

IsSystem returns whether the process is run by the operating system.

func (*Process) IsUser

func (p *Process) IsUser() bool

IsUser returns whether the process is run by a normal user.

func (*Process) Profile added in v0.4.0

func (p *Process) Profile() *profile.LayeredProfile

Profile returns the assigned layered profile.

func (*Process) Save

func (p *Process) Save()

Save saves the process to the internal state and pushes an update.

func (*Process) String

func (p *Process) String() string

Strings returns a string representation of process.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL