Documentation ¶
Overview ¶
Package process fetches process and socket information from the operating system. It can find the process owning a network connection.
Index ¶
- Variables
- func CleanProcessStorage(thresholdDuration time.Duration)
- func GetActiveConnectionIDs() []string
- func GetPidByEndpoints(localIP net.IP, localPort uint16, remoteIP net.IP, remotePort uint16, ...) (pid int, direction bool, err error)
- func GetPidByPacket(pkt packet.Packet) (pid int, direction bool, err error)
- func SetDBController(controller *database.Controller)
- type Process
- func All() []*Process
- func GetOrFindProcess(pid int) (*Process, error)
- func GetProcessByEndpoints(localIP net.IP, localPort uint16, remoteIP net.IP, remotePort uint16, ...) (process *Process, err error)
- func GetProcessByPacket(pkt packet.Packet) (process *Process, direction bool, err error)
- func GetProcessFromStorage(pid int) (*Process, bool)
- func (p *Process) AddConnection()
- func (p *Process) Delete()
- func (p *Process) FindProfiles() error
- func (p *Process) GetExecHash(algorithm string) (string, error)
- func (m *Process) IsAdmin() bool
- func (m *Process) IsKernel() bool
- func (m *Process) IsSystem() bool
- func (m *Process) IsUser() bool
- func (p *Process) ProfileSet() *profile.Set
- func (p *Process) RemoveConnection()
- func (p *Process) Save()
- func (p *Process) String() string
Constants ¶
This section is empty.
Variables ¶
var ( ErrConnectionNotFound = errors.New("could not find connection in system state tables") ErrProcessNotFound = errors.New("could not find process in system state tables") )
Errors
var ( // UnknownProcess is used when a process cannot be found. UnknownProcess = &Process{ UserID: -1, UserName: "Unknown", Pid: -1, ParentPid: -1, Name: "Unknown Processes", } )
Functions ¶
func CleanProcessStorage ¶
CleanProcessStorage cleans the storage from old processes.
func GetActiveConnectionIDs ¶
func GetActiveConnectionIDs() []string
GetActiveConnectionIDs returns a list of all active connection IDs.
func GetPidByEndpoints ¶
func GetPidByEndpoints(localIP net.IP, localPort uint16, remoteIP net.IP, remotePort uint16, protocol packet.IPProtocol) (pid int, direction bool, err error)
GetPidByEndpoints returns the pid of the owner of the described link.
func GetPidByPacket ¶
GetPidByPacket returns the pid of the owner of the packet.
func SetDBController ¶
func SetDBController(controller *database.Controller)
SetDBController sets the database controller and allows the package to push database updates on a save. It must be set by the package that registers the "network" database.
Types ¶
type Process ¶
type Process struct { record.Base sync.Mutex UserID int UserName string UserHome string Pid int ParentPid int Path string Cwd string CmdLine string FirstArg string ExecName string ExecHashes map[string]string UserProfileKey string Name string Icon string FirstConnectionEstablished int64 LastConnectionEstablished int64 ConnectionCount uint // contains filtered or unexported fields }
A Process represents a process running on the operating system
func GetOrFindProcess ¶
GetOrFindProcess returns the process for the given PID.
func GetProcessByEndpoints ¶
func GetProcessByEndpoints(localIP net.IP, localPort uint16, remoteIP net.IP, remotePort uint16, protocol packet.IPProtocol) (process *Process, err error)
GetProcessByEndpoints returns the process that owns the described link.
func GetProcessByPacket ¶
GetProcessByPacket returns the process that owns the given packet.
func GetProcessFromStorage ¶
GetProcessFromStorage returns a process from the internal storage.
func (*Process) AddConnection ¶
func (p *Process) AddConnection()
AddConnection increases the connection counter and the last connection timestamp.
func (*Process) Delete ¶
func (p *Process) Delete()
Delete deletes a process from the storage and propagates the change.
func (*Process) FindProfiles ¶
FindProfiles finds and assigns a profile set to the process.
func (*Process) GetExecHash ¶
GetExecHash returns the hash of the executable with the given algorithm.
func (*Process) ProfileSet ¶
ProfileSet returns the assigned profile set.
func (*Process) RemoveConnection ¶
func (p *Process) RemoveConnection()
RemoveConnection lowers the connection counter by one.