Documentation
Overview ¶
Package process fetches process and socket information from the operating system. It can find the process owning a network connection.
Index ¶
- Constants
- Variables
- func All() map[int]*Process
- func CleanProcessStorage(activePIDs map[int]struct{})
- func SetDBController(controller *database.Controller)
- type Process
- func GetNetworkHost(ctx context.Context, remoteIP net.IP) (process *Process, err error)
- func GetOrFindProcess(ctx context.Context, pid int) (*Process, error)
- func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process *Process, connInbound bool, err error)
- func GetProcessFromStorage(pid int) (*Process, bool)
- func GetSystemProcess(ctx context.Context) *Process
- func GetUnidentifiedProcess(ctx context.Context) *Process
- func (p *Process) Delete()
- func (p *Process) GetExecHash(algorithm string) (string, error)
- func (p *Process) GetLastSeen() int64
- func (p *Process) GetProfile(ctx context.Context) (changed bool, err error)
- func (p *Process) Profile() *profile.LayeredProfile
- func (p *Process) Save()
- func (p *Process) SetLastSeen(lastSeen int64)
- func (p *Process) String() string
- func (p *Process) UpdateProfileMetadata()
Constants ¶
const ( // UnidentifiedProcessID is the PID used for anything that could not be // attributed to a PID for any reason. UnidentifiedProcessID = -1 // NetworkHostProcessID is the PID used for requests served to the network. NetworkHostProcessID = -255 )
const SystemProcessID = 0
SystemProcessID is the PID of the System/Kernel itself.
Variables ¶
var (
CfgOptionEnableProcessDetectionKey = "core/enableProcessDetection"
)
Configuration Keys.
Functions ¶
func CleanProcessStorage ¶
func CleanProcessStorage(activePIDs map[int]struct{})
CleanProcessStorage cleans the storage from old processes.
func SetDBController ¶
func SetDBController(controller *database.Controller)
SetDBController sets the database controller and allows the package to push database updates on a save. It must be set by the package that registers the "network" database.
Types ¶
type Process ¶
type Process struct { record.Base sync.Mutex Name string UserID int UserName string UserHome string Pid int ParentPid int Path string ExecName string Cwd string CmdLine string FirstArg string LocalProfileKey string FirstSeen int64 LastSeen int64 Error string // Cache errors ExecHashes map[string]string // contains filtered or unexported fields }
A Process represents a process running on the operating system.
func GetNetworkHost ¶
func GetOrFindProcess ¶
GetOrFindProcess returns the process for the given PID.
func GetProcessByConnection ¶
func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process *Process, connInbound bool, err error)
GetProcessByConnection returns the process that owns the described connection.
func GetProcessFromStorage ¶
GetProcessFromStorage returns a process from the internal storage.
func GetSystemProcess ¶
GetSystemProcess returns the special process used for the Kernel.
func GetUnidentifiedProcess ¶
GetUnidentifiedProcess returns the special process assigned to unidentified processes.
func (*Process) Delete ¶
func (p *Process) Delete()
Delete deletes a process from the storage and propagates the change.
func (*Process) GetExecHash ¶
GetExecHash returns the hash of the executable with the given algorithm.
func (*Process) GetLastSeen ¶
GetLastSeen returns the unix timestamp when the process was last seen.
func (*Process) GetProfile ¶
GetProfile finds and assigns a profile set to the process.
func (*Process) Profile ¶
func (p *Process) Profile() *profile.LayeredProfile
Profile returns the assigned layered profile.
func (*Process) Save ¶
func (p *Process) Save()
Save saves the process to the internal state and pushes an update.
func (*Process) SetLastSeen ¶
SetLastSeen sets the unix timestamp when the process was last seen.
func (*Process) UpdateProfileMetadata ¶
func (p *Process) UpdateProfileMetadata()
UpdateProfileMetadata updates the metadata of the local profile as required.