Implement entity_id. Issue #155 #171
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
Author
|
|
Collaborator
Author
|
I've decided to go for a stupidly simple entity_id, the only requirement is too be unique, so pid + boot time should be enough in linux, no point in trying to match other implementations as everyone does differently anyway. |
haesbaert
force-pushed
the
entity_id
branch
2 times, most recently
from
d5ec11a to
8175572
Compare
quark.c
Outdated
| } | ||
|
|
||
| static void | ||
| process_entity_id(struct quark_queue *qq, struct quark_process *qp) |
Contributor
There was a problem hiding this comment.
I don't see qq being used. Nuke it?
Collaborator
Author
There was a problem hiding this comment.
Good catch! I adapted from the old code and didn't realize it, will zap it.
This implements entity id as defined in https://www.elastic.co/docs/reference/ecs/ecs-process#field-process-entity-id I don't want to link with libresolv just to get b64_ntop, so include our own portable version (musl also doesn't have it). Entity id's only requirement is to be unique, so use pid number + boot time, which should be enough.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implements the 12 byte entity id as defined in https://www.elastic.co/docs/reference/ecs/ecs-process#field-process-entity-idWe can't depend on dynamic linking of md or openssl, so include a standlone MIT licensed sha256 implementation from https://github.com/ilvn/SHA256, they claim to be formally verified, so that's something.We now also have to link against resolv so we can get the base64 functions, that's ok, beats already links against it.This is a WIP as I want to make sure we compute the very same entity_id as gosysinfo and friends.