forked from elastic/beats
-
Notifications
You must be signed in to change notification settings - Fork 9
/
ptable.go
133 lines (114 loc) · 2.8 KB
/
ptable.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
package socket
import (
"os"
"strconv"
"strings"
"github.com/elastic/procfs"
"github.com/joeshaw/multierror"
)
// process tools
// Proc contains static process information.
type Proc struct {
PID int
Command string
Executable string
CmdLine string
}
// ProcTable contains all of the active processes (if the current user is root).
type ProcTable struct {
fs procfs.FS
procs map[int]*Proc
inodes map[uint32]*Proc
euid int
}
// NewProcTable returns a new ProcTable that reads data from the /proc
// directory by default. An alternative proc filesystem mountpoint can be
// specified through the mountpoint parameter.
func NewProcTable(mountpoint string) (*ProcTable, error) {
if mountpoint == "" {
mountpoint = procfs.DefaultMountPoint
}
fs, err := procfs.NewFS(mountpoint)
if err != nil {
return nil, err
}
p := &ProcTable{fs: fs, euid: os.Geteuid()}
p.Refresh()
return p, nil
}
// Refresh updates the process table with new processes and removes processes
// that have exited. It collects the PID, command, and socket inode information.
// If running as non-root, only information from the current process will be
// collected.
func (t *ProcTable) Refresh() error {
var err error
var procs []procfs.Proc
if t.euid == 0 {
procs, err = t.fs.AllProcs()
if err != nil {
return err
}
} else {
proc, err := t.fs.Self()
if err != nil {
return err
}
procs = append(procs, proc)
}
var errs multierror.Errors
inodes := map[uint32]*Proc{}
cachedProcs := make(map[int]*Proc, len(procs))
for _, p := range procs {
proc := t.procs[p.PID]
// Cache miss.
if proc == nil {
proc = &Proc{PID: p.PID}
if proc.Executable, err = p.Executable(); err != nil {
errs = append(errs, err)
}
if proc.Command, err = p.Comm(); err != nil {
errs = append(errs, err)
}
if cmdline, err := p.CmdLine(); err != nil {
errs = append(errs, err)
} else {
proc.CmdLine = strings.Join(cmdline, " ")
}
}
cachedProcs[proc.PID] = proc
// Always update map socket inode to Proc.
socketInodes, err := socketInodes(&p)
if err != nil {
errs = append(errs, err)
continue
}
for _, inode := range socketInodes {
inodes[inode] = proc
}
}
t.procs = cachedProcs
t.inodes = inodes
return errs.Err()
}
func socketInodes(p *procfs.Proc) ([]uint32, error) {
fds, err := p.FileDescriptorTargets()
if err != nil {
return nil, err
}
var inodes []uint32
for _, fd := range fds {
if strings.HasPrefix(fd, "socket:[") {
inode, err := strconv.ParseInt(fd[8:len(fd)-1], 10, 64)
if err != nil {
continue
}
inodes = append(inodes, uint32(inode))
}
}
return inodes, nil
}
// ProcessBySocketInode returns the Proc associated with the given socket
// inode.
func (t *ProcTable) ProcessBySocketInode(inode uint32) *Proc {
return t.inodes[inode]
}