From 4b8b5de6502dcf4b8a46711ce57663fea3138890 Mon Sep 17 00:00:00 2001
From: David McDonald <dgmcdona@uno.edu>
Date: Wed, 25 Sep 2024 13:13:33 -0500
Subject: [PATCH] Linux: Update sockstat to render process names

Currently, process names are not displayed for sockets in the sockstat
plugin, making analysis more painful than it needs to be. This updates
the `list_sockets` classmethod and the `generator` method to return the
process name in addition to the PID.

Because this is changing the public interface, this commit includes a
major version bump for `linux.sockstat.Sockstat`.
---
 volatility3/framework/plugins/linux/sockstat.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/volatility3/framework/plugins/linux/sockstat.py b/volatility3/framework/plugins/linux/sockstat.py
index b0503b1052..87e2365060 100644
--- a/volatility3/framework/plugins/linux/sockstat.py
+++ b/volatility3/framework/plugins/linux/sockstat.py
@@ -507,7 +507,7 @@ def list_sockets(
         dfop_addr = vmlinux.object_from_symbol("sockfs_dentry_operations").vol.offset
 
         fd_generator = lsof.Lsof.list_fds(context, vmlinux.name, filter_func)
-        for _pid, _task_comm, task, fd_fields in fd_generator:
+        for _pid, task_comm, task, fd_fields in fd_generator:
             fd_num, filp, _full_path = fd_fields
 
             if filp.f_op not in (sfop_addr, dfop_addr):
@@ -548,7 +548,7 @@ def list_sockets(
             except AttributeError:
                 netns_id = NotAvailableValue()
 
-            yield task, netns_id, fd_num, family, sock_type, protocol, sock_fields
+            yield task_comm, task, netns_id, fd_num, family, sock_type, protocol, sock_fields
 
     def _format_fields(self, sock_stat, protocol):
         """Prepare the socket fields to be rendered
@@ -595,6 +595,7 @@ def _generator(self, pids: List[int], netns_id_arg: int, symbol_table: str):
         )
 
         for (
+            task_comm,
             task,
             netns_id,
             fd_num,
@@ -617,6 +618,7 @@ def _generator(self, pids: List[int], netns_id_arg: int, symbol_table: str):
 
             fields = (
                 netns_id,
+                task_comm,
                 task.pid,
                 fd_num,
                 format_hints.Hex(sock.vol.offset),
@@ -636,6 +638,7 @@ def run(self):
 
         tree_grid_args = [
             ("NetNS", int),
+            ("Process Name", str),
             ("Pid", int),
             ("FD", int),
             ("Sock Offset", format_hints.Hex),