Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Linux: Update sockstat to render process names #1271

Merged
merged 1 commit into from
Sep 25, 2024
Merged

Linux: Update sockstat to render process names #1271

merged 1 commit into from
Sep 25, 2024

Conversation

dgmcdona
Copy link
Contributor

Currently, process names are not displayed for sockets in the sockstat plugin, making analysis more painful than it needs to be. This updates the list_sockets classmethod and the _generator method to return the process name in addition to the PID.

Because this is changing the public interface, this commit includes a major version bump for linux.sockstat.Sockstat.

@atcuno
Copy link
Contributor

atcuno commented Sep 25, 2024

@ikelos this is a high priority change for the October release. Also, please make sure the version bump is correct here.

@gcmoreira
Copy link
Contributor

@ikelos This will have conflicts with #1263 .. depending on the order in which you want to merge them, we'll need to adjust the other accordingly.

ikelos
ikelos requested changes Sep 25, 2024
View reviewed changes
Copy link
Member

@ikelos ikelos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pretty straightforward change, but altering the return value requires a MAJOR version bump (because it's not a simple additive change to the API).

volatility3/framework/plugins/linux/sockstat.py Show resolved Hide resolved
@dgmcdona
Linux: Update sockstat to render process names
7f37135 
Currently, process names are not displayed for sockets in the sockstat
plugin, making analysis more painful than it needs to be. This updates
the `list_sockets` classmethod and the `generator` method to return the
process name in addition to the PID.

Because this is changing the public interface, this commit includes a
major version bump for `linux.sockstat.Sockstat`.
@dgmcdona dgmcdona force-pushed the dgmcdona/linux-sockstat-procnames branch from 4b8b5de to 7f37135 Compare September 25, 2024 22:34
@ikelos
Copy link
Member

ikelos commented Sep 25, 2024

#1263 seems much bigger, might be easier to just get this one merged and then fix up the other one if this one is urgent? I'll try and get to #1263 next, but I'm falling asleep here I'm afraid... 5:S

@dgmcdona
Copy link
Contributor Author

I thought I had already bumped the version but apparently not, it's done now. There are no consumers of this plugin that require updating.

@ikelos ikelos self-requested a review September 25, 2024 22:36
ikelos
ikelos approved these changes Sep 25, 2024
View reviewed changes
Copy link
Member

@ikelos ikelos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good now, thanks

@ikelos ikelos merged commit e094218 into volatilityfoundation:develop Sep 25, 2024
12 checks passed
@ikelos ikelos mentioned this pull request Sep 25, 2024
Merged
gcmoreira added a commit to gcmoreira/volatility3 that referenced this pull request Oct 4, 2024
@gcmoreira
Merge with 'develop', resolving conflicts and undoing changes volatil…
ddd8de5 
…ityfoundation#1271 for the list_sockets class_method
gcmoreira added a commit to gcmoreira/volatility3 that referenced this pull request Oct 4, 2024
@gcmoreira
Linux: sockstat. Fix volatilityfoundation#1271 which unnecessarily ex…
cffad87 
…tends the interface of the list_sockets() class method
@gcmoreira gcmoreira mentioned this pull request Oct 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ikelos ikelos ikelos approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dgmcdona @atcuno @gcmoreira @ikelos