def calculate(self): linux_common.set_plugin_members(self) fs_types = self._get_filesystem_types() # newer kernels if self.profile.has_type("mount"): mnttype = "mount" cache = linux_slabinfo(self._config).get_kmem_cache( mnttype, self._config.UNALLOCATED) for task in linux_pslist.linux_pslist(self._config).calculate(): if task.pid == 1: ns = task.nsproxy.mnt_ns break else: cache = linux_slabinfo(self._config).get_kmem_cache( "mnt_cache", self._config.UNALLOCATED, struct_name="vfsmount") ns = None for mnt in cache: ret = self._parse_mnt(mnt, ns, fs_types) if ret: (mnt_sb, dev_name, path, fstype, rr, mnt_string) = ret if not (dev_name == "devtmpfs" and path == "/"): yield (mnt_sb, dev_name, path, fstype, rr, mnt_string)
def calculate(self): linux_common.set_plugin_members(self) fs_types = self._get_filesystem_types() # newer kernels if self.profile.has_type("mount"): mnttype = "mount" cache = linux_slabinfo(self._config).get_kmem_cache(mnttype, self._config.UNALLOCATED) for task in linux_pslist.linux_pslist(self._config).calculate(): if task.pid == 1: ns = task.nsproxy.mnt_ns break else: cache = linux_slabinfo(self._config).get_kmem_cache( "mnt_cache", self._config.UNALLOCATED, struct_name="vfsmount" ) ns = None for mnt in cache: ret = self._parse_mnt(mnt, ns, fs_types) if ret: (mnt_sb, dev_name, path, fstype, rr, mnt_string) = ret if not (dev_name == "devtmpfs" and path == "/"): yield (mnt_sb, dev_name, path, fstype, rr, mnt_string)
def calculate(self): linux_common.set_plugin_members(self) cache = linux_slabinfo(self._config).get_kmem_cache("dentry", self._config.UNALLOCATED) # support for old kernels if cache == []: cache = linux_slabinfo(self._config).get_kmem_cache("dentry_cache", self._config.UNALLOCATED, struct_name = "dentry") for dentry in cache: yield self.make_body(dentry)
def calculate(self): linux_common.set_plugin_members(self) cache = linux_slabinfo(self._config).get_kmem_cache( "dentry", self._config.UNALLOCATED) # support for old kernels if cache == []: cache = linux_slabinfo(self._config).get_kmem_cache( "dentry_cache", self._config.UNALLOCATED, struct_name="dentry") for dentry in cache: yield self.make_body(dentry)
def walk_cache(self, cache_name): cache = linux_slabinfo(self._config).get_kmem_cache(cache_name, self._config.UNALLOCATED, struct_name = "sk_buff") if not cache: return for s in cache: for msg in self.write_sk_buff(s): yield msg
def calculate(self): linux_common.set_plugin_members(self) # newer kernels if self.profile.has_type("mount"): mnttype = "mount" cache = linux_slabinfo(self._config).get_kmem_cache(mnttype, self._config.UNALLOCATED) for task in linux_pslist.linux_pslist(self._config).calculate(): if task.pid == 1: ns = task.nsproxy.mnt_ns break else: cache = linux_slabinfo(self._config).get_kmem_cache("mnt_cache", self._config.UNALLOCATED, struct_name = "vfsmount") ns = None for mnt in cache: yield (mnt, ns)
def calculate(self): linux_common.set_plugin_members(self) pidlist = self._config.PID if pidlist: pidlist = [int(p) for p in self._config.PID.split(',')] cache = linux_slabinfo(self._config).get_kmem_cache("task_struct", self._config.UNALLOCATED) for task in cache: if not pidlist or task.pid in pidlist: yield task
def calculate(self): linux_common.set_plugin_members(self) has_owner = self.profile.obj_has_member("mm_struct", "owner") cache = linux_slabinfo(self._config).get_kmem_cache("vm_area_struct", self._config.UNALLOCATED) for vm in cache: start = vm.vm_start end = vm.vm_end if has_owner and vm.vm_mm and vm.vm_mm.is_valid(): task = vm.vm_mm.owner (task_name, pid) = (task.comm, task.pid) else: (task_name, pid) = ("", "") if vm.vm_file and vm.vm_file.is_valid(): path = linux_common.get_partial_path(vm.vm_file.dentry) else: path = "" yield task_name, pid, start, end, path
def calculate(self): linux_common.set_plugin_members(self) has_owner = self.profile.obj_has_member("mm_struct", "owner") cache = linux_slabinfo(self._config).get_kmem_cache("vm_area_struct", self._config.UNALLOCATED) for vm in cache: start = vm.vm_start end = vm.vm_end if has_owner and vm.vm_mm and vm.vm_mm.is_valid(): task = vm.vm_mm.owner (task_name, pid) = (task.comm, task.pid) else: (task_name, pid) = ("", "") if vm.vm_file and vm.vm_file.is_valid(): path = vm.vm_file.dentry.get_partial_path() else: path = "" yield task_name, pid, start, end, path