mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 16:44:46 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

search for the PID in the inodes cache before discard it

Browse source 
Even if we don't have the inode, the connection might be cached.
This commit is contained in:
Gustavo Iñiguez Goia 2020-04-03 00:43:49 +02:00
parent f7114d95c4
commit 4466d1dfbc
1 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
daemon/procmon/parse.go
View file

@ -43,20 +43,20 @@ func getPIDFromAuditEvents(inode int, inodeKey string, expect string) (int, int)
// If the PID is not found by one of the 2 first methods, it'll try it using /proc.
func GetPIDFromINode(inode int, inodeKey string) int {
found := -1
if inode <= 0 {
return found
}
start := time.Now()
cleanUpCaches()
expect := fmt.Sprintf("socket:[%d]", inode)
if cachedPidInode := getPidByInodeFromCache(inodeKey); cachedPidInode != -1 {
log.Debug("Inode found in cache", time.Since(start), inodesCache[inodeKey], inode, inodeKey)
log.Debug("Inode found in cache %v, pid: %d, inode: %d, key: %v, total: %d", time.Since(start), cachedPidInode, inode, inodeKey, len(inodesCache))
return cachedPidInode
}
cachedPid, pos := getPidFromCache(inode, inodeKey, expect)
if cachedPid != -1 {
if inode <= 0 {
return found
}
expect := fmt.Sprintf("socket:[%d]", inode)
if cachedPid, pos := getPidFromCache(inode, inodeKey, expect); cachedPid != -1 {
log.Debug("Socket found in known pids %v, pid: %d, inode: %d, pids in cache: %d", time.Since(start), cachedPid, inode, "pos", pos, len(pidsCache))
sortProcEntries()
return cachedPid