dissect.target.plugins.os.unix.linux.proc¶
Module Contents¶
Classes¶
Sortable and serializible string-based enum. |
|
Base class for plugins. |
Functions¶
Convert |
Attributes¶
- dissect.target.plugins.os.unix.linux.proc.parse_ip(addr: str | int, version: int = 4) ipaddress.IPv6Address | ipaddress.IPv4Address¶
Convert
/proc/netIPv4 or IPv6 hex address into their standard IP notation.
- class dissect.target.plugins.os.unix.linux.proc.NetSocket¶
- sl: str¶
- local_address: str¶
- rem_address: str¶
- state: str¶
- tx_rx_queue: str¶
- tr_tm_when: str¶
- restansmit: str¶
- uid: int¶
- timeout: str¶
- inode: int¶
- ref: str | None = None¶
- pointer: str | None = None¶
- drops: str | None = None¶
- predicted_tick: str | None = None¶
- ack_pingpong: str | None = None¶
- congestion_window: str | None = None¶
- size_threshold: str | None = None¶
- protocol_string: str | None = None¶
- local_ip: str | None = None¶
- local_port: int | None = None¶
- remote_ip: str | None = None¶
- remote_port: int | None = None¶
- state_string: str | None = None¶
- owner: str | None = None¶
- rx_queue: int | None = None¶
- tx_queue: int | None = None¶
- pid: int | None = None¶
- name: str | None = None¶
- cmdline: str | None = None¶
- classmethod from_line(line: str, ip_vers: int = 4) typing_extensions.Self¶
- class dissect.target.plugins.os.unix.linux.proc.UnixSocket¶
- num: str¶
- ref: int¶
- protocol: int¶
- flags: str¶
- type: int¶
- state: int¶
- inode: int¶
- path: str | None = None¶
- state_string: str | None = None¶
- stream_type_string: str | None = None¶
- protocol_string: str = 'unix'¶
- classmethod from_line(line: str) typing_extensions.Self¶
- class dissect.target.plugins.os.unix.linux.proc.PacketSocket¶
- sk: int¶
- ref: int¶
- type: int¶
- protocol: int¶
- iface: int¶
- r: int¶
- rmem: int¶
- user: int¶
- inode: int¶
- pid: int | None = None¶
- name: str | None = None¶
- cmdline: str | None = None¶
- protocol_type: int | None = None¶
- owner: str | None = None¶
- protocol_string: str = 'packet'¶
- classmethod from_line(line: str) typing_extensions.Self¶
- class dissect.target.plugins.os.unix.linux.proc.ProcessStateEnum¶
Bases:
dissect.target.helpers.utils.StrEnumSortable and serializible string-based enum.
- R = 'Running'¶
- I = 'Idle'¶
- S = 'Sleeping'¶
- D = 'Waiting'¶
- Z = 'Zombie'¶
- T = 'Stopped'¶
- t = 'Tracing'¶
- X = 'Dead'¶
- x = 'Dead'¶
- K = 'Wakekill'¶
- W = 'Waking'¶
- P = 'Parked'¶
- N = 'None'¶
- dissect.target.plugins.os.unix.linux.proc.PROC_STAT_NAMES = ['pid', 'comm', 'state', 'ppid', 'pgrp', 'session', 'tty_nr', 'tpgid', 'flags', 'minflt',...¶
- class dissect.target.plugins.os.unix.linux.proc.Sockets(target: dissect.target.target.Target)¶
- class PacketProtocolTypes¶
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- ETH_P_802_3 = 1¶
- ETH_P_AX25 = 2¶
- ETH_P_ALL = 3¶
- ETH_P_802_2 = 4¶
- ETH_P_SNAP = 5¶
- ETH_P_DDCMP = 6¶
- ETH_P_WAN_PPP = 7¶
- ETH_P_PPP_MP = 8¶
- ETH_P_LOCALTALK = 9¶
- ETH_P_CAN = 12¶
- ETH_P_PPPTALK = 16¶
- ETH_P_TR_802_2 = 17¶
- ETH_P_MOBITEX = 21¶
- ETH_P_CONTROL = 22¶
- ETH_P_IRDA = 23¶
- ETH_P_ECONET = 24¶
- ETH_P_HDLC = 25¶
- ETH_P_ARCNET = 26¶
- ETH_P_DSA = 27¶
- ETH_P_TRAILER = 28¶
- ETH_P_PHONET = 245¶
- ETH_P_IEEE802154 = 246¶
- class SocketStreamType¶
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- STREAM = 1¶
- DGRAM = 2¶
- SEQPACKET = 5¶
- class SocketStateType¶
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- LISTENING = 1¶
- CONNECTED = 3¶
- class TCPStates¶
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- DUMMY = 0¶
- ESTABLISHED = 1¶
- SYN_SENT = 2¶
- SYN_RECV = 3¶
- FIN_WAIT1 = 4¶
- FIN_WAIT2 = 5¶
- TIME_WAIT = 6¶
- CLOSE = 7¶
- CLOSE_WAIT = 8¶
- LAST_ACK = 9¶
- LISTEN = 10¶
- CLOSING = 11¶
- NEW_SYN_RECV = 12¶
- MAX_STATES = 13¶
- class UDPStates¶
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- DUMMY = 0¶
- ESTABLISHED = 1¶
- LISTEN = 7¶
- target¶
- packet() collections.abc.Iterator[PacketSocket]¶
Yield parsed
/proc/net/packetentries.
- unix() collections.abc.Iterator[UnixSocket]¶
Yield parsed
/proc/net/unixentries.
- class dissect.target.plugins.os.unix.linux.proc.ProcProcess(target: dissect.target.target.Target, pid: int | str, proc_root: str = '/proc')¶
- target¶
- root = '/proc'¶
- get(path: str) pathlib.Path¶
Returns a TargetPath relative to this process.
- property owner: str¶
Return the username or the user ID (uid) (if owner is not found) of the owner of this process.
- property uid: int¶
Return the user ID (uid) of the owner of this process.
- property pid: int¶
Returns the process ID (pid) associated to this process.
- property parent: ProcProcess | None¶
Returns the parent
ProcProcessof this process.
- property ppid: int | None¶
Returns the parent process ID (ppid) associated to this process.
- property parent_name: str | None¶
Returns the name associated to the parent process ID (ppid) of this process.
- property state: str¶
Returns the state of the process (S’leeping, R’unning, I’dle, etc).
- property starttime: datetime.datetime | None¶
Returns the start time of the process.
- property runtime: datetime.timedelta | None¶
Returns the runtime of a process until the moment of acquisition.
- property now: datetime.datetime¶
Returns the
now()timestamp of the system at the moment of acquisition.
- environ() collections.abc.Iterator[Environ]¶
Yields the content of the environ file associated with the process.
- property uptime: datetime.timedelta¶
Returns the uptime of the system from the moment it was acquired.
- property cmdline: str¶
Return the command line of a process.
- stat() dissect.target.filesystem.fsutil.stat_result¶
Return a stat entry of the process.
- class dissect.target.plugins.os.unix.linux.proc.ProcPlugin(target: dissect.target.target.Target)¶
Bases:
dissect.target.plugin.PluginBase class for plugins.
Plugins can optionally be namespaced by specifying the
__namespace__class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specifiedtestas namespace and a function calledexample, you must call your plugin withtest.example.A
Pluginclass has the following private class attributes:__namespace____record_descriptors__
With the following two being assigned in
register():__functions____exports__
Additionally, the methods and attributes of
Pluginreceive more private attributes by using decorators.The
export()decorator adds the following private attributes__exported____output__: Set with theexport()decorator.__record__: Set with theexport()decorator.
The
internal()decorator andInternalPluginset the__internal__attribute. Finally.args()decorator sets the__args__attribute.The
alias()decorator populates the__aliases__private attribute ofPluginmethods. Resulting clones of thePluginare populated with the boolean__alias__attribute set toTrue.- Parameters:
target – The
Targetobject to load the plugin for.
- __namespace__ = 'proc'¶
Defines the plugin namespace.
- sockets¶
- check_compatible() None¶
Perform a compatibility check with the target.
This function should return
Noneif the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- property inode_map: dict[int, list[ProcProcess]]¶
Creates a inode to pid mapping for all process IDs in
/proc/[pid].
- iter_proc() collections.abc.Iterator[pathlib.Path]¶
Yields
/proc/[pid]filesystems entries for every process id (pid) found in procfs.
- inode_to_pids(inode: int) list[ProcProcess]¶
- process(pid: int | str) ProcProcess¶
- processes() collections.abc.Iterator[ProcProcess]¶