github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add tcp process detection with ebpf

Browse Source
This commit is contained in:
Vladimir Stoilov
2023-06-07 16:36:44 +03:00
parent efe8cd2fda
commit 0caa3e792c
16 changed files with 127082 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
process/find.go
View File

@@ -25,12 +25,17 @@ func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process
// already be there for a while now.
fastSearch := pktInfo.Inbound
log.Tracer(ctx).Tracef("process: getting pid from system network state")
var pid int
pid, connInbound, err = state.Lookup(pktInfo, fastSearch)
if err != nil {
log.Tracer(ctx).Tracef("process: failed to find PID of connection: %s", err)
return nil, pktInfo.Inbound, err
if pktInfo.PID == 0 {
log.Tracer(ctx).Tracef("process: getting pid from system network state")
pid, connInbound, err = state.Lookup(pktInfo, fastSearch)
if err != nil {
log.Tracer(ctx).Tracef("process: failed to find PID of connection: %s", err)
return nil, pktInfo.Inbound, err
}
} else {
log.Tracer(ctx).Tracef("process: pid already set in packet (by ebpf or kext ALE layer)")
pid = int(pktInfo.PID)
}
// Fallback to special profiles if PID could not be found.