Closed GoogleCodeExporter closed 8 years ago
Original comment by jamie.l...@gmail.com
on 16 Jul 2013 at 12:29
I felt like I needed to find out the cause :)
I checked my local inet_sock.h - inet_dport is in there, it's pretty much the
same as in the kernel source on github. I also checked my profile (the
dwarfdump) and found out that inet_dport is not in there. Why this is the case,
I don't know yet.
If preferred I can attach my profile, but I should think it's the same for all
13.04 profiles.
Original comment by edwin.sm...@gmail.com
on 16 Jul 2013 at 7:53
Hey Edwin, thanks for the patch. I made a slight variation that moves these
APIs into object classes so they're more easily accessible from any plugin
without having to inherit from linux_netstat. I haven't tested it yet though -
do you mind making sure I didn't break anything in the process?
Original comment by michael.hale@gmail.com
on 16 Jul 2013 at 2:10
Attachments:
I'm getting the following error (I'll see if I can find the cause):
Traceback (most recent call last):
File "volatility-svn/vol.py", line 186, in <module>
main()
File "volatility-svn/vol.py", line 177, in main
command.execute()
File "/home/dutchy/volatility-svn/volatility/plugins/linux/common.py", line 58, in execute
commands.Command.execute(self, *args, **kwargs)
File "/home/dutchy/volatility-svn/volatility/commands.py", line 111, in execute
func(outfd, data)
File "/home/dutchy/volatility-svn/volatility/plugins/linux/netstat.py", line 62, in render_text
state = inet_sock.state if inet_sock.protocol == "TCP" else ""
File "/home/dutchy/volatility-svn/volatility/obj.py", line 740, in __getattr__
return self.m(attr)
File "/home/dutchy/volatility-svn/volatility/obj.py", line 722, in m
raise AttributeError("Struct {0} has no member {1}".format(self.obj_name, attr))
AttributeError: Struct inet_sock has no member state
Original comment by edwin.sm...@gmail.com
on 16 Jul 2013 at 2:22
(Nope, I'm at a loss)
Original comment by edwin.sm...@gmail.com
on 16 Jul 2013 at 3:05
My bad, try this one
$ diff linux_netstat2.patch linux_netstat3.patch
36c36
< + state = inet_sock.sk.__sk_common.skc_state #pylint: disable-msg=W0212
---
> + state = self.sk.__sk_common.skc_state #pylint: disable-msg=W0212
Original comment by michael.hale@gmail.com
on 17 Jul 2013 at 5:08
Attachments:
Errrr, src and dst were backwards...
$ diff linux_netstat2.patch linux_netstat4.patch
36c36
< + state = inet_sock.sk.__sk_common.skc_state #pylint: disable-msg=W0212
---
> + state = self.sk.__sk_common.skc_state #pylint: disable-msg=W0212
40c40
< + def dst_port(self):
---
> + def src_port(self):
49c49
< + def src_port(self):
---
> + def dst_port(self):
Original comment by michael.hale@gmail.com
on 17 Jul 2013 at 5:13
Attachments:
It works!
Original comment by edwin.sm...@gmail.com
on 17 Jul 2013 at 7:15
This issue was closed by revision r3456.
Original comment by michael.hale@gmail.com
on 17 Jul 2013 at 2:30
Original issue reported on code.google.com by
edwin.sm...@gmail.com
on 15 Jul 2013 at 2:41Attachments: