Simplify process tree API

Makefile

@@ -24,26 +24,26 @@ clean:
 # copy only source files to wireshark source tree
 copy-source:
 	@if [ -d "wireshark/plugins/epan/tracee-event" ]; then \
-        cp plugins/epan/common.h wireshark/plugins/epan; \
-        cp plugins/epan/wsjson_extensions.c wireshark/plugins/epan; \
-        cp plugins/epan/tracee-event/internal_defs.c wireshark/plugins/epan/tracee-event; \
-        cp plugins/epan/tracee-event/packet-tracee.c wireshark/plugins/epan/tracee-event; \
-        cp plugins/epan/tracee-event/enrichments.c wireshark/plugins/epan/tracee-event; \
-        cp plugins/epan/tracee-event/wanted_fields.c wireshark/plugins/epan/tracee-event; \
+		cp plugins/epan/common.h wireshark/plugins/epan; \
+		cp plugins/epan/wsjson_extensions.c wireshark/plugins/epan; \
+		cp plugins/epan/tracee-event/internal_defs.c wireshark/plugins/epan/tracee-event; \
+		cp plugins/epan/tracee-event/packet-tracee.c wireshark/plugins/epan/tracee-event; \
+		cp plugins/epan/tracee-event/enrichments.c wireshark/plugins/epan/tracee-event; \
+		cp plugins/epan/tracee-event/wanted_fields.c wireshark/plugins/epan/tracee-event; \
 		cp plugins/epan/tracee-event/stats.c wireshark/plugins/epan/tracee-event; \
 		cp plugins/epan/tracee-event/process_tree.c wireshark/plugins/epan/tracee-event; \
-        cp plugins/epan/tracee-event/tracee.h wireshark/plugins/epan/tracee-event; \
+		cp plugins/epan/tracee-event/tracee.h wireshark/plugins/epan/tracee-event; \
 		cp plugins/epan/tracee-event/plugin.c wireshark/plugins/epan/tracee-event; \
-        cp plugins/epan/tracee-network-capture/packet-tracee-network-capture.c wireshark/plugins/epan/tracee-network-capture; \
-    else \
-        error "Tracee plugin directory doesn't exist, run \"make cmake\" first"; \
-    fi
+		cp plugins/epan/tracee-network-capture/packet-tracee-network-capture.c wireshark/plugins/epan/tracee-network-capture; \
+	else \
+		error "Tracee plugin directory doesn't exist, run \"make cmake\" first"; \
+	fi
 
 	@if [ -d "wireshark/plugins/wiretap/tracee-json" ]; then \
-        cp plugins/wiretap/tracee-json/tracee-json.c wireshark/plugins/wiretap/tracee-json; \
-    else \
-        error "Tracee plugin directory doesn't exist, run \"make cmake\" first"; \
-    fi
+		cp plugins/wiretap/tracee-json/tracee-json.c wireshark/plugins/wiretap/tracee-json; \
+	else \
+		error "Tracee plugin directory doesn't exist, run \"make cmake\" first"; \
+	fi
 
 # copy all project files to wireshark source tree
 copy-all:
@@ -52,10 +52,10 @@ copy-all:
 
 build:
 	@if [ -d "wireshark/build" ]; then \
-        ninja -C wireshark/build; \
-    else \
-        error "Build directory doesn't exist, run \"make cmake\" first"; \
-    fi
+		ninja -C wireshark/build; \
+	else \
+		error "Build directory doesn't exist, run \"make cmake\" first"; \
+	fi
 
 # update private configuration profile
 install:

plugins/epan/tracee-event/process_tree.c

@@ -1,10 +1,5 @@
 #include "tracee.h"
 
-struct process_node {
-    struct process_info *process;
-    gint32 parent_pid;
-};
-
 // map from PID to process info
 wmem_map_t *processes;
 
@@ -72,82 +67,26 @@ void process_tree_update(struct tracee_dissector_data *data)
     }
 }
 
-static void process_tree_construct_cb(gpointer key, gpointer value, gpointer user_data)
+struct process_info *process_tree_get_process(gint32 pid)
 {
-    struct process_node *node, *parent_node;
-    gint32 *pid_key, *ppid_val, ppid;
-    gint32 pid = *(gint32 *)key;
-    struct process_info *process = (struct process_info *)value;
-    GTree *process_tree = (GTree *)user_data;
+    return wmem_map_lookup(processes, &pid);
+}
 
-    // this process already exists in the tree (as a parent of a previously seen process) - update its info
-    if ((node = g_tree_lookup(process_tree, &process->host_pid)) != NULL)
-        node->process = process;
-    // create process node and insert it
-    else {
-        node = g_new0(struct process_node, 1);
-        node->process = process;
-        pid_key = g_new(gint32, 1);
-        *pid_key = pid;
-        g_tree_insert(process_tree, pid_key, node);
-    }
+struct process_info *process_tree_get_parent(gint32 pid)
+{
+    gint32 ppid, *ppid_val;
+    struct process_info *process;
 
     // get effective PPID of this process
     if ((ppid_val = wmem_map_lookup(process_real_parents, &pid)) != NULL)
         ppid = *ppid_val;
-    else
+    else {
+        DISSECTOR_ASSERT((process = wmem_map_lookup(processes, &pid)) != NULL);
         ppid = process->host_ppid;
-
-    if (ppid == 0) {
-        return;
-    }
-
-    node->parent_pid = ppid;
-
-    // the parent is not in the tree yet - insert it
-    if ((parent_node = g_tree_lookup(process_tree, &ppid)) == NULL) {
-        parent_node = g_new0(struct process_node, 1);
-        pid_key = g_new(gint32, 1);
-        *pid_key = ppid;
-        g_tree_insert(process_tree, pid_key, parent_node);
     }
-}
-
-static gint pid_compare(gconstpointer a, gconstpointer b, gpointer user_data _U_)
-{
-    return *(gint32 *)a - *(gint32 *)b;
-}
-
-GTree *process_tree_construct(void)
-{
-    GTree *process_tree = g_tree_new_full(pid_compare, NULL, g_free, g_free);
-
-    // iterate through all processes, adding them to the tree
-    wmem_map_foreach(processes, process_tree_construct_cb, process_tree);
-
-    return process_tree;
-}
-
-struct process_info *process_tree_get_process(GTree *process_tree, gint32 pid)
-{
-    struct process_node *node;
-
-    if ((node = g_tree_lookup(process_tree, &pid)) == NULL)
-        return NULL;
-
-    return node->process;
-}
-
-struct process_info *process_tree_get_parent(GTree *process_tree, gint32 pid)
-{
-    struct process_node *node, *parent_node;
-
-    if ((node = g_tree_lookup(process_tree, &pid)) == NULL)
-        return NULL;
 
-    if (node->parent_pid == 0)
+    if (ppid == 0)
         return NULL;
 
-    DISSECTOR_ASSERT((parent_node = g_tree_lookup(process_tree, &node->parent_pid)) != NULL);
-    return parent_node->process;
+    return wmem_map_lookup(processes, &ppid);
 }

plugins/epan/tracee-event/stats.c

@@ -87,7 +87,6 @@ struct process_stat_node {
 
 struct process_tree_stats_context {
     GHashTable *process_stat_nodes;
-    GTree *process_tree;
 };
 
 // Hash table mapping from stats tree address to the context of the stats tree.
@@ -113,7 +112,6 @@ static void process_tree_stats_tree_init(stats_tree *st)
     // create the context for this process tree stats window and insert it into the global context hash table
     context = g_new(struct process_tree_stats_context, 1);
     context->process_stat_nodes = g_hash_table_new_full(g_int_hash, g_int_equal, g_free, free_process_stat_node);
-    context->process_tree = process_tree_construct();
     gint64 *key = g_new(gint64, 1);
     *key = (gint64)st;
     g_hash_table_insert(stats_tree_context, key, context);
@@ -175,7 +173,7 @@ static struct process_stat_node *process_tree_stats_tree_add_process(stats_tree
 
     node = g_new0(struct process_stat_node, 1);
     node->parent_id = parent_node_id;
-    node->name = process_tree_get_node_name(pid, process_tree_get_process(context->process_tree, pid));
+    node->name = process_tree_get_node_name(pid, process_tree_get_process(pid));
     node->id = stats_tree_create_node(st, node->name, parent_node_id, STAT_DT_INT, TRUE);
 
     nodes_key = g_new(int, 1);
@@ -190,7 +188,7 @@ static struct process_stat_node *process_tree_stats_tree_add_process_and_ancesto
     struct process_info *parent;
     struct process_stat_node *parent_node = NULL;
 
-    if ((parent = process_tree_get_parent(context->process_tree, pid)) != NULL)
+    if ((parent = process_tree_get_parent(pid)) != NULL)
         parent_node = process_tree_stats_tree_add_process_and_ancestors(st, context, parent->host_pid);
 
     return process_tree_stats_tree_add_process(st, context, pid, parent_node == NULL ? 0 : parent_node->id);
@@ -324,7 +322,6 @@ static void process_tree_stats_tree_cleanup(stats_tree *st)
     DISSECTOR_ASSERT((context = g_hash_table_lookup(stats_tree_context, &st)) != NULL);
 
     g_hash_table_destroy(context->process_stat_nodes);
-    g_tree_destroy(context->process_tree);
     g_hash_table_remove(stats_tree_context, &st);
 }
 

plugins/epan/tracee-event/tracee.h

@@ -64,9 +64,8 @@ gchar *enrichments_get_security_socket_bind_connect_description(packet_info *pin
 
 void process_tree_init(void);
 void process_tree_update(struct tracee_dissector_data *data);
-GTree *process_tree_construct(void);
-struct process_info *process_tree_get_process(GTree *process_tree, gint32 pid);
-struct process_info *process_tree_get_parent(GTree *process_tree, gint32 pid);
+struct process_info *process_tree_get_process(gint32 pid);
+struct process_info *process_tree_get_parent(gint32 pid);
 
 void register_tracee_enrichments(int proto);
 void register_tracee_statistics(void);