Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Linux: netfilter plugin: Fix hooked field to match Volatility2 output #1323

Merged
merged 3 commits into from
Nov 15, 2024
Merged

Linux: netfilter plugin: Fix hooked field to match Volatility2 output #1323

merged 3 commits into from
Nov 15, 2024

Conversation

gcmoreira
Copy link
Contributor

This PR fixes how the hooked module is interpreted to match the output of its Volatility2 counterpart.

ikelos
ikelos reviewed Oct 29, 2024
View reviewed changes
Copy link
Member

@ikelos ikelos left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy to make the change, but I'd like it to be right rather than just matching something done previously. The docstring also doesn't really shed any light on what hooked is supposed to mean. Lastly, it's converted to a string rather than being kept as a boolean, is there any reason for that? I'm happy to push this through as is, but it feels like it'll need tidying up at some point or another, so if you'd like to do it now I can hold off until you're happy...

@ikelos
Copy link
Member

ikelos commented Nov 6, 2024

So... for clarity, this is waiting on the docstring being improved (from just hooked?) and for someone to tell me that the column title is unambiguous and that flipping this return value won't confuse anyone in any way.

@atcuno
Copy link
Contributor

atcuno commented Nov 9, 2024

Yes it won't be confusing. Hooked is saying the network stack has been hijacked by a non-legitimate source. The logic was just inversed previously for determining the boolean value.

@ikelos
Copy link
Member

ikelos commented Nov 10, 2024

Would hijacked be clearer or is hooked the more accurate technical term? If you're happy no one will get confused then I'm happy to merge it...

@ikelos ikelos merged commit 8790814 into volatilityfoundation:develop Nov 15, 2024
12 checks passed
@ikelos
Copy link
Member

ikelos commented Nov 15, 2024

Cool, looks good thanks for the fix! 5:)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ikelos ikelos ikelos left review comments

Assignees
No one assigned
Labels
parity-release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gcmoreira @ikelos @atcuno