Merge pull request #98883 from fedepaol/netexecmultilisten

Agnhost: make it possible to pass the addresses to listen on for udp

build/dependencies.yaml

@@ -18,7 +18,7 @@ dependencies:
 
   # agnhost: bump this one first
   - name: "agnhost"
-    version: "2.28"
+    version: "2.29"
     refPaths:
     - path: test/images/agnhost/VERSION
       match: \d.\d

test/images/agnhost/VERSION

@@ -1 +1 @@
-2.28
+2.29

test/images/agnhost/agnhost.go

@@ -51,7 +51,7 @@ import (
 func main() {
 	rootCmd := &cobra.Command{
 		Use:     "app",
-		Version: "2.28",
+		Version: "2.29",
 	}
 
 	rootCmd.AddCommand(auditproxy.CmdAuditProxy)

test/images/agnhost/netexec/netexec.go

@@ -37,19 +37,23 @@ import (
 	"github.com/spf13/cobra"
 
 	utilnet "k8s.io/apimachinery/pkg/util/net"
+	"k8s.io/apimachinery/pkg/util/sets"
 )
 
 var (
-	httpPort     = 8080
-	udpPort      = 8081
-	sctpPort     = -1
-	shellPath    = "/bin/sh"
-	serverReady  = &atomicBool{0}
-	certFile     = ""
-	privKeyFile  = ""
-	httpOverride = ""
+	httpPort           = 8080
+	udpPort            = 8081
+	sctpPort           = -1
+	shellPath          = "/bin/sh"
+	serverReady        = &atomicBool{0}
+	certFile           = ""
+	privKeyFile        = ""
+	httpOverride       = ""
+	udpListenAddresses = ""
 )
 
+const bindToAny = ""
+
 // CmdNetexec is used by agnhost Cobra.
 var CmdNetexec = &cobra.Command{
 	Use:   "netexec",
@@ -123,6 +127,7 @@ func init() {
 	CmdNetexec.Flags().IntVar(&udpPort, "udp-port", 8081, "UDP Listen Port")
 	CmdNetexec.Flags().IntVar(&sctpPort, "sctp-port", -1, "SCTP Listen Port")
 	CmdNetexec.Flags().StringVar(&httpOverride, "http-override", "", "Override the HTTP handler to always respond as if it were a GET with this path & params")
+	CmdNetexec.Flags().StringVar(&udpListenAddresses, "udp-listen-addresses", "", "A comma separated list of ip addresses the udp servers listen from")
 }
 
 // atomicBool uses load/store operations on an int32 to simulate an atomic boolean.
@@ -162,7 +167,14 @@ func main(cmd *cobra.Command, args []string) {
 		addRoutes(http.DefaultServeMux, exitCh)
 	}
 
-	go startUDPServer(udpPort)
+	udpBindTo, err := parseAddresses(udpListenAddresses)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, address := range udpBindTo {
+		go startUDPServer(address, udpPort)
+	}
 	if sctpPort != -1 {
 		go startSCTPServer(sctpPort)
 	}
@@ -539,15 +551,15 @@ func redirectHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 // udp server supports the hostName, echo and clientIP commands.
-func startUDPServer(udpPort int) {
-	serverAddress, err := net.ResolveUDPAddr("udp", fmt.Sprintf(":%d", udpPort))
+func startUDPServer(address string, udpPort int) {
+	serverAddress, err := net.ResolveUDPAddr("udp", net.JoinHostPort(address, strconv.Itoa(udpPort)))
 	assertNoError(err, fmt.Sprintf("failed to resolve UDP address for port %d", sctpPort))
 	serverConn, err := net.ListenUDP("udp", serverAddress)
 	assertNoError(err, fmt.Sprintf("failed to create listener for UDP address %v", serverAddress))
 	defer serverConn.Close()
 	buf := make([]byte, 2048)
 
-	log.Printf("Started UDP server on port %d", udpPort)
+	log.Printf("Started UDP server on port %s %d", address, udpPort)
 	// Start responding to readiness probes.
 	serverReady.set(true)
 	defer func() {
@@ -639,3 +651,21 @@ func assertNoError(err error, detail string) {
 		log.Fatalf("Error occurred: %s:%v", detail, err)
 	}
 }
+
+func parseAddresses(addresses string) ([]string, error) {
+	if addresses == "" {
+		return []string{bindToAny}, nil
+	}
+	// Using a set to remove duplicates
+	res := make([]string, 0)
+	split := strings.Split(addresses, ",")
+	for _, address := range split {
+		netAddr := net.ParseIP(address)
+		if netAddr == nil {
+			return nil, fmt.Errorf("parseAddress: invalid address %s", address)
+		}
+		res = append(res, address)
+	}
+	set := sets.NewString(res...)
+	return set.List(), nil
+}