mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-07-20 19:22:20 +00:00
Adapt APP_PORTS environment variable to the new extension system and change its format to APP_PORTS='{"http": ["8001"]}'
This commit is contained in:
M. Mert Yildiran
parent
cc5620e367
commit
d4425e34ce
@ -115,6 +115,8 @@ func mergeUnique(slice []string, merge []string) []string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func loadExtensions() {
|
func loadExtensions() {
|
||||||
|
appPorts := parseEnvVar(shared.AppPortsEnvVar)
|
||||||
|
|
||||||
dir, _ := filepath.Abs(filepath.Dir(os.Args[0]))
|
dir, _ := filepath.Abs(filepath.Dir(os.Args[0]))
|
||||||
extensionsDir := path.Join(dir, "./extensions/")
|
extensionsDir := path.Join(dir, "./extensions/")
|
||||||
|
|
||||||
@ -140,6 +142,10 @@ func loadExtensions() {
|
|||||||
extension.Dissector = dissector
|
extension.Dissector = dissector
|
||||||
log.Printf("Extension Properties: %+v\n", extension)
|
log.Printf("Extension Properties: %+v\n", extension)
|
||||||
extensions[i] = extension
|
extensions[i] = extension
|
||||||
|
if ports, ok := appPorts[extension.Protocol.Name]; ok {
|
||||||
|
log.Printf("Overriding \"%s\" extension's ports to: %v", extension.Protocol.Name, ports)
|
||||||
|
extension.Protocol.Ports = ports
|
||||||
|
}
|
||||||
extensionsMap[extension.Protocol.Name] = extension
|
extensionsMap[extension.Protocol.Name] = extension
|
||||||
allExtensionPorts = mergeUnique(allExtensionPorts, extension.Protocol.Ports)
|
allExtensionPorts = mergeUnique(allExtensionPorts, extension.Protocol.Ports)
|
||||||
}
|
}
|
||||||
@ -186,13 +192,25 @@ func CORSMiddleware() gin.HandlerFunc {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func parseEnvVar(env string) map[string][]string {
|
||||||
|
var mapOfList map[string][]string
|
||||||
|
|
||||||
|
val, present := os.LookupEnv(env)
|
||||||
|
|
||||||
|
if !present {
|
||||||
|
return mapOfList
|
||||||
|
}
|
||||||
|
|
||||||
|
err := json.Unmarshal([]byte(val), &mapOfList)
|
||||||
|
if err != nil {
|
||||||
|
panic(fmt.Sprintf("env var %s's value of %s is invalid! must be map[string][]string %v", env, mapOfList, err))
|
||||||
|
}
|
||||||
|
return mapOfList
|
||||||
|
}
|
||||||
|
|
||||||
func getTapTargets() []string {
|
func getTapTargets() []string {
|
||||||
nodeName := os.Getenv(shared.NodeNameEnvVar)
|
nodeName := os.Getenv(shared.NodeNameEnvVar)
|
||||||
var tappedAddressesPerNodeDict map[string][]string
|
tappedAddressesPerNodeDict := parseEnvVar(shared.TappedAddressesPerNodeDictEnvVar)
|
||||||
err := json.Unmarshal([]byte(os.Getenv(shared.TappedAddressesPerNodeDictEnvVar)), &tappedAddressesPerNodeDict)
|
|
||||||
if err != nil {
|
|
||||||
panic(fmt.Sprintf("env var %s's value of %s is invalid! must be map[string][]string %v", shared.TappedAddressesPerNodeDictEnvVar, tappedAddressesPerNodeDict, err))
|
|
||||||
}
|
|
||||||
return tappedAddressesPerNodeDict[nodeName]
|
return tappedAddressesPerNodeDict[nodeName]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -8,4 +8,5 @@ const (
|
|||||||
MaxEntriesDBSizeBytesEnvVar = "MAX_ENTRIES_DB_BYTES"
|
MaxEntriesDBSizeBytesEnvVar = "MAX_ENTRIES_DB_BYTES"
|
||||||
RulePolicyPath = "/app/enforce-policy/"
|
RulePolicyPath = "/app/enforce-policy/"
|
||||||
RulePolicyFileName = "enforce-policy.yaml"
|
RulePolicyFileName = "enforce-policy.yaml"
|
||||||
|
AppPortsEnvVar = "APP_PORTS"
|
||||||
)
|
)
|
||||||
|
|||||||
@ -18,7 +18,6 @@ import (
|
|||||||
"os/signal"
|
"os/signal"
|
||||||
"runtime"
|
"runtime"
|
||||||
"runtime/pprof"
|
"runtime/pprof"
|
||||||
"strconv"
|
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
@ -39,19 +38,6 @@ const cleanPeriod = time.Second * 10
|
|||||||
|
|
||||||
var remoteOnlyOutboundPorts = []int{80, 443}
|
var remoteOnlyOutboundPorts = []int{80, 443}
|
||||||
|
|
||||||
func parseAppPorts(appPortsList string) []int {
|
|
||||||
ports := make([]int, 0)
|
|
||||||
for _, portStr := range strings.Split(appPortsList, ",") {
|
|
||||||
parsedInt, parseError := strconv.Atoi(portStr)
|
|
||||||
if parseError != nil {
|
|
||||||
log.Printf("Provided app port %v is not a valid number!", portStr)
|
|
||||||
} else {
|
|
||||||
ports = append(ports, parsedInt)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return ports
|
|
||||||
}
|
|
||||||
|
|
||||||
var maxcount = flag.Int64("c", -1, "Only grab this many packets, then exit")
|
var maxcount = flag.Int64("c", -1, "Only grab this many packets, then exit")
|
||||||
var decoder = flag.String("decoder", "", "Name of the decoder to use (default: guess from capture)")
|
var decoder = flag.String("decoder", "", "Name of the decoder to use (default: guess from capture)")
|
||||||
var statsevery = flag.Int("stats", 60, "Output statistics every N seconds")
|
var statsevery = flag.Int("stats", 60, "Output statistics every N seconds")
|
||||||
@ -241,17 +227,7 @@ func startPassiveTapper(outputItems chan *api.OutputChannelItem, allExtensionPor
|
|||||||
ownIps = localhostIPs
|
ownIps = localhostIPs
|
||||||
}
|
}
|
||||||
|
|
||||||
appPortsStr := os.Getenv(AppPortsEnvVar)
|
log.Printf("App Ports: %v", allExtensionPorts)
|
||||||
var appPorts []int
|
|
||||||
if appPortsStr == "" {
|
|
||||||
rlog.Info("Received empty/no APP_PORTS env var! only listening to ports:", allExtensionPorts)
|
|
||||||
appPorts = make([]int, 0)
|
|
||||||
} else {
|
|
||||||
appPorts = parseAppPorts(appPortsStr)
|
|
||||||
}
|
|
||||||
SetFilterPorts(appPorts)
|
|
||||||
|
|
||||||
log.Printf("App Ports: %v", gSettings.filterPorts)
|
|
||||||
|
|
||||||
var handle *pcap.Handle
|
var handle *pcap.Handle
|
||||||
var err error
|
var err error
|
||||||
|
|||||||
@ -14,25 +14,13 @@ const (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type globalSettings struct {
|
type globalSettings struct {
|
||||||
filterPorts []int
|
|
||||||
filterAuthorities []string
|
filterAuthorities []string
|
||||||
}
|
}
|
||||||
|
|
||||||
var gSettings = &globalSettings{
|
var gSettings = &globalSettings{
|
||||||
filterPorts: []int{},
|
|
||||||
filterAuthorities: []string{},
|
filterAuthorities: []string{},
|
||||||
}
|
}
|
||||||
|
|
||||||
func SetFilterPorts(ports []int) {
|
|
||||||
gSettings.filterPorts = ports
|
|
||||||
}
|
|
||||||
|
|
||||||
func GetFilterPorts() []int {
|
|
||||||
ports := make([]int, len(gSettings.filterPorts))
|
|
||||||
copy(ports, gSettings.filterPorts)
|
|
||||||
return ports
|
|
||||||
}
|
|
||||||
|
|
||||||
func SetFilterAuthorities(ipAddresses []string) {
|
func SetFilterAuthorities(ipAddresses []string) {
|
||||||
gSettings.filterAuthorities = ipAddresses
|
gSettings.filterAuthorities = ipAddresses
|
||||||
}
|
}
|
||||||
|
|||||||
@ -29,7 +29,7 @@ func (factory *tcpStreamFactory) New(net, transport gopacket.Flow, tcp *layers.T
|
|||||||
fsmOptions := reassembly.TCPSimpleFSMOptions{
|
fsmOptions := reassembly.TCPSimpleFSMOptions{
|
||||||
SupportMissingEstablishment: *allowmissinginit,
|
SupportMissingEstablishment: *allowmissinginit,
|
||||||
}
|
}
|
||||||
rlog.Debugf("Current App Ports: %v", gSettings.filterPorts)
|
rlog.Debugf("Current App Ports: %v", factory.AllExtensionPorts)
|
||||||
srcIp := net.Src().String()
|
srcIp := net.Src().String()
|
||||||
dstIp := net.Dst().String()
|
dstIp := net.Dst().String()
|
||||||
srcPort := transport.Src().String()
|
srcPort := transport.Src().String()
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user