Only record traffic of the requested pod. Filtered by pod IP. (#21)

2025-06-23 14:58:44 +00:00 · 2021-04-29 18:19:59 +03:00 · 2021-04-29 18:19:59 +03:00 · e932a340e3
commit e932a340e3
parent 2ba43300fd
5 changed files with 28 additions and 7 deletions
--- a/api/scripts/multi-runner.sh
+++ b/api/scripts/multi-runner.sh
@ -2,6 +2,6 @@

 # this script runs both executables and exits everything if one fails
 ./apiserver -hardir /tmp/mizuhars &
-./passivetapper -i any -hardump -hardir /tmp/mizuhars -harentriesperfile 50 &
+./passivetapper -i any -hardump -hardir /tmp/mizuhars -harentriesperfile 50 -targets "${TAPPED_ADDRESSES}" &
 wait -n
 pkill -P $$
--- a/cli/Makefile
+++ b/cli/Makefile
@ -19,6 +19,3 @@ build-cr:
 clean: 
 	#go clean
 	rm -f ./bin/*
-
-run:
-	go run . ".*"
--- a/cli/kubernetes/provider.go
+++ b/cli/kubernetes/provider.go
@ -4,6 +4,7 @@ import (
 	_ "bytes"
 	"context"
 	"fmt"
+	"strings"

 	core "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -76,6 +77,12 @@ func (provider *Provider) CreateMizuPod(ctx context.Context, podName string, pod
 		panic(err.Error())
 	}

+	podIps := make([]string, len(tappedPod.Status.PodIPs))
+	for ii, podIp := range tappedPod.Status.PodIPs {
+		podIps[ii] = podIp.IP
+	}
+	podIpsString := strings.Join(podIps, ",")
+
 	privileged := true
 	pod := &core.Pod{
 		ObjectMeta: metav1.ObjectMeta{
@ -97,6 +104,10 @@ func (provider *Provider) CreateMizuPod(ctx context.Context, podName string, pod
 							Name: "HOST_MODE",
 							Value: "1",
 						},
+						{
+							Name: "TAPPED_ADDRESSES",
+							Value: podIpsString,
+						},
 					},
 				},
 			},
--- a/tap/src/passive_tapper.go
+++ b/tap/src/passive_tapper.go
@ -54,6 +54,13 @@ func parseAppPorts(appPortsList string) []int {
 	return ports
 }

+func parseHostAppAddresses(hostAppAddressesString string) []string {
+	if len(hostAppAddressesString) == 0 {
+		return []string{}
+	}
+	return strings.Split(hostAppAddressesString, ",")
+}
+
 var maxcount = flag.Int("c", -1, "Only grab this many packets, then exit")
 var decoder = flag.String("decoder", "", "Name of the decoder to use (default: guess from capture)")
 var statsevery = flag.Int("stats", 60, "Output statistics every N seconds")
@ -83,6 +90,7 @@ var tstype = flag.String("timestamp_type", "", "Type of timestamps to use")
 var promisc = flag.Bool("promisc", true, "Set promiscuous mode")
 var anydirection = flag.Bool("anydirection", false, "Capture http requests to other hosts")
 var staleTimeoutSeconds = flag.Int("staletimout", 120, "Max time in seconds to keep connections which don't transmit data")
+var hostAppAddressesString = flag.String("targets", "", "Comma separated list of ip:ports to tap")

 var memprofile = flag.String("memprofile", "", "Write memory profile")

@ -217,6 +225,8 @@ func main() {
 	} else {
 		appPorts = parseAppPorts(appPortsStr)
 	}
+	hostAppAddresses = parseHostAppAddresses(*hostAppAddressesString)
+	fmt.Println("Filtering for the following addresses:", hostAppAddresses)
 	tapOutputPort := os.Getenv(TapOutPortEnvVar)
 	if tapOutputPort == "" {
 		fmt.Println("Received empty/no WEB_SOCKET_PORT env var! falling back to port 8080")
--- a/tap/src/tcp_stream_factory.go
+++ b/tap/src/tcp_stream_factory.go
@ -84,10 +84,13 @@ func (factory *tcpStreamFactory) WaitGoRoutines() {
 }

 func (factory *tcpStreamFactory) shouldTap(dstIP string, dstPort int) bool {
-	return true  // TODO: this is only for checking it now
-
 	if hostMode {
-		return inArrayString(hostAppAddresses, fmt.Sprintf("%s:%d", dstIP, dstPort))
+		if inArrayString(hostAppAddresses, fmt.Sprintf("%s:%d", dstIP, dstPort)) == true {
+			return true
+		} else if inArrayString(hostAppAddresses, dstIP) == true {
+			return true
+		}
+		return false
 	} else {
 		isTappedPort := dstPort == 80 || (appPorts != nil && (inArrayInt(appPorts, dstPort)))
 		if !isTappedPort {