diff --git a/api/scripts/multi-runner.sh b/api/scripts/multi-runner.sh index 4e53c475f..172b42342 100755 --- a/api/scripts/multi-runner.sh +++ b/api/scripts/multi-runner.sh @@ -2,6 +2,6 @@ # this script runs both executables and exits everything if one fails ./apiserver -hardir /tmp/mizuhars & -./passivetapper -i any -hardump -hardir /tmp/mizuhars -harentriesperfile 50 & +./passivetapper -i any -hardump -hardir /tmp/mizuhars -harentriesperfile 50 -targets "${TAPPED_ADDRESSES}" & wait -n pkill -P $$ diff --git a/cli/Makefile b/cli/Makefile index a05dc6d3d..56b2a633e 100644 --- a/cli/Makefile +++ b/cli/Makefile @@ -19,6 +19,3 @@ build-cr: clean: #go clean rm -f ./bin/* - -run: - go run . ".*" diff --git a/cli/kubernetes/provider.go b/cli/kubernetes/provider.go index d49619833..d20a9c40c 100644 --- a/cli/kubernetes/provider.go +++ b/cli/kubernetes/provider.go @@ -4,6 +4,7 @@ import ( _ "bytes" "context" "fmt" + "strings" core "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -76,6 +77,12 @@ func (provider *Provider) CreateMizuPod(ctx context.Context, podName string, pod panic(err.Error()) } + podIps := make([]string, len(tappedPod.Status.PodIPs)) + for ii, podIp := range tappedPod.Status.PodIPs { + podIps[ii] = podIp.IP + } + podIpsString := strings.Join(podIps, ",") + privileged := true pod := &core.Pod{ ObjectMeta: metav1.ObjectMeta{ @@ -97,6 +104,10 @@ func (provider *Provider) CreateMizuPod(ctx context.Context, podName string, pod Name: "HOST_MODE", Value: "1", }, + { + Name: "TAPPED_ADDRESSES", + Value: podIpsString, + }, }, }, }, diff --git a/tap/src/passive_tapper.go b/tap/src/passive_tapper.go index e29903e92..f821a9c68 100644 --- a/tap/src/passive_tapper.go +++ b/tap/src/passive_tapper.go @@ -54,6 +54,13 @@ func parseAppPorts(appPortsList string) []int { return ports } +func parseHostAppAddresses(hostAppAddressesString string) []string { + if len(hostAppAddressesString) == 0 { + return []string{} + } + return strings.Split(hostAppAddressesString, ",") +} + var maxcount = flag.Int("c", -1, "Only grab this many packets, then exit") var decoder = flag.String("decoder", "", "Name of the decoder to use (default: guess from capture)") var statsevery = flag.Int("stats", 60, "Output statistics every N seconds") @@ -83,6 +90,7 @@ var tstype = flag.String("timestamp_type", "", "Type of timestamps to use") var promisc = flag.Bool("promisc", true, "Set promiscuous mode") var anydirection = flag.Bool("anydirection", false, "Capture http requests to other hosts") var staleTimeoutSeconds = flag.Int("staletimout", 120, "Max time in seconds to keep connections which don't transmit data") +var hostAppAddressesString = flag.String("targets", "", "Comma separated list of ip:ports to tap") var memprofile = flag.String("memprofile", "", "Write memory profile") @@ -217,6 +225,8 @@ func main() { } else { appPorts = parseAppPorts(appPortsStr) } + hostAppAddresses = parseHostAppAddresses(*hostAppAddressesString) + fmt.Println("Filtering for the following addresses:", hostAppAddresses) tapOutputPort := os.Getenv(TapOutPortEnvVar) if tapOutputPort == "" { fmt.Println("Received empty/no WEB_SOCKET_PORT env var! falling back to port 8080") diff --git a/tap/src/tcp_stream_factory.go b/tap/src/tcp_stream_factory.go index fc510a8cc..ec981722f 100644 --- a/tap/src/tcp_stream_factory.go +++ b/tap/src/tcp_stream_factory.go @@ -84,10 +84,13 @@ func (factory *tcpStreamFactory) WaitGoRoutines() { } func (factory *tcpStreamFactory) shouldTap(dstIP string, dstPort int) bool { - return true // TODO: this is only for checking it now - if hostMode { - return inArrayString(hostAppAddresses, fmt.Sprintf("%s:%d", dstIP, dstPort)) + if inArrayString(hostAppAddresses, fmt.Sprintf("%s:%d", dstIP, dstPort)) == true { + return true + } else if inArrayString(hostAppAddresses, dstIP) == true { + return true + } + return false } else { isTappedPort := dstPort == 80 || (appPorts != nil && (inArrayInt(appPorts, dstPort))) if !isTappedPort {