NotificationsYou must be signed in to change notification settings
Fork917
Star10.1k

Commite7f9516

committed

Implement port process inspection

1 parent76d3a24 commite7f9516Copy full SHA for e7f9516

File tree

5 files changed

+59

-10

lines changed

agent
- agent_test.go
- agentssh

5 files changed

+59

-10

lines changed

`‎agent/agent_test.go`

Lines changed: 6 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -192,10 +192,13 @@ func TestAgent_Stats_Magic(t *testing.T) {`
`192`	`192`	`require.NoError(t,err)`
`193`	`193`	`})`
`194`	`194`
`195`		`-// This test namebeing "Jetbrains" is required to be a certain string.`
`196`		`-//It must match the regex checkin theagent for Jetbrains.`
`197`		`-t.Run("Jetbrains",func(t*testing.T) {`
	`195`	`+// This test namemust contain the string checked for by the agent, since it`
	`196`	`+//looks for this stringin theprocess name.`
	`197`	`+t.Run("TracksIdea.vendor.name=JetBrains",func(t*testing.T) {`
`198`	`198`	`t.Parallel()`
	`199`	`+ifruntime.GOOS!="linux" {`
	`200`	`+t.Skip("JetBrains tracking is only supported on Linux")`
	`201`	`+}`
`199`	`202`	`ctx:=testutil.Context(t,testutil.WaitLong)`
`200`	`203`
`201`	`204`	`rl,err:=net.Listen("tcp","127.0.0.1:0")`

`‎agent/agentssh/agentssh.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -113,7 +113,7 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom`
`113`	`113`	`ChannelHandlers:map[string]ssh.ChannelHandler{`
`114`	`114`	`"direct-tcpip":func(srvssh.Server,conngossh.ServerConn,newChan gossh.NewChannel,ctx ssh.Context) {`
`115`	`115`	`// wrapper is designed to find and track jetbrains gateway connections.`
`116`		`-wrapped:=NewChannelAcceptWatcher(s.logger,newChan,&s.connCountJetBrains)`
	`116`	`+wrapped:=NewChannelAcceptWatcher(ctx,s.logger,newChan,&s.connCountJetBrains)`
`117`	`117`	`ssh.DirectTCPIPHandler(srv,conn,wrapped,ctx)`
`118`	`118`	`},`
`119`	`119`	`"direct-streamlocal@openssh.com":directStreamLocalHandler,`

`‎agent/agentssh/jetbrainstrack.go`

Lines changed: 23 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,11 @@`
`1`	`1`	`package agentssh`
`2`	`2`
`3`	`3`	`import (`
	`4`	`+"strings"`
`4`	`5`	`"sync"`
`5`	`6`
`6`	`7`	`"cdr.dev/slog"`
	`8`	`+"github.com/gliderlabs/ssh"`
`7`	`9`	`"go.uber.org/atomic"`
`8`	`10`	`gossh"golang.org/x/crypto/ssh"`
`9`	`11`	`)`
`@@ -21,17 +23,32 @@ type ChannelAcceptWatcher struct {`
`21`	`23`	`jetbrainsCounter*atomic.Int64`
`22`	`24`	`}`
`23`	`25`
`24`		`-funcNewChannelAcceptWatcher(logger slog.Logger,newChannel gossh.NewChannel,counter*atomic.Int64) gossh.NewChannel {`
	`26`	`+funcNewChannelAcceptWatcher(ctx ssh.Context,logger slog.Logger,newChannel gossh.NewChannel,counter*atomic.Int64) gossh.NewChannel {`
`25`	`27`	`d:=localForwardChannelData{}`
`26`	`28`	`iferr:=gossh.Unmarshal(newChannel.ExtraData(),&d);err!=nil {`
`27`		`-// If the data fails to unmarshal, do nothing`
	`29`	`+// If the data fails to unmarshal, do nothing.`
`28`	`30`	`returnnewChannel`
`29`	`31`	`}`
`30`	`32`
`31`		`-//if !jetbrains {`
`32`		`-// If this isn't jetbrains, then we don't need to do anything special.`
`33`		`-//return newChannel`
`34`		`-//}`
	`33`	`+// If we do get a port, we should be able to get the matching PID and from`
	`34`	`+// there look up the name.`
	`35`	`+name,err:=getListeningPortProcessName(d.DestPort)`
	`36`	`+iferr!=nil {`
	`37`	`+logger.Warn(ctx,"port inspection failed",`
	`38`	`+slog.F("destination_port",d.DestPort),`
	`39`	`+slog.Error(err))`
	`40`	`+returnnewChannel`
	`41`	`+}`
	`42`	`+`
	`43`	`+// If this is not JetBrains, then we do not need to do anything special. We`
	`44`	`+// attempt to match on something that appears unique to JetBrains software and`
	`45`	`+// the vendor name flag seems like it might be a reasonable choice.`
	`46`	`+ifstrings.Contains(strings.ToLower(name),"idea.vendor.name=jetbrains") {`
	`47`	`+returnnewChannel`
	`48`	`+}`
	`49`	`+`
	`50`	`+logger.Debug(ctx,"discovered forwarded JetBrains process",`
	`51`	`+slog.F("destination_port",d.DestPort))`
`35`	`52`
`36`	`53`	`return&ChannelAcceptWatcher{`
`37`	`54`	`NewChannel:newChannel,`

`‎agent/agentssh/portinspection_supported.go`

Lines changed: 20 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,20 @@`
	`1`	`+//go:build linux \|\| (windows && amd64)`
	`2`	`+`
	`3`	`+package agentssh`
	`4`	`+`
	`5`	`+import (`
	`6`	`+"github.com/cakturk/go-netstat/netstat"`
	`7`	`+)`
	`8`	`+`
	`9`	`+funcgetListeningPortProcessName(portuint32) (string,error) {`
	`10`	`+tabs,err:=netstat.TCPSocks(func(s*netstat.SockTabEntry)bool {`
	`11`	`+returns.LocalAddr!=nil&&uint32(s.LocalAddr.Port)==port`
	`12`	`+})`
	`13`	`+iferr!=nil {`
	`14`	`+return"",err`
	`15`	`+}`
	`16`	`+iflen(tabs)==0 {`
	`17`	`+return"",nil`
	`18`	`+}`
	`19`	`+returntabs[0].Process.Name,nil`
	`20`	`+}`

`‎agent/agentssh/portinspection_unsupported.go`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,9 @@`
	`1`	`+//go:build !linux && !(windows && amd64)`
	`2`	`+`
	`3`	`+package agentssh`
	`4`	`+`
	`5`	`+funcgetListeningPortProcessName(portuint32) (string,error) {`
	`6`	`+// We are not worrying about other platforms at the moment because Gateway`
	`7`	`+// only supports Linux anyway.`
	`8`	`+return"",nil`
	`9`	`+}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commite7f9516

File tree

5 files changed

5 files changed

`‎agent/agent_test.go`

`‎agent/agentssh/agentssh.go`

`‎agent/agentssh/jetbrainstrack.go`

`‎agent/agentssh/portinspection_supported.go`

`‎agent/agentssh/portinspection_unsupported.go`

0 commit comments