Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitf73d1b8

Browse files
committed
Implement port process inspection
1 parent76d3a24 commitf73d1b8

File tree

5 files changed

+74
-10
lines changed

5 files changed

+74
-10
lines changed

‎agent/agent_test.go

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -192,10 +192,13 @@ func TestAgent_Stats_Magic(t *testing.T) {
192192
require.NoError(t,err)
193193
})
194194

195-
// This test namebeing "Jetbrains" is required to be a certain string.
196-
//It must match the regex checkin theagent for Jetbrains.
197-
t.Run("Jetbrains",func(t*testing.T) {
195+
// This test namemust contain the string checked for by the agent, since it
196+
//looks for this stringin theprocess name.
197+
t.Run("TracksIdea.vendor.name=JetBrains",func(t*testing.T) {
198198
t.Parallel()
199+
ifruntime.GOOS!="linux" {
200+
t.Skip("JetBrains tracking is only supported on Linux")
201+
}
199202
ctx:=testutil.Context(t,testutil.WaitLong)
200203

201204
rl,err:=net.Listen("tcp","127.0.0.1:0")

‎agent/agentssh/agentssh.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,7 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom
113113
ChannelHandlers:map[string]ssh.ChannelHandler{
114114
"direct-tcpip":func(srv*ssh.Server,conn*gossh.ServerConn,newChan gossh.NewChannel,ctx ssh.Context) {
115115
// wrapper is designed to find and track jetbrains gateway connections.
116-
wrapped:=NewChannelAcceptWatcher(s.logger,newChan,&s.connCountJetBrains)
116+
wrapped:=NewChannelAcceptWatcher(ctx,s.logger,newChan,&s.connCountJetBrains)
117117
ssh.DirectTCPIPHandler(srv,conn,wrapped,ctx)
118118
},
119119
"direct-streamlocal@openssh.com":directStreamLocalHandler,

‎agent/agentssh/jetbrainstrack.go

Lines changed: 27 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,11 @@
11
package agentssh
22

33
import (
4+
"strings"
45
"sync"
56

67
"cdr.dev/slog"
8+
"github.com/gliderlabs/ssh"
79
"go.uber.org/atomic"
810
gossh"golang.org/x/crypto/ssh"
911
)
@@ -21,17 +23,36 @@ type ChannelAcceptWatcher struct {
2123
jetbrainsCounter*atomic.Int64
2224
}
2325

24-
funcNewChannelAcceptWatcher(logger slog.Logger,newChannel gossh.NewChannel,counter*atomic.Int64) gossh.NewChannel {
26+
funcNewChannelAcceptWatcher(ctx ssh.Context,logger slog.Logger,newChannel gossh.NewChannel,counter*atomic.Int64) gossh.NewChannel {
2527
d:=localForwardChannelData{}
2628
iferr:=gossh.Unmarshal(newChannel.ExtraData(),&d);err!=nil {
27-
// If the data fails to unmarshal, do nothing
29+
// If the data fails to unmarshal, do nothing.
2830
returnnewChannel
2931
}
3032

31-
//if !jetbrains {
32-
// If this isn't jetbrains, then we don't need to do anything special.
33-
//return newChannel
34-
//}
33+
// If we do get a port, we should be able to get the matching PID and from
34+
// there look up the invocation.
35+
cmdline,err:=getListeningPortProcessCmdline(d.DestPort)
36+
iferr!=nil {
37+
logger.Warn(ctx,"port inspection failed",
38+
slog.F("destination_port",d.DestPort),
39+
slog.Error(err))
40+
returnnewChannel
41+
}
42+
43+
logger.Debug(ctx,"discover forwarded JetBrains process",
44+
slog.F("cmdline",cmdline),
45+
slog.F("destination_port",d.DestPort))
46+
47+
// If this is not JetBrains, then we do not need to do anything special. We
48+
// attempt to match on something that appears unique to JetBrains software and
49+
// the vendor name flag seems like it might be a reasonable choice.
50+
if!strings.Contains(strings.ToLower(cmdline),"idea.vendor.name=jetbrains") {
51+
returnnewChannel
52+
}
53+
54+
logger.Debug(ctx,"discovered forwarded JetBrains process",
55+
slog.F("destination_port",d.DestPort))
3556

3657
return&ChannelAcceptWatcher{
3758
NewChannel:newChannel,
Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
//go:build linux
2+
3+
package agentssh
4+
5+
import (
6+
"fmt"
7+
"os"
8+
9+
"github.com/cakturk/go-netstat/netstat"
10+
"golang.org/x/xerrors"
11+
)
12+
13+
funcgetListeningPortProcessCmdline(portuint32) (string,error) {
14+
tabs,err:=netstat.TCPSocks(func(s*netstat.SockTabEntry)bool {
15+
returns.LocalAddr!=nil&&uint32(s.LocalAddr.Port)==port
16+
})
17+
iferr!=nil {
18+
return"",xerrors.Errorf("inspect port %d: %w",port,err)
19+
}
20+
iflen(tabs)==0 {
21+
return"",nil
22+
}
23+
// The process name provided by go-netstat does not include the full command
24+
// line so grab that instead.
25+
pid:=tabs[0].Process.Pid
26+
data,err:=os.ReadFile(fmt.Sprintf("/proc/%d/cmdline",pid))
27+
iferr!=nil {
28+
return"",xerrors.Errorf("read /proc/%d/cmdline: %w",pid,err)
29+
}
30+
returnstring(data),nil
31+
}
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
//go:build !linux
2+
3+
package agentssh
4+
5+
funcgetListeningPortProcessCmdline(portuint32) (string,error) {
6+
// We are not worrying about other platforms at the moment because Gateway
7+
// only supports Linux anyway.
8+
return"",nil
9+
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp