github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/pkg/ebpftracer/signature/stdio_socket.go

github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/pkg/ebpftracer/signature/stdio_socket.go (about)

     1  package signature
     2  
     3  import (
     4  	"net/netip"
     5  
     6  	v1 "github.com/castai/kvisor/api/v1/runtime"
     7  	"github.com/castai/kvisor/pkg/ebpftracer/events"
     8  	"github.com/castai/kvisor/pkg/ebpftracer/types"
     9  	"github.com/castai/kvisor/pkg/logging"
    10  )
    11  
    12  var _ Signature = (*StdioViaSocket)(nil)
    13  
    14  type StdioViaSocket struct {
    15  	log *logging.Logger
    16  }
    17  
    18  func NewStdViaSocketSignature(log *logging.Logger) Signature {
    19  	return &StdioViaSocket{
    20  		log: log,
    21  	}
    22  }
    23  
    24  func (*StdioViaSocket) GetMetadata() SignatureMetadata {
    25  	return SignatureMetadata{
    26  		ID:      v1.SignatureEventID_SIGNATURE_STDIO_VIA_SOCKET,
    27  		Name:    "stdio_via_socket",
    28  		Version: "0.0.1",
    29  		TargetEvents: []events.ID{
    30  			events.SecuritySocketConnect,
    31  			events.SocketDup,
    32  		},
    33  	}
    34  }
    35  
    36  func (s *StdioViaSocket) OnEvent(event *types.Event) *v1.SignatureFinding {
    37  	var socketfd int32
    38  	var remoteAddr types.Sockaddr
    39  
    40  	switch args := event.Args.(type) {
    41  	case types.SecuritySocketConnectArgs:
    42  		socketfd = args.Sockfd
    43  		remoteAddr = args.RemoteAddr
    44  	case types.SocketDupArgs:
    45  		socketfd = args.Newfd
    46  		remoteAddr = args.RemoteAddr
    47  	default:
    48  		// This case should never happen. If it does, there is nothing we can detect here.
    49  		s.log.Warnf("got unknown arguments type when handling StdioViaSocket for event `%d`", event.Context.EventID)
    50  		return nil
    51  	}
    52  
    53  	// This signature only cares about stdio fds
    54  	if socketfd != 0 && socketfd != 1 && socketfd != 2 {
    55  		return nil
    56  	}
    57  
    58  	if remoteAddr == nil {
    59  		s.log.Warnf("remoteAddr was nil for event `%d`", event.Context.EventID)
    60  		return nil
    61  	}
    62  
    63  	var netaddr netip.AddrPort
    64  
    65  	switch addr := remoteAddr.(type) {
    66  	case types.Ip4SockAddr:
    67  		netaddr = addr.Addr
    68  	case types.Ip6SockAddr:
    69  		netaddr = addr.Addr
    70  	default:
    71  		// This signature can only handle IPv4 and IPv6 socket addrs. In the future we might
    72  		// want to think about support other addr types too.
    73  		return nil
    74  	}
    75  
    76  	if netaddr.Port() == 0 {
    77  		return nil
    78  	}
    79  
    80  	return &v1.SignatureFinding{
    81  		Data: &v1.SignatureFinding_StdioViaSocket{
    82  			StdioViaSocket: &v1.StdioViaSocketFinding{
    83  				Ip:       netaddr.Addr().AsSlice(),
    84  				Port:     uint32(netaddr.Port()),
    85  				Socketfd: socketfd,
    86  			},
    87  		},
    88  	}
    89  }