forked from eldadru/ksniff
-
Notifications
You must be signed in to change notification settings - Fork 0
/
privileged_pod_sniffer_service.go
100 lines (77 loc) · 3.32 KB
/
privileged_pod_sniffer_service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package sniffer
import (
"bytes"
log "github.com/sirupsen/logrus"
"io"
v1 "k8s.io/api/core/v1"
"ksniff/kube"
"ksniff/pkg/config"
"ksniff/pkg/service/sniffer/runtime"
)
type PrivilegedPodSnifferService struct {
settings *config.KsniffSettings
privilegedPod *v1.Pod
privilegedContainerName string
targetProcessId *string
kubernetesApiService kube.KubernetesApiService
runtimeBridge runtime.ContainerRuntimeBridge
}
func NewPrivilegedPodRemoteSniffingService(options *config.KsniffSettings, service kube.KubernetesApiService, bridge runtime.ContainerRuntimeBridge) SnifferService {
return &PrivilegedPodSnifferService{settings: options, kubernetesApiService: service, runtimeBridge: bridge}
}
func (p *PrivilegedPodSnifferService) Setup() error {
var err error
log.Infof("creating privileged pod on node: '%s'", p.settings.DetectedPodNodeName)
image := p.settings.Image
if p.settings.UseDefaultImage {
image = p.runtimeBridge.GetDefaultImage()
}
p.privilegedPod, err = p.kubernetesApiService.CreatePrivilegedPod(p.settings.DetectedPodNodeName, image)
if err != nil {
log.WithError(err).Errorf("failed to create privileged pod on node: '%s'", p.settings.DetectedPodNodeName)
return err
}
log.Infof("pod: '%s' created successfully on node: '%s'", p.privilegedPod.Name, p.settings.DetectedPodNodeName)
if p.runtimeBridge.NeedsPid() {
var buff bytes.Buffer
command := p.runtimeBridge.BuildInspectCommand(p.settings.DetectedContainerId)
exitCode, err := p.kubernetesApiService.ExecuteCommand(p.privilegedPod.Name, "ksniff-privileged", command, &buff)
if err != nil {
log.WithError(err).Errorf("failed to start sniffing using privileged pod, exit code: '%d'", exitCode)
}
p.targetProcessId, err = p.runtimeBridge.ExtractPid(buff.String())
if err != nil {
return err
}
}
return nil
}
func (p *PrivilegedPodSnifferService) Cleanup() error {
log.Infof("removing privileged container: '%s'", p.privilegedContainerName)
command := p.runtimeBridge.BuildCleanupCommand()
exitCode, err := p.kubernetesApiService.ExecuteCommand(p.privilegedPod.Name, "ksniff-privileged", command, &kube.NopWriter{})
if err != nil {
log.WithError(err).Errorf("failed to remove privileged container: '%s', exit code: '%d', "+
"please manually remove it", p.privilegedContainerName, exitCode)
} else {
log.Infof("privileged container: '%s' removed successfully", p.privilegedContainerName)
}
log.Infof("removing pod: '%s'", p.privilegedPod.Name)
err = p.kubernetesApiService.DeletePod(p.privilegedPod.Name)
if err != nil {
log.WithError(err).Errorf("failed to remove pod: '%s", p.privilegedPod.Name)
return err
}
log.Infof("pod: '%s' removed successfully", p.privilegedPod.Name)
return nil
}
func (p *PrivilegedPodSnifferService) Start(stdOut io.Writer) error {
log.Info("starting remote sniffing using privileged pod")
command := p.runtimeBridge.BuildTcpdumpCommand(&p.settings.DetectedContainerId, p.settings.UserSpecifiedInterface, p.settings.UserSpecifiedFilter, p.targetProcessId)
exitCode, err := p.kubernetesApiService.ExecuteCommand(p.privilegedPod.Name, "ksniff-privileged", command, stdOut)
if err != nil {
log.WithError(err).Errorf("failed to start sniffing using privileged pod, exit code: '%d'", exitCode)
}
log.Info("remote sniffing using privileged pod completed")
return nil
}