From 5e81776598c61945070b3760efe9b99a2266121b Mon Sep 17 00:00:00 2001 From: containerscrew Date: Sun, 12 Jan 2025 22:44:24 +0100 Subject: [PATCH] Wip: egress connections --- Cargo.lock | 128 ++++++++++++++++++++++++++++++++++++++++++++ nflux/Cargo.toml | 1 + nflux/src/egress.rs | 5 +- nflux/src/main.rs | 4 ++ nflux/src/utils.rs | 14 +++++ 5 files changed, 150 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 372ca89..357dde0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -331,6 +331,12 @@ dependencies = [ "version_check", ] +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + [[package]] name = "crc32fast" version = "1.4.2" @@ -340,6 +346,31 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "crossbeam-deque" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" + [[package]] name = "dns-lookup" version = "2.0.4" @@ -521,6 +552,7 @@ dependencies = [ "nflux-common", "nflux-ebpf", "serde", + "sysinfo", "tempfile", "tokio", "toml", @@ -549,6 +581,15 @@ dependencies = [ "xtask", ] +[[package]] +name = "ntapi" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e8a3895c6391c39d7fe7ebc444a87eb2991b2a0bc718fdabd071eec617fc68e4" +dependencies = [ + "winapi", +] + [[package]] name = "nu-ansi-term" version = "0.46.0" @@ -650,6 +691,26 @@ dependencies = [ "proc-macro2", ] +[[package]] +name = "rayon" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + [[package]] name = "rustc-demangle" version = "0.1.24" @@ -782,6 +843,20 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "sysinfo" +version = "0.33.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fc858248ea01b66f19d8e8a6d55f41deaf91e9d495246fd01368d99935c6c01" +dependencies = [ + "core-foundation-sys", + "libc", + "memchr", + "ntapi", + "rayon", + "windows", +] + [[package]] name = "tempfile" version = "3.15.0" @@ -1021,6 +1096,59 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +[[package]] +name = "windows" +version = "0.57.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "12342cb4d8e3b046f3d80effd474a7a02447231330ef77d71daa6fbc40681143" +dependencies = [ + "windows-core", + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-core" +version = "0.57.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2ed2439a290666cd67ecce2b0ffaad89c2a56b976b736e6ece670297897832d" +dependencies = [ + "windows-implement", + "windows-interface", + "windows-result", + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-implement" +version = "0.57.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9107ddc059d5b6fbfbffdfa7a7fe3e22a226def0b2608f72e9d552763d3e1ad7" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-interface" +version = "0.57.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29bee4b38ea3cde66011baa44dba677c432a78593e202392d1e9070cf2a7fca7" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-result" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e383302e8ec8515204254685643de10811af0ed97ea37210dc26fb0032647f8" +dependencies = [ + "windows-targets 0.52.6", +] + [[package]] name = "windows-sys" version = "0.48.0" diff --git a/nflux/Cargo.toml b/nflux/Cargo.toml index f622c08..e5d02f1 100644 --- a/nflux/Cargo.toml +++ b/nflux/Cargo.toml @@ -17,6 +17,7 @@ serde = { version = "1.0.217", features = ["derive"] } toml = "0.8.19" bytes = "1.8.0" dns-lookup = "2.0.4" +sysinfo = "0.33.1" [build-dependencies] cargo_metadata = { workspace = true } diff --git a/nflux/src/egress.rs b/nflux/src/egress.rs index 03feba6..387a3f6 100644 --- a/nflux/src/egress.rs +++ b/nflux/src/egress.rs @@ -9,7 +9,7 @@ use bytes::BytesMut; use tracing::{error, info, warn}; use nflux_common::{convert_protocol, EgressConfig, EgressEvent}; use crate::config::{Egress, IsEnabled}; -use crate::utils::lookup_address; +use crate::utils::{get_process_name, lookup_address}; pub fn populate_egress_config(bpf: &mut Ebpf, config: Egress) -> anyhow::Result<()> { let mut egress_config = Array::<_, EgressConfig>::try_from( @@ -105,13 +105,14 @@ pub async fn process_egress_events( match parse_egress_event(buf) { Ok(event) => { info!( - "program=tc_egress protocol={}, ip={}, src_port={}, dst_port={}, fqdn={}, pid={}", + "program=tc_egress protocol={}, ip={}, src_port={}, dst_port={}, fqdn={}, pid={}, comm={}", convert_protocol(event.protocol), Ipv4Addr::from(event.dst_ip), event.src_port, event.dst_port, lookup_address(event.dst_ip), event.pid, + get_process_name(event.pid) ); } Err(e) => error!("Failed to parse egress event on CPU {}: {}", cpu_id, e), diff --git a/nflux/src/main.rs b/nflux/src/main.rs index 8a70a17..6df2f0f 100644 --- a/nflux/src/main.rs +++ b/nflux/src/main.rs @@ -9,6 +9,7 @@ use aya::maps::AsyncPerfEventArray; use aya::util::online_cpus; use aya::{include_bytes_aligned, Ebpf}; use aya_log::EbpfLogger; +use std::process; use config::{IsEnabled, Nflux}; use egress::populate_egress_config; @@ -34,6 +35,9 @@ async fn main() -> anyhow::Result<()> { std::process::exit(1); } + // Welcome message + info!("Starting nflux with pid {}", process::id()); + // Set memory limit set_mem_limit(); diff --git a/nflux/src/utils.rs b/nflux/src/utils.rs index 40b26ad..f34a792 100644 --- a/nflux/src/utils.rs +++ b/nflux/src/utils.rs @@ -2,6 +2,7 @@ use std::{collections::HashMap, net::{IpAddr, Ipv4Addr, Ipv6Addr}}; use dns_lookup::lookup_addr; use libc::getuid; use nflux_common::utils::is_private_ip; +use sysinfo::{Pid, System}; use tokio::signal; use tracing::{info, warn}; @@ -74,3 +75,16 @@ pub fn lookup_address(ip: u32) -> String { }, } } + +pub fn get_process_name(pid: u64) -> String { + let mut s = System::new_all(); + + s.refresh_all(); + + match s.process(Pid::from(pid as usize)) { + Some(process) => { + format!("{:?}", process.name()).to_string() + } + None => String::new(), + } +}