Merge pull request #624 from yasin-cs-ko-ak/sysconn

bind port connection details (SYS_BIND)
accuknox · Dec 6, 2022 · 45c77dd · 45c77dd
2 parents 3fd6e36 + 4047718
commit 45c77dd
Show file tree

Hide file tree

Showing 7 changed files with 164 additions and 79 deletions.
diff --git a/src/observability/kubearmor.go b/src/observability/kubearmor.go
@@ -268,11 +268,13 @@ func GetKubearmorSummaryData(req *opb.Request) ([]types.SysObsProcFileData, []ty
 		} else if ss.Operation == "Network" {
 			//ExtractNwData
 			nwData = append(nwData, types.SysObsNwData{
-				InOut:       ss.NwType,
+				NetType:     ss.NwType,
 				Protocol:    ss.Protocol,
 				Command:     ss.Source,
 				PodSvcIP:    ss.IP,
 				ServerPort:  strconv.Itoa(int(ss.Port)),
+				BindPort:    ss.BindPort,
+				BindAddress: ss.BindAddress,
 				Namespace:   ss.DestNamespace,
 				Labels:      ss.DestLabels,
 				Count:       uint32(ss.Count),

diff --git a/src/observability/summarizer.go b/src/observability/summarizer.go
@@ -11,16 +11,18 @@ import (
 	pb "github.com/kubearmor/KubeArmor/protobuf"
 )
 
-func extractNetworkInfoFromSystemLog(netLog pb.Log) (string, string, string, string, string, string, error) {
-	var ip, destNs, destLabel, port, protocol, nwrule string = "", "", "", "", "", ""
+func extractNetworkInfoFromSystemLog(netLog pb.Log) (string, string, string, string, string, string, string, string, error) {
+	var ip, destNs, destLabel, port, bindPort, bindAddress, protocol, nwrule string = "", "", "", "", "", "", "", ""
 	err := errors.New("not a valid incoming/outgoing connection")
 
 	if strings.Contains(netLog.Data, "tcp_connect") || strings.Contains(netLog.Data, "SYS_CONNECT") {
 		nwrule = "egress"
 	} else if strings.Contains(netLog.Data, "tcp_accept") {
 		nwrule = "ingress"
+	} else if strings.Contains(netLog.Data, "SYS_BIND") {
+		nwrule = "bind"
 	} else {
-		return ip, destNs, destLabel, port, protocol, nwrule, err
+		return ip, destNs, destLabel, port, bindPort, bindAddress, protocol, nwrule, err
 	}
 
 	if strings.Contains(netLog.Data, "tcp_") {
@@ -49,11 +51,22 @@ func extractNetworkInfoFromSystemLog(netLog pb.Log) (string, string, string, str
 				}
 			}
 		}
+	} else if strings.Contains(netLog.Data, "SYS_BIND") {
+		resslice := strings.Split(netLog.Resource, " ")
+		for _, locres := range resslice {
+			if strings.Contains(locres, "sin_port") {
+				bindPort = strings.Split(locres, "=")[1]
+			}
+			if strings.Contains(locres, "sin_addr") {
+				bindAddress = strings.Split(locres, "=")[1]
+			}
+		}
+
 	} else {
-		return "", "", "", "", "", "", err
+		return "", "", "", "", "", "", "", "", err
 	}
 
-	return ip, destNs, destLabel, port, protocol, nwrule, nil
+	return ip, destNs, destLabel, port, bindPort, bindAddress, protocol, nwrule, nil
 }
 
 func convertSysLogToSysSummaryMap(syslogs []*pb.Log) {
@@ -111,14 +124,16 @@ func convertSysLogToSysSummaryMap(syslogs []*pb.Log) {
 		}
 
 		if syslog.Operation == "Network" {
-			ip, destNs, destLabel, portStr, protocol, nwrule, err := extractNetworkInfoFromSystemLog(*syslog)
+			ip, destNs, destLabel, portStr, bindPort, bindAddress, protocol, nwrule, err := extractNetworkInfoFromSystemLog(*syslog)
 			if err != nil {
 				continue
 			}
 			port, _ := strconv.ParseInt(portStr, 10, 32)
 			sysSummary.NwType = nwrule
 			sysSummary.IP = ip
 			sysSummary.Port = int32(port)
+			sysSummary.BindPort = bindPort
+			sysSummary.BindAddress = bindAddress
 			sysSummary.Protocol = protocol
 			sysSummary.DestNamespace = destNs
 			sysSummary.DestLabels = destLabel

diff --git a/src/observability/summary.go b/src/observability/summary.go
@@ -24,6 +24,7 @@ func GetSummaryData(request *opb.Request) (*opb.Response, error) {
 		fileResp := []*opb.SysProcFileSummaryData{}
 		inNwResp := []*opb.SysNwSummaryData{}
 		outNwResp := []*opb.SysNwSummaryData{}
+		bindNwResp := []*opb.SysNwSummaryData{}
 
 		resp.PodName = podInfo.PodName
 		resp.ClusterName = podInfo.ClusterName
@@ -57,7 +58,7 @@ func GetSummaryData(request *opb.Request) (*opb.Response, error) {
 
 		if len(nw) > 0 && strings.Contains(request.Type, "network") {
 			for _, loc_nw := range nw {
-				if loc_nw.InOut == "ingress" {
+				if loc_nw.NetType == "ingress" {
 					inNwResp = append(inNwResp, &opb.SysNwSummaryData{
 						Protocol:    loc_nw.Protocol,
 						Command:     loc_nw.Command,
@@ -68,7 +69,7 @@ func GetSummaryData(request *opb.Request) (*opb.Response, error) {
 						Count:       strconv.Itoa(int(loc_nw.Count)),
 						UpdatedTime: loc_nw.UpdatedTime,
 					})
-				} else if loc_nw.InOut == "egress" {
+				} else if loc_nw.NetType == "egress" {
 					outNwResp = append(outNwResp, &opb.SysNwSummaryData{
 						Protocol:    loc_nw.Protocol,
 						Command:     loc_nw.Command,
@@ -79,13 +80,26 @@ func GetSummaryData(request *opb.Request) (*opb.Response, error) {
 						Count:       strconv.Itoa(int(loc_nw.Count)),
 						UpdatedTime: loc_nw.UpdatedTime,
 					})
+				} else if loc_nw.NetType == "bind" {
+					bindNwResp = append(bindNwResp, &opb.SysNwSummaryData{
+						Protocol:    loc_nw.Protocol,
+						Command:     loc_nw.Command,
+						IP:          loc_nw.PodSvcIP,
+						BindPort:    loc_nw.BindPort,
+						BindAddress: loc_nw.BindAddress,
+						Labels:      loc_nw.Labels,
+						Namespace:   loc_nw.Namespace,
+						Count:       strconv.Itoa(int(loc_nw.Count)),
+						UpdatedTime: loc_nw.UpdatedTime,
+					})
 				}
 			}
 		}
 		resp.ProcessData = procResp
 		resp.FileData = fileResp
 		resp.IngressConnection = inNwResp
 		resp.EgressConnection = outNwResp
+		resp.BindConnection = bindNwResp
 	}
 
 	if strings.Contains(request.Type, "ingress") || strings.Contains(request.Type, "egress") {