mirror of
https://github.com/kubeshark/kubeshark.git
synced 2026-05-20 08:04:06 +00:00
d3c023b3ba
* Show pod name and namespace (#61) * WIP * Update main.go, consts.go, and 2 more files... * Update messageSensitiveDataCleaner.go * Update consts.go and messageSensitiveDataCleaner.go * Update messageSensitiveDataCleaner.go * Update main.go, consts.go, and 3 more files... * WIP * Update main.go, messageSensitiveDataCleaner.go, and 6 more files... * Update main.go, messageSensitiveDataCleaner.go, and 3 more files... * Update consts.go, messageSensitiveDataCleaner.go, and tap.go * Update provider.go * Update serializableRegexp.go * Update tap.go * TRA-3234 fetch with _source + no hard limit (#64) * remove the HARD limit of 5000 * TRA-3299 Reduce footprint and Add Tolerances(#65) * Use lib const for DNSClusterFirstWithHostNet. * Whitespace. * Break lines. * Added affinity to pod names. * Added tolerations to NoExecute and NoSchedule taints. * Implementation of Mizu view command * . * . * Update main.go and messageSensitiveDataCleaner.go * Update main.go * String and not pointers (#68) * TRA-3318 - Cookies not null and fix har file names (#69) * no message * TRA-3212 Passive-Tapper and Mizu share code (#70) * Use log in tap package instead of fmt. * Moved api/pkg/tap to root. * Added go.mod and go.sum for tap. * Added replace for shared. * api uses tap module instead of tap package. * Removed dependency of tap in shared by moving env var out of tap. * Fixed compilation bugs. * Fixed: Forgot to export struct field HostMode. * Removed unused flag. * Close har output channel when done. * Moved websocket out of mizu and into passive-tapper. * Send connection details over har output channel. * Fixed compilation errors. * Removed unused info from request response cache. * Renamed connection -> connectionID. * Fixed rename bug. * Export setters and getters for filter ips and ports. * Added tap dependency to Dockerfile. * Uncomment error messages. * Renamed `filterIpAddresses` -> `filterAuthorities`. * Renamed ConnectionID -> ConnectionInfo. * Fixed: Missed one replace. * TRA-3342 Mizu/tap dump to har directory fails on Linux (#71) * Instead of saving incomplete temp har files in a temp dir, save them in the output dir with a *.har.tmp suffix. * API only loads har from *.har files (by extension). * Add export entries endpoint for better up9 connect funcionality (#72) * no message * no message * no message * Filter 'cookie' header * Release action (#73) * Create main.yml * Update main.yml * Update main.yml * Update main.yml * Update main.yml * trying new approach * no message * yaml error * no message * no message * no message * missing ) * no message * no message * remove main.yml and fix branches * Create tag-temp.yaml * Update tag-temp.yaml * Update tag-temp.yaml * no message * no message * no message * no message * no message * no message * no message * #minor * no message * no message * added checksum calc to CLI makefile * fixed build error - created bin directory upfront * using markdown for release text * use separate checksum files * fixed release readme * #minor * readme updated Co-authored-by: Alex Haiut <alex@up9.com> * TRA-3360 Fix: Mizu ignores -n namespace flag and records traffic from all pods (#75) Do not tap pods in namespaces which were not requested. * added apple/m1 binary, updated readme (#77) Co-authored-by: Alex Haiut <alex@up9.com> * Update README.md (#78) Co-authored-by: lirazyehezkel <61656597+lirazyehezkel@users.noreply.github.com> Co-authored-by: RamiBerm <rami.berman@up9.com> Co-authored-by: RamiBerm <54766858+RamiBerm@users.noreply.github.com> Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com> Co-authored-by: nimrod-up9 <59927337+nimrod-up9@users.noreply.github.com> Co-authored-by: Igor Gov <igor.govorov1@gmail.com> Co-authored-by: Alex Haiut <alex@up9.com>
257 lines
6.5 KiB
Go
257 lines
6.5 KiB
Go
package tap
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/google/martian/har"
|
|
)
|
|
|
|
const readPermission = 0644
|
|
const harFilenameSuffix = ".har"
|
|
const tempFilenameSuffix = ".har.tmp"
|
|
|
|
type PairChanItem struct {
|
|
Request *http.Request
|
|
RequestTime time.Time
|
|
Response *http.Response
|
|
ResponseTime time.Time
|
|
RequestSenderIp string
|
|
ConnectionInfo *ConnectionInfo
|
|
}
|
|
|
|
func openNewHarFile(filename string) *HarFile {
|
|
file, err := os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, readPermission)
|
|
if err != nil {
|
|
log.Panicf("Failed to open output file: %s (%v,%+v)", err, err, err)
|
|
}
|
|
|
|
harFile := HarFile{file: file, entryCount: 0}
|
|
harFile.writeHeader()
|
|
|
|
return &harFile
|
|
}
|
|
|
|
type HarFile struct {
|
|
file *os.File
|
|
entryCount int
|
|
}
|
|
|
|
func NewEntry(request *http.Request, requestTime time.Time, response *http.Response, responseTime time.Time) (*har.Entry, error) {
|
|
harRequest, err := har.NewRequest(request, true)
|
|
if err != nil {
|
|
SilentError("convert-request-to-har", "Failed converting request to HAR %s (%v,%+v)", err, err, err)
|
|
return nil, errors.New("Failed converting request to HAR")
|
|
}
|
|
|
|
harResponse, err := har.NewResponse(response, true)
|
|
if err != nil {
|
|
SilentError("convert-response-to-har", "Failed converting response to HAR %s (%v,%+v)", err, err, err)
|
|
return nil, errors.New("Failed converting response to HAR")
|
|
}
|
|
|
|
if harRequest.PostData != nil && strings.HasPrefix(harRequest.PostData.MimeType, "application/grpc") {
|
|
// Force HTTP/2 gRPC into HAR template
|
|
|
|
harRequest.URL = fmt.Sprintf("%s://%s%s", request.Header.Get(":scheme"), request.Header.Get(":authority"), request.Header.Get(":path"))
|
|
|
|
status, err := strconv.Atoi(response.Header.Get(":status"))
|
|
if err != nil {
|
|
SilentError("convert-response-status-for-har", "Failed converting status to int %s (%v,%+v)", err, err, err)
|
|
return nil, errors.New("Failed converting response status to int for HAR")
|
|
}
|
|
harResponse.Status = status
|
|
} else {
|
|
// Martian copies http.Request.URL.String() to har.Request.URL, which usually contains the path.
|
|
// However, according to the HAR spec, the URL field needs to be the absolute URL.
|
|
var scheme string
|
|
if request.URL.Scheme != "" {
|
|
scheme = request.URL.Scheme
|
|
} else {
|
|
scheme = "http"
|
|
}
|
|
harRequest.URL = fmt.Sprintf("%s://%s%s", scheme, request.Host, request.URL)
|
|
}
|
|
|
|
totalTime := responseTime.Sub(requestTime).Round(time.Millisecond).Milliseconds()
|
|
if totalTime < 1 {
|
|
totalTime = 1
|
|
}
|
|
|
|
harEntry := har.Entry{
|
|
StartedDateTime: time.Now().UTC(),
|
|
Time: totalTime,
|
|
Request: harRequest,
|
|
Response: harResponse,
|
|
Cache: &har.Cache{},
|
|
Timings: &har.Timings{
|
|
Send: -1,
|
|
Wait: -1,
|
|
Receive: totalTime,
|
|
},
|
|
}
|
|
|
|
return &harEntry, nil
|
|
}
|
|
|
|
func (f *HarFile) WriteEntry(harEntry *har.Entry) {
|
|
harEntryJson, err := json.Marshal(harEntry)
|
|
if err != nil {
|
|
SilentError("har-entry-marshal", "Failed converting har entry object to JSON%s (%v,%+v)", err, err, err)
|
|
return
|
|
}
|
|
|
|
var separator string
|
|
if f.GetEntryCount() > 0 {
|
|
separator = ","
|
|
} else {
|
|
separator = ""
|
|
}
|
|
|
|
harEntryString := append([]byte(separator), harEntryJson...)
|
|
|
|
if _, err := f.file.Write(harEntryString); err != nil {
|
|
log.Panicf("Failed to write to output file: %s (%v,%+v)", err, err, err)
|
|
}
|
|
|
|
f.entryCount++
|
|
}
|
|
|
|
func (f *HarFile) GetEntryCount() int {
|
|
return f.entryCount
|
|
}
|
|
|
|
func (f *HarFile) Close() {
|
|
f.writeTrailer()
|
|
|
|
err := f.file.Close()
|
|
if err != nil {
|
|
log.Panicf("Failed to close output file: %s (%v,%+v)", err, err, err)
|
|
}
|
|
}
|
|
|
|
func (f*HarFile) writeHeader() {
|
|
header := []byte(`{"log": {"version": "1.2", "creator": {"name": "Mizu", "version": "0.0.1"}, "entries": [`)
|
|
if _, err := f.file.Write(header); err != nil {
|
|
log.Panicf("Failed to write header to output file: %s (%v,%+v)", err, err, err)
|
|
}
|
|
}
|
|
|
|
func (f*HarFile) writeTrailer() {
|
|
trailer := []byte("]}}")
|
|
if _, err := f.file.Write(trailer); err != nil {
|
|
log.Panicf("Failed to write trailer to output file: %s (%v,%+v)", err, err, err)
|
|
}
|
|
}
|
|
|
|
func NewHarWriter(outputDir string, maxEntries int) *HarWriter {
|
|
return &HarWriter{
|
|
OutputDirPath: outputDir,
|
|
MaxEntries: maxEntries,
|
|
PairChan: make(chan *PairChanItem),
|
|
OutChan: make(chan *OutputChannelItem, 1000),
|
|
currentFile: nil,
|
|
done: make(chan bool),
|
|
}
|
|
}
|
|
|
|
type OutputChannelItem struct {
|
|
HarEntry *har.Entry
|
|
ConnectionInfo *ConnectionInfo
|
|
}
|
|
|
|
type HarWriter struct {
|
|
OutputDirPath string
|
|
MaxEntries int
|
|
PairChan chan *PairChanItem
|
|
OutChan chan *OutputChannelItem
|
|
currentFile *HarFile
|
|
done chan bool
|
|
}
|
|
|
|
func (hw *HarWriter) WritePair(request *http.Request, requestTime time.Time, response *http.Response, responseTime time.Time, connectionInfo *ConnectionInfo) {
|
|
hw.PairChan <- &PairChanItem{
|
|
Request: request,
|
|
RequestTime: requestTime,
|
|
Response: response,
|
|
ResponseTime: responseTime,
|
|
ConnectionInfo: connectionInfo,
|
|
}
|
|
}
|
|
|
|
func (hw *HarWriter) Start() {
|
|
if hw.OutputDirPath != "" {
|
|
if err := os.MkdirAll(hw.OutputDirPath, os.ModePerm); err != nil {
|
|
log.Panicf("Failed to create output directory: %s (%v,%+v)", err, err, err)
|
|
}
|
|
}
|
|
|
|
go func() {
|
|
for pair := range hw.PairChan {
|
|
harEntry, err := NewEntry(pair.Request, pair.RequestTime, pair.Response, pair.ResponseTime)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
|
|
if hw.OutputDirPath != "" {
|
|
if hw.currentFile == nil {
|
|
hw.openNewFile()
|
|
}
|
|
|
|
hw.currentFile.WriteEntry(harEntry)
|
|
|
|
if hw.currentFile.GetEntryCount() >= hw.MaxEntries {
|
|
hw.closeFile()
|
|
}
|
|
} else {
|
|
hw.OutChan <- &OutputChannelItem{
|
|
HarEntry: harEntry,
|
|
ConnectionInfo: pair.ConnectionInfo,
|
|
}
|
|
}
|
|
}
|
|
|
|
if hw.currentFile != nil {
|
|
hw.closeFile()
|
|
}
|
|
hw.done <- true
|
|
} ()
|
|
}
|
|
|
|
func (hw *HarWriter) Stop() {
|
|
close(hw.PairChan)
|
|
<-hw.done
|
|
close(hw.OutChan)
|
|
}
|
|
|
|
func (hw *HarWriter) openNewFile() {
|
|
filename := buildFilename(hw.OutputDirPath, time.Now(), tempFilenameSuffix)
|
|
hw.currentFile = openNewHarFile(filename)
|
|
}
|
|
|
|
func (hw *HarWriter) closeFile() {
|
|
hw.currentFile.Close()
|
|
tmpFilename := hw.currentFile.file.Name()
|
|
hw.currentFile = nil
|
|
|
|
filename := buildFilename(hw.OutputDirPath, time.Now(), harFilenameSuffix)
|
|
err := os.Rename(tmpFilename, filename)
|
|
if err != nil {
|
|
SilentError("Rename-file", "cannot rename file: %s (%v,%+v)", err, err, err)
|
|
}
|
|
}
|
|
|
|
func buildFilename(dir string, t time.Time, suffix string) string {
|
|
// (epoch time in nanoseconds)__(YYYY_Month_DD__hh-mm-ss).har
|
|
filename := fmt.Sprintf("%d__%s%s", t.UnixNano(), t.Format("2006_Jan_02__15-04-05"), suffix)
|
|
return filepath.Join(dir, filename)
|
|
}
|