mirror of
https://github.com/kubeshark/kubeshark.git
synced 2026-05-06 17:27:24 +00:00
e52ba1f05d
* Add `AF_PACKET` support * Update `.gitignore` * Support both `libpcap` and `AF_PACKET` at the same time * Fix linter errors * Fix a bug that introduced while fixing a linter error * Revert the changes related to `MaxBufferedPages` prefixed consts * #run_acceptance_tests * #run_acceptance_tests * Revert channel buffer size #run_acceptance_tests * Revert "Revert channel buffer size #run_acceptance_tests" This reverts commite62c3844cd. * Increase `cy.wait` from `500` to `1000` #run_acceptance_tests * Fix the `pcapHandle` handle * Revert "Increase `cy.wait` from `500` to `1000` #run_acceptance_tests" This reverts commit938c550e72. * #run_acceptance_tests * Handle the merge conflicts * Add `AF_XDP` support * Implement `Close()` of `AF_XDP` and fix linter errors * Fix `NewIPProtoProgram` function and internet protocol number * Pipe the packet stream from every network interface using `*pcapgo.NgReader` and `*pcapgo.NgWriter` Implement `SetDecoder` and `SetBPF` methods. * Fix `NewNgReader` call * Implement `Stats` method * Rebroadcast to the XDP socket * Add `-packet-capture` flag and make `AF_PACKET`, `AF_XDP` optional * #run_acceptance_tests * Fix `newAfXdpHandle` method * #run_acceptance_tests * Update tap/xdp/ipproto.c Co-authored-by: Nimrod Gilboa Markevich <59927337+nimrod-up9@users.noreply.github.com> * Update tap/xdp/ipproto.c Co-authored-by: Nimrod Gilboa Markevich <59927337+nimrod-up9@users.noreply.github.com> * Update tap/xdp/ipproto.c Co-authored-by: Nimrod Gilboa Markevich <59927337+nimrod-up9@users.noreply.github.com> * Fix several issues * Update tap/xdp/ipproto.c Co-authored-by: Nimrod Gilboa Markevich <59927337+nimrod-up9@users.noreply.github.com> * Fix `ipproto.c` * Remove `AF_XDP` * Comment on frameSize Co-authored-by: Nimrod Gilboa Markevich <59927337+nimrod-up9@users.noreply.github.com>
142 lines
4.5 KiB
Docker
142 lines
4.5 KiB
Docker
ARG BUILDARCH=amd64
|
|
ARG TARGETARCH=amd64
|
|
|
|
### Front-end common
|
|
FROM node:16 AS front-end-common
|
|
|
|
WORKDIR /app/ui-build
|
|
COPY ui-common/package.json .
|
|
COPY ui-common/package-lock.json .
|
|
RUN npm i
|
|
COPY ui-common .
|
|
RUN npm pack
|
|
|
|
### Front-end
|
|
FROM node:16 AS front-end
|
|
|
|
WORKDIR /app/ui-build
|
|
|
|
COPY ui/package.json ui/package-lock.json ./
|
|
COPY --from=front-end-common ["/app/ui-build/up9-mizu-common-0.0.0.tgz", "."]
|
|
RUN npm i
|
|
COPY ui .
|
|
RUN npm run build
|
|
|
|
### Base builder image for native builds architecture
|
|
FROM golang:1.17-alpine AS builder-native-base
|
|
ENV CGO_ENABLED=1 GOOS=linux
|
|
RUN apk add --no-cache \
|
|
libpcap-dev \
|
|
g++ \
|
|
perl-utils \
|
|
curl \
|
|
build-base \
|
|
binutils-gold \
|
|
bash \
|
|
clang \
|
|
llvm \
|
|
libbpf-dev \
|
|
linux-headers
|
|
COPY devops/install-capstone.sh .
|
|
RUN ./install-capstone.sh
|
|
|
|
|
|
### Intermediate builder image for x86-64 to x86-64 native builds
|
|
FROM builder-native-base AS builder-from-amd64-to-amd64
|
|
ENV GOARCH=amd64
|
|
ENV BPF_TARGET=amd64 BPF_CFLAGS="-O2 -g -D__TARGET_ARCH_x86"
|
|
|
|
|
|
### Intermediate builder image for AArch64 to AArch64 native builds
|
|
FROM builder-native-base AS builder-from-arm64v8-to-arm64v8
|
|
ENV GOARCH=arm64
|
|
ENV BPF_TARGET=arm64 BPF_CFLAGS="-O2 -g -D__TARGET_ARCH_arm64"
|
|
|
|
|
|
### Builder image for x86-64 to AArch64 cross-compilation
|
|
FROM up9inc/linux-arm64-musl-go-libpcap-capstone-bpf:capstone-5.0-rc2 AS builder-from-amd64-to-arm64v8
|
|
ENV CGO_ENABLED=1 GOOS=linux
|
|
ENV GOARCH=arm64 CGO_CFLAGS="-I/work/libpcap -I/work/capstone/include"
|
|
ENV BPF_TARGET=arm64 BPF_CFLAGS="-O2 -g -D__TARGET_ARCH_arm64 -I/usr/xcc/aarch64-linux-musl-cross/aarch64-linux-musl/include/"
|
|
|
|
|
|
### Builder image for AArch64 to x86-64 cross-compilation
|
|
FROM up9inc/linux-x86_64-musl-go-libpcap-capstone-bpf:capstone-5.0-rc2 AS builder-from-arm64v8-to-amd64
|
|
ENV CGO_ENABLED=1 GOOS=linux
|
|
ENV GOARCH=amd64 CGO_CFLAGS="-I/libpcap -I/capstone/include"
|
|
ENV BPF_TARGET=amd64 BPF_CFLAGS="-O2 -g -D__TARGET_ARCH_x86 -I/usr/local/musl/x86_64-unknown-linux-musl/include/"
|
|
|
|
|
|
### Final builder image where the build happens
|
|
# Possible build strategies:
|
|
# BUILDARCH=amd64 TARGETARCH=amd64
|
|
# BUILDARCH=arm64v8 TARGETARCH=arm64v8
|
|
# BUILDARCH=amd64 TARGETARCH=arm64v8
|
|
# BUILDARCH=arm64v8 TARGETARCH=amd64
|
|
ARG BUILDARCH=amd64
|
|
ARG TARGETARCH=amd64
|
|
FROM builder-from-${BUILDARCH}-to-${TARGETARCH} AS builder
|
|
|
|
# Move to agent working directory (/agent-build)
|
|
WORKDIR /app/agent-build
|
|
|
|
COPY agent/go.mod agent/go.sum ./
|
|
COPY shared/go.mod shared/go.mod ../shared/
|
|
COPY logger/go.mod logger/go.mod ../logger/
|
|
COPY tap/go.mod tap/go.mod ../tap/
|
|
COPY tap/api/go.mod ../tap/api/
|
|
COPY tap/dbgctl/go.mod ../tap/dbgctl/
|
|
COPY tap/extensions/amqp/go.mod ../tap/extensions/amqp/
|
|
COPY tap/extensions/http/go.mod ../tap/extensions/http/
|
|
COPY tap/extensions/kafka/go.mod ../tap/extensions/kafka/
|
|
COPY tap/extensions/redis/go.mod ../tap/extensions/redis/
|
|
RUN go mod download
|
|
|
|
# Copy and build agent code
|
|
COPY shared ../shared
|
|
COPY logger ../logger
|
|
COPY tap ../tap
|
|
COPY agent .
|
|
|
|
ARG COMMIT_HASH
|
|
ARG GIT_BRANCH
|
|
ARG BUILD_TIMESTAMP
|
|
ARG VER=0.0
|
|
|
|
WORKDIR /app/tap/tlstapper
|
|
RUN rm *_bpfel_*
|
|
RUN GOARCH=${BUILDARCH} go generate tls_tapper.go
|
|
|
|
WORKDIR /app/agent-build
|
|
|
|
RUN go build -ldflags="-extldflags=-static -s -w \
|
|
-X 'github.com/up9inc/mizu/agent/pkg/version.GitCommitHash=${COMMIT_HASH}' \
|
|
-X 'github.com/up9inc/mizu/agent/pkg/version.Branch=${GIT_BRANCH}' \
|
|
-X 'github.com/up9inc/mizu/agent/pkg/version.BuildTimestamp=${BUILD_TIMESTAMP}' \
|
|
-X 'github.com/up9inc/mizu/agent/pkg/version.Ver=${VER}'" -o mizuagent .
|
|
|
|
# Download Basenine executable, verify the sha1sum
|
|
ADD https://github.com/up9inc/basenine/releases/download/v0.8.3/basenine_linux_${GOARCH} ./basenine_linux_${GOARCH}
|
|
ADD https://github.com/up9inc/basenine/releases/download/v0.8.3/basenine_linux_${GOARCH}.sha256 ./basenine_linux_${GOARCH}.sha256
|
|
|
|
RUN shasum -a 256 -c basenine_linux_"${GOARCH}".sha256 && \
|
|
chmod +x ./basenine_linux_"${GOARCH}" && \
|
|
mv ./basenine_linux_"${GOARCH}" ./basenine
|
|
|
|
### The shipped image
|
|
ARG TARGETARCH=amd64
|
|
FROM ${TARGETARCH}/busybox:latest
|
|
# gin-gonic runs in debug mode without this
|
|
ENV GIN_MODE=release
|
|
|
|
WORKDIR /app/data/
|
|
WORKDIR /app
|
|
|
|
# Copy binary and config files from /build to root folder of scratch container.
|
|
COPY --from=builder ["/app/agent-build/mizuagent", "."]
|
|
COPY --from=builder ["/app/agent-build/basenine", "/usr/local/bin/basenine"]
|
|
COPY --from=front-end ["/app/ui-build/build", "site"]
|
|
|
|
# this script runs both apiserver and passivetapper and exits either if one of them exits, preventing a scenario where the container runs without one process
|
|
ENTRYPOINT ["/app/mizuagent"]
|