From 927db6824bb2ada548295668509c6c906d071287 Mon Sep 17 00:00:00 2001 From: h4l0gen Date: Thu, 21 Mar 2024 04:31:37 +0530 Subject: [PATCH] adding event on Signed-off-by: h4l0gen redirectStdout function shifted to utils_linux.go Signed-off-by: h4l0gen updated Signed-off-by: h4l0gen --- ...tdin_to_network_connection_in_container.go | 53 +++++++++++++++++++ events/syscall/utils_linux.go | 15 ++++++ 2 files changed, 68 insertions(+) create mode 100644 events/syscall/redirect_stdout_stdin_to_network_connection_in_container.go diff --git a/events/syscall/redirect_stdout_stdin_to_network_connection_in_container.go b/events/syscall/redirect_stdout_stdin_to_network_connection_in_container.go new file mode 100644 index 00000000..ddafbbe4 --- /dev/null +++ b/events/syscall/redirect_stdout_stdin_to_network_connection_in_container.go @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: Apache-2.0 +/* +Copyright (C) 2024 The Falco Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package syscall + +import ( + "net" + + "github.com/falcosecurity/event-generator/events" +) + +var _ = events.Register(RedirectStdoutStdinFromContainer) + +var ( + remoteAddr string = "localhost:8080" +) + +func RedirectStdoutStdinFromContainer(h events.Helper) error { + if h.InContainer() { + listener, _ := net.Listen("tcp", remoteAddr) + defer listener.Close() + // Accept incoming connections in a separate goroutine + connChan := make(chan net.Conn) + go func() { + conn, _ := listener.Accept() + connChan <- conn + }() + + // Create a client connection + clientConn, _ := net.Dial("tcp", remoteAddr) + defer clientConn.Close() + + // Wait for the server connection + serverConn := <-connChan + + // Redirect stdout to the network connection + redirectStdout(serverConn) + } + return &events.ErrSkipped{ + Reason: "'Redirect Stdout/Stdin From Container' is applicable only to containers.", + } +} \ No newline at end of file diff --git a/events/syscall/utils_linux.go b/events/syscall/utils_linux.go index bb09c49c..db356054 100644 --- a/events/syscall/utils_linux.go +++ b/events/syscall/utils_linux.go @@ -18,6 +18,8 @@ limitations under the License. package syscall import ( + "net" + "os" "os/exec" "os/user" "strconv" @@ -91,3 +93,16 @@ func runAsUser(h events.Helper, username string, cmdName string, cmdArgs ...stri } return cmd.Run() } + +func redirectStdout(conn net.Conn) error { + // Duplicate the file descriptor of the network connection + remoteFile, _ := conn.(*net.TCPConn).File() + defer remoteFile.Close() + + stdoutFile := os.Stdout.Fd() + // Redirect stdout to the network connection using dup2 + if err := sys.Dup2(int(remoteFile.Fd()), int(stdoutFile)); err != nil { + return err + } + return nil +} \ No newline at end of file