New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adding an event on `interpreted procs inbound network activity` #167

Merged

poiana merged 1 commit into falcosecurity:main from h4l0gen:kapil-16

May 14, 2024

Contributor

h4l0gen commented Mar 20, 2024

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind documentation

/kind tests

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area commands

/area pkg

/area events

What this PR does / why we need it:
this PR triggers rule interpreted procs inbound network activity
Which issue(s) this PR fixes:

Fixes #151

Special notes for your reviewer:

poiana added kind/feature dco-signoff: yes area/events labels

poiana requested review from FedeDP and leogr

March 20, 2024 18:18

poiana added the size/M label

h4l0gen changed the title ~~adding an event on interpreted procs inbound network activity~~ wip: adding an event on interpreted procs inbound network activity

poiana added the do-not-merge/work-in-progress label

poiana added size/L and removed size/M labels

Contributor Author

h4l0gen commented Apr 19, 2024

The InboundConnection helper searches for a local address on the user's machine to start a server for inbound activity. We could create a client too, but in my opinion, that isn't necessary at the moment since starting the server alone satisfies the conditions. I am not creating one for now. What do you think about this, @leogr @FedeDP?

Rule triggered successfully

h4l0gen changed the title ~~wip: adding an event on interpreted procs inbound network activity~~ adding an event on interpreted procs inbound network activity

poiana removed the do-not-merge/work-in-progress label

Contributor Author

h4l0gen commented Apr 23, 2024

@leogr please give your thoughts on InboundConnection helper.

h4l0gen force-pushed the kapil-16 branch from 468d204 to 9d863e8 Compare

April 24, 2024 04:56

leogr reviewed

View reviewed changes

events/helper/inbound_connection.go Outdated Show resolved Hide resolved

events/helper/inbound_connection.go Outdated Show resolved Hide resolved

leogr reviewed

View reviewed changes

events/helper/inbound_connection.go Outdated

+              	if err != nil {
+              		return err
+              	}
+              	fmt.Println("Server started on", address)

Member

leogr May 2, 2024

Suggested change

      
            	fmt.Println("Server started on", address)
          
            	fmt.Println("Server started on", address)

Please, use the integrated log system or remove this completely.

events/helper/inbound_connection.go Outdated

+              	}
+              	fmt.Println("Server started on", address)
+              	defer listener.Close()
+              	fmt.Println("Server closed on", address)

Member

leogr May 2, 2024

Suggested change

      
            	fmt.Println("Server closed on", address)
          
            	fmt.Println("Server closed on", address)

This is not accurate since the sever will be actually closed after func listener.Close() returns. I just propose to remove this line.

events/helper/inbound_connection.go Outdated Show resolved Hide resolved

events/helper/inbound_connection.go

Comment on lines +55 to +57

+              		listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: ip})
+              		if err != nil {
+              			continue
+              		}
+              		listener.Close()

Member

leogr May 2, 2024

Shouldn't this already trigger the rules? 🤔

Contributor Author

h4l0gen May 7, 2024

No @leogr I've checked by removing and modifying it. To trigger rule we need to create listener here.

Contributor Author

h4l0gen commented May 3, 2024 •

edited

Hey @leogr, thanks for your valuable review, I will look into it in some time

poiana added size/M and removed size/L labels

Contributor Author

h4l0gen commented May 7, 2024

Hey @leogr, I made all proposed changes. Please take a look again, whenever you find time.
Thank you!


          adding an event on interpreted procs inbound network activity

9686d36

Signed-off-by: h4l0gen <ks3913688@gmail.com>

adding an event on interpreted procs inbound network activity

Signed-off-by: h4l0gen <ks3913688@gmail.com>

commits squashed

Signed-off-by: h4l0gen <ks3913688@gmail.com>

sqaushing commits

Signed-off-by: h4l0gen <ks3913688@gmail.com>

h4l0gen force-pushed the kapil-16 branch from 029ab42 to 9686d36 Compare

May 7, 2024 05:50

h4l0gen requested a review from leogr

May 10, 2024 20:12

leogr approved these changes

View reviewed changes

poiana assigned leogr

poiana added the lgtm label

poiana commented May 14, 2024

LGTM label has been added.

Git tree hash: 92bbfadacc65253f52074aa7f06ae3beb2796859

poiana commented May 14, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: h4l0gen, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [leogr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

poiana added the approved label

poiana merged commit c2adca2 into falcosecurity:main

4 checks passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment