When a message between a module and the agent is read by either,
ReadInput is used which uses buffered IO to read a single line. A bug
existed here where a new bufio Reader was being allocated each time.
Under normal circumstances there would be no issue, since a single line
is generally sent to the module from the agent and read. However, in a
case where a large number of messages were being exchanged between the
agent and the module (e.g., persistent modules) it was possible the
bufio reader could have buffered more than one line. Since a new buffer
was being allocated each time, this resulted in loss of partial message
data, and usually ended up generating JSON unmarshaling errors since
part of the JSON structure was missing.
This was resolved by introducing a new ModuleReader and ModuleWriter
type that is used to read/write between the agent and modules.
ModuleReader allocates the buffered reader on creation once, so we only
ever have the single buffered reader for the lifetime of the module
execution.
net.ParseIP will return IPv4 addresses as a 16 byte value (result comes
from net.IPv4()). Rather than use the length of the return value, try to
convert it to an IPv4 address to test the address family and set the
mask accordingly.
Closes#187
Connections to for example tcp6 sockets are stored in IPv6 related /proc
net files (e.g., /proc/net/tcp6). Also scan these files when searching
for an IPv4 address.
hexToIP6 was handling hex inet6 addresses as found in /proc/net/tcp6 in
the same way as inet. They need to be handled a bit differently; now
convert address in groups of 4 byte words where each word is reversed.
This adds an option (-namespaces) that triggers interrogation of network
activity using /proc/<pid>/net/* vs. /proc/net/*. This has the advantage
that it gives an agent visibility of network communcations related to
all namespaces on the system, vs. just the default namespace. Previously
if a process had connections active in another namespace, they would not
be visible to MIG.
At this time the functionality is optional, but may be moved to the
default in the future.
This is a major change to the structure of the repository and the Makefile,
but a minor change in terms of functionalities. It simply changes the structure
of the directories to be compliant with Go's idiomatic build methods.
I also bought the domain `mig.ninja` and will now be using that as
a standard import path for everything. The magic to serve everything
under mig.ninja/mig will be documented elsewhere.
Aaron Meihm
Rob Murtha
Arun Sori
Julien Vehent