Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add fileshare process monitoring #713

Closed
wants to merge 16 commits into from
Closed

Add fileshare process monitoring #713

wants to merge 16 commits into from

Conversation

devzbysiu
Copy link
Contributor

Changes:

  • JobMonitorFileshareProcess replaced with NetlinkProcessMonitor - based on netlink Process Events Connector API:
    • monitor listens for EXIT and EXEC events from the kernel
    • EXEC event handler verifies that the process created is a fileshare process by getting PID from the event and reading /proc VFS to check the process path
    • if it's confirmed that the created process is a fileshare process, then we save its PID and allow fileshare port
    • on EXIT, we compare the PID and if it does match then we are blocking fileshare because it means that fileshare process exited - no matter how (was killed or stopped)
  • the monitor is enabled only when meshnet is on

devzbysiu
devzbysiu commented Dec 9, 2024
View reviewed changes
cmd/daemon/main.go Outdated Show resolved Hide resolved
@devzbysiu devzbysiu force-pushed the fileshare-monitoring branch from 3d42d46 to ea1668c Compare December 9, 2024 13:01
@devzbysiu devzbysiu force-pushed the fileshare-monitoring branch from ea1668c to 616f98f Compare December 9, 2024 14:52
@devzbysiu devzbysiu force-pushed the fileshare-monitoring branch from 647e3ba to 4a72621 Compare December 10, 2024 07:23
@devzbysiu devzbysiu force-pushed the fileshare-monitoring branch from 4a72621 to 8efd9d9 Compare December 10, 2024 07:27
@devzbysiu devzbysiu force-pushed the fileshare-monitoring branch from 8efd9d9 to 72b1823 Compare December 11, 2024 07:30
mariusSincovici
mariusSincovici reviewed Dec 11, 2024
View reviewed changes
meshnet/monitor.go Show resolved Hide resolved
meshnet/server.go Outdated Show resolved Hide resolved
meshnet/server.go Show resolved Hide resolved
meshnet/monitor_event_handler.go Outdated Show resolved Hide resolved
@devzbysiu devzbysiu force-pushed the fileshare-monitoring branch from c8fc770 to c998da9 Compare December 13, 2024 12:12
@devzbysiu devzbysiu force-pushed the fileshare-monitoring branch from 2051eae to 8f2cd5f Compare December 16, 2024 07:21
mariusSincovici
mariusSincovici reviewed Dec 16, 2024
View reviewed changes
meshnet/monitor_event_handler.go Outdated
// of creation of [FilesharePortAccessController] - constructor checks
// if nordfilshare is already running - so we know that nordfileshare
// PID will be higher than the daemon PID.
if ev.PID < eventHandler.processChecker.CurrentPID() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What would happen if PIDs are recycled or if the numbering is restarted(when max int was reached) by the kernel ?

Copy link
Contributor Author

@devzbysiu devzbysiu Dec 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. Not sure how likely this it. I'll measure the performance without this if check, because it will read /proc for all new processes then

@devzbysiu devzbysiu force-pushed the fileshare-monitoring branch from 95a7f9e to df68940 Compare December 17, 2024 07:42
@devzbysiu devzbysiu changed the title Initial implementation of fileshare monitoring Add fileshare process monitoring Dec 17, 2024
@devzbysiu devzbysiu force-pushed the fileshare-monitoring branch from 9063759 to b52effa Compare December 17, 2024 11:21
@devzbysiu devzbysiu force-pushed the fileshare-monitoring branch from b52effa to 7e2e157 Compare December 17, 2024 11:30
@devzbysiu devzbysiu force-pushed the fileshare-monitoring branch from 7e2e157 to aac960b Compare December 17, 2024 11:41
@devzbysiu
Copy link
Contributor Author

The Process Event Connector mechanism is not working on docker because of process and user namespaces mismatch and it's not reporting errors to user-space. I'm dropping this approach.

@devzbysiu devzbysiu closed this Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mariusSincovici mariusSincovici mariusSincovici left review comments

@keliramu keliramu keliramu approved these changes

@bartoszWojciechO bartoszWojciechO bartoszWojciechO approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@devzbysiu @bartoszWojciechO @keliramu @mariusSincovici