Add fileshare process monitoring #713

devzbysiu · 2024-12-09T12:56:41Z

Changes:

JobMonitorFileshareProcess replaced with NetlinkProcessMonitor - based on netlink Process Events Connector API:
- monitor listens for EXIT and EXEC events from the kernel
- EXEC event handler verifies that the process created is a fileshare process by getting PID from the event and reading /proc VFS to check the process path
- if it's confirmed that the created process is a fileshare process, then we save its PID and allow fileshare port
- on EXIT, we compare the PID and if it does match then we are blocking fileshare because it means that fileshare process exited - no matter how (was killed or stopped)
the monitor is enabled only when meshnet is on

cmd/daemon/main.go

meshnet/monitor.go

protobuf/meshnet/service_response.proto

meshnet/monitor.go

meshnet/monitor_event_handler.go

meshnet/monitor.go

meshnet/server.go

meshnet/monitor_event_handler.go

devzbysiu · 2024-12-18T10:00:48Z

The Process Event Connector mechanism is not working on docker because of process and user namespaces mismatch and it's not reporting errors to user-space. I'm dropping this approach.

devzbysiu commented Dec 9, 2024

View reviewed changes

cmd/daemon/main.go Outdated Show resolved Hide resolved

devzbysiu commented Dec 9, 2024

View reviewed changes

meshnet/monitor.go Show resolved Hide resolved

devzbysiu force-pushed the fileshare-monitoring branch from 3d42d46 to ea1668c Compare December 9, 2024 13:01

devzbysiu temporarily deployed to Internal December 9, 2024 13:01 — with GitHub Actions Inactive

devzbysiu commented Dec 9, 2024

View reviewed changes

protobuf/meshnet/service_response.proto Show resolved Hide resolved

devzbysiu force-pushed the fileshare-monitoring branch from ea1668c to 616f98f Compare December 9, 2024 14:52

devzbysiu temporarily deployed to Internal December 9, 2024 14:52 — with GitHub Actions Inactive

devzbysiu temporarily deployed to Internal December 10, 2024 07:20 — with GitHub Actions Inactive

devzbysiu force-pushed the fileshare-monitoring branch from 647e3ba to 4a72621 Compare December 10, 2024 07:23

devzbysiu temporarily deployed to Internal December 10, 2024 07:23 — with GitHub Actions Inactive

devzbysiu force-pushed the fileshare-monitoring branch from 4a72621 to 8efd9d9 Compare December 10, 2024 07:27

devzbysiu temporarily deployed to Internal December 10, 2024 07:27 — with GitHub Actions Inactive

bartoszWojciechO reviewed Dec 10, 2024

View reviewed changes

meshnet/monitor.go Show resolved Hide resolved

bartoszWojciechO reviewed Dec 10, 2024

View reviewed changes

meshnet/monitor.go Outdated Show resolved Hide resolved

keliramu reviewed Dec 11, 2024

View reviewed changes

meshnet/monitor_event_handler.go Outdated Show resolved Hide resolved

keliramu reviewed Dec 11, 2024

View reviewed changes

meshnet/monitor_event_handler.go Outdated Show resolved Hide resolved

keliramu reviewed Dec 11, 2024

View reviewed changes

meshnet/monitor_event_handler.go Outdated Show resolved Hide resolved

devzbysiu force-pushed the fileshare-monitoring branch from 8efd9d9 to 72b1823 Compare December 11, 2024 07:30

devzbysiu temporarily deployed to Internal December 11, 2024 07:30 — with GitHub Actions Inactive

bartoszWojciechO approved these changes Dec 11, 2024

View reviewed changes

devzbysiu temporarily deployed to Internal December 11, 2024 10:52 — with GitHub Actions Inactive

mariusSincovici reviewed Dec 11, 2024

View reviewed changes

meshnet/monitor.go Show resolved Hide resolved

meshnet/server.go Outdated Show resolved Hide resolved

meshnet/server.go Show resolved Hide resolved

meshnet/monitor_event_handler.go Outdated Show resolved Hide resolved

devzbysiu temporarily deployed to Internal December 12, 2024 07:17 — with GitHub Actions Inactive

devzbysiu temporarily deployed to Internal December 12, 2024 12:55 — with GitHub Actions Inactive

devzbysiu temporarily deployed to Internal December 12, 2024 14:28 — with GitHub Actions Inactive

devzbysiu force-pushed the fileshare-monitoring branch from c8fc770 to c998da9 Compare December 13, 2024 12:12

devzbysiu temporarily deployed to Internal December 13, 2024 12:12 — with GitHub Actions Inactive

devzbysiu temporarily deployed to Internal December 16, 2024 07:09 — with GitHub Actions Inactive

devzbysiu force-pushed the fileshare-monitoring branch from 2051eae to 8f2cd5f Compare December 16, 2024 07:21

devzbysiu temporarily deployed to Internal December 16, 2024 07:21 — with GitHub Actions Inactive

devzbysiu temporarily deployed to Internal December 17, 2024 07:13 — with GitHub Actions Inactive

devzbysiu force-pushed the fileshare-monitoring branch from 95a7f9e to df68940 Compare December 17, 2024 07:42

devzbysiu temporarily deployed to Internal December 17, 2024 07:42 — with GitHub Actions Inactive

devzbysiu changed the title ~~Initial implementation of fileshare monitoring~~ Add fileshare process monitoring Dec 17, 2024

devzbysiu temporarily deployed to Internal December 17, 2024 08:00 — with GitHub Actions Inactive

devzbysiu added 15 commits December 17, 2024 11:24

Add fileshare process monitoring

cf36dff

Cover monitor with tests

bf5f9d0

Move cancellation to context instead of custom struct

a5d13f1

Add synchronization when calling allowFileshare and blockFileshare

c3164a1

Add fileshare monitoring also when we restart daemon

a014e22

Set fileshare PID if it's already running

cf73774

Add single start per running monitor plus tests

5b5d034

Fix linter errors

ea35dd5

Add temporary error msg

abcaca3

Fix isSubnet after netlink library changes

303a6a1

Do not allow to re-add fileshare rules

248b7d8

Fix lint error

094fd68

Fix fileshare blocking when it is already blocked

a9426f1

Fix changing blocked state too soon

010220f

Remove PID check

a9d3e31

devzbysiu force-pushed the fileshare-monitoring branch from 9063759 to b52effa Compare December 17, 2024 11:21

devzbysiu temporarily deployed to Internal December 17, 2024 11:21 — with GitHub Actions Inactive

devzbysiu force-pushed the fileshare-monitoring branch from b52effa to 7e2e157 Compare December 17, 2024 11:30

devzbysiu temporarily deployed to Internal December 17, 2024 11:30 — with GitHub Actions Inactive

Update error message returned when monitor fails to start

aac960b

devzbysiu force-pushed the fileshare-monitoring branch from 7e2e157 to aac960b Compare December 17, 2024 11:41

devzbysiu temporarily deployed to Internal December 17, 2024 11:41 — with GitHub Actions Inactive

devzbysiu closed this Dec 18, 2024

devzbysiu deleted the fileshare-monitoring branch March 5, 2025 13:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add fileshare process monitoring #713

Add fileshare process monitoring #713

Uh oh!

devzbysiu commented Dec 9, 2024

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

devzbysiu commented Dec 18, 2024

Uh oh!

Uh oh!

Add fileshare process monitoring #713

Add fileshare process monitoring #713

Uh oh!

Conversation

devzbysiu commented Dec 9, 2024

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

devzbysiu commented Dec 18, 2024

Uh oh!

Uh oh!