packetbeat/route: new package for obtaining default route information #31914
Conversation
efd6
added
enhancement
Packetbeat
Team:Security-External Integrations
backport-skip
botelastic
bot
added
needs_team
|
This pull request doesn't have a |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
efd6
force-pushed
the
31905-route
branch
8 times, most recently
from
549edd8 to
9a2e165
Compare
efd6
force-pushed
the
31905-route
branch
3 times, most recently
from
1b2d9a8 to
85bf781
Compare
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
| // Windows interface naming is a dog's breakfast; on some | ||
| // builders the transport name obtained from getmac is not | ||
| // based on the LUID. | ||
| b, err := run("getmac") | ||
| if err != nil { | ||
| b = []byte(fmt.Sprintf("\nunable to recover getmac information: %v", err)) | ||
| } | ||
| t.Logf("unexpected interface for family %d: got:%s want:%s\n%s", family, iface, wantIface, b) |
There was a problem hiding this comment.
This in particular is required to allow Windows 2016 to pass because on that builder getmac returns Teredo Tunneling Pseudo-Interface instead of \DEVICE\TCPIP_{<GUID>} for the IPv6 interface.
packetbeat/route/route_darwin.go
Outdated
| "errors" | ||
|
|
||
| "golang.org/x/net/route" | ||
| "golang.org/x/sys/unix" |
There was a problem hiding this comment.
Is this implementation capable of working on other *bsd* variants? I'm thinking of the case where someone might be using it on freebsd. There used to be community maintained packages for freebsd (not sure if anyone is still doing that).
There was a problem hiding this comment.
The relevant package is x/net/route which says
The package supports any version of Darwin, any version of DragonFly BSD, FreeBSD 7 and above, NetBSD 6 and above, and OpenBSD 5.6 and above.
I can make this have the same build constraints as that package:
//go:build darwin || dragonfly || freebsd || netbsd || openbsd
// +build darwin dragonfly freebsd netbsd openbsd
| // https://docs.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-getbestinterfaceex | ||
| // https://docs.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-getadaptersaddresses | ||
| libiphlpapi = windows.NewLazySystemDLL("Iphlpapi.dll") | ||
| getBestInterfaceEx = libiphlpapi.NewProc("GetBestInterfaceEx") |
There was a problem hiding this comment.
These would be good candidates for github.com/elastic/go-windows if you wanted to go through the effort.
There was a problem hiding this comment.
I'll file an issue on that repo to migrate/copy these to there. It will need a minor modification to generalise it from 0.0.0.0.
| @@ -0,0 +1,91 @@ | |||
| // Licensed to Elasticsearch B.V. under one or more contributor | |||
There was a problem hiding this comment.
I think this file should have a build tag to match the OSes on which Default() is implemented.
|
Looking into the move over to go-windows, it looks like one of the syscalls is implemented in x/sys/windows though not as completely (though we don't use the additional members). The other call would benefit from being added to x/sys/windows since the way that the sockaddr types are implemented their doesn't lend itself to external implementations. With that we could move a friendlier API to go-windows. |
What does this PR do?
This adds a package to provide cross-platform default route interface information.
Why is it important?
This is necessary to be able to allow users to specify a host-agnostic default device.
Checklist
I have made corresponding change to the default configuration filesI have added an entry inThis will come when the feature is wired in.CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
How to test this PR locally
Related issues
Use cases
Screenshots
Logs