diff --git a/src/go.mod b/src/go.mod index 79137fee..0905ae88 100644 --- a/src/go.mod +++ b/src/go.mod @@ -8,6 +8,9 @@ require ( github.com/99designs/gqlgen v0.17.44 github.com/Khan/genqlient v0.7.0 github.com/amit7itz/goset v1.2.1 + github.com/aws/aws-sdk-go-v2/config v1.25.3 + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 + github.com/aws/smithy-go v1.17.0 github.com/bombsimon/logrusr/v3 v3.0.0 github.com/cenkalti/backoff/v4 v4.2.1 github.com/golang/mock v1.6.0 @@ -51,6 +54,16 @@ require ( github.com/agnivade/levenshtein v1.1.1 // indirect github.com/alexflint/go-arg v1.4.3 // indirect github.com/alexflint/go-scalar v1.2.0 // indirect + github.com/aws/aws-sdk-go-v2 v1.23.0 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.16.2 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.25.3 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bugsnag/bugsnag-go/v2 v2.2.0 // indirect github.com/bugsnag/panicwrap v1.3.4 // indirect diff --git a/src/go.sum b/src/go.sum index 21780b84..b9a9fc1c 100644 --- a/src/go.sum +++ b/src/go.sum @@ -58,6 +58,32 @@ github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/aws/aws-sdk-go-v2 v1.23.0 h1:PiHAzmiQQr6JULBUdvR8fKlA+UPKLT/8KbiqpFBWiAo= +github.com/aws/aws-sdk-go-v2 v1.23.0/go.mod h1:i1XDttT4rnf6vxc9AuskLc6s7XBee8rlLilKlc03uAA= +github.com/aws/aws-sdk-go-v2/config v1.25.3 h1:E4m9LbwJOoncDNt3e9MPLbz/saxWcGUlZVBydydD6+8= +github.com/aws/aws-sdk-go-v2/config v1.25.3/go.mod h1:tAByZy03nH5jcq0vZmkcVoo6tRzRHEwSFx3QW4NmDw8= +github.com/aws/aws-sdk-go-v2/credentials v1.16.2 h1:0sdZ5cwfOAipTzZ7eOL0gw4LAhk/RZnTa16cDqIt8tg= +github.com/aws/aws-sdk-go-v2/credentials v1.16.2/go.mod h1:sDdvGhXrSVT5yzBDR7qXz+rhbpiMpUYfF3vJ01QSdrc= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 h1:9wKDWEjwSnXZre0/O3+ZwbBl1SmlgWYBbrTV10X/H1s= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4/go.mod h1:t4i+yGHMCcUNIX1x7YVYa6bH/Do7civ5I6cG/6PMfyA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3 h1:DUwbD79T8gyQ23qVXFUthjzVMTviSHi3y4z58KvghhM= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3/go.mod h1:7sGSz1JCKHWWBHq98m6sMtWQikmYPpxjqOydDemiVoM= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3 h1:AplLJCtIaUZDCbr6+gLYdsYNxne4iuaboJhVt9d+WXI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3/go.mod h1:ify42Rb7nKeDDPkFjKn7q1bPscVPu/+gmHH8d2c+anU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 h1:uR9lXYjdPX0xY+NhvaJ4dD8rpSRz5VY81ccIIoNG+lw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1 h1:rpkF4n0CyFcrJUG/rNNohoTmhtWlFTRI4BsZOh9PvLs= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1/go.mod h1:l9ymW25HOqymeU2m1gbUQ3rUIsTwKs8gYHXkqDQUhiI= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 h1:kJOolE8xBAD13xTCgOakByZkyP4D/owNmvEiioeUNAg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3/go.mod h1:Owv1I59vaghv1Ax8zz8ELY8DN7/Y0rGS+WWAmjgi950= +github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 h1:V47N5eKgVZoRSvx2+RQ0EpAEit/pqOhqeSQFiS4OFEQ= +github.com/aws/aws-sdk-go-v2/service/sso v1.17.2/go.mod h1:/pE21vno3q1h4bbhUOEi+6Zu/aT26UK2WKkDXd+TssQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.0 h1:/XiEU7VIFcVWRDQLabyrSjBoKIm8UkYgsvWDuFW8Img= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.0/go.mod h1:dWqm5G767qwKPuayKfzm4rjzFmVjiBFbOJrpSPnAMDs= +github.com/aws/aws-sdk-go-v2/service/sts v1.25.3 h1:M2w4kiMGJCCM6Ljmmx/l6mmpfa3gPJVpBencfnsgvqs= +github.com/aws/aws-sdk-go-v2/service/sts v1.25.3/go.mod h1:4EqRHDCKP78hq3zOnmFXu5k0j4bXbRFfCh/zQ6KnEfQ= +github.com/aws/smithy-go v1.17.0 h1:wWJD7LX6PBV6etBUwO0zElG0nWN9rUhp0WdYeHSHAaI= +github.com/aws/smithy-go v1.17.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y= diff --git a/src/sniffer/pkg/collectors/dnssniffer.go b/src/sniffer/pkg/collectors/dnssniffer.go index 0edbbeff..87929d1f 100644 --- a/src/sniffer/pkg/collectors/dnssniffer.go +++ b/src/sniffer/pkg/collectors/dnssniffer.go @@ -2,6 +2,9 @@ package collectors import ( "context" + awsconfig "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" + "github.com/aws/smithy-go/logging" "github.com/google/gopacket" "github.com/google/gopacket/layers" "github.com/google/gopacket/pcap" @@ -27,9 +30,11 @@ type pendingCapture struct { type DNSSniffer struct { NetworkCollector - resolver ipresolver.IPResolver - pending []pendingCapture - lastRefresh time.Time + resolver ipresolver.IPResolver + pending []pendingCapture + lastRefresh time.Time + isRunningOnAWS bool + isRunningONAWSOnce sync.Once } func NewDNSSniffer(resolver ipresolver.IPResolver) *DNSSniffer { @@ -39,6 +44,7 @@ func NewDNSSniffer(resolver ipresolver.IPResolver) *DNSSniffer { pending: make([]pendingCapture, 0), lastRefresh: time.Now().Add(-viper.GetDuration(config.HostsMappingRefreshIntervalKey)), // Should refresh immediately } + s.initIsRunningOnAWS() s.resetData() return &s } @@ -134,6 +140,10 @@ func (s *DNSSniffer) HandlePacket(packet gopacket.Packet) { if answer.Type != layers.DNSTypeA && answer.Type != layers.DNSTypeAAAA { continue } + if !s.isRunningOnAWS { + s.addCapturedRequest(ip.DstIP.String(), "", string(answer.Name), answer.IP.String(), captureTime, nilable.From(int(answer.TTL))) + continue + } hostname, err := s.resolver.ResolveIP(ip.DstIP.String()) if err != nil { logrus.Debugf("Can't resolve IP addr %s, skipping", ip.DstIP.String()) @@ -153,7 +163,34 @@ func (s *DNSSniffer) HandlePacket(packet gopacket.Packet) { } } +func (s *DNSSniffer) initIsRunningOnAWS() { + s.isRunningONAWSOnce.Do(func() { + ctxTimeout, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + cfg, err := awsconfig.LoadDefaultConfig(ctxTimeout) + if err != nil { + logrus.Debug("Autodetect AWS (an error here is fine): Failed to load AWS config") + return + } + cfg.Logger = logging.Nop{} + + client := imds.NewFromConfig(cfg) + + result, err := client.GetInstanceIdentityDocument(ctxTimeout, &imds.GetInstanceIdentityDocumentInput{}) + if err != nil { + logrus.Debug("Autodetect AWS (an error here is fine): Failed to get instance identity document") + return + } + + logrus.WithField("region", result.Region).Debug("Autodetect AWS: Running on AWS") + s.isRunningOnAWS = true + }) +} + func (s *DNSSniffer) RefreshHostsMapping() error { + if !s.isRunningOnAWS { + return nil + } err := s.resolver.Refresh() if err != nil { return errors.Wrap(err)