empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Skip Docker interfaces for host primary IP (#5119)

Browse Source 
See #4754
This commit is contained in:
Zach Wasserman 2022-04-13 11:04:38 -07:00 committed by GitHub
parent fa8bfbd796
commit f28d5ab5be
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 40 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changes/issue-4754-docker-interface Normal file
View File

@ -0,0 +1 @@
* Don't consider Docker network interfaces for primary IP on hosts.

9
server/service/osquery_utils/queries.go
View File

@ -52,7 +52,7 @@ func (q *DetailQuery) RunsForPlatform(platform string) bool {
// fleet.Host data model. This map should not be modified at runtime.
var detailQueries = map[string]DetailQuery{
"network_interface": {
Query: `select address, mac
Query: `select ia.address, id.mac, id.interface
from interface_details id join interface_addresses ia
on ia.interface = id.interface where length(mac) > 0
order by (ibytes + obytes) desc`,
@ -77,6 +77,13 @@ var detailQueries = map[string]DetailQuery{
continue
}
// Skip docker interfaces as these are sometimes heavily
// trafficked, but rarely the interface that Fleet users want to
// see. https://github.com/fleetdm/fleet/issues/4754.
if strings.Contains(row["interface"], "docker") {
continue
}
if strings.Contains(row["address"], ":") {
// IPv6
if firstIPv6 == nil {

60
server/service/osquery_utils/queries_test.go
View File

@ -26,15 +26,17 @@ func TestDetailQueryNetworkInterfaces(t *testing.T) {
assert.Equal(t, initialHost, host)
var rows []map[string]string
// docker interface should be skipped even though it shows up first
require.NoError(t, json.Unmarshal([]byte(`
[
{"address":"127.0.0.1","mac":"00:00:00:00:00:00"},
{"address":"::1","mac":"00:00:00:00:00:00"},
{"address":"fe80::1%lo0","mac":"00:00:00:00:00:00"},
{"address":"fe80::df:429b:971c:d051%en0","mac":"f4:5c:89:92:57:5b"},
{"address":"192.168.1.3","mac":"f4:5d:79:93:58:5b"},
{"address":"fe80::241a:9aff:fe60:d80a%awdl0","mac":"27:1b:aa:60:e8:0a"},
{"address":"fe80::3a6f:582f:86c5:8296%utun0","mac":"00:00:00:00:00:00"}
{"address":"127.0.0.1","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"::1","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"fe80::1%lo0","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"172.17.0.1","mac":"d3:4d:b3:3f:58:5b","interface":"docker0"},
{"address":"fe80::df:429b:971c:d051%en0","mac":"f4:5c:89:92:57:5b","interface":"en0"},
{"address":"192.168.1.3","mac":"f4:5d:79:93:58:5b","interface":"en0"},
{"address":"fe80::241a:9aff:fe60:d80a%awdl0","mac":"27:1b:aa:60:e8:0a","interface":"en0"},
{"address":"fe80::3a6f:582f:86c5:8296%utun0","mac":"00:00:00:00:00:00","interface":"utun0"}
]`),
&rows,
))
@ -46,13 +48,13 @@ func TestDetailQueryNetworkInterfaces(t *testing.T) {
// Only IPv6
require.NoError(t, json.Unmarshal([]byte(`
[
{"address":"127.0.0.1","mac":"00:00:00:00:00:00"},
{"address":"::1","mac":"00:00:00:00:00:00"},
{"address":"fe80::1%lo0","mac":"00:00:00:00:00:00"},
{"address":"fe80::df:429b:971c:d051%en0","mac":"f4:5c:89:92:57:5b"},
{"address":"2604:3f08:1337:9411:cbe:814f:51a6:e4e3","mac":"27:1b:aa:60:e8:0a"},
{"address":"3333:3f08:1337:9411:cbe:814f:51a6:e4e3","mac":"bb:1b:aa:60:e8:bb"},
{"address":"fe80::3a6f:582f:86c5:8296%utun0","mac":"00:00:00:00:00:00"}
{"address":"127.0.0.1","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"::1","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"fe80::1%lo0","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"fe80::df:429b:971c:d051%en0","mac":"f4:5c:89:92:57:5b","interface":"en0"},
{"address":"2604:3f08:1337:9411:cbe:814f:51a6:e4e3","mac":"27:1b:aa:60:e8:0a","interface":"en0"},
{"address":"3333:3f08:1337:9411:cbe:814f:51a6:e4e3","mac":"bb:1b:aa:60:e8:bb","interface":"en0"},
{"address":"fe80::3a6f:582f:86c5:8296%utun0","mac":"00:00:00:00:00:00","interface":"utun0"}
]`),
&rows,
))
@ -64,14 +66,14 @@ func TestDetailQueryNetworkInterfaces(t *testing.T) {
// IPv6 appears before IPv4 (v4 should be prioritized)
require.NoError(t, json.Unmarshal([]byte(`
[
{"address":"127.0.0.1","mac":"00:00:00:00:00:00"},
{"address":"::1","mac":"00:00:00:00:00:00"},
{"address":"fe80::1%lo0","mac":"00:00:00:00:00:00"},
{"address":"fe80::df:429b:971c:d051%en0","mac":"f4:5c:89:92:57:5b"},
{"address":"2604:3f08:1337:9411:cbe:814f:51a6:e4e3","mac":"27:1b:aa:60:e8:0a"},
{"address":"205.111.43.79","mac":"ab:1b:aa:60:e8:0a"},
{"address":"205.111.44.80","mac":"bb:bb:aa:60:e8:0a"},
{"address":"fe80::3a6f:582f:86c5:8296%utun0","mac":"00:00:00:00:00:00"}
{"address":"127.0.0.1","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"::1","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"fe80::1%lo0","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"fe80::df:429b:971c:d051%en0","mac":"f4:5c:89:92:57:5b","interface":"en0"},
{"address":"2604:3f08:1337:9411:cbe:814f:51a6:e4e3","mac":"27:1b:aa:60:e8:0a","interface":"en0"},
{"address":"205.111.43.79","mac":"ab:1b:aa:60:e8:0a","interface":"en1"},
{"address":"205.111.44.80","mac":"bb:bb:aa:60:e8:0a","interface":"en1"},
{"address":"fe80::3a6f:582f:86c5:8296%utun0","mac":"00:00:00:00:00:00","interface":"utun0"}
]`),
&rows,
))
@ -83,12 +85,12 @@ func TestDetailQueryNetworkInterfaces(t *testing.T) {
// Only link-local/loopback
require.NoError(t, json.Unmarshal([]byte(`
[
{"address":"127.0.0.1","mac":"00:00:00:00:00:00"},
{"address":"::1","mac":"00:00:00:00:00:00"},
{"address":"fe80::1%lo0","mac":"00:00:00:00:00:00"},
{"address":"fe80::df:429b:971c:d051%en0","mac":"f4:5c:89:92:57:5b"},
{"address":"fe80::241a:9aff:fe60:d80a%awdl0","mac":"27:1b:aa:60:e8:0a"},
{"address":"fe80::3a6f:582f:86c5:8296%utun0","mac":"00:00:00:00:00:00"}
{"address":"127.0.0.1","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"::1","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"fe80::1%lo0","mac":"00:00:00:00:00:00","interface":"lo0"},
{"address":"fe80::df:429b:971c:d051%en0","mac":"f4:5c:89:92:57:5b","interface":"en0"},
{"address":"fe80::241a:9aff:fe60:d80a%awdl0","mac":"27:1b:aa:60:e8:0a","interface":"en0"},
{"address":"fe80::3a6f:582f:86c5:8296%utun0","mac":"00:00:00:00:00:00","interface":"utun0"}
]`),
&rows,
))
@ -317,7 +319,7 @@ func TestGetDetailQueries(t *testing.T) {
append(baseQueries, "users", "software_macos", "software_linux", "software_windows", "scheduled_query_stats"))
}
func TestDetailQuerysOSVersion(t *testing.T) {
func TestDetailQueriesOSVersion(t *testing.T) {
var initialHost fleet.Host
host := initialHost