Using EqualVT from generated code rather than own function

Author: JoukoVirtanen

integration-tests/pkg/mock_sensor/expect_conn.go

@@ -88,7 +88,7 @@ func (s *MockSensor) ExpectSameElementsConnections(t *testing.T, containerID str
 	types.SortConnections(expected)
 
 	equal := func(c1, c2 *sensorAPI.NetworkConnection) bool {
-		return types.EqualNetworkConnection(c1, c2)
+		return types.EqualNetworkConnection(*c1, *c2)
 	}
 
 	connections := s.Connections(containerID)
@@ -125,7 +125,7 @@ func (s *MockSensor) ExpectSameElementsConnectionsScrapes(t *testing.T, containe
 		types.SortConnections(c2)
 
 		for i := range c2 {
-			if !types.EqualNetworkConnection(c1[i], c2[i]) {
+			if !types.EqualNetworkConnection(*c1[i], *c2[i]) {
 				return false
 			}
 		}

integration-tests/pkg/mock_sensor/server.go

@@ -192,7 +192,7 @@ func (m *MockSensor) HasConnection(containerID string, conn *sensorAPI.NetworkCo
 	conns := m.Connections(containerID)
 	if len(conns) > 0 {
 		return slices.ContainsFunc(conns, func(c *sensorAPI.NetworkConnection) bool {
-			return types.EqualNetworkConnection(c, conn)
+			return types.EqualNetworkConnection(*c, *conn)
 		})
 	}
 

integration-tests/pkg/types/network.go

@@ -3,59 +3,66 @@ package types
 import (
 	"net"
 	"sort"
+	"time"
+
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
 
 	sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor"
-	utils "github.com/stackrox/rox/pkg/net"
 )
 
 const (
 	NilTimestamp = "<nil>"
 )
 
+var (
+	nilTimestamp    = timestamppb.New(time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC))
+	notNilTimestamp = timestamppb.New(time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC))
+)
+
 type NetworkConnectionBatch []*sensorAPI.NetworkConnection
 
-// TranslateAddress is a helper function for converting binary representations
-// of network addresses (in the signals) to usable forms for testing
-func TranslateAddress(addr *sensorAPI.NetworkAddress) string {
-	peerId := utils.NetworkPeerID{Port: uint16(addr.GetPort())}
-	addressData := addr.GetAddressData()
-	if len(addressData) > 0 {
-		peerId.Address = utils.IPFromBytes(addressData)
-		return peerId.String()
+func IsActive(conn *sensorAPI.NetworkConnection) bool {
+	// no close timestamp means the connection is open, and active
+	return conn.GetCloseTimestamp() == nil
+}
+
+// The EqualVT method for NetworkAddress returns false if both of them are nil. That is not what
+// we want, so replace nil addr with a default NetworkAddress.
+func adjustNetworkAddressForComparison(addr *sensorAPI.NetworkAddress) *sensorAPI.NetworkAddress {
+	if addr == nil {
+		return CreateNetworkAddress("", "", 0)
 	}
 
-	// If there is no address data, this is either the source address or
-	// IpNetwork should be set and represent a CIDR block or external IP address.
-	ipNetworkData := addr.GetIpNetwork()
-	if len(ipNetworkData) == 0 {
-		return peerId.String()
+	return addr
+}
+
+// The EqualVT method for NetworkConnection returns false if both CloseTimestamps
+// are nil. Same goes for LocalAddress and Remote Address. That is not the desired
+// result. Also EqualVT returns false if the CloseTimestamp are different non-nil
+// timestamps. We want the equal function to return true if neither of them are nil
+// or both of them are nil. This function adjusts the fields so that the comparison
+// works the way we want it to.
+func adjustNetworkConnectionForComparison(conn *sensorAPI.NetworkConnection) {
+	conn.LocalAddress = adjustNetworkAddressForComparison(conn.LocalAddress)
+	conn.RemoteAddress = adjustNetworkAddressForComparison(conn.RemoteAddress)
+
+	if conn.CloseTimestamp == nil {
+		conn.CloseTimestamp = nilTimestamp
 	}
 
-	ipNetwork := utils.IPNetworkFromCIDRBytes(ipNetworkData)
-	prefixLen := ipNetwork.PrefixLen()
-	// If this is IPv4 and the prefix length is 32 or this is IPv6 and the prefix length
-	// is 128 this is a regular IP address and not a CIDR block
-	if (ipNetwork.Family() == utils.IPv4 && prefixLen == byte(32)) ||
-		(ipNetwork.Family() == utils.IPv6 && prefixLen == byte(128)) {
-		peerId.Address = ipNetwork.IP()
-	} else {
-		peerId.IPNetwork = ipNetwork
+	if conn.CloseTimestamp != nil {
+		conn.CloseTimestamp = notNilTimestamp
 	}
-	return peerId.String()
 }
 
-func IsActive(conn *sensorAPI.NetworkConnection) bool {
-	// no close timestamp means the connection is open, and active
-	return conn.GetCloseTimestamp() == nil
-}
+// EqualVT is not called directly because it returns false in cases that we don't want it to, for example
+// when both CloseTimestamp are nil, or when they have different non-nil values.
+func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.NetworkConnection) bool {
+	adjustNetworkConnectionForComparison(&conn1)
+	adjustNetworkConnectionForComparison(&conn2)
+
+	return conn1.EqualVT(&conn2)
 
-func EqualNetworkConnection(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool {
-	return EqualNetworkAddress(conn1.LocalAddress, conn2.LocalAddress) &&
-		EqualNetworkAddress(conn1.RemoteAddress, conn2.RemoteAddress) &&
-		conn1.Protocol == conn2.Protocol &&
-		conn1.Role == conn2.Role &&
-		conn1.SocketFamily == conn2.SocketFamily &&
-		IsActive(conn1) == IsActive(conn2)
 }
 
 func CompareBytes(b1 []byte, b2 []byte) int {
@@ -81,19 +88,10 @@ func CompareBytes(b1 []byte, b2 []byte) int {
 }
 
 func EqualNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool {
-	comp := CompareBytes(addr1.GetAddressData(), addr2.GetAddressData())
-
-	if comp != 0 {
-		return false
-	}
-
-	comp = CompareBytes(addr1.GetIpNetwork(), addr2.GetIpNetwork())
-
-	if comp != 0 {
-		return false
-	}
+	ad1 := adjustNetworkAddressForComparison(addr1)
+	ad2 := adjustNetworkAddressForComparison(addr2)
 
-	return addr1.GetPort() == addr2.GetPort()
+	return ad1.EqualVT(ad2)
 }
 
 func LessNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool {

integration-tests/suites/process_network.go

@@ -156,6 +156,7 @@ func (s *ProcessNetworkTestSuite) TestNetworkFlows() {
 			Protocol:       storage.L4Protocol_L4_PROTOCOL_TCP,
 			Role:           sensorAPI.ClientServerRole_ROLE_SERVER,
 			SocketFamily:   sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN,
+			ContainerId:    s.serverContainer,
 			CloseTimestamp: nil,
 		},
 	)
@@ -167,6 +168,7 @@ func (s *ProcessNetworkTestSuite) TestNetworkFlows() {
 			Protocol:       storage.L4Protocol_L4_PROTOCOL_TCP,
 			Role:           sensorAPI.ClientServerRole_ROLE_CLIENT,
 			SocketFamily:   sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN,
+			ContainerId:    s.clientContainer,
 			CloseTimestamp: nil,
 		},
 	)

integration-tests/suites/repeated_network_flow.go

@@ -109,12 +109,12 @@ func (s *RepeatedNetworkFlowTestSuite) TearDownSuite() {
 }
 
 func (s *RepeatedNetworkFlowTestSuite) TestRepeatedNetworkFlow() {
-	networkInfos := s.Sensor().ExpectConnectionsN(s.T(), s.ServerContainer, 10*time.Second, s.ExpectedActive+s.ExpectedInactive)
+	networkConnections := s.Sensor().ExpectConnectionsN(s.T(), s.ServerContainer, 10*time.Second, s.ExpectedActive+s.ExpectedInactive)
 
 	observedActive := 0
 	observedInactive := 0
 
-	for _, info := range networkInfos {
+	for _, info := range networkConnections {
 		if types.IsActive(info) {
 			observedActive++
 		} else {
@@ -127,8 +127,8 @@ func (s *RepeatedNetworkFlowTestSuite) TestRepeatedNetworkFlow() {
 
 	// Server side checks
 
-	actualServerEndpoint := networkInfos[0].LocalAddress
-	actualClientEndpoint := networkInfos[0].RemoteAddress
+	actualServerEndpoint := networkConnections[0].LocalAddress
+	actualClientEndpoint := networkConnections[0].RemoteAddress
 
 	// From server perspective, network connection info only has local port and remote IP
 	expectedServerEndpoint := types.CreateNetworkAddress("", "", s.ServerPort)
@@ -143,8 +143,8 @@ func (s *RepeatedNetworkFlowTestSuite) TestRepeatedNetworkFlow() {
 	// See the comment above for the server container endpoint test for more info.
 	assert.Equal(s.T(), 0, len(s.Sensor().Endpoints(s.ClientContainer)))
 
-	networkInfos = s.Sensor().Connections(s.ClientContainer)
+	networkConnections = s.Sensor().Connections(s.ClientContainer)
 
-	actualClientEndpoint = networkInfos[0].LocalAddress
-	actualServerEndpoint = networkInfos[0].RemoteAddress
+	actualClientEndpoint = networkConnections[0].LocalAddress
+	actualServerEndpoint = networkConnections[0].RemoteAddress
 }

integration-tests/suites/runtime_config_file.go

@@ -98,6 +98,11 @@ func (s *RuntimeConfigFileTestSuite) SetupTest() {
 	s.Require().NoError(err)
 	s.ClientContainer = common.ContainerShortID(containerID)
 
+	activeNormalizedConnection.ContainerId = s.ClientContainer
+	inactiveNormalizedConnection.ContainerId = s.ClientContainer
+	activeUnnormalizedConnection.ContainerId = s.ClientContainer
+	inactiveUnnormalizedConnection.ContainerId = s.ClientContainer
+
 	collectorOptions := collector.StartupOptions{
 		Env: map[string]string{
 			"ROX_AFTERGLOW_PERIOD":               "6",

integration-tests/suites/udp_networkflow.go

@@ -124,6 +124,7 @@ func (s *UdpNetworkFlow) runTest(image, recv, send string, port uint32) {
 		Protocol:       storage.L4Protocol_L4_PROTOCOL_UDP,
 		Role:           sensorAPI.ClientServerRole_ROLE_CLIENT,
 		SocketFamily:   sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN,
+		ContainerId:    client.id,
 		CloseTimestamp: nil,
 	}
 
@@ -134,6 +135,7 @@ func (s *UdpNetworkFlow) runTest(image, recv, send string, port uint32) {
 		Protocol:       storage.L4Protocol_L4_PROTOCOL_UDP,
 		Role:           sensorAPI.ClientServerRole_ROLE_SERVER,
 		SocketFamily:   sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN,
+		ContainerId:    server.id,
 		CloseTimestamp: nil,
 	}
 
@@ -155,16 +157,6 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() {
 			Command: newServerCmd("recvfrom", port),
 		}, port)
 		log.Info("Server: %s\n", servers[i].String())
-
-		// Load the client connection collector has to send for this server.
-		clientConnections[i] = &sensorAPI.NetworkConnection{
-			LocalAddress:   types.CreateNetworkAddress("", "", 0),
-			RemoteAddress:  types.CreateNetworkAddress(servers[i].ip, "", servers[i].port),
-			Protocol:       storage.L4Protocol_L4_PROTOCOL_UDP,
-			Role:           sensorAPI.ClientServerRole_ROLE_CLIENT,
-			SocketFamily:   sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN,
-			CloseTimestamp: nil,
-		}
 	}
 
 	// We give a big period here to ensure the syscall happens just once
@@ -178,13 +170,28 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() {
 	})
 	log.Info("Client: %s\n", client.String())
 
+	for i := 0; i < CONTAINER_COUNT; i++ {
+		// Load the client connection collector has to send for this server.
+		clientConnections[i] = &sensorAPI.NetworkConnection{
+			//LocalAddress:   nil,
+			LocalAddress:   types.CreateNetworkAddress("", "", 0),
+			RemoteAddress:  types.CreateNetworkAddress(servers[i].ip, "", servers[i].port),
+			Protocol:       storage.L4Protocol_L4_PROTOCOL_UDP,
+			Role:           sensorAPI.ClientServerRole_ROLE_CLIENT,
+			SocketFamily:   sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN,
+			ContainerId:    client.id,
+			CloseTimestamp: nil,
+		}
+	}
+
 	for _, server := range servers {
 		serverConnection := &sensorAPI.NetworkConnection{
 			LocalAddress:   types.CreateNetworkAddress("", "", server.port),
 			RemoteAddress:  types.CreateNetworkAddress(client.ip, "", 0),
 			Protocol:       storage.L4Protocol_L4_PROTOCOL_UDP,
 			Role:           sensorAPI.ClientServerRole_ROLE_SERVER,
 			SocketFamily:   sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN,
+			ContainerId:    server.id,
 			CloseTimestamp: nil,
 		}
 		s.Sensor().ExpectConnections(s.T(), server.id, 5*time.Second, serverConnection)
@@ -205,6 +212,7 @@ func (s *UdpNetworkFlow) TestMultipleSources() {
 
 	clients := make([]containerData, CONTAINER_COUNT)
 	serverConnections := make([]*sensorAPI.NetworkConnection, CONTAINER_COUNT)
+	clientConnections := make([]*sensorAPI.NetworkConnection, CONTAINER_COUNT)
 	for i := 0; i < CONTAINER_COUNT; i++ {
 		name := fmt.Sprintf("%s-%d", UDP_CLIENT, i)
 		clients[i] = s.runClient(config.ContainerStartConfig{
@@ -221,22 +229,23 @@ func (s *UdpNetworkFlow) TestMultipleSources() {
 			RemoteAddress:  types.CreateNetworkAddress(clients[i].ip, "", 0),
 			Protocol:       storage.L4Protocol_L4_PROTOCOL_UDP,
 			Role:           sensorAPI.ClientServerRole_ROLE_SERVER,
+			ContainerId:    server.id,
 			SocketFamily:   sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN,
 			CloseTimestamp: nil,
 		}
+		clientConnections[i] = &sensorAPI.NetworkConnection{
+			LocalAddress:   types.CreateNetworkAddress("", "", 0),
+			RemoteAddress:  types.CreateNetworkAddress(server.ip, "", server.port),
+			Protocol:       storage.L4Protocol_L4_PROTOCOL_UDP,
+			Role:           sensorAPI.ClientServerRole_ROLE_CLIENT,
+			SocketFamily:   sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN,
+			ContainerId:    clients[i].id,
+			CloseTimestamp: nil,
+		}
 	}
 
-	clientConnection := &sensorAPI.NetworkConnection{
-		LocalAddress:   types.CreateNetworkAddress("", "", 0),
-		RemoteAddress:  types.CreateNetworkAddress(server.ip, "", server.port),
-		Protocol:       storage.L4Protocol_L4_PROTOCOL_UDP,
-		Role:           sensorAPI.ClientServerRole_ROLE_CLIENT,
-		SocketFamily:   sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN,
-		CloseTimestamp: nil,
-	}
-
-	for _, client := range clients {
-		s.Sensor().ExpectConnections(s.T(), client.id, 5*time.Second, clientConnection)
+	for i, client := range clients {
+		s.Sensor().ExpectConnections(s.T(), client.id, 5*time.Second, clientConnections[i])
 	}
 	s.Sensor().ExpectConnections(s.T(), server.id, 5*time.Second, serverConnections...)
 }