From d3c4a64ac692d02fa26b90d8a6859663fbb260e6 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Fri, 27 Jun 2025 08:23:33 -0700 Subject: [PATCH 01/25] X-Smart-Branch-Parent: master From 037aa91c48dc273cf64173444efe1c5bd05662ec Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Sun, 22 Jun 2025 18:13:40 -0700 Subject: [PATCH 02/25] Reduced usage of NetworkInfo --- .../pkg/mock_sensor/expect_conn.go | 18 ++- integration-tests/pkg/mock_sensor/server.go | 37 ++--- integration-tests/pkg/types/network.go | 137 ++++++++++++++---- integration-tests/suites/base.go | 6 +- integration-tests/suites/process_network.go | 28 ++-- .../suites/repeated_network_flow.go | 5 +- .../suites/runtime_config_file.go | 73 ++++++---- integration-tests/suites/udp_networkflow.go | 95 ++++++------ 8 files changed, 238 insertions(+), 161 deletions(-) diff --git a/integration-tests/pkg/mock_sensor/expect_conn.go b/integration-tests/pkg/mock_sensor/expect_conn.go index 2ba3800027..57a14b0e01 100644 --- a/integration-tests/pkg/mock_sensor/expect_conn.go +++ b/integration-tests/pkg/mock_sensor/expect_conn.go @@ -9,15 +9,17 @@ import ( collectorAssert "github.com/stackrox/collector/integration-tests/pkg/assert" "github.com/stackrox/collector/integration-tests/pkg/types" + + sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" ) // ExpectConnections waits up to the timeout for the gRPC server to receive // the list of expected Connections. It will first check to see if the connections // have been received already, and then monitor the live feed of connections // until timeout or until all the events have been received. -func (s *MockSensor) ExpectConnections(t *testing.T, containerID string, timeout time.Duration, expected ...types.NetworkInfo) bool { +func (s *MockSensor) ExpectConnections(t *testing.T, containerID string, timeout time.Duration, expected ...*sensorAPI.NetworkConnection) bool { - to_find := funk.Filter(expected, func(x types.NetworkInfo) bool { + to_find := funk.Filter(expected, func(x *sensorAPI.NetworkConnection) bool { return !s.HasConnection(containerID, x) }).([]types.NetworkInfo) @@ -39,7 +41,7 @@ loop: continue loop } - to_find = funk.Filter(expected, func(x types.NetworkInfo) bool { + to_find = funk.Filter(expected, func(x *sensorAPI.NetworkConnection) bool { return !s.HasConnection(containerID, x) }).([]types.NetworkInfo) @@ -57,7 +59,7 @@ loop: // // It does not consider the content of the events, just that a certain number // have been received -func (s *MockSensor) ExpectConnectionsN(t *testing.T, containerID string, timeout time.Duration, n int) []types.NetworkInfo { +func (s *MockSensor) ExpectConnectionsN(t *testing.T, containerID string, timeout time.Duration, n int) []*sensorAPI.NetworkConnection { if len(s.Connections(containerID)) == n { return s.Connections(containerID) } @@ -82,11 +84,11 @@ loop: // ExpectSameElementsConnections compares a list of expected connections to the observed connections. This comparison is done at the beginning, when a new // connection arrives, and after a timeout period. The number of connections must match and the expected and observed connections must match, but the order // does not matter. -func (s *MockSensor) ExpectSameElementsConnections(t *testing.T, containerID string, timeout time.Duration, expected ...types.NetworkInfo) bool { +func (s *MockSensor) ExpectSameElementsConnections(t *testing.T, containerID string, timeout time.Duration, expected ...*sensorAPI.NetworkConnection) bool { types.SortConnections(expected) - equal := func(c1, c2 types.NetworkInfo) bool { - return c1.Equal(c2) + equal := func(c1, c2 *sensorAPI.NetworkConnection) bool { + return types.Equal(c1, c2) } connections := s.Connections(containerID) @@ -123,7 +125,7 @@ func (s *MockSensor) ExpectSameElementsConnectionsScrapes(t *testing.T, containe types.SortConnections(c2) for i := range c2 { - if !c1[i].Equal(c2[i]) { + if !types.Equal(c1[i], c2[i]) { return false } } diff --git a/integration-tests/pkg/mock_sensor/server.go b/integration-tests/pkg/mock_sensor/server.go index 93b50187cb..08931253d5 100644 --- a/integration-tests/pkg/mock_sensor/server.go +++ b/integration-tests/pkg/mock_sensor/server.go @@ -167,11 +167,11 @@ func (m *MockSensor) GetConnectionsInBatches(containerID string) []types.Network // Connections returns a list of all connections that have been received for // a given container ID -func (m *MockSensor) Connections(containerID string) []types.NetworkInfo { +func (m *MockSensor) Connections(containerID string) []*sensorAPI.NetworkConnection { m.networkMutex.Lock() defer m.networkMutex.Unlock() - allConns := make([]types.NetworkInfo, 0) + allConns := make([]*sensorAPI.NetworkConnection, 0) if connections, ok := m.connections[containerID]; ok { conns := make([]types.NetworkInfoBatch, len(connections)) copy(conns, connections) @@ -183,16 +183,16 @@ func (m *MockSensor) Connections(containerID string) []types.NetworkInfo { return allConns } - return make([]types.NetworkInfo, 0) + return make([]*sensorAPI.NetworkConnection, 0) } // HasConnection returns whether a given connection has been seen for a given // container ID -func (m *MockSensor) HasConnection(containerID string, conn types.NetworkInfo) bool { +func (m *MockSensor) HasConnection(containerID string, conn *sensorAPI.NetworkConnection) bool { conns := m.Connections(containerID) if len(conns) > 0 { - return slices.ContainsFunc(conns, func(c types.NetworkInfo) bool { - return c.Equal(conn) + return slices.ContainsFunc(conns, func(c *sensorAPI.NetworkConnection) bool { + return types.Equal(c, conn) }) } @@ -348,30 +348,15 @@ func (m *MockSensor) PushSignals(stream sensorAPI.SignalService_PushSignalsServe } } -func (m *MockSensor) convertConnection(connection *sensorAPI.NetworkConnection) types.NetworkInfo { - conn := types.NetworkInfo{ - LocalAddress: types.TranslateAddress(connection.LocalAddress), - RemoteAddress: types.TranslateAddress(connection.RemoteAddress), - Role: connection.GetRole().String(), - SocketFamily: connection.GetSocketFamily().String(), - CloseTimestamp: connection.GetCloseTimestamp().String(), - } - - m.logger.Printf("NetworkInfo: %s, %s\n", connection.GetContainerId(), conn) - - return conn -} - -func (m *MockSensor) convertToContainerConnsMap(connections []*sensorAPI.NetworkConnection) map[string][]types.NetworkInfo { - containerConnsMap := make(map[string][]types.NetworkInfo) +func (m *MockSensor) convertToContainerConnsMap(connections []*sensorAPI.NetworkConnection) map[string][]*sensorAPI.NetworkConnection { + containerConnsMap := make(map[string][]*sensorAPI.NetworkConnection) for _, connection := range connections { - conn := m.convertConnection(connection) containerID := connection.GetContainerId() if c, ok := containerConnsMap[containerID]; ok { - containerConnsMap[containerID] = append(c, conn) + containerConnsMap[containerID] = append(c, connection) } else { - containerConnsMap[containerID] = []types.NetworkInfo{conn} + containerConnsMap[containerID] = []*sensorAPI.NetworkConnection{connection} } } @@ -462,7 +447,7 @@ func (m *MockSensor) pushLineage(containerID string, process *storage.ProcessSig } } -func (m *MockSensor) pushConnections(containerConnsMap map[string][]types.NetworkInfo) { +func (m *MockSensor) pushConnections(containerConnsMap map[string][]*sensorAPI.NetworkConnection) { m.networkMutex.Lock() defer m.networkMutex.Unlock() diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index 458daf865e..7cc7e6229a 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -1,7 +1,7 @@ package types import ( - "fmt" + "net" "sort" sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" @@ -20,7 +20,7 @@ type NetworkInfo struct { CloseTimestamp string } -type NetworkInfoBatch []NetworkInfo +type NetworkInfoBatch []*sensorAPI.NetworkConnection // TranslateAddress is a helper function for converting binary representations // of network addresses (in the signals) to usable forms for testing @@ -52,52 +52,127 @@ func TranslateAddress(addr *sensorAPI.NetworkAddress) string { return peerId.String() } -func (n *NetworkInfo) String() string { - return fmt.Sprintf("%s|%s|%s|%s|%s", - n.LocalAddress, - n.RemoteAddress, - n.Role, - n.SocketFamily, - n.CloseTimestamp) +func IsActive(conn *sensorAPI.NetworkConnection) bool { + // no close timestamp means the connection is open, and active + return conn.GetCloseTimestamp() == nil } -func (n *NetworkInfo) IsActive() bool { - // no close timestamp means the connection is open, and active - return n.CloseTimestamp == NilTimestamp +func Equal(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { + return EqualNetworkAddress(conn1.LocalAddress, conn2.LocalAddress) && + EqualNetworkAddress(conn1.RemoteAddress, conn2.RemoteAddress) && + conn1.Role == conn2.Role && + conn1.SocketFamily == conn2.SocketFamily && + IsActive(conn1) == IsActive(conn2) } -func (n *NetworkInfo) Equal(other NetworkInfo) bool { - return n.LocalAddress == other.LocalAddress && - n.RemoteAddress == other.RemoteAddress && - n.Role == other.Role && - n.SocketFamily == other.SocketFamily && - n.IsActive() == other.IsActive() +func CompareBytes(b1 []byte, b2 []byte) int { + if len(b1) != len(b2) { + if len(b1) < len(b2) { + return -1 + } else { + return 1 + } + } + + for i := range b1 { + if b1[i] != b2[i] { + if b1[i] < b2[i] { + return -1 + } else { + return 1 + } + } + } + + return 0 } -func (n *NetworkInfo) Less(other NetworkInfo) bool { - if n.LocalAddress != other.LocalAddress { - return n.LocalAddress < other.LocalAddress +func EqualNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool { + comp := CompareBytes(addr1.GetAddressData(), addr2.GetAddressData()) + + if comp != 0 { + return false } - if n.RemoteAddress != other.RemoteAddress { - return n.RemoteAddress < other.RemoteAddress + comp = CompareBytes(addr1.GetIpNetwork(), addr2.GetIpNetwork()) + + if comp != 0 { + return false } - if n.Role != other.Role { - return n.Role < other.Role + return addr1.GetPort() == addr2.GetPort() +} + +func LessNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool { + comp := CompareBytes(addr1.GetAddressData(), addr2.GetAddressData()) + + if comp != 0 { + return comp < 0 } - if n.SocketFamily != other.SocketFamily { - return n.SocketFamily < other.SocketFamily + comp = CompareBytes(addr1.GetIpNetwork(), addr2.GetIpNetwork()) + + if comp != 0 { + return comp < 0 } - if n.IsActive() != other.IsActive() { - return n.IsActive() + return addr1.GetPort() < addr2.GetPort() +} + +func LessNetworkConnection(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { + if !EqualNetworkAddress(conn1.LocalAddress, conn2.LocalAddress) { + return LessNetworkAddress(conn1.GetLocalAddress(), conn2.GetLocalAddress()) + } + + if !EqualNetworkAddress(conn1.RemoteAddress, conn2.RemoteAddress) { + return LessNetworkAddress(conn1.GetRemoteAddress(), conn2.GetRemoteAddress()) + } + + if conn1.Role != conn2.Role { + return conn1.Role < conn2.Role + } + + if conn1.SocketFamily != conn2.SocketFamily { + return conn1.SocketFamily < conn2.SocketFamily + } + + if IsActive(conn1) != IsActive(conn2) { + return IsActive(conn1) } return false } -func SortConnections(connections []NetworkInfo) { - sort.Slice(connections, func(i, j int) bool { return connections[i].Less(connections[j]) }) +func stringToIPBytes(ipStr string) []byte { + ip := net.ParseIP(ipStr) + + if ip == nil { + return nil + } + + return ip.To4() + +} + +func stringToIPNetworkBytes(ipStr string) []byte { + ip := net.ParseIP(ipStr) + + if ip == nil { + return nil + } + + return append(ip.To4(), 32) +} + +func CreateNetworkAddress(ipAddress string, ipNetwork string, port uint32) *sensorAPI.NetworkAddress { + + return &sensorAPI.NetworkAddress{ + AddressData: stringToIPBytes(ipAddress), + IpNetwork: stringToIPNetworkBytes(ipNetwork), + Port: port, + } +} + +func SortConnections(connections []*sensorAPI.NetworkConnection) { + sort.Slice(connections, func(i, j int) bool { return LessNetworkConnection(connections[i], connections[j]) }) } diff --git a/integration-tests/suites/base.go b/integration-tests/suites/base.go index 2d8e18b11d..f29c8301e8 100644 --- a/integration-tests/suites/base.go +++ b/integration-tests/suites/base.go @@ -434,8 +434,10 @@ func (s *IntegrationTestSuiteBase) getIPAddress(containerName string) (string, e return s.Executor().GetContainerIP(containerName) } -func (s *IntegrationTestSuiteBase) getPort(containerName string) (string, error) { - return s.Executor().GetContainerPort(containerName) +func (s *IntegrationTestSuiteBase) getPort(containerName string) (uint32, error) { + portStr, err := s.Executor().GetContainerPort(containerName) + port, _ := strconv.ParseUint(portStr, 10, 32) + return uint32(port), err } func (s *IntegrationTestSuiteBase) StartContainerStats() { diff --git a/integration-tests/suites/process_network.go b/integration-tests/suites/process_network.go index 9d41fa7f5d..932795391f 100644 --- a/integration-tests/suites/process_network.go +++ b/integration-tests/suites/process_network.go @@ -7,6 +7,8 @@ import ( "github.com/stackrox/collector/integration-tests/pkg/common" "github.com/stackrox/collector/integration-tests/pkg/config" "github.com/stackrox/collector/integration-tests/pkg/types" + + sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" ) type ProcessNetworkTestSuite struct { @@ -15,7 +17,7 @@ type ProcessNetworkTestSuite struct { clientIP string serverContainer string serverIP string - serverPort string + serverPort uint32 } // Launches collector @@ -147,22 +149,22 @@ func (s *ProcessNetworkTestSuite) TestProcessLineageInfo() { func (s *ProcessNetworkTestSuite) TestNetworkFlows() { s.Sensor().ExpectConnections(s.T(), s.serverContainer, 10*time.Second, - types.NetworkInfo{ - LocalAddress: fmt.Sprintf(":%s", s.serverPort), - RemoteAddress: s.clientIP, - Role: "ROLE_SERVER", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + &sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", s.serverPort), + RemoteAddress: types.CreateNetworkAddress(s.clientIP, "", s.serverPort), + Role: sensorAPI.ClientServerRole_ROLE_SERVER, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, ) s.Sensor().ExpectConnections(s.T(), s.clientContainer, 10*time.Second, - types.NetworkInfo{ - LocalAddress: "", - RemoteAddress: fmt.Sprintf("%s:%s", s.serverIP, s.serverPort), - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + &sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress(s.clientIP, "", s.serverPort), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, ) } diff --git a/integration-tests/suites/repeated_network_flow.go b/integration-tests/suites/repeated_network_flow.go index 9a04dc1e04..5f6e34ab97 100644 --- a/integration-tests/suites/repeated_network_flow.go +++ b/integration-tests/suites/repeated_network_flow.go @@ -8,6 +8,7 @@ import ( "github.com/stackrox/collector/integration-tests/pkg/collector" "github.com/stackrox/collector/integration-tests/pkg/common" "github.com/stackrox/collector/integration-tests/pkg/config" + "github.com/stackrox/collector/integration-tests/pkg/types" "github.com/stretchr/testify/assert" ) @@ -20,7 +21,7 @@ type RepeatedNetworkFlowTestSuite struct { ClientIP string ServerContainer string ServerIP string - ServerPort string + ServerPort uint32 EnableAfterglow bool AfterglowPeriod int ScrapeInterval int @@ -114,7 +115,7 @@ func (s *RepeatedNetworkFlowTestSuite) TestRepeatedNetworkFlow() { observedInactive := 0 for _, info := range networkInfos { - if info.IsActive() { + if types.IsActive(info) { observedActive++ } else { observedInactive++ diff --git a/integration-tests/suites/runtime_config_file.go b/integration-tests/suites/runtime_config_file.go index 1f7267cb34..38a4e60ab2 100644 --- a/integration-tests/suites/runtime_config_file.go +++ b/integration-tests/suites/runtime_config_file.go @@ -11,44 +11,53 @@ import ( "github.com/stackrox/collector/integration-tests/pkg/common" "github.com/stackrox/collector/integration-tests/pkg/config" "github.com/stackrox/collector/integration-tests/pkg/types" + + sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" + "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/protoconv" ) var ( normalizedIp = "255.255.255.255" externalIp = "8.8.8.8" - serverPort = 53 + serverPort = uint32(53) externalUrl = fmt.Sprintf("http://%s:%d", externalIp, serverPort) - - activeNormalizedConnection = types.NetworkInfo{ - LocalAddress: "", - RemoteAddress: fmt.Sprintf("%s:%d", normalizedIp, serverPort), - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + notNilTime = protoconv.ConvertTimeToTimestamp(time.Now()) + + activeNormalizedConnection = sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress(normalizedIp, "", serverPort), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, } - activeUnnormalizedConnection = types.NetworkInfo{ - LocalAddress: "", - RemoteAddress: fmt.Sprintf("%s:%d", externalIp, serverPort), - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + activeUnnormalizedConnection = sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", externalIp, serverPort), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, } - inactiveNormalizedConnection = types.NetworkInfo{ - LocalAddress: "", - RemoteAddress: fmt.Sprintf("%s:%d", normalizedIp, serverPort), - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: "Not nill time", + inactiveNormalizedConnection = sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress(normalizedIp, "", serverPort), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: notNilTime, } - inactiveUnnormalizedConnection = types.NetworkInfo{ - LocalAddress: "", - RemoteAddress: fmt.Sprintf("%s:%d", externalIp, serverPort), - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: "Not nill time", + inactiveUnnormalizedConnection = sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", externalIp, serverPort), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: notNilTime, } runtimeConfigDir = "/tmp/collector-test" @@ -116,7 +125,7 @@ func (s *RuntimeConfigFileTestSuite) TestRuntimeConfigFileEnable() { // Default configuration is external IPs disabled. // We expect normalized connections. assert.AssertNoRuntimeConfig(s.T(), collectorIP) - expectedConnections := []types.NetworkInfoBatch{[]types.NetworkInfo{activeNormalizedConnection}} + expectedConnections := []types.NetworkInfoBatch{[]*sensorAPI.NetworkConnection{&activeNormalizedConnection}} connectionSuccess := s.Sensor().ExpectSameElementsConnectionsScrapes(s.T(), s.ClientContainer, 10*time.Second, expectedConnections) s.Require().True(connectionSuccess) @@ -125,7 +134,7 @@ func (s *RuntimeConfigFileTestSuite) TestRuntimeConfigFileEnable() { // Unnormalized connection will now be reported. s.setExternalIpsEnabled(runtimeConfigFile, "ENABLED") assert.AssertExternalIps(s.T(), "ENABLED", collectorIP) - expectedConnections = append(expectedConnections, []types.NetworkInfo{activeUnnormalizedConnection, inactiveNormalizedConnection}) + expectedConnections = append(expectedConnections, []*sensorAPI.NetworkConnection{&activeUnnormalizedConnection, &inactiveNormalizedConnection}) connectionSuccess = s.Sensor().ExpectSameElementsConnectionsScrapes(s.T(), s.ClientContainer, 10*time.Second, expectedConnections) s.Require().True(connectionSuccess) @@ -133,14 +142,14 @@ func (s *RuntimeConfigFileTestSuite) TestRuntimeConfigFileEnable() { // and the unnormalized connection shoul be inactive. s.deleteFile(runtimeConfigFile) assert.AssertNoRuntimeConfig(s.T(), collectorIP) - expectedConnections = append(expectedConnections, []types.NetworkInfo{activeNormalizedConnection, inactiveUnnormalizedConnection}) + expectedConnections = append(expectedConnections, []*sensorAPI.NetworkConnection{&activeNormalizedConnection, &inactiveUnnormalizedConnection}) connectionSuccess = s.Sensor().ExpectSameElementsConnectionsScrapes(s.T(), s.ClientContainer, 10*time.Second, expectedConnections) s.Require().True(connectionSuccess) // Back to having external IPs enabled. s.setExternalIpsEnabled(runtimeConfigFile, "ENABLED") assert.AssertExternalIps(s.T(), "ENABLED", collectorIP) - expectedConnections = append(expectedConnections, []types.NetworkInfo{activeUnnormalizedConnection, inactiveNormalizedConnection}) + expectedConnections = append(expectedConnections, []*sensorAPI.NetworkConnection{&activeUnnormalizedConnection, &inactiveNormalizedConnection}) connectionSuccess = s.Sensor().ExpectSameElementsConnectionsScrapes(s.T(), s.ClientContainer, 10*time.Second, expectedConnections) s.Require().True(connectionSuccess) } @@ -150,7 +159,7 @@ func (s *RuntimeConfigFileTestSuite) TestRuntimeConfigFileDisable() { // Default configuration is external IPs disabled. // We expect normalized connections. assert.AssertNoRuntimeConfig(s.T(), collectorIP) - expectedConnections := []types.NetworkInfo{activeNormalizedConnection} + expectedConnections := []*sensorAPI.NetworkConnection{&activeNormalizedConnection} connectionSuccess := s.Sensor().ExpectSameElementsConnections(s.T(), s.ClientContainer, 10*time.Second, expectedConnections...) s.Require().True(connectionSuccess) @@ -175,7 +184,7 @@ func (s *RuntimeConfigFileTestSuite) TestRuntimeConfigFileInvalid() { // Default configuration is external IPs disabled. // We expect normalized connections. assert.AssertNoRuntimeConfig(s.T(), collectorIP) - expectedConnections := []types.NetworkInfo{activeNormalizedConnection} + expectedConnections := []*sensorAPI.NetworkConnection{&activeNormalizedConnection} connectionSuccess := s.Sensor().ExpectSameElementsConnections(s.T(), s.ClientContainer, 10*time.Second, expectedConnections...) s.Require().True(connectionSuccess) diff --git a/integration-tests/suites/udp_networkflow.go b/integration-tests/suites/udp_networkflow.go index adfd664d62..57857ae5ed 100644 --- a/integration-tests/suites/udp_networkflow.go +++ b/integration-tests/suites/udp_networkflow.go @@ -5,6 +5,8 @@ import ( "strconv" "time" + sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" + "github.com/stackrox/collector/integration-tests/pkg/collector" "github.com/stackrox/collector/integration-tests/pkg/common" "github.com/stackrox/collector/integration-tests/pkg/config" @@ -29,7 +31,7 @@ type UdpNetworkFlow struct { type containerData struct { id string ip string - port uint16 + port uint32 } func (c *containerData) String() string { @@ -88,7 +90,7 @@ func (s *UdpNetworkFlow) TestUdpNetorkflow() { recvSyscalls := []string{"recvfrom", "recvmsg", "recvmmsg"} image := config.Images().QaImageByKey("qa-udp") - port := uint16(9090) + port := uint32(9090) for _, send := range sendSyscalls { for _, recv := range recvSyscalls { testName := fmt.Sprintf("%s_%s", send, recv) @@ -101,7 +103,7 @@ func (s *UdpNetworkFlow) TestUdpNetorkflow() { } } -func (s *UdpNetworkFlow) runTest(image, recv, send string, port uint16) { +func (s *UdpNetworkFlow) runTest(image, recv, send string, port uint32) { server := s.runServer(config.ContainerStartConfig{ Name: UDP_SERVER, Image: image, @@ -115,22 +117,21 @@ func (s *UdpNetworkFlow) runTest(image, recv, send string, port uint16) { }) log.Info("Server: %s - Client: %s\n", server.String(), client.String()) - // Expected client connection - clientConnection := types.NetworkInfo{ - LocalAddress: "", - RemoteAddress: fmt.Sprintf("%s:%d", server.ip, server.port), - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + clientConnection := &sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress(server.ip, "", server.port), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, } // Expected server connection - serverConnection := types.NetworkInfo{ - LocalAddress: fmt.Sprintf(":%d", server.port), - RemoteAddress: client.ip, - Role: "ROLE_SERVER", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + serverConnection := &sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", server.port), + RemoteAddress: types.CreateNetworkAddress(client.ip, "", 0), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, } s.Sensor().ExpectConnections(s.T(), client.id, 5*time.Second, clientConnection) @@ -141,10 +142,10 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() { image := config.Images().QaImageByKey("qa-udp") servers := make([]containerData, CONTAINER_COUNT) - clientConnections := make([]types.NetworkInfo, CONTAINER_COUNT) + clientConnections := make([]*sensorAPI.NetworkConnection, CONTAINER_COUNT) for i := 0; i < CONTAINER_COUNT; i++ { name := fmt.Sprintf("%s-%d", UDP_SERVER, i) - port := uint16(9000 + i) + port := uint32(9000 + i) servers[i] = s.runServer(config.ContainerStartConfig{ Name: name, Image: image, @@ -153,12 +154,12 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() { log.Info("Server: %s\n", servers[i].String()) // Load the client connection collector has to send for this server. - clientConnections[i] = types.NetworkInfo{ - LocalAddress: "", - RemoteAddress: fmt.Sprintf("%s:%d", servers[i].ip, servers[i].port), - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + clientConnections[i] = &sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress(servers[i].ip, "", servers[i].port), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, } } @@ -174,12 +175,12 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() { log.Info("Client: %s\n", client.String()) for _, server := range servers { - serverConnection := types.NetworkInfo{ - LocalAddress: fmt.Sprintf(":%d", server.port), - RemoteAddress: client.ip, - Role: "ROLE_SERVER", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + serverConnection := &sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", server.port), + RemoteAddress: types.CreateNetworkAddress(client.ip, "", 0), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, } s.Sensor().ExpectConnections(s.T(), server.id, 5*time.Second, serverConnection) } @@ -188,7 +189,7 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() { func (s *UdpNetworkFlow) TestMultipleSources() { image := config.Images().QaImageByKey("qa-udp") - port := uint16(9100) + port := uint32(9100) server := s.runServer(config.ContainerStartConfig{ Name: UDP_SERVER, @@ -198,7 +199,7 @@ func (s *UdpNetworkFlow) TestMultipleSources() { log.Info("Server: %s\n", server.String()) clients := make([]containerData, CONTAINER_COUNT) - serverConnections := make([]types.NetworkInfo, CONTAINER_COUNT) + serverConnections := make([]*sensorAPI.NetworkConnection, CONTAINER_COUNT) for i := 0; i < CONTAINER_COUNT; i++ { name := fmt.Sprintf("%s-%d", UDP_CLIENT, i) clients[i] = s.runClient(config.ContainerStartConfig{ @@ -210,21 +211,21 @@ func (s *UdpNetworkFlow) TestMultipleSources() { log.Info("Client: %s\n", clients[i].String()) // Load the server connection collector has to send for this client. - serverConnections[i] = types.NetworkInfo{ - LocalAddress: fmt.Sprintf(":%d", server.port), - RemoteAddress: clients[i].ip, - Role: "ROLE_SERVER", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + serverConnections[i] = &sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", server.port), + RemoteAddress: types.CreateNetworkAddress(clients[i].ip, "", 0), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, } } - clientConnection := types.NetworkInfo{ - LocalAddress: "", - RemoteAddress: fmt.Sprintf("%s:%d", server.ip, server.port), - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + clientConnection := &sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress(server.ip, "", server.port), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, } for _, client := range clients { @@ -233,14 +234,14 @@ func (s *UdpNetworkFlow) TestMultipleSources() { s.Sensor().ExpectConnections(s.T(), server.id, 5*time.Second, serverConnections...) } -func newServerCmd(recv string, port uint16) []string { +func newServerCmd(recv string, port uint32) []string { return []string{ "--syscall", recv, "--port", strconv.FormatUint(uint64(port), 10), } } -func (s *UdpNetworkFlow) runServer(cfg config.ContainerStartConfig, port uint16) containerData { +func (s *UdpNetworkFlow) runServer(cfg config.ContainerStartConfig, port uint32) containerData { return s.runContainer(cfg, port) } @@ -269,7 +270,7 @@ func (s *UdpNetworkFlow) runClient(cfg config.ContainerStartConfig) containerDat return s.runContainer(cfg, 0) } -func (s *UdpNetworkFlow) runContainer(cfg config.ContainerStartConfig, port uint16) containerData { +func (s *UdpNetworkFlow) runContainer(cfg config.ContainerStartConfig, port uint32) containerData { id, err := s.Executor().StartContainer(cfg) s.Require().NoError(err) From d9cc8bed31fbb36be05adf2ae56424aa9d593ff3 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Mon, 23 Jun 2025 12:39:31 -0700 Subject: [PATCH 03/25] Entirely removed types.NetworkInfo --- integration-tests/integration_test.go | 134 +++++++++--------- .../pkg/mock_sensor/expect_conn.go | 4 +- integration-tests/pkg/types/network.go | 8 -- .../suites/connections_and_endpoints.go | 24 ++-- 4 files changed, 83 insertions(+), 87 deletions(-) diff --git a/integration-tests/integration_test.go b/integration-tests/integration_test.go index 56ee693570..300c508bea 100644 --- a/integration-tests/integration_test.go +++ b/integration-tests/integration_test.go @@ -4,6 +4,8 @@ import ( "strings" "testing" + sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" + "github.com/stretchr/testify/suite" "github.com/stackrox/collector/integration-tests/pkg/collector" @@ -166,13 +168,13 @@ func TestConnectionsAndEndpointsNormal(t *testing.T) { Server: suites.Container{ Name: "socat-server-0", Cmd: "socat TCP4-LISTEN:40,reuseaddr,fork - &", - ExpectedNetwork: []types.NetworkInfo{ + ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: ":40", - RemoteAddress: "CLIENT_IP", - Role: "ROLE_SERVER", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + LocalAddress: types.CreateNetworkAddress("", "", 40), + RemoteAddress: types.CreateNetworkAddress("", "", 0), + Role: sensorAPI.ClientServerRole_ROLE_SERVER, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, }, ExpectedEndpoints: []types.EndpointInfo{ @@ -189,13 +191,13 @@ func TestConnectionsAndEndpointsNormal(t *testing.T) { Client: suites.Container{ Name: "socat-client-0", Cmd: "echo hello | socat - TCP4:SERVER_IP:40", - ExpectedNetwork: []types.NetworkInfo{ + ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: "", - RemoteAddress: "SERVER_IP:40", - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", "", 40), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, }, ExpectedEndpoints: nil, @@ -211,13 +213,13 @@ func TestConnectionsAndEndpointsHighLowPorts(t *testing.T) { Server: suites.Container{ Name: "socat-server-1", Cmd: "socat TCP4-LISTEN:40000,reuseaddr,fork - &", - ExpectedNetwork: []types.NetworkInfo{ + ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: ":40000", - RemoteAddress: "CLIENT_IP", - Role: "ROLE_SERVER", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + LocalAddress: types.CreateNetworkAddress("", "", 40000), + RemoteAddress: types.CreateNetworkAddress("", "", 0), + Role: sensorAPI.ClientServerRole_ROLE_SERVER, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, }, ExpectedEndpoints: []types.EndpointInfo{ @@ -234,13 +236,13 @@ func TestConnectionsAndEndpointsHighLowPorts(t *testing.T) { Client: suites.Container{ Name: "socat-client-1", Cmd: "echo hello | socat - TCP4:SERVER_IP:40000,sourceport=10000", - ExpectedNetwork: []types.NetworkInfo{ + ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: "", - RemoteAddress: "SERVER_IP:40000", - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", "", 40000), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, }, ExpectedEndpoints: nil, @@ -256,13 +258,13 @@ func TestConnectionsAndEndpointsServerHigh(t *testing.T) { Server: suites.Container{ Name: "socat-server-2", Cmd: "socat TCP4-LISTEN:60999,reuseaddr,fork - &", - ExpectedNetwork: []types.NetworkInfo{ + ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: ":60999", - RemoteAddress: "CLIENT_IP", - Role: "ROLE_SERVER", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + LocalAddress: types.CreateNetworkAddress("", "", 60999), + RemoteAddress: types.CreateNetworkAddress("", "", 0), + Role: sensorAPI.ClientServerRole_ROLE_SERVER, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, }, ExpectedEndpoints: []types.EndpointInfo{ @@ -279,13 +281,13 @@ func TestConnectionsAndEndpointsServerHigh(t *testing.T) { Client: suites.Container{ Name: "socat-client-2", Cmd: "echo hello | socat - TCP4:SERVER_IP:60999", - ExpectedNetwork: []types.NetworkInfo{ + ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: "", - RemoteAddress: "SERVER_IP:60999", - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", "", 60999), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, }, ExpectedEndpoints: nil, @@ -301,13 +303,13 @@ func TestConnectionsAndEndpointsSourcePort(t *testing.T) { Server: suites.Container{ Name: "socat-server-1", Cmd: "socat TCP4-LISTEN:10000,reuseaddr,fork - &", - ExpectedNetwork: []types.NetworkInfo{ + ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: ":10000", - RemoteAddress: "CLIENT_IP", - Role: "ROLE_SERVER", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + LocalAddress: types.CreateNetworkAddress("", "", 10000), + RemoteAddress: types.CreateNetworkAddress("", "", 0), + Role: sensorAPI.ClientServerRole_ROLE_SERVER, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, }, ExpectedEndpoints: []types.EndpointInfo{ @@ -324,13 +326,13 @@ func TestConnectionsAndEndpointsSourcePort(t *testing.T) { Client: suites.Container{ Name: "socat-client-1", Cmd: "echo hello | socat - TCP4:SERVER_IP:10000,sourceport=40000", - ExpectedNetwork: []types.NetworkInfo{ + ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: "", - RemoteAddress: "SERVER_IP:10000", - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", "", 10000), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, }, ExpectedEndpoints: nil, @@ -362,13 +364,13 @@ func TestConnectionsAndEndpointsUDPNormal(t *testing.T) { Client: suites.Container{ Name: "socat-client-udp", Cmd: "echo hello | socat - UDP:SERVER_IP:53", - ExpectedNetwork: []types.NetworkInfo{ + ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: "", - RemoteAddress: "SERVER_IP:53", - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", "", 53), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, }, ExpectedEndpoints: nil, @@ -400,13 +402,13 @@ func TestConnectionsAndEndpointsUDPNoReuseaddr(t *testing.T) { Client: suites.Container{ Name: "socat-client-udp", Cmd: "echo hello | socat - UDP:SERVER_IP:53", - ExpectedNetwork: []types.NetworkInfo{ + ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: "", - RemoteAddress: "SERVER_IP:53", - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", "", 53), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, }, ExpectedEndpoints: nil, @@ -438,13 +440,13 @@ func TestConnectionsAndEndpointsUDPNoFork(t *testing.T) { Client: suites.Container{ Name: "socat-client-udp", Cmd: "echo hello | socat - UDP:SERVER_IP:53", - ExpectedNetwork: []types.NetworkInfo{ + ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: "", - RemoteAddress: "SERVER_IP:53", - Role: "ROLE_CLIENT", - SocketFamily: "SOCKET_FAMILY_UNKNOWN", - CloseTimestamp: types.NilTimestamp, + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", "", 53), + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + CloseTimestamp: nil, }, }, ExpectedEndpoints: nil, diff --git a/integration-tests/pkg/mock_sensor/expect_conn.go b/integration-tests/pkg/mock_sensor/expect_conn.go index 57a14b0e01..e73adf1346 100644 --- a/integration-tests/pkg/mock_sensor/expect_conn.go +++ b/integration-tests/pkg/mock_sensor/expect_conn.go @@ -21,7 +21,7 @@ func (s *MockSensor) ExpectConnections(t *testing.T, containerID string, timeout to_find := funk.Filter(expected, func(x *sensorAPI.NetworkConnection) bool { return !s.HasConnection(containerID, x) - }).([]types.NetworkInfo) + }).([]*sensorAPI.NetworkConnection) if len(to_find) == 0 { return true @@ -43,7 +43,7 @@ loop: to_find = funk.Filter(expected, func(x *sensorAPI.NetworkConnection) bool { return !s.HasConnection(containerID, x) - }).([]types.NetworkInfo) + }).([]*sensorAPI.NetworkConnection) if len(to_find) == 0 { return true diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index 7cc7e6229a..f7a2da616a 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -12,14 +12,6 @@ const ( NilTimestamp = "" ) -type NetworkInfo struct { - LocalAddress string - RemoteAddress string - Role string - SocketFamily string - CloseTimestamp string -} - type NetworkInfoBatch []*sensorAPI.NetworkConnection // TranslateAddress is a helper function for converting binary representations diff --git a/integration-tests/suites/connections_and_endpoints.go b/integration-tests/suites/connections_and_endpoints.go index 9137edb9f7..5383fd7e53 100644 --- a/integration-tests/suites/connections_and_endpoints.go +++ b/integration-tests/suites/connections_and_endpoints.go @@ -5,6 +5,8 @@ import ( "strings" "time" + sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" + "github.com/stackrox/collector/integration-tests/pkg/collector" "github.com/stackrox/collector/integration-tests/pkg/common" "github.com/stackrox/collector/integration-tests/pkg/config" @@ -18,7 +20,7 @@ type Container struct { Cmd string ContainerID string IP string - ExpectedNetwork []types.NetworkInfo + ExpectedNetwork []*sensorAPI.NetworkConnection ExpectedEndpoints []types.EndpointInfo } @@ -106,11 +108,11 @@ func (s *ConnectionsAndEndpointsTestSuite) TestConnectionsAndEndpoints() { } lastNetwork := clientNetworks[nNetwork-1] lastExpectedNetwork := s.Client.ExpectedNetwork[nExpectedNetwork-1] - expectedLocalAddress := strings.Replace(lastExpectedNetwork.LocalAddress, "CLIENT_IP", s.Client.IP, -1) - expectedRemoteAddress := strings.Replace(lastExpectedNetwork.RemoteAddress, "SERVER_IP", s.Server.IP, -1) - assert.Equal(s.T(), expectedLocalAddress, lastNetwork.LocalAddress) - assert.Equal(s.T(), expectedRemoteAddress, lastNetwork.RemoteAddress) - assert.Equal(s.T(), "ROLE_CLIENT", lastNetwork.Role) + expectedRemoteAddress := types.CreateNetworkAddress(s.Server.IP, "", lastExpectedNetwork.RemoteAddress.Port) + + assert.True(s.T(), types.EqualNetworkAddress(lastExpectedNetwork.LocalAddress, lastNetwork.LocalAddress)) + assert.True(s.T(), types.EqualNetworkAddress(expectedRemoteAddress, lastNetwork.RemoteAddress)) + assert.Equal(s.T(), sensorAPI.ClientServerRole_ROLE_CLIENT, lastNetwork.Role) assert.Equal(s.T(), lastExpectedNetwork.SocketFamily, lastNetwork.SocketFamily) } @@ -133,11 +135,11 @@ func (s *ConnectionsAndEndpointsTestSuite) TestConnectionsAndEndpoints() { } lastNetwork := serverNetworks[nNetwork-1] lastExpectedNetwork := s.Server.ExpectedNetwork[nExpectedNetwork-1] - expectedLocalAddress := strings.Replace(lastExpectedNetwork.LocalAddress, "SERVER_IP", s.Server.IP, -1) - expectedRemoteAddress := strings.Replace(lastExpectedNetwork.RemoteAddress, "CLIENT_IP", s.Client.IP, -1) - assert.Equal(s.T(), expectedLocalAddress, lastNetwork.LocalAddress) - assert.Equal(s.T(), expectedRemoteAddress, lastNetwork.RemoteAddress) - assert.Equal(s.T(), "ROLE_SERVER", lastNetwork.Role) + expectedRemoteAddress := types.CreateNetworkAddress(s.Client.IP, "", lastExpectedNetwork.RemoteAddress.Port) + + assert.True(s.T(), types.EqualNetworkAddress(lastExpectedNetwork.LocalAddress, lastNetwork.LocalAddress)) + assert.True(s.T(), types.EqualNetworkAddress(expectedRemoteAddress, lastNetwork.RemoteAddress)) + assert.Equal(s.T(), sensorAPI.ClientServerRole_ROLE_SERVER, lastNetwork.Role) assert.Equal(s.T(), lastExpectedNetwork.SocketFamily, lastNetwork.SocketFamily) } From b325c41639ec5f750c104f3ea0de3557aeebe33b Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Mon, 23 Jun 2025 12:47:31 -0700 Subject: [PATCH 04/25] Changed NetworkInfoBatch to NetworkConnectionBatch --- integration-tests/pkg/mock_sensor/expect_conn.go | 4 ++-- integration-tests/pkg/mock_sensor/server.go | 16 ++++++++-------- integration-tests/pkg/types/network.go | 2 +- integration-tests/suites/runtime_config_file.go | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/integration-tests/pkg/mock_sensor/expect_conn.go b/integration-tests/pkg/mock_sensor/expect_conn.go index e73adf1346..d6b9ee0f4e 100644 --- a/integration-tests/pkg/mock_sensor/expect_conn.go +++ b/integration-tests/pkg/mock_sensor/expect_conn.go @@ -115,8 +115,8 @@ func (s *MockSensor) ExpectSameElementsConnections(t *testing.T, containerID str } } -func (s *MockSensor) ExpectSameElementsConnectionsScrapes(t *testing.T, containerID string, timeout time.Duration, expected []types.NetworkInfoBatch) bool { - equal := func(c1, c2 types.NetworkInfoBatch) bool { +func (s *MockSensor) ExpectSameElementsConnectionsScrapes(t *testing.T, containerID string, timeout time.Duration, expected []types.NetworkConnectionBatch) bool { + equal := func(c1, c2 types.NetworkConnectionBatch) bool { if len(c1) != len(c2) { return false } diff --git a/integration-tests/pkg/mock_sensor/server.go b/integration-tests/pkg/mock_sensor/server.go index 08931253d5..14a469b6fc 100644 --- a/integration-tests/pkg/mock_sensor/server.go +++ b/integration-tests/pkg/mock_sensor/server.go @@ -46,7 +46,7 @@ type MockSensor struct { processLineages map[string]LineageMap processMutex sync.Mutex - connections map[string][]types.NetworkInfoBatch + connections map[string][]types.NetworkConnectionBatch endpoints map[string]EndpointMap networkMutex sync.Mutex @@ -64,7 +64,7 @@ func NewMockSensor(test string) *MockSensor { testName: test, processes: make(map[string]ProcessMap), processLineages: make(map[string]LineageMap), - connections: make(map[string][]types.NetworkInfoBatch), + connections: make(map[string][]types.NetworkConnectionBatch), endpoints: make(map[string]EndpointMap), } } @@ -149,12 +149,12 @@ func (m *MockSensor) LiveConnections() <-chan *sensorAPI.NetworkConnection { // Connections returns a list of all connections that have been received for // a given container ID -func (m *MockSensor) GetConnectionsInBatches(containerID string) []types.NetworkInfoBatch { +func (m *MockSensor) GetConnectionsInBatches(containerID string) []types.NetworkConnectionBatch { m.networkMutex.Lock() defer m.networkMutex.Unlock() if connections, ok := m.connections[containerID]; ok { - conns := make([]types.NetworkInfoBatch, len(connections)) + conns := make([]types.NetworkConnectionBatch, len(connections)) copy(conns, connections) for _, conn := range conns { types.SortConnections(conn) @@ -162,7 +162,7 @@ func (m *MockSensor) GetConnectionsInBatches(containerID string) []types.Network return conns } - return make([]types.NetworkInfoBatch, 0) + return make([]types.NetworkConnectionBatch, 0) } // Connections returns a list of all connections that have been received for @@ -173,7 +173,7 @@ func (m *MockSensor) Connections(containerID string) []*sensorAPI.NetworkConnect allConns := make([]*sensorAPI.NetworkConnection, 0) if connections, ok := m.connections[containerID]; ok { - conns := make([]types.NetworkInfoBatch, len(connections)) + conns := make([]types.NetworkConnectionBatch, len(connections)) copy(conns, connections) for _, conn := range conns { allConns = append(allConns, conn...) @@ -292,7 +292,7 @@ func (m *MockSensor) Stop() { m.processes = make(map[string]ProcessMap) m.processLineages = make(map[string]LineageMap) - m.connections = make(map[string][]types.NetworkInfoBatch) + m.connections = make(map[string][]types.NetworkConnectionBatch) m.endpoints = make(map[string]EndpointMap) m.processChannel.Stop() @@ -455,7 +455,7 @@ func (m *MockSensor) pushConnections(containerConnsMap map[string][]*sensorAPI.N if c, ok := m.connections[containerID]; ok { m.connections[containerID] = append(c, connections) } else { - m.connections[containerID] = []types.NetworkInfoBatch{connections} + m.connections[containerID] = []types.NetworkConnectionBatch{connections} } } } diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index f7a2da616a..d09dfd015f 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -12,7 +12,7 @@ const ( NilTimestamp = "" ) -type NetworkInfoBatch []*sensorAPI.NetworkConnection +type NetworkConnectionBatch []*sensorAPI.NetworkConnection // TranslateAddress is a helper function for converting binary representations // of network addresses (in the signals) to usable forms for testing diff --git a/integration-tests/suites/runtime_config_file.go b/integration-tests/suites/runtime_config_file.go index 38a4e60ab2..634f410897 100644 --- a/integration-tests/suites/runtime_config_file.go +++ b/integration-tests/suites/runtime_config_file.go @@ -125,7 +125,7 @@ func (s *RuntimeConfigFileTestSuite) TestRuntimeConfigFileEnable() { // Default configuration is external IPs disabled. // We expect normalized connections. assert.AssertNoRuntimeConfig(s.T(), collectorIP) - expectedConnections := []types.NetworkInfoBatch{[]*sensorAPI.NetworkConnection{&activeNormalizedConnection}} + expectedConnections := []types.NetworkConnectionBatch{[]*sensorAPI.NetworkConnection{&activeNormalizedConnection}} connectionSuccess := s.Sensor().ExpectSameElementsConnectionsScrapes(s.T(), s.ClientContainer, 10*time.Second, expectedConnections) s.Require().True(connectionSuccess) From 7871e2258983e7314d4d7c491cdd4ebcf4029dd0 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Tue, 24 Jun 2025 16:26:11 -0700 Subject: [PATCH 05/25] Fixed TestProcessNetwork --- integration-tests/suites/process_network.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/integration-tests/suites/process_network.go b/integration-tests/suites/process_network.go index 932795391f..6f2ec12fbd 100644 --- a/integration-tests/suites/process_network.go +++ b/integration-tests/suites/process_network.go @@ -9,6 +9,7 @@ import ( "github.com/stackrox/collector/integration-tests/pkg/types" sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" + "github.com/stackrox/rox/generated/storage" ) type ProcessNetworkTestSuite struct { @@ -74,7 +75,7 @@ func (s *ProcessNetworkTestSuite) SetupSuite() { s.serverPort, err = s.getPort("nginx") s.Require().NoError(err) - _, err = s.execContainer("nginx-curl", []string{"curl", fmt.Sprintf("%s:%s", s.serverIP, s.serverPort)}, false) + _, err = s.execContainer("nginx-curl", []string{"curl", fmt.Sprintf("%s:%d", s.serverIP, s.serverPort)}, false) s.Require().NoError(err) s.clientIP, err = s.getIPAddress("nginx-curl") @@ -151,7 +152,8 @@ func (s *ProcessNetworkTestSuite) TestNetworkFlows() { s.Sensor().ExpectConnections(s.T(), s.serverContainer, 10*time.Second, &sensorAPI.NetworkConnection{ LocalAddress: types.CreateNetworkAddress("", "", s.serverPort), - RemoteAddress: types.CreateNetworkAddress(s.clientIP, "", s.serverPort), + RemoteAddress: types.CreateNetworkAddress(s.clientIP, "", 0), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, @@ -161,7 +163,8 @@ func (s *ProcessNetworkTestSuite) TestNetworkFlows() { s.Sensor().ExpectConnections(s.T(), s.clientContainer, 10*time.Second, &sensorAPI.NetworkConnection{ LocalAddress: types.CreateNetworkAddress("", "", 0), - RemoteAddress: types.CreateNetworkAddress(s.clientIP, "", s.serverPort), + RemoteAddress: types.CreateNetworkAddress(s.serverIP, "", s.serverPort), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, From 3c27b20a404a2e10b236db8c1020b7b044cd41df Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Tue, 24 Jun 2025 19:52:19 -0700 Subject: [PATCH 06/25] Fixed repeated_network_flow.go --- integration-tests/suites/repeated_network_flow.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/integration-tests/suites/repeated_network_flow.go b/integration-tests/suites/repeated_network_flow.go index 5f6e34ab97..beeb918eb6 100644 --- a/integration-tests/suites/repeated_network_flow.go +++ b/integration-tests/suites/repeated_network_flow.go @@ -87,7 +87,7 @@ func (s *RepeatedNetworkFlowTestSuite) SetupSuite() { s.ServerPort, err = s.getPort("nginx") s.Require().NoError(err) - serverAddress := fmt.Sprintf("%s:%s", s.ServerIP, s.ServerPort) + serverAddress := fmt.Sprintf("%s:%d", s.ServerIP, s.ServerPort) numMetaIter := strconv.Itoa(s.NumMetaIter) numIter := strconv.Itoa(s.NumIter) @@ -131,8 +131,11 @@ func (s *RepeatedNetworkFlowTestSuite) TestRepeatedNetworkFlow() { actualClientEndpoint := networkInfos[0].RemoteAddress // From server perspective, network connection info only has local port and remote IP - assert.Equal(s.T(), fmt.Sprintf(":%s", s.ServerPort), actualServerEndpoint) - assert.Equal(s.T(), s.ClientIP, actualClientEndpoint) + expectedServerEndpoint := types.CreateNetworkAddress("", "", s.ServerPort) + expectedClientEndpoint := types.CreateNetworkAddress(s.ClientIP, "", 0) + + assert.True(s.T(), types.EqualNetworkAddress(expectedServerEndpoint, actualServerEndpoint)) + assert.True(s.T(), types.EqualNetworkAddress(expectedClientEndpoint, actualClientEndpoint)) // client side checks From 67010b6ee558d2596d7da5f9b2e364f628c2772a Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Tue, 24 Jun 2025 20:06:16 -0700 Subject: [PATCH 07/25] Fixed listening_ports.go --- integration-tests/suites/listening_ports.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integration-tests/suites/listening_ports.go b/integration-tests/suites/listening_ports.go index b146cf9812..c45dd615ab 100644 --- a/integration-tests/suites/listening_ports.go +++ b/integration-tests/suites/listening_ports.go @@ -58,7 +58,7 @@ func (s *ProcessListeningOnPortTestSuite) SetupSuite() { port, err := s.getPort(serverName) s.Require().NoError(err) - s.serverURL = fmt.Sprintf("http://%s:%s", ip, port) + s.serverURL = fmt.Sprintf("http://%s:%d", ip, port) // Wait 5 seconds for the plop service to start common.Sleep(5 * time.Second) From 4bf0b9c69377ad28f755e4432cb9d74d45855dad Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Wed, 25 Jun 2025 09:39:08 -0700 Subject: [PATCH 08/25] Fixed udp_networkflow.go --- integration-tests/suites/udp_networkflow.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/integration-tests/suites/udp_networkflow.go b/integration-tests/suites/udp_networkflow.go index 57857ae5ed..590367609a 100644 --- a/integration-tests/suites/udp_networkflow.go +++ b/integration-tests/suites/udp_networkflow.go @@ -6,6 +6,7 @@ import ( "time" sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" + "github.com/stackrox/rox/generated/storage" "github.com/stackrox/collector/integration-tests/pkg/collector" "github.com/stackrox/collector/integration-tests/pkg/common" @@ -129,7 +130,7 @@ func (s *UdpNetworkFlow) runTest(image, recv, send string, port uint32) { serverConnection := &sensorAPI.NetworkConnection{ LocalAddress: types.CreateNetworkAddress("", "", server.port), RemoteAddress: types.CreateNetworkAddress(client.ip, "", 0), - Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, } @@ -157,6 +158,7 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() { clientConnections[i] = &sensorAPI.NetworkConnection{ LocalAddress: types.CreateNetworkAddress("", "", 0), RemoteAddress: types.CreateNetworkAddress(servers[i].ip, "", servers[i].port), + Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, @@ -178,7 +180,8 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() { serverConnection := &sensorAPI.NetworkConnection{ LocalAddress: types.CreateNetworkAddress("", "", server.port), RemoteAddress: types.CreateNetworkAddress(client.ip, "", 0), - Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, + Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, } @@ -214,7 +217,8 @@ func (s *UdpNetworkFlow) TestMultipleSources() { serverConnections[i] = &sensorAPI.NetworkConnection{ LocalAddress: types.CreateNetworkAddress("", "", server.port), RemoteAddress: types.CreateNetworkAddress(clients[i].ip, "", 0), - Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, + Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, } @@ -223,6 +227,7 @@ func (s *UdpNetworkFlow) TestMultipleSources() { clientConnection := &sensorAPI.NetworkConnection{ LocalAddress: types.CreateNetworkAddress("", "", 0), RemoteAddress: types.CreateNetworkAddress(server.ip, "", server.port), + Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, From 340510f3d2e07abe301f4c0377c0c2740ad8dfe6 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Wed, 25 Jun 2025 22:09:38 -0700 Subject: [PATCH 09/25] Check for equality between connections checks for protocol --- integration-tests/pkg/mock_sensor/expect_conn.go | 5 +++-- integration-tests/pkg/mock_sensor/server.go | 2 +- integration-tests/pkg/types/network.go | 3 ++- integration-tests/suites/udp_networkflow.go | 2 ++ 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/integration-tests/pkg/mock_sensor/expect_conn.go b/integration-tests/pkg/mock_sensor/expect_conn.go index d6b9ee0f4e..eeeecd4d8a 100644 --- a/integration-tests/pkg/mock_sensor/expect_conn.go +++ b/integration-tests/pkg/mock_sensor/expect_conn.go @@ -1,6 +1,7 @@ package mock_sensor import ( + "fmt" "testing" "time" @@ -88,7 +89,7 @@ func (s *MockSensor) ExpectSameElementsConnections(t *testing.T, containerID str types.SortConnections(expected) equal := func(c1, c2 *sensorAPI.NetworkConnection) bool { - return types.Equal(c1, c2) + return types.EqualNetworkConnection(c1, c2) } connections := s.Connections(containerID) @@ -125,7 +126,7 @@ func (s *MockSensor) ExpectSameElementsConnectionsScrapes(t *testing.T, containe types.SortConnections(c2) for i := range c2 { - if !types.Equal(c1[i], c2[i]) { + if !types.EqualNetworkConnection(c1[i], c2[i]) { return false } } diff --git a/integration-tests/pkg/mock_sensor/server.go b/integration-tests/pkg/mock_sensor/server.go index 14a469b6fc..7b6e07223c 100644 --- a/integration-tests/pkg/mock_sensor/server.go +++ b/integration-tests/pkg/mock_sensor/server.go @@ -192,7 +192,7 @@ func (m *MockSensor) HasConnection(containerID string, conn *sensorAPI.NetworkCo conns := m.Connections(containerID) if len(conns) > 0 { return slices.ContainsFunc(conns, func(c *sensorAPI.NetworkConnection) bool { - return types.Equal(c, conn) + return types.EqualNetworkConnection(c, conn) }) } diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index d09dfd015f..eebfeadf16 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -49,9 +49,10 @@ func IsActive(conn *sensorAPI.NetworkConnection) bool { return conn.GetCloseTimestamp() == nil } -func Equal(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { +func EqualNetworkConnection(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { return EqualNetworkAddress(conn1.LocalAddress, conn2.LocalAddress) && EqualNetworkAddress(conn1.RemoteAddress, conn2.RemoteAddress) && + conn1.Protocol == conn2.Protocol && conn1.Role == conn2.Role && conn1.SocketFamily == conn2.SocketFamily && IsActive(conn1) == IsActive(conn2) diff --git a/integration-tests/suites/udp_networkflow.go b/integration-tests/suites/udp_networkflow.go index 590367609a..3d76ce82e5 100644 --- a/integration-tests/suites/udp_networkflow.go +++ b/integration-tests/suites/udp_networkflow.go @@ -121,6 +121,7 @@ func (s *UdpNetworkFlow) runTest(image, recv, send string, port uint32) { clientConnection := &sensorAPI.NetworkConnection{ LocalAddress: types.CreateNetworkAddress("", "", 0), RemoteAddress: types.CreateNetworkAddress(server.ip, "", server.port), + Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, @@ -130,6 +131,7 @@ func (s *UdpNetworkFlow) runTest(image, recv, send string, port uint32) { serverConnection := &sensorAPI.NetworkConnection{ LocalAddress: types.CreateNetworkAddress("", "", server.port), RemoteAddress: types.CreateNetworkAddress(client.ip, "", 0), + Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, From 23de1bb9aee281b1b68770028fe1adfbe06954af Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Thu, 26 Jun 2025 14:19:56 -0700 Subject: [PATCH 10/25] Removed unused import --- integration-tests/pkg/mock_sensor/expect_conn.go | 1 - 1 file changed, 1 deletion(-) diff --git a/integration-tests/pkg/mock_sensor/expect_conn.go b/integration-tests/pkg/mock_sensor/expect_conn.go index eeeecd4d8a..6d929602e1 100644 --- a/integration-tests/pkg/mock_sensor/expect_conn.go +++ b/integration-tests/pkg/mock_sensor/expect_conn.go @@ -1,7 +1,6 @@ package mock_sensor import ( - "fmt" "testing" "time" From b465bf6ea828a2129737334d1cafb0b62f48b831 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Fri, 27 Jun 2025 20:19:32 -0700 Subject: [PATCH 11/25] Using EqualVT from generated code rather than own function --- .../pkg/mock_sensor/expect_conn.go | 4 +- integration-tests/pkg/mock_sensor/server.go | 2 +- integration-tests/pkg/types/network.go | 92 +++++++++---------- integration-tests/suites/process_network.go | 2 + .../suites/repeated_network_flow.go | 14 +-- .../suites/runtime_config_file.go | 5 + integration-tests/suites/udp_networkflow.go | 51 +++++----- 7 files changed, 92 insertions(+), 78 deletions(-) diff --git a/integration-tests/pkg/mock_sensor/expect_conn.go b/integration-tests/pkg/mock_sensor/expect_conn.go index 6d929602e1..0a6fa80c9d 100644 --- a/integration-tests/pkg/mock_sensor/expect_conn.go +++ b/integration-tests/pkg/mock_sensor/expect_conn.go @@ -88,7 +88,7 @@ func (s *MockSensor) ExpectSameElementsConnections(t *testing.T, containerID str types.SortConnections(expected) equal := func(c1, c2 *sensorAPI.NetworkConnection) bool { - return types.EqualNetworkConnection(c1, c2) + return types.EqualNetworkConnection(*c1, *c2) } connections := s.Connections(containerID) @@ -125,7 +125,7 @@ func (s *MockSensor) ExpectSameElementsConnectionsScrapes(t *testing.T, containe types.SortConnections(c2) for i := range c2 { - if !types.EqualNetworkConnection(c1[i], c2[i]) { + if !types.EqualNetworkConnection(*c1[i], *c2[i]) { return false } } diff --git a/integration-tests/pkg/mock_sensor/server.go b/integration-tests/pkg/mock_sensor/server.go index 7b6e07223c..544d505655 100644 --- a/integration-tests/pkg/mock_sensor/server.go +++ b/integration-tests/pkg/mock_sensor/server.go @@ -192,7 +192,7 @@ func (m *MockSensor) HasConnection(containerID string, conn *sensorAPI.NetworkCo conns := m.Connections(containerID) if len(conns) > 0 { return slices.ContainsFunc(conns, func(c *sensorAPI.NetworkConnection) bool { - return types.EqualNetworkConnection(c, conn) + return types.EqualNetworkConnection(*c, *conn) }) } diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index eebfeadf16..1796a7bf3d 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -3,59 +3,66 @@ package types import ( "net" "sort" + "time" + + timestamppb "google.golang.org/protobuf/types/known/timestamppb" sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" - utils "github.com/stackrox/rox/pkg/net" ) const ( NilTimestamp = "" ) +var ( + nilTimestamp = timestamppb.New(time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC)) + notNilTimestamp = timestamppb.New(time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC)) +) + type NetworkConnectionBatch []*sensorAPI.NetworkConnection -// TranslateAddress is a helper function for converting binary representations -// of network addresses (in the signals) to usable forms for testing -func TranslateAddress(addr *sensorAPI.NetworkAddress) string { - peerId := utils.NetworkPeerID{Port: uint16(addr.GetPort())} - addressData := addr.GetAddressData() - if len(addressData) > 0 { - peerId.Address = utils.IPFromBytes(addressData) - return peerId.String() +func IsActive(conn *sensorAPI.NetworkConnection) bool { + // no close timestamp means the connection is open, and active + return conn.GetCloseTimestamp() == nil +} + +// The EqualVT method for NetworkAddress returns false if both of them are nil. That is not what +// we want, so replace nil addr with a default NetworkAddress. +func adjustNetworkAddressForComparison(addr *sensorAPI.NetworkAddress) *sensorAPI.NetworkAddress { + if addr == nil { + return CreateNetworkAddress("", "", 0) } - // If there is no address data, this is either the source address or - // IpNetwork should be set and represent a CIDR block or external IP address. - ipNetworkData := addr.GetIpNetwork() - if len(ipNetworkData) == 0 { - return peerId.String() + return addr +} + +// The EqualVT method for NetworkConnection returns false if both CloseTimestamps +// are nil. Same goes for LocalAddress and Remote Address. That is not the desired +// result. Also EqualVT returns false if the CloseTimestamp are different non-nil +// timestamps. We want the equal function to return true if neither of them are nil +// or both of them are nil. This function adjusts the fields so that the comparison +// works the way we want it to. +func adjustNetworkConnectionForComparison(conn *sensorAPI.NetworkConnection) { + conn.LocalAddress = adjustNetworkAddressForComparison(conn.LocalAddress) + conn.RemoteAddress = adjustNetworkAddressForComparison(conn.RemoteAddress) + + if conn.CloseTimestamp == nil { + conn.CloseTimestamp = nilTimestamp } - ipNetwork := utils.IPNetworkFromCIDRBytes(ipNetworkData) - prefixLen := ipNetwork.PrefixLen() - // If this is IPv4 and the prefix length is 32 or this is IPv6 and the prefix length - // is 128 this is a regular IP address and not a CIDR block - if (ipNetwork.Family() == utils.IPv4 && prefixLen == byte(32)) || - (ipNetwork.Family() == utils.IPv6 && prefixLen == byte(128)) { - peerId.Address = ipNetwork.IP() - } else { - peerId.IPNetwork = ipNetwork + if conn.CloseTimestamp != nil { + conn.CloseTimestamp = notNilTimestamp } - return peerId.String() } -func IsActive(conn *sensorAPI.NetworkConnection) bool { - // no close timestamp means the connection is open, and active - return conn.GetCloseTimestamp() == nil -} +// EqualVT is not called directly because it returns false in cases that we don't want it to, for example +// when both CloseTimestamp are nil, or when they have different non-nil values. +func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.NetworkConnection) bool { + adjustNetworkConnectionForComparison(&conn1) + adjustNetworkConnectionForComparison(&conn2) + + return conn1.EqualVT(&conn2) -func EqualNetworkConnection(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { - return EqualNetworkAddress(conn1.LocalAddress, conn2.LocalAddress) && - EqualNetworkAddress(conn1.RemoteAddress, conn2.RemoteAddress) && - conn1.Protocol == conn2.Protocol && - conn1.Role == conn2.Role && - conn1.SocketFamily == conn2.SocketFamily && - IsActive(conn1) == IsActive(conn2) } func CompareBytes(b1 []byte, b2 []byte) int { @@ -81,19 +88,10 @@ func CompareBytes(b1 []byte, b2 []byte) int { } func EqualNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool { - comp := CompareBytes(addr1.GetAddressData(), addr2.GetAddressData()) - - if comp != 0 { - return false - } - - comp = CompareBytes(addr1.GetIpNetwork(), addr2.GetIpNetwork()) - - if comp != 0 { - return false - } + ad1 := adjustNetworkAddressForComparison(addr1) + ad2 := adjustNetworkAddressForComparison(addr2) - return addr1.GetPort() == addr2.GetPort() + return ad1.EqualVT(ad2) } func LessNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool { diff --git a/integration-tests/suites/process_network.go b/integration-tests/suites/process_network.go index 6f2ec12fbd..1f2a0aa135 100644 --- a/integration-tests/suites/process_network.go +++ b/integration-tests/suites/process_network.go @@ -156,6 +156,7 @@ func (s *ProcessNetworkTestSuite) TestNetworkFlows() { Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + ContainerId: s.serverContainer, CloseTimestamp: nil, }, ) @@ -167,6 +168,7 @@ func (s *ProcessNetworkTestSuite) TestNetworkFlows() { Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + ContainerId: s.clientContainer, CloseTimestamp: nil, }, ) diff --git a/integration-tests/suites/repeated_network_flow.go b/integration-tests/suites/repeated_network_flow.go index beeb918eb6..2156f92c6e 100644 --- a/integration-tests/suites/repeated_network_flow.go +++ b/integration-tests/suites/repeated_network_flow.go @@ -109,12 +109,12 @@ func (s *RepeatedNetworkFlowTestSuite) TearDownSuite() { } func (s *RepeatedNetworkFlowTestSuite) TestRepeatedNetworkFlow() { - networkInfos := s.Sensor().ExpectConnectionsN(s.T(), s.ServerContainer, 10*time.Second, s.ExpectedActive+s.ExpectedInactive) + networkConnections := s.Sensor().ExpectConnectionsN(s.T(), s.ServerContainer, 10*time.Second, s.ExpectedActive+s.ExpectedInactive) observedActive := 0 observedInactive := 0 - for _, info := range networkInfos { + for _, info := range networkConnections { if types.IsActive(info) { observedActive++ } else { @@ -127,8 +127,8 @@ func (s *RepeatedNetworkFlowTestSuite) TestRepeatedNetworkFlow() { // Server side checks - actualServerEndpoint := networkInfos[0].LocalAddress - actualClientEndpoint := networkInfos[0].RemoteAddress + actualServerEndpoint := networkConnections[0].LocalAddress + actualClientEndpoint := networkConnections[0].RemoteAddress // From server perspective, network connection info only has local port and remote IP expectedServerEndpoint := types.CreateNetworkAddress("", "", s.ServerPort) @@ -143,8 +143,8 @@ func (s *RepeatedNetworkFlowTestSuite) TestRepeatedNetworkFlow() { // See the comment above for the server container endpoint test for more info. assert.Equal(s.T(), 0, len(s.Sensor().Endpoints(s.ClientContainer))) - networkInfos = s.Sensor().Connections(s.ClientContainer) + networkConnections = s.Sensor().Connections(s.ClientContainer) - actualClientEndpoint = networkInfos[0].LocalAddress - actualServerEndpoint = networkInfos[0].RemoteAddress + actualClientEndpoint = networkConnections[0].LocalAddress + actualServerEndpoint = networkConnections[0].RemoteAddress } diff --git a/integration-tests/suites/runtime_config_file.go b/integration-tests/suites/runtime_config_file.go index 634f410897..a9b344d7cf 100644 --- a/integration-tests/suites/runtime_config_file.go +++ b/integration-tests/suites/runtime_config_file.go @@ -98,6 +98,11 @@ func (s *RuntimeConfigFileTestSuite) SetupTest() { s.Require().NoError(err) s.ClientContainer = common.ContainerShortID(containerID) + activeNormalizedConnection.ContainerId = s.ClientContainer + inactiveNormalizedConnection.ContainerId = s.ClientContainer + activeUnnormalizedConnection.ContainerId = s.ClientContainer + inactiveUnnormalizedConnection.ContainerId = s.ClientContainer + collectorOptions := collector.StartupOptions{ Env: map[string]string{ "ROX_AFTERGLOW_PERIOD": "6", diff --git a/integration-tests/suites/udp_networkflow.go b/integration-tests/suites/udp_networkflow.go index 3d76ce82e5..6f09058d98 100644 --- a/integration-tests/suites/udp_networkflow.go +++ b/integration-tests/suites/udp_networkflow.go @@ -124,6 +124,7 @@ func (s *UdpNetworkFlow) runTest(image, recv, send string, port uint32) { Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + ContainerId: client.id, CloseTimestamp: nil, } @@ -134,6 +135,7 @@ func (s *UdpNetworkFlow) runTest(image, recv, send string, port uint32) { Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + ContainerId: server.id, CloseTimestamp: nil, } @@ -155,16 +157,6 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() { Command: newServerCmd("recvfrom", port), }, port) log.Info("Server: %s\n", servers[i].String()) - - // Load the client connection collector has to send for this server. - clientConnections[i] = &sensorAPI.NetworkConnection{ - LocalAddress: types.CreateNetworkAddress("", "", 0), - RemoteAddress: types.CreateNetworkAddress(servers[i].ip, "", servers[i].port), - Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, - Role: sensorAPI.ClientServerRole_ROLE_CLIENT, - SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, - } } // We give a big period here to ensure the syscall happens just once @@ -178,6 +170,20 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() { }) log.Info("Client: %s\n", client.String()) + for i := 0; i < CONTAINER_COUNT; i++ { + // Load the client connection collector has to send for this server. + clientConnections[i] = &sensorAPI.NetworkConnection{ + //LocalAddress: nil, + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress(servers[i].ip, "", servers[i].port), + Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + ContainerId: client.id, + CloseTimestamp: nil, + } + } + for _, server := range servers { serverConnection := &sensorAPI.NetworkConnection{ LocalAddress: types.CreateNetworkAddress("", "", server.port), @@ -185,6 +191,7 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() { Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + ContainerId: server.id, CloseTimestamp: nil, } s.Sensor().ExpectConnections(s.T(), server.id, 5*time.Second, serverConnection) @@ -205,6 +212,7 @@ func (s *UdpNetworkFlow) TestMultipleSources() { clients := make([]containerData, CONTAINER_COUNT) serverConnections := make([]*sensorAPI.NetworkConnection, CONTAINER_COUNT) + clientConnections := make([]*sensorAPI.NetworkConnection, CONTAINER_COUNT) for i := 0; i < CONTAINER_COUNT; i++ { name := fmt.Sprintf("%s-%d", UDP_CLIENT, i) clients[i] = s.runClient(config.ContainerStartConfig{ @@ -221,22 +229,23 @@ func (s *UdpNetworkFlow) TestMultipleSources() { RemoteAddress: types.CreateNetworkAddress(clients[i].ip, "", 0), Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, + ContainerId: server.id, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, } + clientConnections[i] = &sensorAPI.NetworkConnection{ + LocalAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress(server.ip, "", server.port), + Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, + Role: sensorAPI.ClientServerRole_ROLE_CLIENT, + SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, + ContainerId: clients[i].id, + CloseTimestamp: nil, + } } - clientConnection := &sensorAPI.NetworkConnection{ - LocalAddress: types.CreateNetworkAddress("", "", 0), - RemoteAddress: types.CreateNetworkAddress(server.ip, "", server.port), - Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, - Role: sensorAPI.ClientServerRole_ROLE_CLIENT, - SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, - } - - for _, client := range clients { - s.Sensor().ExpectConnections(s.T(), client.id, 5*time.Second, clientConnection) + for i, client := range clients { + s.Sensor().ExpectConnections(s.T(), client.id, 5*time.Second, clientConnections[i]) } s.Sensor().ExpectConnections(s.T(), server.id, 5*time.Second, serverConnections...) } From b2858966659fd4b192c290286f8ffd279a64c10a Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Wed, 2 Jul 2025 10:15:09 -0700 Subject: [PATCH 12/25] Setting port variables --- integration-tests/integration_test.go | 62 +++++++++++++++------------ 1 file changed, 35 insertions(+), 27 deletions(-) diff --git a/integration-tests/integration_test.go b/integration-tests/integration_test.go index 300c508bea..18b15b1fe5 100644 --- a/integration-tests/integration_test.go +++ b/integration-tests/integration_test.go @@ -1,6 +1,7 @@ package integrationtests import ( + "fmt" "strings" "testing" @@ -164,13 +165,14 @@ func TestDuplicateEndpoints(t *testing.T) { func TestConnectionsAndEndpointsNormal(t *testing.T) { // Server uses a normal port. Client is assigned a port in the ephemeral range in the normal way + port := 40 normalPorts := &suites.ConnectionsAndEndpointsTestSuite{ Server: suites.Container{ Name: "socat-server-0", Cmd: "socat TCP4-LISTEN:40,reuseaddr,fork - &", ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: types.CreateNetworkAddress("", "", 40), + LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), RemoteAddress: types.CreateNetworkAddress("", "", 0), Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -182,7 +184,7 @@ func TestConnectionsAndEndpointsNormal(t *testing.T) { Protocol: "L4_PROTOCOL_TCP", Address: types.ListenAddress{ AddressData: "\x00\x00\x00\x00", - Port: 40, + Port: port, IpNetwork: "\x00\x00\x00\x00 ", }, }, @@ -190,11 +192,11 @@ func TestConnectionsAndEndpointsNormal(t *testing.T) { }, Client: suites.Container{ Name: "socat-client-0", - Cmd: "echo hello | socat - TCP4:SERVER_IP:40", + Cmd: fmt.Sprintf("echo hello | socat - TCP4:SERVER_IP:%d", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: types.CreateNetworkAddress("", "", 0), - RemoteAddress: types.CreateNetworkAddress("", "", 40), + RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, @@ -209,13 +211,14 @@ func TestConnectionsAndEndpointsNormal(t *testing.T) { func TestConnectionsAndEndpointsHighLowPorts(t *testing.T) { // The server is assigned a port in the ephemeral ports range. // The client is assigned a source port in a non-ephemeral ports range + port := 40000 mixedHighLowPorts := &suites.ConnectionsAndEndpointsTestSuite{ Server: suites.Container{ Name: "socat-server-1", - Cmd: "socat TCP4-LISTEN:40000,reuseaddr,fork - &", + Cmd: fmt.Sprintf("socat TCP4-LISTEN:%d,reuseaddr,fork - &", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: types.CreateNetworkAddress("", "", 40000), + LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), RemoteAddress: types.CreateNetworkAddress("", "", 0), Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -227,7 +230,7 @@ func TestConnectionsAndEndpointsHighLowPorts(t *testing.T) { Protocol: "L4_PROTOCOL_TCP", Address: types.ListenAddress{ AddressData: "\x00\x00\x00\x00", - Port: 40000, + Port: port, IpNetwork: "\x00\x00\x00\x00 ", }, }, @@ -235,11 +238,11 @@ func TestConnectionsAndEndpointsHighLowPorts(t *testing.T) { }, Client: suites.Container{ Name: "socat-client-1", - Cmd: "echo hello | socat - TCP4:SERVER_IP:40000,sourceport=10000", + Cmd: fmt.Sprintf("echo hello | socat - TCP4:SERVER_IP:%d,sourceport=10000", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: types.CreateNetworkAddress("", "", 0), - RemoteAddress: types.CreateNetworkAddress("", "", 40000), + RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, @@ -254,13 +257,14 @@ func TestConnectionsAndEndpointsHighLowPorts(t *testing.T) { func TestConnectionsAndEndpointsServerHigh(t *testing.T) { // The server is assigned a port in the ephemeral ports range. // The client is assigned a port in the ephemeral ports range in the normal way. + port := 60999 mixedHighLowPorts := &suites.ConnectionsAndEndpointsTestSuite{ Server: suites.Container{ Name: "socat-server-2", - Cmd: "socat TCP4-LISTEN:60999,reuseaddr,fork - &", + Cmd: fmt.Sprintf("socat TCP4-LISTEN:%d,reuseaddr,fork - &", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: types.CreateNetworkAddress("", "", 60999), + LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), RemoteAddress: types.CreateNetworkAddress("", "", 0), Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -272,7 +276,7 @@ func TestConnectionsAndEndpointsServerHigh(t *testing.T) { Protocol: "L4_PROTOCOL_TCP", Address: types.ListenAddress{ AddressData: "\x00\x00\x00\x00", - Port: 60999, + Port: port, IpNetwork: "\x00\x00\x00\x00 ", }, }, @@ -284,7 +288,7 @@ func TestConnectionsAndEndpointsServerHigh(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: types.CreateNetworkAddress("", "", 0), - RemoteAddress: types.CreateNetworkAddress("", "", 60999), + RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, @@ -299,13 +303,14 @@ func TestConnectionsAndEndpointsServerHigh(t *testing.T) { func TestConnectionsAndEndpointsSourcePort(t *testing.T) { // The server is assigned a port in the ephemeral ports range. // The client is assigned a source port in a non-ephemeral ports range + port := 10000 mixedHighLowPorts := &suites.ConnectionsAndEndpointsTestSuite{ Server: suites.Container{ Name: "socat-server-1", - Cmd: "socat TCP4-LISTEN:10000,reuseaddr,fork - &", + Cmd: fmt.Sprintf("socat TCP4-LISTEN:%d,reuseaddr,fork - &", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: types.CreateNetworkAddress("", "", 10000), + LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), RemoteAddress: types.CreateNetworkAddress("", "", 0), Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -317,7 +322,7 @@ func TestConnectionsAndEndpointsSourcePort(t *testing.T) { Protocol: "L4_PROTOCOL_TCP", Address: types.ListenAddress{ AddressData: "\x00\x00\x00\x00", - Port: 10000, + Port: port, IpNetwork: "\x00\x00\x00\x00 ", }, }, @@ -325,11 +330,11 @@ func TestConnectionsAndEndpointsSourcePort(t *testing.T) { }, Client: suites.Container{ Name: "socat-client-1", - Cmd: "echo hello | socat - TCP4:SERVER_IP:10000,sourceport=40000", + Cmd: fmt.Sprintf("echo hello | socat - TCP4:SERVER_IP:%d,sourceport=40000", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: types.CreateNetworkAddress("", "", 0), - RemoteAddress: types.CreateNetworkAddress("", "", 10000), + RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, @@ -343,10 +348,11 @@ func TestConnectionsAndEndpointsSourcePort(t *testing.T) { func TestConnectionsAndEndpointsUDPNormal(t *testing.T) { // A test for UDP + port := 53 mixedHighLowPorts := &suites.ConnectionsAndEndpointsTestSuite{ Server: suites.Container{ Name: "socat-server-udp", - Cmd: "socat UDP-LISTEN:53,reuseaddr,fork - &", + Cmd: fmt.Sprintf("socat UDP-LISTEN:%d,reuseaddr,fork - &", port), // TODO UDP connections are not always reported on the server side ExpectedNetwork: nil, // ExpectedNetwork: []types.NetworkInfo{ @@ -363,11 +369,11 @@ func TestConnectionsAndEndpointsUDPNormal(t *testing.T) { }, Client: suites.Container{ Name: "socat-client-udp", - Cmd: "echo hello | socat - UDP:SERVER_IP:53", + Cmd: fmt.Sprintf("echo hello | socat - UDP:SERVER_IP:%d", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: types.CreateNetworkAddress("", "", 0), - RemoteAddress: types.CreateNetworkAddress("", "", 53), + RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, @@ -381,10 +387,11 @@ func TestConnectionsAndEndpointsUDPNormal(t *testing.T) { func TestConnectionsAndEndpointsUDPNoReuseaddr(t *testing.T) { // A test for UDP without reuseaddr + port := 53 mixedHighLowPorts := &suites.ConnectionsAndEndpointsTestSuite{ Server: suites.Container{ Name: "socat-server-udp", - Cmd: "socat UDP-LISTEN:53,fork - &", + Cmd: fmt.Sprintf("socat UDP-LISTEN:%d,fork - &", port), // TODO UDP connections are not always reported on the server side ExpectedNetwork: nil, // ExpectedNetwork: []types.NetworkInfo{ @@ -401,11 +408,11 @@ func TestConnectionsAndEndpointsUDPNoReuseaddr(t *testing.T) { }, Client: suites.Container{ Name: "socat-client-udp", - Cmd: "echo hello | socat - UDP:SERVER_IP:53", + Cmd: fmt.Sprintf("echo hello | socat - UDP:SERVER_IP:%d", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: types.CreateNetworkAddress("", "", 0), - RemoteAddress: types.CreateNetworkAddress("", "", 53), + RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, @@ -419,10 +426,11 @@ func TestConnectionsAndEndpointsUDPNoReuseaddr(t *testing.T) { func TestConnectionsAndEndpointsUDPNoFork(t *testing.T) { // A test for UDP without fork or reuseaddr + port := 53 mixedHighLowPorts := &suites.ConnectionsAndEndpointsTestSuite{ Server: suites.Container{ Name: "socat-server-udp", - Cmd: "socat UDP-LISTEN:53 - &", + Cmd: fmt.Sprintf("socat UDP-LISTEN:%d - &", port), // TODO UDP connections are not always reported on the server side ExpectedNetwork: nil, // ExpectedNetwork: []types.NetworkInfo{ @@ -439,11 +447,11 @@ func TestConnectionsAndEndpointsUDPNoFork(t *testing.T) { }, Client: suites.Container{ Name: "socat-client-udp", - Cmd: "echo hello | socat - UDP:SERVER_IP:53", + Cmd: fmt.Sprintf("echo hello | socat - UDP:SERVER_IP:%d", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: types.CreateNetworkAddress("", "", 0), - RemoteAddress: types.CreateNetworkAddress("", "", 53), + RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, CloseTimestamp: nil, From f04ed837319a9e75dbb3b19451e1de21e0e0f0a7 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Wed, 2 Jul 2025 11:37:10 -0700 Subject: [PATCH 13/25] Using EqualNetworkConnection for connections_and_endpoints.go --- integration-tests/integration_test.go | 44 ++++++++++++------- integration-tests/pkg/types/endpoint.go | 2 +- integration-tests/pkg/types/network.go | 15 +++---- .../suites/connections_and_endpoints.go | 16 +++---- integration-tests/suites/listening_ports.go | 2 +- 5 files changed, 42 insertions(+), 37 deletions(-) diff --git a/integration-tests/integration_test.go b/integration-tests/integration_test.go index 18b15b1fe5..3c8af5aed8 100644 --- a/integration-tests/integration_test.go +++ b/integration-tests/integration_test.go @@ -6,6 +6,7 @@ import ( "testing" sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" + "github.com/stackrox/rox/generated/storage" "github.com/stretchr/testify/suite" @@ -96,7 +97,7 @@ func TestProcfsScraper(t *testing.T) { Expected: []types.EndpointInfo{ { Protocol: "L4_PROTOCOL_TCP", - CloseTimestamp: types.NilTimestamp, + CloseTimestamp: types.NilTimestampStr, Address: types.ListenAddress{ AddressData: "\x00\x00\x00\x00", Port: 80, @@ -129,7 +130,7 @@ func TestProcfsScraperDisableFeatureFlag(t *testing.T) { Expected: []types.EndpointInfo{ { Protocol: "L4_PROTOCOL_TCP", - CloseTimestamp: types.NilTimestamp, + CloseTimestamp: types.NilTimestampStr, Address: types.ListenAddress{ AddressData: "\x00\x00\x00\x00", Port: 80, @@ -174,9 +175,10 @@ func TestConnectionsAndEndpointsNormal(t *testing.T) { { LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), RemoteAddress: types.CreateNetworkAddress("", "", 0), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, + CloseTimestamp: types.NotNilTimestamp, }, }, ExpectedEndpoints: []types.EndpointInfo{ @@ -197,9 +199,10 @@ func TestConnectionsAndEndpointsNormal(t *testing.T) { { LocalAddress: types.CreateNetworkAddress("", "", 0), RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, + CloseTimestamp: types.NotNilTimestamp, }, }, ExpectedEndpoints: nil, @@ -220,9 +223,10 @@ func TestConnectionsAndEndpointsHighLowPorts(t *testing.T) { { LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), RemoteAddress: types.CreateNetworkAddress("", "", 0), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, + CloseTimestamp: types.NotNilTimestamp, }, }, ExpectedEndpoints: []types.EndpointInfo{ @@ -243,9 +247,10 @@ func TestConnectionsAndEndpointsHighLowPorts(t *testing.T) { { LocalAddress: types.CreateNetworkAddress("", "", 0), RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, + CloseTimestamp: types.NotNilTimestamp, }, }, ExpectedEndpoints: nil, @@ -266,9 +271,10 @@ func TestConnectionsAndEndpointsServerHigh(t *testing.T) { { LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), RemoteAddress: types.CreateNetworkAddress("", "", 0), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, + CloseTimestamp: types.NotNilTimestamp, }, }, ExpectedEndpoints: []types.EndpointInfo{ @@ -289,9 +295,10 @@ func TestConnectionsAndEndpointsServerHigh(t *testing.T) { { LocalAddress: types.CreateNetworkAddress("", "", 0), RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, + CloseTimestamp: types.NotNilTimestamp, }, }, ExpectedEndpoints: nil, @@ -312,9 +319,10 @@ func TestConnectionsAndEndpointsSourcePort(t *testing.T) { { LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), RemoteAddress: types.CreateNetworkAddress("", "", 0), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, + CloseTimestamp: types.NotNilTimestamp, }, }, ExpectedEndpoints: []types.EndpointInfo{ @@ -335,9 +343,10 @@ func TestConnectionsAndEndpointsSourcePort(t *testing.T) { { LocalAddress: types.CreateNetworkAddress("", "", 0), RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, + CloseTimestamp: types.NotNilTimestamp, }, }, ExpectedEndpoints: nil, @@ -361,7 +370,7 @@ func TestConnectionsAndEndpointsUDPNormal(t *testing.T) { // RemoteAddress: "CLIENT_IP", // Role: "ROLE_SERVER", // SocketFamily: "SOCKET_FAMILY_UNKNOWN", - // CloseTimestamp: types.NilTimestamp, + // CloseTimestamp: types.NilTimestampStr, // }, // }, // TODO UDP listening endpoints should be reported @@ -374,9 +383,10 @@ func TestConnectionsAndEndpointsUDPNormal(t *testing.T) { { LocalAddress: types.CreateNetworkAddress("", "", 0), RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, + CloseTimestamp: types.NotNilTimestamp, }, }, ExpectedEndpoints: nil, @@ -400,7 +410,7 @@ func TestConnectionsAndEndpointsUDPNoReuseaddr(t *testing.T) { // RemoteAddress: "CLIENT_IP", // Role: "ROLE_SERVER", // SocketFamily: "SOCKET_FAMILY_UNKNOWN", - // CloseTimestamp: types.NilTimestamp, + // CloseTimestamp: types.NilTimestampStr, // }, // }, // TODO UDP listening endpoints should be reported @@ -413,9 +423,10 @@ func TestConnectionsAndEndpointsUDPNoReuseaddr(t *testing.T) { { LocalAddress: types.CreateNetworkAddress("", "", 0), RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, + CloseTimestamp: types.NotNilTimestamp, }, }, ExpectedEndpoints: nil, @@ -439,7 +450,7 @@ func TestConnectionsAndEndpointsUDPNoFork(t *testing.T) { // RemoteAddress: "CLIENT_IP", // Role: "ROLE_SERVER", // SocketFamily: "SOCKET_FAMILY_UNKNOWN", - // CloseTimestamp: types.NilTimestamp, + // CloseTimestamp: types.NilTimestampStr, // }, // }, // TODO UDP listening endpoints should be reported @@ -452,9 +463,10 @@ func TestConnectionsAndEndpointsUDPNoFork(t *testing.T) { { LocalAddress: types.CreateNetworkAddress("", "", 0), RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, - CloseTimestamp: nil, + CloseTimestamp: types.NotNilTimestamp, }, }, ExpectedEndpoints: nil, diff --git a/integration-tests/pkg/types/endpoint.go b/integration-tests/pkg/types/endpoint.go index 014d814a31..4047591ce6 100644 --- a/integration-tests/pkg/types/endpoint.go +++ b/integration-tests/pkg/types/endpoint.go @@ -11,7 +11,7 @@ type EndpointInfo struct { func (n *EndpointInfo) IsActive() bool { // no close timestamp means the connection is open, and active - return n.CloseTimestamp == NilTimestamp + return n.CloseTimestamp == NilTimestampStr } func (n *EndpointInfo) Less(other EndpointInfo) bool { diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index 1796a7bf3d..7b1aa93295 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -11,12 +11,12 @@ import ( ) const ( - NilTimestamp = "" + NilTimestampStr = "" ) var ( - nilTimestamp = timestamppb.New(time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC)) - notNilTimestamp = timestamppb.New(time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC)) + NilTimestamp = timestamppb.New(time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC)) + NotNilTimestamp = timestamppb.New(time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC)) ) type NetworkConnectionBatch []*sensorAPI.NetworkConnection @@ -47,11 +47,9 @@ func adjustNetworkConnectionForComparison(conn *sensorAPI.NetworkConnection) { conn.RemoteAddress = adjustNetworkAddressForComparison(conn.RemoteAddress) if conn.CloseTimestamp == nil { - conn.CloseTimestamp = nilTimestamp - } - - if conn.CloseTimestamp != nil { - conn.CloseTimestamp = notNilTimestamp + conn.CloseTimestamp = NilTimestamp + } else if conn.CloseTimestamp != nil { + conn.CloseTimestamp = NotNilTimestamp } } @@ -62,7 +60,6 @@ func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.N adjustNetworkConnectionForComparison(&conn2) return conn1.EqualVT(&conn2) - } func CompareBytes(b1 []byte, b2 []byte) int { diff --git a/integration-tests/suites/connections_and_endpoints.go b/integration-tests/suites/connections_and_endpoints.go index 5383fd7e53..9fec2c0dd4 100644 --- a/integration-tests/suites/connections_and_endpoints.go +++ b/integration-tests/suites/connections_and_endpoints.go @@ -108,12 +108,10 @@ func (s *ConnectionsAndEndpointsTestSuite) TestConnectionsAndEndpoints() { } lastNetwork := clientNetworks[nNetwork-1] lastExpectedNetwork := s.Client.ExpectedNetwork[nExpectedNetwork-1] - expectedRemoteAddress := types.CreateNetworkAddress(s.Server.IP, "", lastExpectedNetwork.RemoteAddress.Port) + lastExpectedNetwork.RemoteAddress = types.CreateNetworkAddress(s.Server.IP, "", lastExpectedNetwork.RemoteAddress.Port) + lastExpectedNetwork.ContainerId = s.Client.ContainerID - assert.True(s.T(), types.EqualNetworkAddress(lastExpectedNetwork.LocalAddress, lastNetwork.LocalAddress)) - assert.True(s.T(), types.EqualNetworkAddress(expectedRemoteAddress, lastNetwork.RemoteAddress)) - assert.Equal(s.T(), sensorAPI.ClientServerRole_ROLE_CLIENT, lastNetwork.Role) - assert.Equal(s.T(), lastExpectedNetwork.SocketFamily, lastNetwork.SocketFamily) + assert.True(s.T(), types.EqualNetworkConnection(*lastExpectedNetwork, *lastNetwork)) } if s.Client.ExpectedEndpoints != nil { @@ -135,12 +133,10 @@ func (s *ConnectionsAndEndpointsTestSuite) TestConnectionsAndEndpoints() { } lastNetwork := serverNetworks[nNetwork-1] lastExpectedNetwork := s.Server.ExpectedNetwork[nExpectedNetwork-1] - expectedRemoteAddress := types.CreateNetworkAddress(s.Client.IP, "", lastExpectedNetwork.RemoteAddress.Port) + lastExpectedNetwork.RemoteAddress = types.CreateNetworkAddress(s.Client.IP, "", lastExpectedNetwork.RemoteAddress.Port) + lastExpectedNetwork.ContainerId = s.Server.ContainerID - assert.True(s.T(), types.EqualNetworkAddress(lastExpectedNetwork.LocalAddress, lastNetwork.LocalAddress)) - assert.True(s.T(), types.EqualNetworkAddress(expectedRemoteAddress, lastNetwork.RemoteAddress)) - assert.Equal(s.T(), sensorAPI.ClientServerRole_ROLE_SERVER, lastNetwork.Role) - assert.Equal(s.T(), lastExpectedNetwork.SocketFamily, lastNetwork.SocketFamily) + assert.True(s.T(), types.EqualNetworkConnection(*lastExpectedNetwork, *lastNetwork)) } serverEndpoints := s.Sensor().Endpoints(s.Server.ContainerID) diff --git a/integration-tests/suites/listening_ports.go b/integration-tests/suites/listening_ports.go index c45dd615ab..261e2cdde9 100644 --- a/integration-tests/suites/listening_ports.go +++ b/integration-tests/suites/listening_ports.go @@ -136,7 +136,7 @@ func (s *ProcessListeningOnPortTestSuite) TestProcessListeningOnPort() { return false } return infos[0].CloseTimestamp != infos[1].CloseTimestamp && - (infos[0].CloseTimestamp == types.NilTimestamp || infos[1].CloseTimestamp == types.NilTimestamp) + (infos[0].CloseTimestamp == types.NilTimestampStr || infos[1].CloseTimestamp == types.NilTimestampStr) } assert.True(s.T(), hasOpenAndClose(endpoints8081), "Did not capture open and close events for port 8081") From 712c132842f1d70aa38b82e5bdde1a6d964179b4 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Wed, 2 Jul 2025 14:14:02 -0700 Subject: [PATCH 14/25] adjustNetworkConnectionForComparison passes conn by value instead of reference --- integration-tests/pkg/types/network.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index 7b1aa93295..b81992b7fb 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -42,7 +42,7 @@ func adjustNetworkAddressForComparison(addr *sensorAPI.NetworkAddress) *sensorAP // timestamps. We want the equal function to return true if neither of them are nil // or both of them are nil. This function adjusts the fields so that the comparison // works the way we want it to. -func adjustNetworkConnectionForComparison(conn *sensorAPI.NetworkConnection) { +func adjustNetworkConnectionForComparison(conn sensorAPI.NetworkConnection) sensorAPI.NetworkConnection { conn.LocalAddress = adjustNetworkAddressForComparison(conn.LocalAddress) conn.RemoteAddress = adjustNetworkAddressForComparison(conn.RemoteAddress) @@ -51,13 +51,15 @@ func adjustNetworkConnectionForComparison(conn *sensorAPI.NetworkConnection) { } else if conn.CloseTimestamp != nil { conn.CloseTimestamp = NotNilTimestamp } + + return conn } // EqualVT is not called directly because it returns false in cases that we don't want it to, for example // when both CloseTimestamp are nil, or when they have different non-nil values. func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.NetworkConnection) bool { - adjustNetworkConnectionForComparison(&conn1) - adjustNetworkConnectionForComparison(&conn2) + conn1 = adjustNetworkConnectionForComparison(conn1) + conn2 = adjustNetworkConnectionForComparison(conn2) return conn1.EqualVT(&conn2) } From 56cae484168e3f831a052894f8be52a4ac4fecf0 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Wed, 2 Jul 2025 14:33:51 -0700 Subject: [PATCH 15/25] Using bytes.Compare instead of CompareBytes --- integration-tests/pkg/types/network.go | 27 +++----------------------- 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index b81992b7fb..84bd6697ff 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -1,6 +1,7 @@ package types import ( + "bytes" "net" "sort" "time" @@ -64,28 +65,6 @@ func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.N return conn1.EqualVT(&conn2) } -func CompareBytes(b1 []byte, b2 []byte) int { - if len(b1) != len(b2) { - if len(b1) < len(b2) { - return -1 - } else { - return 1 - } - } - - for i := range b1 { - if b1[i] != b2[i] { - if b1[i] < b2[i] { - return -1 - } else { - return 1 - } - } - } - - return 0 -} - func EqualNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool { ad1 := adjustNetworkAddressForComparison(addr1) ad2 := adjustNetworkAddressForComparison(addr2) @@ -94,13 +73,13 @@ func EqualNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.Netwo } func LessNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool { - comp := CompareBytes(addr1.GetAddressData(), addr2.GetAddressData()) + comp := bytes.Compare(addr1.GetAddressData(), addr2.GetAddressData()) if comp != 0 { return comp < 0 } - comp = CompareBytes(addr1.GetIpNetwork(), addr2.GetIpNetwork()) + comp = bytes.Compare(addr1.GetIpNetwork(), addr2.GetIpNetwork()) if comp != 0 { return comp < 0 From 1283ac1a3b2377cdacc8bc90f1eb98ca039f3bde Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Wed, 2 Jul 2025 20:58:54 -0700 Subject: [PATCH 16/25] Using proto.Equal instead of EqualVT --- integration-tests/integration_test.go | 14 ++++---- integration-tests/pkg/types/network.go | 34 +++---------------- integration-tests/suites/process_network.go | 2 +- .../suites/repeated_network_flow.go | 6 ++-- .../suites/runtime_config_file.go | 8 ++--- integration-tests/suites/udp_networkflow.go | 7 ++-- 6 files changed, 24 insertions(+), 47 deletions(-) diff --git a/integration-tests/integration_test.go b/integration-tests/integration_test.go index 3c8af5aed8..ef4926e0ce 100644 --- a/integration-tests/integration_test.go +++ b/integration-tests/integration_test.go @@ -197,7 +197,7 @@ func TestConnectionsAndEndpointsNormal(t *testing.T) { Cmd: fmt.Sprintf("echo hello | socat - TCP4:SERVER_IP:%d", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, @@ -245,7 +245,7 @@ func TestConnectionsAndEndpointsHighLowPorts(t *testing.T) { Cmd: fmt.Sprintf("echo hello | socat - TCP4:SERVER_IP:%d,sourceport=10000", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, @@ -293,7 +293,7 @@ func TestConnectionsAndEndpointsServerHigh(t *testing.T) { Cmd: "echo hello | socat - TCP4:SERVER_IP:60999", ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, @@ -341,7 +341,7 @@ func TestConnectionsAndEndpointsSourcePort(t *testing.T) { Cmd: fmt.Sprintf("echo hello | socat - TCP4:SERVER_IP:%d,sourceport=40000", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, @@ -381,7 +381,7 @@ func TestConnectionsAndEndpointsUDPNormal(t *testing.T) { Cmd: fmt.Sprintf("echo hello | socat - UDP:SERVER_IP:%d", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, @@ -421,7 +421,7 @@ func TestConnectionsAndEndpointsUDPNoReuseaddr(t *testing.T) { Cmd: fmt.Sprintf("echo hello | socat - UDP:SERVER_IP:%d", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, @@ -461,7 +461,7 @@ func TestConnectionsAndEndpointsUDPNoFork(t *testing.T) { Cmd: fmt.Sprintf("echo hello | socat - UDP:SERVER_IP:%d", port), ExpectedNetwork: []*sensorAPI.NetworkConnection{ { - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index 84bd6697ff..7706ac89c7 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -6,6 +6,7 @@ import ( "sort" "time" + "google.golang.org/protobuf/proto" timestamppb "google.golang.org/protobuf/types/known/timestamppb" sensorAPI "github.com/stackrox/rox/generated/internalapi/sensor" @@ -27,26 +28,8 @@ func IsActive(conn *sensorAPI.NetworkConnection) bool { return conn.GetCloseTimestamp() == nil } -// The EqualVT method for NetworkAddress returns false if both of them are nil. That is not what -// we want, so replace nil addr with a default NetworkAddress. -func adjustNetworkAddressForComparison(addr *sensorAPI.NetworkAddress) *sensorAPI.NetworkAddress { - if addr == nil { - return CreateNetworkAddress("", "", 0) - } - - return addr -} - -// The EqualVT method for NetworkConnection returns false if both CloseTimestamps -// are nil. Same goes for LocalAddress and Remote Address. That is not the desired -// result. Also EqualVT returns false if the CloseTimestamp are different non-nil -// timestamps. We want the equal function to return true if neither of them are nil -// or both of them are nil. This function adjusts the fields so that the comparison -// works the way we want it to. +// We don't care about the exact timestamp, only if it is nil or not nil func adjustNetworkConnectionForComparison(conn sensorAPI.NetworkConnection) sensorAPI.NetworkConnection { - conn.LocalAddress = adjustNetworkAddressForComparison(conn.LocalAddress) - conn.RemoteAddress = adjustNetworkAddressForComparison(conn.RemoteAddress) - if conn.CloseTimestamp == nil { conn.CloseTimestamp = NilTimestamp } else if conn.CloseTimestamp != nil { @@ -62,14 +45,7 @@ func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.N conn1 = adjustNetworkConnectionForComparison(conn1) conn2 = adjustNetworkConnectionForComparison(conn2) - return conn1.EqualVT(&conn2) -} - -func EqualNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool { - ad1 := adjustNetworkAddressForComparison(addr1) - ad2 := adjustNetworkAddressForComparison(addr2) - - return ad1.EqualVT(ad2) + return proto.Equal(&conn1, &conn2) } func LessNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool { @@ -89,11 +65,11 @@ func LessNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.Networ } func LessNetworkConnection(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { - if !EqualNetworkAddress(conn1.LocalAddress, conn2.LocalAddress) { + if !proto.Equal(conn1, conn2) { return LessNetworkAddress(conn1.GetLocalAddress(), conn2.GetLocalAddress()) } - if !EqualNetworkAddress(conn1.RemoteAddress, conn2.RemoteAddress) { + if !proto.Equal(conn1, conn2) { return LessNetworkAddress(conn1.GetRemoteAddress(), conn2.GetRemoteAddress()) } diff --git a/integration-tests/suites/process_network.go b/integration-tests/suites/process_network.go index 1f2a0aa135..48d17b02e9 100644 --- a/integration-tests/suites/process_network.go +++ b/integration-tests/suites/process_network.go @@ -163,7 +163,7 @@ func (s *ProcessNetworkTestSuite) TestNetworkFlows() { s.Sensor().ExpectConnections(s.T(), s.clientContainer, 10*time.Second, &sensorAPI.NetworkConnection{ - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress(s.serverIP, "", s.serverPort), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, diff --git a/integration-tests/suites/repeated_network_flow.go b/integration-tests/suites/repeated_network_flow.go index 2156f92c6e..e305f8a46a 100644 --- a/integration-tests/suites/repeated_network_flow.go +++ b/integration-tests/suites/repeated_network_flow.go @@ -5,6 +5,8 @@ import ( "strconv" "time" + "github.com/stackrox/rox/pkg/protoassert" + "github.com/stackrox/collector/integration-tests/pkg/collector" "github.com/stackrox/collector/integration-tests/pkg/common" "github.com/stackrox/collector/integration-tests/pkg/config" @@ -134,8 +136,8 @@ func (s *RepeatedNetworkFlowTestSuite) TestRepeatedNetworkFlow() { expectedServerEndpoint := types.CreateNetworkAddress("", "", s.ServerPort) expectedClientEndpoint := types.CreateNetworkAddress(s.ClientIP, "", 0) - assert.True(s.T(), types.EqualNetworkAddress(expectedServerEndpoint, actualServerEndpoint)) - assert.True(s.T(), types.EqualNetworkAddress(expectedClientEndpoint, actualClientEndpoint)) + protoassert.Equal(s.T(), expectedServerEndpoint, actualServerEndpoint) + protoassert.Equal(s.T(), expectedClientEndpoint, actualClientEndpoint) // client side checks diff --git a/integration-tests/suites/runtime_config_file.go b/integration-tests/suites/runtime_config_file.go index a9b344d7cf..4fbfa43361 100644 --- a/integration-tests/suites/runtime_config_file.go +++ b/integration-tests/suites/runtime_config_file.go @@ -25,7 +25,7 @@ var ( notNilTime = protoconv.ConvertTimeToTimestamp(time.Now()) activeNormalizedConnection = sensorAPI.NetworkConnection{ - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress(normalizedIp, "", serverPort), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, @@ -34,7 +34,7 @@ var ( } activeUnnormalizedConnection = sensorAPI.NetworkConnection{ - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress("", externalIp, serverPort), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, @@ -43,7 +43,7 @@ var ( } inactiveNormalizedConnection = sensorAPI.NetworkConnection{ - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress(normalizedIp, "", serverPort), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, @@ -52,7 +52,7 @@ var ( } inactiveUnnormalizedConnection = sensorAPI.NetworkConnection{ - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress("", externalIp, serverPort), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, diff --git a/integration-tests/suites/udp_networkflow.go b/integration-tests/suites/udp_networkflow.go index 6f09058d98..37c30ffb1c 100644 --- a/integration-tests/suites/udp_networkflow.go +++ b/integration-tests/suites/udp_networkflow.go @@ -119,7 +119,7 @@ func (s *UdpNetworkFlow) runTest(image, recv, send string, port uint32) { log.Info("Server: %s - Client: %s\n", server.String(), client.String()) clientConnection := &sensorAPI.NetworkConnection{ - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress(server.ip, "", server.port), Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, @@ -173,8 +173,7 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() { for i := 0; i < CONTAINER_COUNT; i++ { // Load the client connection collector has to send for this server. clientConnections[i] = &sensorAPI.NetworkConnection{ - //LocalAddress: nil, - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress(servers[i].ip, "", servers[i].port), Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, @@ -234,7 +233,7 @@ func (s *UdpNetworkFlow) TestMultipleSources() { CloseTimestamp: nil, } clientConnections[i] = &sensorAPI.NetworkConnection{ - LocalAddress: types.CreateNetworkAddress("", "", 0), + LocalAddress: nil, RemoteAddress: types.CreateNetworkAddress(server.ip, "", server.port), Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, From f38392b38bcd02a12d71edec0222a9a8db0979c2 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Wed, 2 Jul 2025 23:29:09 -0700 Subject: [PATCH 17/25] Removed NotNilTimestamp --- integration-tests/pkg/types/network.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index 7706ac89c7..557847591a 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -17,7 +17,6 @@ const ( ) var ( - NilTimestamp = timestamppb.New(time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC)) NotNilTimestamp = timestamppb.New(time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC)) ) @@ -30,9 +29,7 @@ func IsActive(conn *sensorAPI.NetworkConnection) bool { // We don't care about the exact timestamp, only if it is nil or not nil func adjustNetworkConnectionForComparison(conn sensorAPI.NetworkConnection) sensorAPI.NetworkConnection { - if conn.CloseTimestamp == nil { - conn.CloseTimestamp = NilTimestamp - } else if conn.CloseTimestamp != nil { + if conn.CloseTimestamp != nil { conn.CloseTimestamp = NotNilTimestamp } From c0c605b48e964713fb1abc1a85609ab61bc475ca Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Thu, 3 Jul 2025 07:31:44 -0700 Subject: [PATCH 18/25] Fixed LessNetworkConnection --- integration-tests/pkg/types/network.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index 557847591a..f6a3d8b3cd 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -62,11 +62,11 @@ func LessNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.Networ } func LessNetworkConnection(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { - if !proto.Equal(conn1, conn2) { + if !proto.Equal(conn1.GetLocalAddress(), conn2.GetLocalAddress()) { return LessNetworkAddress(conn1.GetLocalAddress(), conn2.GetLocalAddress()) } - if !proto.Equal(conn1, conn2) { + if !proto.Equal(conn1.GetRemoteAddress(), conn2.GetRemoteAddress()) { return LessNetworkAddress(conn1.GetRemoteAddress(), conn2.GetRemoteAddress()) } From 995255705dcb24e1ae064d009ed58b8a3039bf40 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Mon, 14 Jul 2025 13:46:54 -0700 Subject: [PATCH 19/25] Passing conn to adjustNetworkConnectionForComparison by reference rather than value --- integration-tests/pkg/types/network.go | 11 ++++++----- integration-tests/suites/base.go | 2 ++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index f6a3d8b3cd..fc4432e5ca 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -28,21 +28,22 @@ func IsActive(conn *sensorAPI.NetworkConnection) bool { } // We don't care about the exact timestamp, only if it is nil or not nil -func adjustNetworkConnectionForComparison(conn sensorAPI.NetworkConnection) sensorAPI.NetworkConnection { +func adjustNetworkConnectionForComparison(conn *sensorAPI.NetworkConnection) *sensorAPI.NetworkConnection { if conn.CloseTimestamp != nil { + conn = conn.CloneVT() conn.CloseTimestamp = NotNilTimestamp } return conn } -// EqualVT is not called directly because it returns false in cases that we don't want it to, for example +// Equal is not called directly because it returns false in cases that we don't want it to, for example // when both CloseTimestamp are nil, or when they have different non-nil values. func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.NetworkConnection) bool { - conn1 = adjustNetworkConnectionForComparison(conn1) - conn2 = adjustNetworkConnectionForComparison(conn2) + copyConn1 := adjustNetworkConnectionForComparison(&conn1) + copyConn2 := adjustNetworkConnectionForComparison(&conn2) - return proto.Equal(&conn1, &conn2) + return proto.Equal(copyConn1, copyConn2) } func LessNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool { diff --git a/integration-tests/suites/base.go b/integration-tests/suites/base.go index f29c8301e8..551361169d 100644 --- a/integration-tests/suites/base.go +++ b/integration-tests/suites/base.go @@ -434,6 +434,8 @@ func (s *IntegrationTestSuiteBase) getIPAddress(containerName string) (string, e return s.Executor().GetContainerIP(containerName) } +// unit16 makes more sense for ports, but sensor.NetworkConnection uses uint32 for +// ports, so uint32 is used for ports. func (s *IntegrationTestSuiteBase) getPort(containerName string) (uint32, error) { portStr, err := s.Executor().GetContainerPort(containerName) port, _ := strconv.ParseUint(portStr, 10, 32) From 2fdd62bf1a71b29d25fd351454edf44b01c52f47 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Mon, 14 Jul 2025 14:04:45 -0700 Subject: [PATCH 20/25] Moved some vars to const --- integration-tests/suites/runtime_config_file.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/integration-tests/suites/runtime_config_file.go b/integration-tests/suites/runtime_config_file.go index 4fbfa43361..214d75f02b 100644 --- a/integration-tests/suites/runtime_config_file.go +++ b/integration-tests/suites/runtime_config_file.go @@ -17,12 +17,15 @@ import ( "github.com/stackrox/rox/pkg/protoconv" ) -var ( +const ( normalizedIp = "255.255.255.255" externalIp = "8.8.8.8" - serverPort = uint32(53) - externalUrl = fmt.Sprintf("http://%s:%d", externalIp, serverPort) - notNilTime = protoconv.ConvertTimeToTimestamp(time.Now()) + serverPort = 53 +) + +var ( + externalUrl = fmt.Sprintf("http://%s:%d", externalIp, serverPort) + notNilTime = protoconv.ConvertTimeToTimestamp(time.Now()) activeNormalizedConnection = sensorAPI.NetworkConnection{ LocalAddress: nil, From 1404d11afcd773df30ed9d1d5818e2d2053f9afe Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Mon, 14 Jul 2025 14:38:17 -0700 Subject: [PATCH 21/25] Moved adjustNetworkConnectionForComparison inside EqualNetworkConnection --- integration-tests/pkg/types/network.go | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index fc4432e5ca..7c7a1290f7 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -27,19 +27,18 @@ func IsActive(conn *sensorAPI.NetworkConnection) bool { return conn.GetCloseTimestamp() == nil } -// We don't care about the exact timestamp, only if it is nil or not nil -func adjustNetworkConnectionForComparison(conn *sensorAPI.NetworkConnection) *sensorAPI.NetworkConnection { - if conn.CloseTimestamp != nil { - conn = conn.CloneVT() - conn.CloseTimestamp = NotNilTimestamp +// Equal is not called directly because it returns false when they have different non-nil values. +func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.NetworkConnection) bool { + // We don't care about the exact timestamp, only if it is nil or not nil + adjustNetworkConnectionForComparison := func(conn *sensorAPI.NetworkConnection) *sensorAPI.NetworkConnection { + if conn.CloseTimestamp != nil { + conn = conn.CloneVT() + conn.CloseTimestamp = NotNilTimestamp + } + + return conn } - return conn -} - -// Equal is not called directly because it returns false in cases that we don't want it to, for example -// when both CloseTimestamp are nil, or when they have different non-nil values. -func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.NetworkConnection) bool { copyConn1 := adjustNetworkConnectionForComparison(&conn1) copyConn2 := adjustNetworkConnectionForComparison(&conn2) From 0e6a2eb72adbd6598bd311a1a9529e45cbc692b0 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Mon, 14 Jul 2025 16:06:55 -0700 Subject: [PATCH 22/25] connections_and_endpoints.go doesn't compare close timestamps --- integration-tests/pkg/types/network.go | 7 +++++++ integration-tests/suites/connections_and_endpoints.go | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index 7c7a1290f7..795c3d8621 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -45,6 +45,13 @@ func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.N return proto.Equal(copyConn1, copyConn2) } +func EqualNetworkConnectionDontCompareCloseTimestamps(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.NetworkConnection) bool { + conn1.CloseTimestamp = nil + conn2.CloseTimestamp = nil + + return proto.Equal(&conn1, &conn2) +} + func LessNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool { comp := bytes.Compare(addr1.GetAddressData(), addr2.GetAddressData()) diff --git a/integration-tests/suites/connections_and_endpoints.go b/integration-tests/suites/connections_and_endpoints.go index 9fec2c0dd4..261db67839 100644 --- a/integration-tests/suites/connections_and_endpoints.go +++ b/integration-tests/suites/connections_and_endpoints.go @@ -111,7 +111,7 @@ func (s *ConnectionsAndEndpointsTestSuite) TestConnectionsAndEndpoints() { lastExpectedNetwork.RemoteAddress = types.CreateNetworkAddress(s.Server.IP, "", lastExpectedNetwork.RemoteAddress.Port) lastExpectedNetwork.ContainerId = s.Client.ContainerID - assert.True(s.T(), types.EqualNetworkConnection(*lastExpectedNetwork, *lastNetwork)) + assert.True(s.T(), types.EqualNetworkConnectionDontCompareCloseTimestamps(*lastExpectedNetwork, *lastNetwork)) } if s.Client.ExpectedEndpoints != nil { @@ -136,7 +136,7 @@ func (s *ConnectionsAndEndpointsTestSuite) TestConnectionsAndEndpoints() { lastExpectedNetwork.RemoteAddress = types.CreateNetworkAddress(s.Client.IP, "", lastExpectedNetwork.RemoteAddress.Port) lastExpectedNetwork.ContainerId = s.Server.ContainerID - assert.True(s.T(), types.EqualNetworkConnection(*lastExpectedNetwork, *lastNetwork)) + assert.True(s.T(), types.EqualNetworkConnectionDontCompareCloseTimestamps(*lastExpectedNetwork, *lastNetwork)) } serverEndpoints := s.Sensor().Endpoints(s.Server.ContainerID) From 453bfdcab7ff95e31f256460e6665f4fabc85d66 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Tue, 15 Jul 2025 13:21:05 -0700 Subject: [PATCH 23/25] Use CloneVT to avoid mutation. Pass pointers to functions --- .../pkg/mock_sensor/expect_conn.go | 4 ++-- integration-tests/pkg/mock_sensor/server.go | 2 +- integration-tests/pkg/types/network.go | 20 ++++++++++++------- .../suites/connections_and_endpoints.go | 4 ++-- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/integration-tests/pkg/mock_sensor/expect_conn.go b/integration-tests/pkg/mock_sensor/expect_conn.go index 0a6fa80c9d..6d929602e1 100644 --- a/integration-tests/pkg/mock_sensor/expect_conn.go +++ b/integration-tests/pkg/mock_sensor/expect_conn.go @@ -88,7 +88,7 @@ func (s *MockSensor) ExpectSameElementsConnections(t *testing.T, containerID str types.SortConnections(expected) equal := func(c1, c2 *sensorAPI.NetworkConnection) bool { - return types.EqualNetworkConnection(*c1, *c2) + return types.EqualNetworkConnection(c1, c2) } connections := s.Connections(containerID) @@ -125,7 +125,7 @@ func (s *MockSensor) ExpectSameElementsConnectionsScrapes(t *testing.T, containe types.SortConnections(c2) for i := range c2 { - if !types.EqualNetworkConnection(*c1[i], *c2[i]) { + if !types.EqualNetworkConnection(c1[i], c2[i]) { return false } } diff --git a/integration-tests/pkg/mock_sensor/server.go b/integration-tests/pkg/mock_sensor/server.go index 544d505655..7b6e07223c 100644 --- a/integration-tests/pkg/mock_sensor/server.go +++ b/integration-tests/pkg/mock_sensor/server.go @@ -192,7 +192,7 @@ func (m *MockSensor) HasConnection(containerID string, conn *sensorAPI.NetworkCo conns := m.Connections(containerID) if len(conns) > 0 { return slices.ContainsFunc(conns, func(c *sensorAPI.NetworkConnection) bool { - return types.EqualNetworkConnection(*c, *conn) + return types.EqualNetworkConnection(c, conn) }) } diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index 795c3d8621..bcbfcd9208 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -28,7 +28,10 @@ func IsActive(conn *sensorAPI.NetworkConnection) bool { } // Equal is not called directly because it returns false when they have different non-nil values. -func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.NetworkConnection) bool { +func EqualNetworkConnection(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { + copyConn1 := conn1.CloneVT() + copyConn2 := conn2.CloneVT() + // We don't care about the exact timestamp, only if it is nil or not nil adjustNetworkConnectionForComparison := func(conn *sensorAPI.NetworkConnection) *sensorAPI.NetworkConnection { if conn.CloseTimestamp != nil { @@ -39,17 +42,20 @@ func EqualNetworkConnection(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.N return conn } - copyConn1 := adjustNetworkConnectionForComparison(&conn1) - copyConn2 := adjustNetworkConnectionForComparison(&conn2) + copyConn1 = adjustNetworkConnectionForComparison(copyConn1) + copyConn2 = adjustNetworkConnectionForComparison(copyConn2) return proto.Equal(copyConn1, copyConn2) } -func EqualNetworkConnectionDontCompareCloseTimestamps(conn1 sensorAPI.NetworkConnection, conn2 sensorAPI.NetworkConnection) bool { - conn1.CloseTimestamp = nil - conn2.CloseTimestamp = nil +func EqualNetworkConnectionDontCompareCloseTimestamps(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { + copyConn1 := conn1.CloneVT() + copyConn2 := conn2.CloneVT() + + copyConn1.CloseTimestamp = nil + copyConn2.CloseTimestamp = nil - return proto.Equal(&conn1, &conn2) + return proto.Equal(copyConn1, copyConn2) } func LessNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool { diff --git a/integration-tests/suites/connections_and_endpoints.go b/integration-tests/suites/connections_and_endpoints.go index 261db67839..601621651d 100644 --- a/integration-tests/suites/connections_and_endpoints.go +++ b/integration-tests/suites/connections_and_endpoints.go @@ -111,7 +111,7 @@ func (s *ConnectionsAndEndpointsTestSuite) TestConnectionsAndEndpoints() { lastExpectedNetwork.RemoteAddress = types.CreateNetworkAddress(s.Server.IP, "", lastExpectedNetwork.RemoteAddress.Port) lastExpectedNetwork.ContainerId = s.Client.ContainerID - assert.True(s.T(), types.EqualNetworkConnectionDontCompareCloseTimestamps(*lastExpectedNetwork, *lastNetwork)) + assert.True(s.T(), types.EqualNetworkConnectionDontCompareCloseTimestamps(lastExpectedNetwork, lastNetwork)) } if s.Client.ExpectedEndpoints != nil { @@ -136,7 +136,7 @@ func (s *ConnectionsAndEndpointsTestSuite) TestConnectionsAndEndpoints() { lastExpectedNetwork.RemoteAddress = types.CreateNetworkAddress(s.Client.IP, "", lastExpectedNetwork.RemoteAddress.Port) lastExpectedNetwork.ContainerId = s.Server.ContainerID - assert.True(s.T(), types.EqualNetworkConnectionDontCompareCloseTimestamps(*lastExpectedNetwork, *lastNetwork)) + assert.True(s.T(), types.EqualNetworkConnectionDontCompareCloseTimestamps(lastExpectedNetwork, lastNetwork)) } serverEndpoints := s.Sensor().Endpoints(s.Server.ContainerID) From 66f170617dd7eae68bc0d53d6bf478e06794c3b0 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Tue, 15 Jul 2025 14:30:25 -0700 Subject: [PATCH 24/25] Renamed NilTimestampStr back to NilTimestamp. Created placeholderIP for TestConnectionsAndEndpoints --- integration-tests/integration_test.go | 36 ++++++++++++--------- integration-tests/pkg/types/endpoint.go | 2 +- integration-tests/pkg/types/network.go | 5 ++- integration-tests/suites/listening_ports.go | 2 +- 4 files changed, 24 insertions(+), 21 deletions(-) diff --git a/integration-tests/integration_test.go b/integration-tests/integration_test.go index ef4926e0ce..f3247bc45a 100644 --- a/integration-tests/integration_test.go +++ b/integration-tests/integration_test.go @@ -17,6 +17,10 @@ import ( "github.com/stackrox/collector/integration-tests/suites" ) +const ( + placeholderIP = "0.0.0.0" +) + func TestProcessNetwork(t *testing.T) { suite.Run(t, new(suites.ProcessNetworkTestSuite)) } @@ -97,7 +101,7 @@ func TestProcfsScraper(t *testing.T) { Expected: []types.EndpointInfo{ { Protocol: "L4_PROTOCOL_TCP", - CloseTimestamp: types.NilTimestampStr, + CloseTimestamp: types.NilTimestamp, Address: types.ListenAddress{ AddressData: "\x00\x00\x00\x00", Port: 80, @@ -130,7 +134,7 @@ func TestProcfsScraperDisableFeatureFlag(t *testing.T) { Expected: []types.EndpointInfo{ { Protocol: "L4_PROTOCOL_TCP", - CloseTimestamp: types.NilTimestampStr, + CloseTimestamp: types.NilTimestamp, Address: types.ListenAddress{ AddressData: "\x00\x00\x00\x00", Port: 80, @@ -174,7 +178,7 @@ func TestConnectionsAndEndpointsNormal(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), - RemoteAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", placeholderIP, 0), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -198,7 +202,7 @@ func TestConnectionsAndEndpointsNormal(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: nil, - RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + RemoteAddress: types.CreateNetworkAddress("", placeholderIP, uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -222,7 +226,7 @@ func TestConnectionsAndEndpointsHighLowPorts(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), - RemoteAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", placeholderIP, 0), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -246,7 +250,7 @@ func TestConnectionsAndEndpointsHighLowPorts(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: nil, - RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + RemoteAddress: types.CreateNetworkAddress("", placeholderIP, uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -270,7 +274,7 @@ func TestConnectionsAndEndpointsServerHigh(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), - RemoteAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", placeholderIP, 0), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -294,7 +298,7 @@ func TestConnectionsAndEndpointsServerHigh(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: nil, - RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + RemoteAddress: types.CreateNetworkAddress("", placeholderIP, uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -318,7 +322,7 @@ func TestConnectionsAndEndpointsSourcePort(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: types.CreateNetworkAddress("", "", uint32(port)), - RemoteAddress: types.CreateNetworkAddress("", "", 0), + RemoteAddress: types.CreateNetworkAddress("", placeholderIP, 0), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_SERVER, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -342,7 +346,7 @@ func TestConnectionsAndEndpointsSourcePort(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: nil, - RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + RemoteAddress: types.CreateNetworkAddress("", placeholderIP, uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_TCP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -370,7 +374,7 @@ func TestConnectionsAndEndpointsUDPNormal(t *testing.T) { // RemoteAddress: "CLIENT_IP", // Role: "ROLE_SERVER", // SocketFamily: "SOCKET_FAMILY_UNKNOWN", - // CloseTimestamp: types.NilTimestampStr, + // CloseTimestamp: types.NilTimestamp, // }, // }, // TODO UDP listening endpoints should be reported @@ -382,7 +386,7 @@ func TestConnectionsAndEndpointsUDPNormal(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: nil, - RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + RemoteAddress: types.CreateNetworkAddress("", placeholderIP, uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -410,7 +414,7 @@ func TestConnectionsAndEndpointsUDPNoReuseaddr(t *testing.T) { // RemoteAddress: "CLIENT_IP", // Role: "ROLE_SERVER", // SocketFamily: "SOCKET_FAMILY_UNKNOWN", - // CloseTimestamp: types.NilTimestampStr, + // CloseTimestamp: types.NilTimestamp, // }, // }, // TODO UDP listening endpoints should be reported @@ -422,7 +426,7 @@ func TestConnectionsAndEndpointsUDPNoReuseaddr(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: nil, - RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + RemoteAddress: types.CreateNetworkAddress("", placeholderIP, uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, @@ -450,7 +454,7 @@ func TestConnectionsAndEndpointsUDPNoFork(t *testing.T) { // RemoteAddress: "CLIENT_IP", // Role: "ROLE_SERVER", // SocketFamily: "SOCKET_FAMILY_UNKNOWN", - // CloseTimestamp: types.NilTimestampStr, + // CloseTimestamp: types.NilTimestamp, // }, // }, // TODO UDP listening endpoints should be reported @@ -462,7 +466,7 @@ func TestConnectionsAndEndpointsUDPNoFork(t *testing.T) { ExpectedNetwork: []*sensorAPI.NetworkConnection{ { LocalAddress: nil, - RemoteAddress: types.CreateNetworkAddress("", "", uint32(port)), + RemoteAddress: types.CreateNetworkAddress("", placeholderIP, uint32(port)), Protocol: storage.L4Protocol_L4_PROTOCOL_UDP, Role: sensorAPI.ClientServerRole_ROLE_CLIENT, SocketFamily: sensorAPI.SocketFamily_SOCKET_FAMILY_UNKNOWN, diff --git a/integration-tests/pkg/types/endpoint.go b/integration-tests/pkg/types/endpoint.go index 4047591ce6..014d814a31 100644 --- a/integration-tests/pkg/types/endpoint.go +++ b/integration-tests/pkg/types/endpoint.go @@ -11,7 +11,7 @@ type EndpointInfo struct { func (n *EndpointInfo) IsActive() bool { // no close timestamp means the connection is open, and active - return n.CloseTimestamp == NilTimestampStr + return n.CloseTimestamp == NilTimestamp } func (n *EndpointInfo) Less(other EndpointInfo) bool { diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index bcbfcd9208..332d3adc7f 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -13,7 +13,7 @@ import ( ) const ( - NilTimestampStr = "" + NilTimestamp = "" ) var ( @@ -27,12 +27,11 @@ func IsActive(conn *sensorAPI.NetworkConnection) bool { return conn.GetCloseTimestamp() == nil } -// Equal is not called directly because it returns false when they have different non-nil values. +// Equal is not called directly because it returns false when close timestamps have different non-nil values. func EqualNetworkConnection(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { copyConn1 := conn1.CloneVT() copyConn2 := conn2.CloneVT() - // We don't care about the exact timestamp, only if it is nil or not nil adjustNetworkConnectionForComparison := func(conn *sensorAPI.NetworkConnection) *sensorAPI.NetworkConnection { if conn.CloseTimestamp != nil { conn = conn.CloneVT() diff --git a/integration-tests/suites/listening_ports.go b/integration-tests/suites/listening_ports.go index 261e2cdde9..c45dd615ab 100644 --- a/integration-tests/suites/listening_ports.go +++ b/integration-tests/suites/listening_ports.go @@ -136,7 +136,7 @@ func (s *ProcessListeningOnPortTestSuite) TestProcessListeningOnPort() { return false } return infos[0].CloseTimestamp != infos[1].CloseTimestamp && - (infos[0].CloseTimestamp == types.NilTimestampStr || infos[1].CloseTimestamp == types.NilTimestampStr) + (infos[0].CloseTimestamp == types.NilTimestamp || infos[1].CloseTimestamp == types.NilTimestamp) } assert.True(s.T(), hasOpenAndClose(endpoints8081), "Did not capture open and close events for port 8081") From 2e99de6c57168e89c39b7aa96a95ec118f05f40d Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Wed, 16 Jul 2025 07:43:55 -0700 Subject: [PATCH 25/25] Reduced usage of CloneVT() --- integration-tests/pkg/types/network.go | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go index 332d3adc7f..ca5df3dfa3 100644 --- a/integration-tests/pkg/types/network.go +++ b/integration-tests/pkg/types/network.go @@ -29,9 +29,6 @@ func IsActive(conn *sensorAPI.NetworkConnection) bool { // Equal is not called directly because it returns false when close timestamps have different non-nil values. func EqualNetworkConnection(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { - copyConn1 := conn1.CloneVT() - copyConn2 := conn2.CloneVT() - adjustNetworkConnectionForComparison := func(conn *sensorAPI.NetworkConnection) *sensorAPI.NetworkConnection { if conn.CloseTimestamp != nil { conn = conn.CloneVT() @@ -41,20 +38,26 @@ func EqualNetworkConnection(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI return conn } - copyConn1 = adjustNetworkConnectionForComparison(copyConn1) - copyConn2 = adjustNetworkConnectionForComparison(copyConn2) + conn1 = adjustNetworkConnectionForComparison(conn1) + conn2 = adjustNetworkConnectionForComparison(conn2) - return proto.Equal(copyConn1, copyConn2) + return proto.Equal(conn1, conn2) } func EqualNetworkConnectionDontCompareCloseTimestamps(conn1 *sensorAPI.NetworkConnection, conn2 *sensorAPI.NetworkConnection) bool { - copyConn1 := conn1.CloneVT() - copyConn2 := conn2.CloneVT() + adjustNetworkConnectionForComparison := func(conn *sensorAPI.NetworkConnection) *sensorAPI.NetworkConnection { + if conn.CloseTimestamp != nil { + conn = conn.CloneVT() + conn.CloseTimestamp = nil + } + + return conn + } - copyConn1.CloseTimestamp = nil - copyConn2.CloseTimestamp = nil + conn1 = adjustNetworkConnectionForComparison(conn1) + conn2 = adjustNetworkConnectionForComparison(conn2) - return proto.Equal(copyConn1, copyConn2) + return proto.Equal(conn1, conn2) } func LessNetworkAddress(addr1 *sensorAPI.NetworkAddress, addr2 *sensorAPI.NetworkAddress) bool {