(#1108) IPC mechanism server side

- handle IPC mechanism communication between scoped application and CLI TODO: - cli - unit test - integration test - IPC namespace switch Closes: #1108
criblio · Nov 23, 2022 · c3698bf · c3698bf
1 parent 68a7e7a
commit c3698bf
Show file tree

Hide file tree

Showing 11 changed files with 366 additions and 4 deletions.
diff --git a/cli/cmd/inspect.go b/cli/cmd/inspect.go
@@ -0,0 +1,22 @@
+package cmd
+
+import (
+	"github.com/criblio/scope/inspect"
+	"github.com/spf13/cobra"
+)
+
+// inspectCmd represents the inspect command
+var inspectCmd = &cobra.Command{
+	Use:     "inspect [flags]",
+	Short:   "Display scope inspect",
+	Long:    `Outputs inspect info.`,
+	Example: `scope inspect`,
+	Args:    cobra.NoArgs,
+	Run: func(cmd *cobra.Command, args []string) {
+		inspect.Inspect()
+	},
+}
+
+func init() {
+	RootCmd.AddCommand(inspectCmd)
+}
diff --git a/cli/inspect/inspect.go b/cli/inspect/inspect.go
@@ -0,0 +1,9 @@
+package inspect
+
+import "fmt"
+
+// startConfig represents a processed configuration
+func Inspect() error {
+	fmt.Println("inspect Test")
+	return nil
+}
diff --git a/cli/util/mq.go b/cli/util/mq.go
@@ -0,0 +1,74 @@
+package util
+
+import (
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+const MessageQueueDefaultMode int = 0644
+const MessageQueueMaxQueueSize int64 = 10
+const MessageQueueMaxMessageSize int64 = 8192
+
+type MessageQueue struct {
+	fd         int
+	name       string // Name of the message queue
+	attributes MessageQueueAttributes
+}
+
+type MessageQueueAttributes struct {
+	Flags           int64 // Message queue flags
+	MaxQueueSize    int64 // Max # of messages in queue
+	MaxMessageSize  int64 // Max message size in bytes
+	CurrentMessages int64 // Current # of messages in queue
+}
+
+func Open(name string, flags int64, cfg MessageQueueAttributes) (*MessageQueue, error) {
+	unixName, err := unix.BytePtrFromString(name)
+	if err != nil {
+		return nil, err
+	}
+
+	mqfd, _, errno := unix.Syscall6(
+		unix.SYS_MQ_OPEN,
+		uintptr(unsafe.Pointer(unixName)),
+		uintptr(flags),
+		uintptr(MessageQueueDefaultMode),
+		uintptr(unsafe.Pointer(&cfg)),
+		0, // Last 2 unused
+		0,
+	)
+
+	if errno != 0 {
+		return nil, errno
+	}
+
+	return &MessageQueue{
+		fd:         int(mqfd),
+		name:       name,
+		attributes: cfg,
+	}, nil
+}
+
+func (mq *MessageQueue) Close() error {
+	return unix.Close(int(mq.fd))
+}
+
+func (mq *MessageQueue) Unlink() error {
+	unixName, err := unix.BytePtrFromString(mq.name)
+	if err != nil {
+		return err
+	}
+
+	_, _, errno := unix.Syscall(
+		unix.SYS_MQ_UNLINK,
+		uintptr(unsafe.Pointer(unixName)),
+		0, // Last 2 unused
+		0,
+	)
+	if errno != 0 {
+		return errno
+	}
+
+	return nil
+}
diff --git a/docs/IPC.md b/docs/IPC.md
@@ -0,0 +1,8 @@
+# IPC Notes
+
+- For IPC communication we are using pair of message queue:
+
+- `scope` is responsible to create and read on `ScopeCLI`
+- Scoped application is responsible to create and read `ScopeIPC.<PID>`
+
+TODO: Picture
diff --git a/os/linux/aarch64.mk b/os/linux/aarch64.mk
@@ -5,7 +5,7 @@ ARCH_OBJ=$(ARCH)
 LD_FLAGS=$(MUSL_AR) $(UNWIND_AR) $(PCRE2_AR) $(LS_HPACK_AR) $(YAML_AR) $(JSON_AR) -ldl -lpthread -lrt -lresolv -Lcontrib/build/funchook -lfunchook -Lcontrib/build/funchook/capstone_src-prefix/src/capstone_src-build -lcapstone -z noexecstack
 INCLUDES=-I./contrib/libyaml/include -I./contrib/cJSON -I./os/$(OS) -I./contrib/pcre2/src -I./contrib/build/pcre2 -I./contrib/funchook/capstone_src/include/ -I./contrib/jni -I./contrib/jni/linux/ -I./contrib/openssl/include -I./contrib/build/openssl/include -I./contrib/build/libunwind/include  -I./contrib/libunwind/include/
 
-$(LIBSCOPE): src/wrap.c src/state.c src/httpstate.c src/metriccapture.c src/report.c src/httpagg.c src/plattime.c src/fn.c os/$(OS)/os.c src/cfgutils.c src/cfg.c src/transport.c src/log.c src/mtc.c src/circbuf.c src/linklist.c src/evtformat.c src/ctl.c src/mtcformat.c src/com.c src/scopestdlib.c src/dbg.c src/search.c src/scopeelf.c src/utils.c src/strset.c src/javabci.c src/javaagent.c
+$(LIBSCOPE): src/wrap.c src/state.c src/httpstate.c src/metriccapture.c src/report.c src/httpagg.c src/plattime.c src/fn.c os/$(OS)/os.c src/cfgutils.c src/cfg.c src/transport.c src/log.c src/mtc.c src/circbuf.c src/linklist.c src/evtformat.c src/ctl.c src/mtcformat.c src/com.c src/scopestdlib.c src/dbg.c src/search.c src/scopeelf.c src/utils.c src/strset.c src/javabci.c src/javaagent.c src/ipc.c
 	@$(MAKE) -C contrib funchook pcre2 openssl ls-hpack musl libyaml libunwind cJSON
 	@echo "$${CI:+::group::}Building $@"
 	$(CC) $(CFLAGS) \

diff --git a/os/linux/x86_64.mk b/os/linux/x86_64.mk
@@ -11,7 +11,7 @@ INCLUDES=-I./contrib/libyaml/include -I./contrib/cJSON -I./os/$(OS) -I./contrib/
 #	objcopy -I binary -O elf64-x86-64 -B i386 ./lib/$(OS)/libscope.so ./lib/$(OS)/libscope.o && \
 #	rm -f ./lib/$(OS)/libscope.so
 
-$(LIBSCOPE): src/wrap.c src/state.c src/httpstate.c src/metriccapture.c src/report.c src/httpagg.c src/plattime.c src/fn.c os/$(OS)/os.c src/cfgutils.c src/cfg.c src/transport.c src/log.c src/mtc.c src/circbuf.c src/linklist.c src/evtformat.c src/ctl.c src/mtcformat.c src/com.c src/scopestdlib.c src/dbg.c src/search.c src/sysexec.c src/gocontext.S src/scopeelf.c src/wrap_go.c src/utils.c src/strset.c src/javabci.c src/javaagent.c
+$(LIBSCOPE): src/wrap.c src/state.c src/httpstate.c src/metriccapture.c src/report.c src/httpagg.c src/plattime.c src/fn.c os/$(OS)/os.c src/cfgutils.c src/cfg.c src/transport.c src/log.c src/mtc.c src/circbuf.c src/linklist.c src/evtformat.c src/ctl.c src/mtcformat.c src/com.c src/scopestdlib.c src/dbg.c src/search.c src/sysexec.c src/gocontext.S src/scopeelf.c src/wrap_go.c src/utils.c src/strset.c src/javabci.c src/javaagent.c src/ipc.c
 	@$(MAKE) -C contrib funchook pcre2 openssl ls-hpack musl libyaml cJSON libunwind
 	@echo "$${CI:+::group::}Building $@"
 	$(CC) $(CFLAGS) $(ARCH_CFLAGS) \

diff --git a/os/macOS/Makefile b/os/macOS/Makefile
@@ -25,7 +25,7 @@ $(PCRE2_AR):
 	cd contrib/pcre2/build && cmake ..
 	cd contrib/pcre2/build && make
 
-libscope.so: src/wrap.c src/state.c src/httpstate.c src/report.c src/httpagg.c src/plattime.c src/fn.c os/$(OS)/os.c src/cfgutils.c src/cfg.c src/transport.c src/log.c src/mtc.c src/circbuf.c src/linklist.c src/evtformat.c src/ctl.c src/mtcformat.c src/com.c src/scopestdlib.c src/dbg.c src/search.c src/utils.c $(YAML_SRC) contrib/cJSON/cJSON.c
+libscope.so: src/wrap.c src/state.c src/httpstate.c src/report.c src/httpagg.c src/plattime.c src/fn.c os/$(OS)/os.c src/cfgutils.c src/cfg.c src/transport.c src/log.c src/mtc.c src/circbuf.c src/linklist.c src/evtformat.c src/ctl.c src/mtcformat.c src/com.c src/scopestdlib.c src/dbg.c src/search.c src/utils.c $(YAML_SRC) contrib/cJSON/cJSON.c src/ipc.c
 	@echo "Building libscope.so ..."
 	make $(PCRE2_AR)
 	$(CC) $(CFLAGS) -shared -fvisibility=hidden -DSCOPE_VER=\"$(SCOPE_VER)\" $(YAML_DEFINES) -o ./lib/$(OS)/$@ $(INCLUDES) $^ -e,prog_version $(LD_FLAGS)

diff --git a/src/ipc.c b/src/ipc.c
@@ -0,0 +1,77 @@
+#define _GNU_SOURCE
+
+#include "ipc.h"
+
+/* Message-queue
+ *
+ * Message-queue system limits which are related to `ipcOpenConnection`
+ * are defined in following files:
+ * 
+ * "/proc/sys/fs/mqueue/msg_max"
+ * - describes maximum number of messsages in a queue (QUEUE_MSG_MAX)
+ *
+ * "/proc/sys/fs/mqueue/msgsize_max"
+ * - describes maximum message size in a queue (QUEUE_MSG_SIZE)
+ * 
+ * "/proc/sys/fs/mqueue/queues_max"
+ * - describes system-wide limit on the number of message queues that can be created
+ * 
+ * See details in: https://man7.org/linux/man-pages/man7/mq_overview.7.html
+ */
+
+#define QUEUE_MSG_MAX  10
+#define QUEUE_MSG_SIZE 8192
+
+int
+ipcSend(mqd_t mqdes, const char *data, size_t len) {
+    return scope_mq_send(mqdes, data, len, 0);
+}
+
+int
+ipcSendWithTimeout(mqd_t mqdes, const char *data, size_t len, const struct timespec *req) {
+    return scope_mq_timedsend(mqdes, data, len, 0, req);
+}
+
+ssize_t
+ipcRecv(mqd_t mqdes, char *buf, size_t len) {
+    return scope_mq_receive(mqdes, buf, len, 0);
+}
+
+ssize_t
+ipcRecvWithTimeout(mqd_t mqdes, char *buf, size_t len, const struct timespec *req) {
+    return scope_mq_timedreceive(mqdes, buf, len, 0, req);
+}
+
+mqd_t
+ipcOpenConnection(const char *name, int flags) {
+    struct mq_attr msg_attr = {.mq_flags = 0, 
+                               .mq_maxmsg = QUEUE_MSG_MAX,
+                               .mq_msgsize = QUEUE_MSG_SIZE,
+                               .mq_curmsgs = 0};
+
+    if (flags == O_WRONLY) {
+        return scope_mq_open(name, flags);
+    }
+    return scope_mq_open(name, flags, 0666, &msg_attr);
+}
+
+int
+ipcCloseConnection(mqd_t mqdes) {
+    return scope_mq_close(mqdes);
+}
+
+int
+ipcDestroyConnection(const char *name) {
+    return scope_mq_unlink(name); 
+}
+
+int
+ipcGetInfo(mqd_t mqdes, long *mqFlags, long *mqMaxMsg, long *mqMsgSize, long *mqCurMsgs) {
+    struct mq_attr attr;
+    int res = scope_mq_getattr(mqdes, &attr);
+    *mqFlags = attr.mq_flags;
+    *mqMaxMsg = attr.mq_maxmsg;
+    *mqMsgSize = attr.mq_msgsize;
+    *mqCurMsgs = attr.mq_curmsgs;
+    return res;
+}
diff --git a/src/ipc.h b/src/ipc.h
@@ -0,0 +1,21 @@
+#ifndef __IPC_H__
+#define __IPC_H__
+
+#include "scopestdlib.h"
+
+// Send message from Inter-process communication
+int ipcSend(mqd_t, const char *, size_t);
+int ipcSendWithTimeout(mqd_t, const char *, size_t, const struct timespec *);
+
+// Receive message from Inter-process communication
+ssize_t ipcRecv(mqd_t, char *, size_t);
+ssize_t ipcRecvWithTimeout(mqd_t, char *, size_t, const struct timespec *);
+
+// Manage Inter-process communication
+mqd_t ipcOpenConnection(const char *, int);
+int ipcCloseConnection(mqd_t);
+int ipcDestroyConnection(const char *);
+int ipcGetInfo(mqd_t, long *, long *, long *, long *);
+
+
+#endif // __IPC_H__
diff --git a/src/wrap.c b/src/wrap.c
@@ -39,6 +39,7 @@
 #include "runtimecfg.h"
 #include "javaagent.h"
 #include "inject.h"
+#include "ipc.h"
 #include "scopestdlib.h"
 #include "../contrib/libmusl/musl.h"
 
@@ -55,6 +56,7 @@ static const char *g_cmddir;
 static list_t *g_nsslist;
 static uint64_t reentrancy_guard = 0ULL;
 static rlim_t g_max_fds = 0;
+static mqd_t g_receiver_msg_q = (mqd_t) -1;
 
 typedef int (*ssl_rdfunc_t)(SSL *, void *, int);
 typedef int (*ssl_wrfunc_t)(SSL *, const void *, int);
@@ -423,8 +425,46 @@ cmdAttach(void)
     return TRUE;
 }
 
+
+
 static void
-remoteConfig()
+mqConfig(void) {
+    // If the receiver msg_q does not exists
+    if (g_receiver_msg_q == (mqd_t)-1) {
+        return;
+    }
+
+    // TODO allocate buffer dynamically ?
+    char readBuffer[8192] = {0};
+    char writeBuffer[8192] = {0};
+    struct timespec ts = {.tv_sec = 1, .tv_nsec = 0}; // 1 s
+    ssize_t recvRes = ipcRecvWithTimeout(g_receiver_msg_q, readBuffer, sizeof(readBuffer), &ts);
+    if (recvRes == -1) {
+        // scopeLogError("Error during reading message%d", scope_errno);
+        return;
+    } else {
+        scopeLogError("Success receiving message from cli: %s", readBuffer);
+    }
+
+    mqd_t climqdes = ipcOpenConnection("/ScopeCLI", O_WRONLY);
+    if (climqdes == (mqd_t)-1) {
+        scopeLogError("Error during open CLI msgQ %d", scope_errno);
+        return;
+    }
+
+    scope_strcpy(writeBuffer, "TestInput");
+    // Send same msg for debug purpose
+    int sendRes = ipcSend(climqdes, writeBuffer, sizeof(writeBuffer));
+    if (sendRes == -1) {
+        scopeLogError("Error: %d during sending message to cli.", scope_errno);
+    } else {
+        scopeLogError("Success sending message to cli: %s", writeBuffer);
+    }
+    ipcCloseConnection(climqdes);
+}
+
+static void
+remoteConfig(void)
 {
     int timeout;
     struct pollfd fds;
@@ -1002,6 +1042,10 @@ handleExit(void)
     ctlDisconnect(g_ctl, CFG_CTL);
     logFlush(g_log);
     logDisconnect(g_log);
+    ipcCloseConnection(g_receiver_msg_q);
+    char name[256];
+    scope_snprintf(name, sizeof(name), "/ScopeIPC.%d", g_proc.pid);
+    ipcDestroyConnection(name);
 }
 
 static void *
@@ -1081,6 +1125,7 @@ periodic(void *arg)
             }
         }
         remoteConfig();
+        mqConfig();
     }
 
     return NULL;
@@ -1636,6 +1681,11 @@ init(void)
     setMachineID(g_proc.machine_id);
     setUUID(g_proc.uuid);
 
+    // Create IPC connection message queue
+    char name[256];
+    scope_snprintf(name, sizeof(name), "/ScopeIPC.%d", g_proc.pid);
+    g_receiver_msg_q = ipcOpenConnection(name, O_RDONLY | O_CREAT | O_CLOEXEC | O_NONBLOCK);
+
     // initEnv() will set this TRUE if it detects `scope_attach_PID.env` in
     // `/dev/shm` with our PID indicating we were injected into a running
     // process.
@@ -1764,6 +1814,11 @@ init(void)
         osCreateSM(&g_proc, (unsigned long)cmdAttach);
     }
 
+    // TODO: remove this 
+    if (g_receiver_msg_q == (mqd_t)-1) {
+        scopeLogError("Error during creation of %s", name);
+    }
+
     osInitJavaAgent();
 
 }