Kill Tracee incase of a leak

main.go

@@ -46,12 +46,12 @@
 	"time"
 	"unsafe"
 
 	"github.com/hlandau/dexlogconfig"
 	"github.com/hlandau/xlog"
 	"github.com/oraoto/go-pidfd"
 	"github.com/robertmin1/heteronculous-horklump/httpproxy"
 	"github.com/robertmin1/socks5/v4"
 	"github.com/u-root/u-root/pkg/strace"
 	"golang.org/x/sys/unix"
 	"gopkg.in/hlandau/easyconfig.v1"
 )
@@ -70,18 +70,19 @@
 var exitAddr sync.Map
 
 // Config is a struct to store the program's configuration values.
 type Config struct { //nolint
 	Program           string   `usage:"Program Name"`
 	SocksTCP          string   `default:"127.0.0.1:9050"`
 	Args              []string `usage:"Program Arguments"`
 	KillProg          bool     `default:"false" usage:"Kill the Program in case of a Proxy Leak (bool)"`
+	KillTracee        bool     `default:"false" usage:"Kill only the specific tracee causing the leak (bool)"`
 	LogLeaks          bool     `default:"false" usage:"Allow Proxy Leaks but Log any that Occur (bool)"`
 	EnvVar            bool     `default:"true" usage:"Use the Environment Vars TOR_SOCKS_HOST and TOR_SOCKS_PORT (bool)"`
 	Redirect          string   `default:"socks5" usage:"Incase of leak redirect to the desired proxy(socks5,http,trans)"`
 	Proxyuser         string   `default:"" usage:"Proxy username in case of proxy redirection"`
 	Proxypass         string   `default:"" usage:"Proxy password in case of proxy redirection"`
 	OneCircuit        bool     `default:"false" usage:"Disable random SOCKS behavior"`
 	WhitelistLoopback bool     `default:"false" usage:"Whitelist outgoing IP connections to loopback addresses (e.g. 127.0.0.1)"` //nolint:lll
 }
 
 // FullAddress is the network address and port
@@ -103,7 +104,7 @@
 	Port uint16
 }
 
 func main() {
 	// Create a Config and initialize it with default values.
 	cfg := Config{}
 	config := easyconfig.Configurator{
@@ -138,7 +139,7 @@
 	}
 
 	// Start the program with tracing and handle the CONNECT system call events.
 	if err := strace.Trace(program, func(t strace.Task, record *strace.TraceRecord) error {
 		if record.Event == strace.SyscallEnter && record.Syscall.Sysno == unix.SYS_CONNECT {
 			if err := HandleConnect(t, record, program, cfg); err != nil {
 				return err
@@ -204,6 +205,11 @@
 
 			return nil
 		}
+		if cfg.KillTracee {
+			KillTracee(record.PID)
+
+			return nil
+		}
 		if cfg.KillProg {
 			KillApp(program, IPPort)
 
@@ -218,7 +224,7 @@
 			}
 
 			return nil
 			// TODO: handle invalid flag
 			// Incase trans proxy will require a different implementation a switch will be used.
 		}
 
@@ -233,7 +239,7 @@
 
 // eventName returns an event name. There should never be an event name
 // we do not known and, if we encounter one, we panic.
 func eventName(r *strace.TraceRecord) (string, error) { //nolint
 	// form up a reasonable name for a system call.
 	// If there is no name, then it will be Exxxx or Xxxxx, where x
 	// is the system call number as %04x.
@@ -254,16 +260,16 @@
 	case strace.SyscallExit:
 		return sysName, nil
 	case strace.SignalExit:
 		return fmt.Sprintf("SignalExit"), nil
 	case strace.Exit:
 		return fmt.Sprintf("Exit"), nil
 	case strace.SignalStop:
 		return fmt.Sprintf("SignalStop"), nil
 	case strace.NewChild:
 		return fmt.Sprintf("NewChild"), nil
 	}
 
 	return "", fmt.Errorf("unknown event %#x from record %v", r.Event, r)
 }
 
 // ParseAddress reads an sockaddr struct from the given address and converts it
@@ -347,7 +353,7 @@
 		//			out.NIC = NICID(a.Scope_id)
 		//}
 
 		if out.Addr == strings.Repeat(nullByte, 16) {
 			out.Addr = ""
 		}
 
@@ -371,6 +377,15 @@
 	log.Warnf("Proxy Leak Detected : %v. Killing the Application.", iPPort)
 }
 
+// KillTracee kills the specific tracee process causing the leak.
+func KillTracee(traceePID int) error {
+	if err := syscall.Kill(traceePID, syscall.SIGKILL); err != nil {
+		return fmt.Errorf("failed to kill tracee PID %d: %w", traceePID, err)
+	}
+	log.Infof("Killed tracee PID: %d due to a proxy leak.", traceePID)
+	return nil
+}
+
 // Setting environment variables.
 func SetEnv(cfg Config) string {
 	host, port := os.Getenv("TOR_SOCKS_HOST"), os.Getenv("TOR_SOCKS_PORT")
@@ -462,7 +477,7 @@
 	case parsedhost.To4()[0] == UDPProtolNum:
 		log.Error("Support for UDP will be implemented")
 	default:
 		return errors.New("invalid ip address")
 	}
 
 	// Poking our proxy IP/Port to the address containing the original address
@@ -475,7 +490,7 @@
 	return nil
 }
 
 func Socksify(args strace.SyscallArguments, record *strace.TraceRecord, t strace.Task, cfg Config) error {
 	username, password := cfg.Proxyuser, cfg.Proxypass
 
 	if !cfg.OneCircuit {
@@ -491,7 +506,7 @@
 
 	addr, _ := exitAddr.LoadAndDelete(record.PID)
 	IPPort := fmt.Sprintf("%v", addr)
 	fd := record.Syscall.Args[0].Uint()
 
 	p, err := pidfd.Open(record.PID, 0)
 	if err != nil {
@@ -512,9 +527,9 @@
 
 	switch cfg.Redirect {
 	case "socks5":
 		cl, err := socks5.NewClient(IPPort, username, password, 10, 10)
 		if err != nil {
 			return err
 		}
 
 		_, err = cl.Dial("tcp", IPPort, conn)
@@ -525,12 +540,12 @@
 	case "http":
 		cl, err := httpproxy.NewClient(cfg.SocksTCP, username, password)
 		if err != nil {
 			return err
 		}
 
 		_, err = cl.Dial("tcp", IPPort, conn)
 		if err != nil {
 			return err
 		}
 	}
 
@@ -541,7 +556,7 @@
 	// Create or open the log file in append mode
 	logFile, err := os.OpenFile("stack_trace.log", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) //nolint
 	if err != nil {
 		return err
 	}
 
 	defer logFile.Close()
@@ -552,7 +567,7 @@
 
 	commBytes, err := os.ReadFile(commPath)
 	if err != nil {
 		return err
 	}
 	// Split the contents by null byte to separate command and arguments
 	cmdline := strings.Split(string(commBytes), "\x00")
@@ -566,7 +581,7 @@
 	go_log.Printf("Program and Arguments:%v\n", cmdline)
 
 	// Get the stack trace
 	stack := make([]byte, 8192)
 	length := runtime.Stack(stack, true)
 
 	// Write the stack trace to the log file
@@ -589,16 +604,16 @@
 }
 
 func GenerateRandomCredentials() (string, error) {
 	bytes := make([]byte, 48)
 	if _, err := rand.Read(bytes); err != nil {
 		return "", err
 	}
 
 	return hex.EncodeToString(bytes), nil
 }
 
 func initializeAuthData() {
 	for i := 0; i < 10; i++ {
 		username, _ := GenerateRandomCredentials()
 		password, _ := GenerateRandomCredentials()
 		authData = append(authData, struct {