| Krzysztof Opasiak | 28c3d2e | 2019-03-21 22:49:38 +0100 | [diff] [blame] | 1 | #!/usr/bin/env bash |
| 2 | |
| 3 | # COPYRIGHT NOTICE STARTS HERE |
| 4 | # |
| 5 | # Copyright 2019 Samsung Electronics Co., Ltd. |
| 6 | # |
| 7 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 8 | # you may not use this file except in compliance with the License. |
| 9 | # You may obtain a copy of the License at |
| 10 | # |
| 11 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | # |
| 13 | # Unless required by applicable law or agreed to in writing, software |
| 14 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 16 | # See the License for the specific language governing permissions and |
| 17 | # limitations under the License. |
| 18 | # |
| 19 | # COPYRIGHT NOTICE ENDS HERE |
| 20 | |
| 21 | # Check all ports exposed by pods to internal network and look for |
| 22 | # open JDWP ports |
| 23 | # |
| 24 | # Dependencies: |
| 25 | # kubectl + config |
| 26 | # netcat |
| 27 | # |
| 28 | # Return value: Number of discovered JDWP ports |
| 29 | # Output: List of pods and exposing JDWP interface |
| 30 | # |
| 31 | |
| 32 | if [ "$#" -lt 1 ]; then |
| 33 | echo "Usage: $0 <k8s-namespace>" |
| 34 | exit 1 |
| 35 | fi |
| 36 | |
| 37 | K8S_NAMESPACE=$1 |
| 38 | LOCAL_PORT=12543 |
| 39 | |
| 40 | list_pods() { |
| 41 | kubectl get po --namespace=$K8S_NAMESPACE | grep Running | awk '{print $1}' | grep -v NAME |
| 42 | } |
| 43 | |
| 44 | do_jdwp_handshake() { |
| 45 | local ip="127.0.0.1" |
| 46 | local port=$1 |
| 47 | local jdwp_challenge="JDWP-Handshake\n" |
| 48 | local jdwp_response="JDWP-Handshake" |
| 49 | |
| Krzysztof Opasiak | 0a85663 | 2019-05-06 23:27:08 +0200 | [diff] [blame] | 50 | # 10s timeout to avoid hangs when service doesn't answer at all |
| 51 | local response=`nc -w 10 $ip $port <<<$jdwp_challenge | tr '\0' '\n'` |
| Krzysztof Opasiak | e095b67 | 2019-05-10 22:43:10 +0200 | [diff] [blame] | 52 | local n_response_lines=`echo "$response" | wc -l` |
| 53 | if [[ "$n_response_lines" -le 1 ]] && [[ $response == *"$jdwp_response"* ]]; then |
| Krzysztof Opasiak | 28c3d2e | 2019-03-21 22:49:38 +0100 | [diff] [blame] | 54 | return 0 |
| 55 | fi |
| 56 | |
| 57 | return 1 |
| 58 | } |
| 59 | # get open ports from procfs as netstat is not always available |
| 60 | get_open_ports_on_pod() { |
| 61 | local pod=$1 |
| 62 | local open_ports_hex=`kubectl exec --namespace=$K8S_NAMESPACE $pod cat /proc/net/tcp 2>/dev/null| grep -v "local_address" | awk '{ print $2" "$4 }' | grep '0A$' | tr ":" " " | awk '{ print $2 }' | sort | uniq` |
| 63 | for hex_port in $open_ports_hex; do |
| 64 | echo $((16#$hex_port)) |
| 65 | done |
| 66 | } |
| 67 | |
| 68 | N_PORTS=0 |
| 69 | |
| 70 | # go through all pods |
| 71 | for pod in `list_pods`; do |
| 72 | open_ports=`get_open_ports_on_pod $pod` |
| 73 | # if there is no open ports just go to next pod |
| 74 | if [ -z "$open_ports" ]; then |
| 75 | continue |
| 76 | fi |
| 77 | |
| 78 | # let's setup a proxy and check every open port |
| 79 | for port in $open_ports; do |
| 80 | # run proxy |
| 81 | kubectl port-forward --namespace=$K8S_NAMESPACE $pod $LOCAL_PORT:$port &>/dev/null & |
| 82 | sleep 1 |
| 83 | proxy_pid=$! |
| 84 | |
| 85 | do_jdwp_handshake $LOCAL_PORT |
| 86 | if [ $? -eq 0 ]; then |
| 87 | echo $pod $port |
| 88 | ((++N_PORTS)) |
| 89 | fi |
| 90 | kill $proxy_pid 2>/dev/null |
| 91 | wait $proxy_pid 2>/dev/null |
| 92 | done |
| 93 | done |
| 94 | |
| 95 | exit $N_PORTS |