diff --git a/agent.go b/agent.go index e182fa4..d523917 100644 --- a/agent.go +++ b/agent.go @@ -18,6 +18,11 @@ const ( EgressPolicyBlock = "block" ) +var ( + dnsConfig *DnsConfig = nil + sudo *Sudo = nil +) + type DNSServer interface { ListenAndServe() error } @@ -56,6 +61,8 @@ func Run(ctx context.Context, configFilePath string, hostDNSServer DNSServer, dockerDNSServer DNSServer, iptables *Firewall, nflog AgentNflogger, cmd Command, resolvdConfigPath, dockerDaemonConfigPath, tempDir string) error { + defer panicHandler() + // Passed to each go routine, if anyone fails, the program fails errc := make(chan error) @@ -115,8 +122,8 @@ func Run(ctx context.Context, configFilePath string, hostDNSServer DNSServer, WriteLog("started process monitor") } - dnsConfig := DnsConfig{} - sudo := Sudo{} + dnsConfig = &DnsConfig{} + sudo = &Sudo{} var ipAddressEndpoints []ipAddressEndpoint // hydrate dns cache @@ -323,23 +330,30 @@ func addImplicitEndpoints(endpoints map[string][]Endpoint, disableTelemetry bool } func RevertChanges(iptables *Firewall, nflog AgentNflogger, - cmd Command, resolvdConfigPath, dockerDaemonConfigPath string, dnsConfig DnsConfig, sudo Sudo) { + cmd Command, resolvdConfigPath, dockerDaemonConfigPath string, dnsConfig *DnsConfig, sudo *Sudo) { err := RevertFirewallChanges(iptables) if err != nil { WriteLog(fmt.Sprintf("Error in RevertChanges %v", err)) } - err = dnsConfig.RevertDNSServer(cmd, resolvdConfigPath) - if err != nil { - WriteLog(fmt.Sprintf("Error in reverting DNS server changes %v", err)) - } - err = dnsConfig.RevertDockerDNSServer(cmd, dockerDaemonConfigPath) - if err != nil { - WriteLog(fmt.Sprintf("Error in reverting docker DNS server changes %v", err)) + + if dnsConfig != nil { + err = dnsConfig.RevertDNSServer(cmd, resolvdConfigPath) + if err != nil { + WriteLog(fmt.Sprintf("Error in reverting DNS server changes %v", err)) + } + err = dnsConfig.RevertDockerDNSServer(cmd, dockerDaemonConfigPath) + if err != nil { + WriteLog(fmt.Sprintf("Error in reverting docker DNS server changes %v", err)) + } } - err = sudo.revertDisableSudo() - if err != nil { - WriteLog(fmt.Sprintf("Error in reverting sudo changes %v", err)) + + if sudo != nil { + err = sudo.revertDisableSudo() + if err != nil { + WriteLog(fmt.Sprintf("Error in reverting sudo changes %v", err)) + } } + WriteLog("Reverted changes") } diff --git a/dnsproxy.go b/dnsproxy.go index 87d5a38..b46228d 100644 --- a/dnsproxy.go +++ b/dnsproxy.go @@ -297,6 +297,8 @@ func (proxy *DNSProxy) processTypeA(q *dns.Question, requestMsg *dns.Msg) (*dns. } func startDNSServer(dnsProxy *DNSProxy, server DNSServer, errc chan error) { + defer panicHandler() + dns.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) { switch r.Opcode { case dns.OpcodeQuery: diff --git a/eventhandler.go b/eventhandler.go index 85bb864..b848adc 100644 --- a/eventhandler.go +++ b/eventhandler.go @@ -202,6 +202,8 @@ func (eventHandler *EventHandler) handleNetworkEvent(event *Event) { } func (eventHandler *EventHandler) HandleEvent(event *Event) { + defer panicHandler() + switch event.EventType { case netMonitorTag: eventHandler.handleNetworkEvent(event) diff --git a/main.go b/main.go index 999c56a..574d25e 100644 --- a/main.go +++ b/main.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "os/signal" + "runtime/debug" "syscall" "github.com/miekg/dns" @@ -42,3 +43,11 @@ func main() { os.Exit(1) } } + +func panicHandler() { + if r := recover(); r != nil { + RevertChanges(nil, nil, nil, resolvedConfigPath, dockerDaemonConfigPath, dnsConfig, sudo) + WriteLog(fmt.Sprintf("[agent] panic: %v; \n %s", r, debug.Stack())) + os.Exit(1) + } +} diff --git a/netmon.go b/netmon.go index 7f71a47..cc71b58 100644 --- a/netmon.go +++ b/netmon.go @@ -25,6 +25,7 @@ type NetworkMonitor struct { var ipAddresses = make(map[string]int) func (netMonitor *NetworkMonitor) MonitorNetwork(ctx context.Context, nflogger AgentNflogger, errc chan error) []string { + defer panicHandler() //sysLogger, err := syslog.NewLogger(syslog.LOG_INFO|syslog.LOG_USER, 1) var err error @@ -66,6 +67,8 @@ func (netMonitor *NetworkMonitor) MonitorNetwork(ctx context.Context, nflogger A } func (netMonitor *NetworkMonitor) handlePacket(attrs nflog.Attribute) { + defer panicHandler() + timestamp := time.Now().UTC() // *attrs.Timestamp data := *attrs.Payload packet := gopacket.NewPacket(data, layers.LayerTypeIPv4, gopacket.Default)