using udp connection from go/net module instead of netcat

Signed-off-by: Kapil Sharma <[email protected]>
falcosecurity · Apr 16, 2024 · 15a1ba1 · 15a1ba1
1 parent 6c9e257
commit 15a1ba1
Showing 1 changed file with 11 additions and 10 deletions.
diff --git a/events/syscall/unexpected_k8s_nodeport_connection.go b/events/syscall/unexpected_k8s_nodeport_connection.go
@@ -14,9 +14,9 @@ limitations under the License.
 package syscall
 
 import (
+	"fmt"
+	"net"
 	"github.com/falcosecurity/event-generator/events"
-	"os/exec"
-	"strconv"
 )
 
 var _ = events.Register(
@@ -28,24 +28,25 @@ func UnexpectedK8sNodePortConnection(h events.Helper) error {
 	if h.InContainer() {
 		port := 31000
 
+		// Get the IP address of the "eth0" interface
 		hostIP, err := getHostEth0IP()
 		if err != nil {
 			return err
 		}
-		path, err := exec.LookPath("nc")
+
+		addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", hostIP, port))
 		if err != nil {
-			// If we don't have an netcat, just bail
-			return &events.ErrSkipped{
-				Reason: "netcat utility not found in path",
-			}
+			return err
 		}
-		cmd := exec.Command(path, hostIP, strconv.Itoa(port), "<", "/dev/null")
-		err = cmd.Run()
+
+		// Establish a UDP connection to the address
+
+		conn, err := net.DialUDP("udp", nil, addr)
 		if err != nil {
 			return err
 		}
+		defer conn.Close() // Close the connection when the function returns
 	}
-
 	return &events.ErrSkipped{
 		Reason: "'Unexpected k8s Nodeport connection' is applicable only to containers.",
 	}