update

Signed-off-by: Hang Yan <[email protected]>

Author: hangyan

pkg/antctl/antctl.go

@@ -754,7 +754,7 @@ $ antctl get podmulticaststats pod -n namespace`,
 		{
 			cobraCommand:      packetcapture.Command,
 			supportAgent:      false,
-			supportController: false,
+			supportController: true,
 		},
 		{
 			cobraCommand:      proxy.Command,

pkg/antctl/raw/packetcapture/command.go

@@ -115,6 +115,17 @@ func getFlowFields(flow string) (map[string]int, error) {
 	return fields, nil
 }
 
+func getPodFile(cmd *cobra.Command) (PodFileCopy, error) {
+	config, client, _, err := getClients(cmd)
+	if err != nil {
+		return nil, err
+	}
+	return &podFile{
+		restConfig: config,
+		client:     client,
+	}, nil
+}
+
 func getConfigAndClients(cmd *cobra.Command) (*rest.Config, kubernetes.Interface, antrea.Interface, error) {
 	kubeConfig, err := raw.ResolveKubeconfig(cmd)
 	if err != nil {
@@ -127,17 +138,6 @@ func getConfigAndClients(cmd *cobra.Command) (*rest.Config, kubernetes.Interface
 	return kubeConfig, k8sClientset, client, nil
 }
 
-func getPodFile(cmd *cobra.Command) (PodFileCopy, error) {
-	config, client, _, err := getClients(cmd)
-	if err != nil {
-		return nil, err
-	}
-	return &podFile{
-		restConfig:    config,
-		restInterface: client.CoreV1().RESTClient(),
-	}, nil
-}
-
 func getPCName(src, dest string) string {
 	replace := func(s string) string {
 		return strings.ReplaceAll(s, "/", "-")
@@ -215,7 +215,7 @@ func packetCaptureRunE(cmd *cobra.Command, args []string) error {
 	splits := strings.Split(latestPC.Status.FilePath, ":")
 	fileName := filepath.Base(splits[1])
 	copier, _ := getCopier(cmd)
-	if err := copier.CopyFromPod(context.TODO(), env.GetAntreaNamespace(), splits[0], "antrea-agent", splits[1], option.outputDir); err == nil {
+	if err := copier.CopyFromPod(cmd.Context(), env.GetAntreaNamespace(), splits[0], "antrea-agent", splits[1], option.outputDir); err != nil {
 		return err
 	}
 	fmt.Fprintf(cmd.OutOrStdout(), "Captured packets file: %s\n", filepath.Join(option.outputDir, fileName))

pkg/antctl/raw/packetcapture/command_test.go

@@ -150,7 +150,6 @@ func TestRun(t *testing.T) {
 			getCopier = func(cmd *cobra.Command) (PodFileCopy, error) {
 				return &testPodFile{}, nil
 			}
-
 			defer func() {
 				getClients = getConfigAndClients
 				getCopier = getPodFile

pkg/antctl/raw/packetcapture/cp.go

@@ -16,61 +16,33 @@ package packetcapture
 
 import (
 	"context"
-	"io"
-	"os"
-	_ "unsafe"
+	"fmt"
+	"path/filepath"
+	"strings"
 
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/remotecommand"
 
+	"antrea.io/antrea/pkg/antctl/raw/check"
 	"antrea.io/antrea/pkg/util/compress"
+	"antrea.io/antrea/pkg/util/env"
 )
 
 type PodFileCopy interface {
 	CopyFromPod(ctx context.Context, namespace, name, containerName, srcPath, dstDir string) error
 }
 
 type podFile struct {
-	restConfig    *rest.Config
-	restInterface rest.Interface
+	restConfig *rest.Config
+	client     kubernetes.Interface
 }
 
 func (p *podFile) CopyFromPod(ctx context.Context, namespace, name, containerName, srcPath, dstDir string) error {
-	reader, outStream := io.Pipe()
-	cmdArr := []string{"tar", "cf", "-", srcPath}
-	req := p.restInterface.
-		Get().
-		Namespace(namespace).
-		Resource("pods").
-		Name(name).
-		SubResource("exec").
-		VersionedParams(&corev1.PodExecOptions{
-			Container: containerName,
-			Command:   cmdArr,
-			Stdin:     true,
-			Stdout:    true,
-			Stderr:    true,
-			TTY:       false,
-		}, scheme.ParameterCodec)
-
-	exec, err := remotecommand.NewSPDYExecutor(p.restConfig, "POST", req.URL())
+	dir, fileName := filepath.Split(srcPath)
+	cmdArr := []string{"/bin/sh", "-c", fmt.Sprintf("cd %s; tar cf - %s", dir, fileName)}
+	output, _, err := check.ExecInPod(ctx, p.client, p.restConfig, env.GetAntreaNamespace(), name, "antrea-agent", cmdArr)
 	if err != nil {
 		return err
 	}
-	go func() {
-		defer outStream.Close()
-		err = exec.StreamWithContext(ctx, remotecommand.StreamOptions{
-			Stdin:  os.Stdin,
-			Stdout: outStream,
-			Stderr: os.Stderr,
-			Tty:    false,
-		})
-		if err != nil {
-			panic(err)
-		}
-	}()
-	err = compress.UnpackReader(defaultFS, reader, dstDir)
-	return err
+	return compress.UnpackReader(defaultFS, strings.NewReader(output), false, option.outputDir)
 }

pkg/util/compress/compress.go

@@ -31,7 +31,7 @@ import (
 // Sanitize archive file pathing from "G305: Zip Slip vulnerability"
 func sanitizeArchivePath(d, t string) (string, error) {
 	v := filepath.Join(d, t)
-	if strings.HasPrefix(v, filepath.Clean(d)) {
+	if strings.HasPrefix(v, filepath.Clean(d)) || (filepath.Clean(d) == "." && v == t) {
 		return v, nil
 	}
 	return "", fmt.Errorf("%s: %s", "content filepath is tainted", t)
@@ -43,15 +43,21 @@ func UnpackDir(fs afero.Fs, fileName string, targetDir string) error {
 		return err
 	}
 	defer file.Close()
-	return UnpackReader(fs, file, targetDir)
+	return UnpackReader(fs, file, true, targetDir)
 }
 
-func UnpackReader(fs afero.Fs, file io.Reader, targetDir string) error {
-	reader, err := gzip.NewReader(file)
-	if err != nil {
-		return err
+func UnpackReader(fs afero.Fs, file io.Reader, useGzip bool, targetDir string) error {
+	reader := file
+	var err error
+	var gzipReader *gzip.Reader
+	if useGzip {
+		gzipReader, err = gzip.NewReader(file)
+		if err != nil {
+			return err
+		}
+		defer gzipReader.Close()
+		reader = gzipReader
 	}
-	defer reader.Close()
 	tarReader := tar.NewReader(reader)
 
 	for true {
@@ -73,10 +79,10 @@ func UnpackReader(fs afero.Fs, file io.Reader, targetDir string) error {
 			}
 		case tar.TypeReg:
 			outFile, err := fs.Create(targetPath)
-			defer outFile.Close()
 			if err != nil {
 				return err
 			}
+			defer outFile.Close()
 			for {
 				// to resolve G110: Potential DoS vulnerability via decompression bomb
 				if _, err := io.CopyN(outFile, tarReader, 1024); err != nil {