feature: network connection probe, detector, generator, server

[leondz]

Check to see if a target can be made to connect to a remote port

• New tool: garak listener (tools/glisten.py). Operates on a service port and accepts instructions for what ports it should be listening on; returns whether ports were bound, connected to, and what data was sent.
• New probe: network.OpenPorts. Orchestrates glisten and sends prompts designed to make a target connect to a port.
• New generator: test.PortOpener. If a certain format of prompt instruction is received, connects to and closes a TCP port.
• New detector: network.GListenConnect. Parses glisten summaries inserted into attempt notes to see if there's indication of a successful connection

GListen is coded & tested on Linux.

Demo:

• in one window, run python tools/glisten.py
• in another window, run python -m garak -t test.PortOpener -p network.OpenPorts
• note the five connection attempts and 100% failure rate

Todo:

• Tests for glisten
• Tests for detector, generator, probe
• Check glisten protocol description in tools/glisten actually matches behaviour
• Log data from multiple connections in a list, instead of a single data objkecdt
• Bugfix "bad FD" error in glisten after a few garak runs:

('127.0.0.1', 58742) connected to 37176
('127.0.0.1', 36366) ['COLLECT', '55fa89f6-be87-46f4-9004-216781a58da9']
Traceback (most recent call last):
  File "/home/lderczynski/dev/garak/tools/glisten.py", line 275, in <module>
    glisten.start()
    ~~~~~~~~~~~~~^^
  File "/home/lderczynski/dev/garak/tools/glisten.py", line 270, in start
    self._init_service()
    ~~~~~~~~~~~~~~~~~~^^
  File "/home/lderczynski/dev/garak/tools/glisten.py", line 258, in _init_service
    self._accept_wrapper(key.fileobj)
    ~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^
  File "/home/lderczynski/dev/garak/tools/glisten.py", line 79, in _accept_wrapper
    conn, addr = sock.accept()
                 ~~~~~~~~~~~^^
  File "/home/lderczynski/anaconda3/envs/garak/lib/python3.13/socket.py", line 295, in accept
    fd, addr = self._accept()
               ~~~~~~~~~~~~^^
OSError: [Errno 9] Bad file descriptor

• Bugfix connection reset by peer in glisten:

  File "/home/lderczynski/dev/garak/tools/glisten.py", line 213, in _serve_connection
    self._serve_service_connection(key, mask)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^
  File "/home/lderczynski/dev/garak/tools/glisten.py", line 149, in _serve_service_connection
    recv_data = sock.recv(1024)
ConnectionResetError: [Errno 104] Connection reset by peer
(garak) 14:12:56 x1:~/dev/garak/tools [feature/port_checker] $ python3 glisten.py 

• Fix up glisten logging & CLI output (currently no emojis? a travesty)
• Write more docs including demo
• Have glisten extract garak version no.
• Probe and detector for sending some payload/string, perhaps using attempt triggers mechanism

Out of scope but lined up for later

• Apache log listener detector. It's unrealistic to expect people to bind glisten to port 80/445 while running tests, but we do want to know if a target can be made to reach out to the web.

[erickgalinkin]

Looks like a good start -- need to test this thing myself a bit to validate.

[erickgalinkin]

Would be cool to have something hosted on the garak page that we could wget or use requests to fetch as an artefact.

[erickgalinkin]

We can do better than this. :P

It's a good start though!

[erickgalinkin]

Would consider replacing "test" with maybe something like "specified" just so we're clear it's not a test-test?

[erickgalinkin]

Could this be a problem with parallel_attempts?

[erickgalinkin]

Maybe a good place for us to use pydantic to ensure schema sanity?

Could be overkill. Shrug.

[erickgalinkin]

Suggested change

	#!/usr/bin/env python3
	#!/usr/bin/env python3
	# SPDX-FileCopyrightText: Portions Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
	# SPDX-License-Identifier: Apache-2.0

[erickgalinkin]

I don't see a logging config. Do we want this logged in garak.log? Should we establish a logging config to a separate file?

As a QOL option, perhaps an optional flag to auto-delete the log after the service is stopped?

[erickgalinkin]

id is the name of a built-in function. Would suggest using session_id or similar.

[erickgalinkin]

Do we want a bitwise & here? Maybe and makes it clearer?

[erickgalinkin]

Same comment here -- and versus &.

[jmartin-tech]

Some initial overall thoughts, more in-depth review pending.

[jmartin-tech]

Should store as a dict and be keyed based on the action that occurred, while an attempt notes the probe that created it I can envision notes collisions for various detectors.

[jmartin-tech]

This value should be stored on the attempt to be used during debugging or detection.

[jmartin-tech]

I see a note on this but don't see it consumed.

[jmartin-tech]

Usage for this is confusing, this allows listening on multiple ports, however the probe code only targets 1 port.

I think the usage pattern for parallel execution is incomplete in this PR, either a unique value needs to be transmitted to the target port for the listener to identify the caller or each attempt needs to try a different port. The code here suggests the current goal is the latter.

One concern here is that egress filtering is likely to need very targeted ports and there needs to be orchestration to ensure that no two parallel generations are attempting the same port.

[leondz]

Yes to every comment here, I'm glad we're aligned!