Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsHostCompatible ¶
func IsHostCompatible() error
IsHostCompatible checks that BPF programs can run on this host.
func SystemHasBPF ¶
func SystemHasBPF() bool
SystemHasBPF returns true if the binary was build with support for BPF compiled in.
Types ¶
type BPF ¶
type BPF interface { // OpenSession will start monitoring all events within a session and // emitting them to the Audit Log. OpenSession(ctx *SessionContext) (uint64, error) // CloseSession will stop monitoring events for a particular session. CloseSession(ctx *SessionContext) error // Close will stop any running BPF programs. Close() error }
BPF implements an interface to open and close a recording session.
type Config ¶
type Config struct { // Enabled is if this service will try and install BPF programs on this system. Enabled bool // CommandBufferSize is the size of the perf buffer for command events. CommandBufferSize *int // DiskBufferSize is the size of the perf buffer for disk events. DiskBufferSize *int // NetworkBufferSize is the size of the perf buffer for network events. NetworkBufferSize *int // CgroupPath is where the cgroupv2 hierarchy is mounted. CgroupPath string }
Config holds configuration for the BPF service.
func (*Config) CheckAndSetDefaults ¶
CheckAndSetDefaults checks BPF configuration.
type NOP ¶
type NOP struct { }
NOP is used on either non-Linux systems or when BPF support is not enabled.
func (*NOP) CloseSession ¶
func (s *NOP) CloseSession(_ *SessionContext) error
CloseSession closes a NOP session. Note this function does nothing.
func (*NOP) OpenSession ¶
func (s *NOP) OpenSession(_ *SessionContext) (uint64, error)
OpenSession opens a NOP session. Note this function does nothing.
type Service ¶
type Service struct { }
Service is used on non-Linux systems as a NOP service that allows the caller to open and close sessions that do nothing on systems that don't support eBPF.
type SessionContext ¶
type SessionContext struct { // Context is a cancel context, scoped to a server, and not a session. Context context.Context // Namespace is the namespace within which this session occurs. Namespace string // SessionID is the UUID of the given session. SessionID string // ServerID is the UUID of the server this session is executing on. ServerID string // Login is the Unix login for this session. Login string // User is the Teleport user. User string // PID is the process ID of Teleport when it re-executes itself. This is // used by Teleport to find itself by cgroup. PID int // Emitter is used to record events for a particular session Emitter apievents.Emitter // Events is the set of events (command, disk, or network) to record for // this session. Events map[string]bool }
SessionContext contains all the information needed to track and emit events for a particular session. Most of this information is already within srv.ServerContext, unfortunately due to circular imports with lib/srv and lib/bpf, part of that structure is reproduced in SessionContext.