bpf

package
v4.2.3-beta.1+incompat... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 6, 2020 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsHostCompatible

func IsHostCompatible() error

IsHostCompatible checks that BPF programs can run on this host.

func SystemHasBPF

func SystemHasBPF() bool

SystemHasBPF returns true if the binary was build with support for BPF compiled in.

Types

type BPF

type BPF interface {
	// OpenSession will start monitoring all events within a session and
	// emitting them to the Audit Log.
	OpenSession(ctx *SessionContext) (uint64, error)

	// CloseSession will stop monitoring events for a particular session.
	CloseSession(ctx *SessionContext) error

	// Close will stop any running BPF programs.
	Close() error
}

BPF implements an interface to open and close a recording session.

func New

func New(config *Config) (BPF, error)

New returns a new NOP service. Note this function does nothing.

type Config

type Config struct {
	// Enabled is if this service will try and install BPF programs on this system.
	Enabled bool

	// CommandBufferSize is the size of the perf buffer for command events.
	CommandBufferSize *int

	// DiskBufferSize is the size of the perf buffer for disk events.
	DiskBufferSize *int

	// NetworkBufferSize is the size of the perf buffer for network events.
	NetworkBufferSize *int

	// CgroupPath is where the cgroupv2 hierarchy is mounted.
	CgroupPath string
}

Config holds configuration for the BPF service.

func (*Config) CheckAndSetDefaults

func (c *Config) CheckAndSetDefaults() error

CheckAndSetDefaults checks BPF configuration.

type NOP

type NOP struct {
}

NOP is used on either non-Linux systems or when BPF support is not enabled.

func (*NOP) Close

func (s *NOP) Close() error

Close will close the NOP service. Note this function does nothing.

func (*NOP) CloseSession

func (s *NOP) CloseSession(ctx *SessionContext) error

OpenSession will open a NOP session. Note this function does nothing.

func (*NOP) OpenSession

func (s *NOP) OpenSession(ctx *SessionContext) (uint64, error)

OpenSession will open a NOP session. Note this function does nothing.

type Service

type Service struct {
}

Service is used on non-Linux systems as a NOP service that allows the caller to open and close sessions that do nothing on systems that don't support eBPF.

type SessionContext

type SessionContext struct {
	// Namespace is the namespace within which this session occurs.
	Namespace string

	// SessionID is the UUID of the given session.
	SessionID string

	// ServerID is the UUID of the server this session is executing on.
	ServerID string

	// Login is the Unix login for this session.
	Login string

	// User is the Teleport user.
	User string

	// PID is the process ID of Teleport when it re-executes itself. This is
	// used by Teleport to find itself by cgroup.
	PID int

	// AuditLog is used to store events for a particular sessionl
	AuditLog events.IAuditLog

	// Events is the set of events (command, disk, or network) to record for
	// this session.
	Events map[string]bool
}

SessionContext contains all the information needed to track and emit events for a particular session. Most of this information is already within srv.ServerContext, unfortunately due to circular imports with lib/srv and lib/bpf, part of that structure is reproduced in SessionContext.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL