Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(monitor): DNS Visibility using kprobes #1584

Closed
wants to merge 1 commit into from
Closed

feat(monitor): DNS Visibility using kprobes #1584

wants to merge 1 commit into from

Conversation

harisudarsan1
Copy link

@harisudarsan1 harisudarsan1 commented Jan 18, 2024
edited
Loading

Purpose of PR?:

Fixes #1219

Does this PR introduce a breaking change?
No It does not introduce a breaking change it adds a dns visibility feature from the existing code.

If the changes in this PR are manually verified, list down the scenarios covered::

  1. Added conditions for network kprobes to check whether they are used for dns query by capturing the sockets of type SOCK_DGRAM and with port 53.
  2. If yes then the dns query is read by tracing sendmmsg and sendmsg sycalls.
  3. The DNS query is then passed to the userspace using the BPF maps.

Additional information for reviewer? :

  1. This PR currently traces the syscalls to get the dns information another approach can be using socket filters for tracing the dns queries.

Upcoming changes

  1. Using hash map instead of global variables for storing dns info
  2. Sharing the dns info to the user space using ringbuffers
  3. Getting the DNS info from userspace and sending it as telementry events.

Checklist:

  • Bug fix. Fixes #
  • [ x] New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • PR Title follows the convention of <type>(<scope>): <subject>
  • Commit has unit tests
  • Commit has integration tests

@DelusionalOptimist
Copy link
Member

Hey @harisudarsan1! Thank you for taking interest... really sorry for being late but this might not be that beginner friendly. In fact, we've had trouble in getting this implemented in two consecutive LFX mentorships by dedicated mentees along with support from mentors. So, given the complexities, we've decided that someone from the maintainer team will now be taking this up.
We'll regularly share updates and try to keep you in the loop so that you can offer your valuable comments. Thanks again. Please let us know if you find some other issue which you'd like to work on. : )

@harisudarsan1
Copy link
Author

Hey @harisudarsan1! Thank you for taking interest... really sorry for being late but this might not be that beginner friendly. In fact, we've had trouble in getting this implemented in two consecutive LFX mentorships by dedicated mentees along with support from mentors. So, given the complexities, we've decided that someone from the maintainer team will now be taking this up. We'll regularly share updates and try to keep you in the loop so that you can offer your valuable comments. Thanks again. Please let us know if you find some other issue which you'd like to work on. : )

@DelusionalOptimist Thanks for letting me know this. I am currently addressing the Kubearmor dashboard issue as part of the LFX Mentorship Program.

@harisudarsan1
Copy link
Author

I'll provide my suggestions for this task :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

DNS Visibility with KubeArmor
2 participants
@harisudarsan1 @DelusionalOptimist