cbsensor-linux-bpf
cbsensor-linux-bpf copied to clipboard
vmware
Linux endpoint events for BPF enabled systems
The current `struct data_t` has quite a few problems is fairly primitive, disorganized and wasn't designed for expansion. - Make structures return less unused bytes - Allow event contexts to...
If we can programmatically detect the BPF Map ring buffer type via BCC or a capability BPF syscall test or very worst case a kernel version check in userspace, then...
- Determine which kernel where either `struct path` or `struct file` in BTF generates a resolved filepath for the appropriate context. - Determine the best approach to utilize BTF structured...
We should allow userspace to select the max iterations for at least filepath components and exec args. If they weren't defined then based on kver "select" a good nice number...
Obtain then cgroup ID and store relay with other current namespace grouped information. This can be handled similarly to the mnt_ns id that is already obtained. 4.4 kernel support is...
Create a map between `dev_t` major and minor to the entries set into `/proc/self/mountinfo` In Linux for your current mount namespace, you are able to poll `/proc/self/mounts` when there has...
# Basic `tc` Exception Policy Oriented Firewall - Basic packet exception policy should be first create - Allow core DNS packets, ICMP and perhaps other IP based protocols - Dynamic...
Kprobe hooks that are relatively stable or properly ifdefed to work on the right kernel versions won't have to worry about explcitly attaching the kprobes. - This should be enabled...
Probably should have standards like pylint