-
Notifications
You must be signed in to change notification settings - Fork 6
/
Makefile
72 lines (59 loc) · 1.99 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
PWD=$(shell pwd)
UID=$(shell id -u)
EBPF_DOCKER_FILE?=ebpf/Dockerfile
EBPF_DOCKER_IMAGE?=network-security-probe-builder
PONG_DOCKER_FILE?=cmd/pong/Dockerfile
PONG_DOCKER_IMAGE?=pong
PING_DOCKER_FILE?=cmd/ping/Dockerfile
PING_DOCKER_IMAGE?=ping
UTILS_DOCKER_FILE?=cmd/attacker/Dockerfile
UTILS_DOCKER_IMAGE?=attacker
all: build run
build: build-ebpf build-nsp
insert-veth:
sudo modprobe veth
build-ebpf:
mkdir -p ebpf/bin
clang -D__KERNEL__ -D__ASM_SYSREG_H \
-Wno-unused-value \
-Wno-pointer-sign \
-Wno-compare-distinct-pointer-types \
-Wunused \
-Wall \
-Werror \
-I/lib/modules/$$(uname -r)/build/include \
-I/lib/modules/$$(uname -r)/build/include/uapi \
-I/lib/modules/$$(uname -r)/build/include/generated/uapi \
-I/lib/modules/$$(uname -r)/build/arch/x86/include \
-I/lib/modules/$$(uname -r)/build/arch/x86/include/uapi \
-I/lib/modules/$$(uname -r)/build/arch/x86/include/generated \
-O2 -emit-llvm \
ebpf/main.c \
-c -o - | llc -march=bpf -filetype=obj -o ebpf/bin/probe.o
go-bindata -pkg probe -prefix "ebpf/bin" -o "pkg/probe/probe.go" "ebpf/bin"
ci-build-image:
docker build -t $(EBPF_DOCKER_IMAGE) -f $(EBPF_DOCKER_FILE) .
ci-build-ebpf:
docker run --rm \
-v $(PWD)/ebpf:/src \
-v $(PWD)/pkg/ebpf:/go_src \
--workdir=/src \
$(EBPF_DOCKER_IMAGE) \
make -f ebpf.mk build
sudo chown -R $(UID):$(UID) ebpf
build-nsp:
go build -mod vendor -o bin/network-security-probe cmd/nsp/main.go
demo: ping pong attacker
ping:
env GOOS=linux GOARCH=amd64 go build -mod vendor -o bin/ping cmd/ping/main.go
env GOOS=linux GOARCH=amd64 go build -mod vendor -o bin/nspbench cmd/nspbench/main.go
docker build -t $(PING_DOCKER_IMAGE) -f $(PING_DOCKER_FILE) .
pong:
env GOOS=linux GOARCH=amd64 go build -mod vendor -o bin/pong cmd/pong/main.go
docker build -t $(PONG_DOCKER_IMAGE) -f $(PONG_DOCKER_FILE) .
attacker:
docker build -t $(UTILS_DOCKER_IMAGE) -f $(UTILS_DOCKER_FILE) .
run:
sudo bin/network-security-probe --kubeconfig ~/.kube/config
run_agent:
docker-compose up