Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

network filters #702

Closed
kkourt opened this issue Feb 20, 2023 · 1 comment
Closed

network filters #702

kkourt opened this issue Feb 20, 2023 · 1 comment
Assignees
@kevsecurity
Labels
area/bpf This is related to BPF code area/tracing Related to the tracing sensor kind/enhancement This improves or streamlines existing functionality

Comments

@kkourt
Copy link
Contributor

kkourt commented Feb 20, 2023
edited

Tetragon already supports sock and skb types that can be used to extract information.

For example:

  kprobes:
  - call: "tcp_connect"
    syscall: false
    args:
     - index: 0
       type: "sock"

And:

  kprobes:
  - call: "dev_queue_xmit"
    syscall: false
    args:
     - index: 0
       type: "skb"

We should also add filters (e.g., source/destination port/addr/CIDR) and be able to write policies for those.
@kkourt kkourt added kind/enhancement This improves or streamlines existing functionality area/bpf This is related to BPF code area/tracing Related to the tracing sensor labels Feb 20, 2023
@kevsecurity kevsecurity self-assigned this May 4, 2023
@kevsecurity
Copy link
Contributor

Implemented by PR #1008.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kevsecurity kevsecurity

Labels
area/bpf This is related to BPF code area/tracing Related to the tracing sensor kind/enhancement This improves or streamlines existing functionality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kkourt @kevsecurity