kubescape · rcohencyberarmor · Feb 14, 2023 · Feb 2, 2023 · Feb 2, 2023 · Feb 5, 2023
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+sniffer
+temp
+.vscode
diff --git a/Makefile b/Makefile
@@ -0,0 +1,5 @@
+install-deps:
+	./deps/install_dependencies.sh
+
+build:
+	go build -o sniffer .
diff --git a/README.md b/README.md
@@ -1 +1,44 @@
-# sniffer
+## sniffer
+
+1. Run minikube:
+
+```
+minikube start
+```
+
+2. Run Sniffer:
+
+```
+sudo SNIFFER_CONFIG=./configuration/SnifferConfigurationFile.json ./sniffer
+```
+
+## Limitations:
+1. This feature is using EBPF technology that is implemented only on linux.
+2. the linux kernel version that supported it 4.14
+
+
+## Debugging
+# file for vscode:
+```
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Launch Package",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceFolder}", 
+            "env": {
+                "SNIFFER_CONFIG": "${workspaceFolder}/configuration/SnifferConfigurationFile.json"
+            },
+            "console": "integratedTerminal",
+            "asRoot": true
+        }
+    ]
+}
+
+```
diff --git a/deps/install_dependencies.sh b/deps/install_dependencies.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+sudo apt install git curl clang-12 -y
+
+mkdir dependencies
+pwd
+
+git clone git@github.com:kubescape/ebpf-engine.git deps/dependencies/kubescape_ebpf_engine_sc
+cd deps/dependencies/kubescape_ebpf_engine_sc
+./install_dependencies.sh
+mkdir build && cd ./build
+cmake ..
+make all
+cd ../../../
+cp deps/dependencies/kubescape_ebpf_engine_sc/deps/dependencies/falco-libs/build/driver/bpf/probe.o ../resources/ebpf/kernel_obj.o
+cp deps/dependencies/kubescape_ebpf_engine_sc/build/main ../resources/ebpf/sniffer
diff --git a/go.mod b/go.mod
@@ -0,0 +1,41 @@
+module sniffer
+
+go 1.19
+
+require github.com/kubescape/go-logger v0.0.8
+
+require (
+	github.com/cenkalti/backoff/v4 v4.2.0 // indirect
+	github.com/fatih/color v1.13.0 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.0 // indirect
+	github.com/mattn/go-colorable v0.1.9 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/uptrace/opentelemetry-go-extra/otelutil v0.1.18 // indirect
+	github.com/uptrace/opentelemetry-go-extra/otelzap v0.1.18 // indirect
+	github.com/uptrace/uptrace-go v1.11.8 // indirect
+	go.opentelemetry.io/contrib/instrumentation/runtime v0.37.0 // indirect
+	go.opentelemetry.io/otel v1.11.2 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.2 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.34.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.34.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.11.2 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.2 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.11.2 // indirect
+	go.opentelemetry.io/otel/metric v0.34.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.11.2 // indirect
+	go.opentelemetry.io/otel/sdk/metric v0.34.0 // indirect
+	go.opentelemetry.io/otel/trace v1.11.2 // indirect
+	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
+	go.uber.org/atomic v1.10.0 // indirect
+	go.uber.org/multierr v1.9.0 // indirect
+	go.uber.org/zap v1.24.0 // indirect
+	golang.org/x/net v0.5.0 // indirect
+	golang.org/x/sys v0.4.0 // indirect
+	golang.org/x/text v0.6.0 // indirect
+	google.golang.org/genproto v0.0.0-20230106154932-a12b697841d9 // indirect
+	google.golang.org/grpc v1.51.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+)
diff --git a/go.sum b/go.sum
diff --git a/internal/config/config_interface.go b/internal/config/config_interface.go
@@ -0,0 +1,9 @@
+package config
+
+import "io"
+
+type ConfigClient interface {
+	// global configuration
+	GetConfigurationData() (io.Reader, error)
+	ParseConfiguration(data io.Reader) error
+}
diff --git a/internal/validator/validator_interface.go b/internal/validator/validator_interface.go
@@ -0,0 +1,5 @@
+package validator
+
+type ValidatorClient interface {
+	CheckPrerequisites() error
+}
diff --git a/internal/version/version_interface.go b/internal/version/version_interface.go
@@ -0,0 +1,5 @@
+package version
+
+type VersionClient interface {
+	GetVersion() string
+}
diff --git a/main.go b/main.go
@@ -0,0 +1,4 @@
+package main
+
+func main() {
+}
diff --git a/pkg/accumulator/accumulator_interface.go b/pkg/accumulator/accumulator_interface.go
@@ -0,0 +1,8 @@
+package accumulator
+
+type AcccumulatorClient interface {
-type AcccumulatorClient interface {
+type AccumulatorClient interface {
-type AcccumulatorClient interface {
+type AccumulatorClient interface {
+	// this function StartAccumulator will store the data from the ebpf engine
+	StartAccumulator() error
+	StartContainerAccumulator() error
+	StopContainerAccumulator() error
+}
diff --git a/pkg/conthandler/container_aggregator_interface.go b/pkg/conthandler/container_aggregator_interface.go
@@ -0,0 +1,7 @@
+package conthandler
+
+type ContainerAggregatorClient interface {
+	StartAggregate(containerID string) error
+	StopAggregate(containerID string) error
+	ListContainerRealTimeFiles(containerID string) []string
+}
diff --git a/pkg/conthandler/container_main_handler.go b/pkg/conthandler/container_main_handler.go
@@ -0,0 +1,5 @@
+package conthandler
+
+type ContainerMainHandlerClient interface {
+	StartMainHandler() error
+}
diff --git a/pkg/conthandler/container_watcher_interface.go b/pkg/conthandler/container_watcher_interface.go
@@ -0,0 +1,5 @@
+package conthandler
+
+type ContainerWatcherClient interface {
+	StartWatchedOnNewContainers() error
+}
diff --git a/pkg/ebpfeng/ebpf_engine_interface.go b/pkg/ebpfeng/ebpf_engine_interface.go
@@ -0,0 +1,9 @@
+package ebpfeng
+
+import ebpfev "sniffer/pkg/ebpfev/v1"
+
+type EbpfEngineClient interface {
+	StartEbpfEngine() error
+	GetData(chan *ebpfev.EventData)
+	GetEbpfEngineError() error
+}
diff --git a/pkg/ebpfev/event_interface.go b/pkg/ebpfev/event_interface.go
@@ -0,0 +1,16 @@
+package ebpfev
+
+import (
+	"time"
+)
+
+type EventClient interface {
+	GetEventTimestamp() time.Time
+	GetEventContainerID() string
+	GetEventPPID() string
+	GetEventPID() string
+	GetEventSyscallOp() string
+	GetEventSyscallArgs() string
+	GetEventEXE() string
+	GetEventCMD() string
+}
diff --git a/pkg/ebpfev/v1/event.go b/pkg/ebpfev/v1/event.go
@@ -0,0 +1,52 @@
+package ebpfev
+
+import "time"
+
+type EventData struct {
+	timestamp   time.Time
+	containerID string
+	ppid        string
+	pid         string
+	syscallOp   string
+	syscallArgs string
+	exe         string
+	cmd         string
+}
+
+func CreateKernelEvent(timestamp *time.Time, containerID string, ppid string, pid string, syscallOp string, syscallArgs string, exe string, cmd string) *EventData {
+	return &EventData{
+		timestamp:   *timestamp,
+		containerID: containerID,
+		ppid:        ppid,
+		pid:         pid,
+		syscallOp:   syscallOp,
+		syscallArgs: syscallArgs,
+		exe:         exe,
+		cmd:         cmd,
+	}
+}
+
+func (ev *EventData) GetEventTimestamp() time.Time {
+	return ev.timestamp
+}
+func (ev *EventData) GetEventContainerID() string {
+	return ev.containerID
+}
+func (ev *EventData) GetEventPPID() string {
+	return ev.ppid
+}
+func (ev *EventData) GetEventPID() string {
+	return ev.pid
+}
+func (ev *EventData) GetEventSyscallOp() string {
+	return ev.syscallOp
+}
+func (ev *EventData) GetEventSyscallArgs() string {
+	return ev.syscallArgs
+}
+func (ev *EventData) GetEventEXE() string {
+	return ev.exe
+}
+func (ev *EventData) GetEventCMD() string {
+	return ev.cmd
+}
diff --git a/pkg/sbom/sbom_interface.go b/pkg/sbom/sbom_interface.go
@@ -0,0 +1,7 @@
+package sbom
+
+type SBOMClient interface {
+	GetSBOM(imageID string) error
+	FilterSBOM(sbomFileRelevantMap map[string]bool) error
+	StoreFilterSBOM() error
+}
diff --git a/pkg/strageclient/storage_client_interface.go b/pkg/strageclient/storage_client_interface.go
@@ -0,0 +1,7 @@
+package storageclient
+
+type StorageClient interface {
+	GetData(key string) (interface{}, error)
+	PutData(key string, data interface{}) error
+	PostData(key string, data interface{}) error
+}
-Original file line number
+Diff line change
@@ -0,0 +1,3 @@
+    sniffer
+    temp
+    .vscode