Welcome to the Identity eBPF repository! This repository contains example code demonstrating the power and versatility of eBPF (extended Berkeley Packet Filter) in enhancing security and identity enforcement in IoT and distributed systems.
Note: This is still work in progress via pseudo codes and with some help from GPT friend, so contributions are always welcome. more screenshots will be added with the testing results.
While many of the explored eBPF use cases focus on filtering and application security, this repository highlights the potential of eBPF in the Identity space. By seamlessly processing traffic, capturing authentication requests, and enhancing identity enforcement, eBPF opens new possibilities for securing IoT and distributed systems.
This repository contains the following eBPF code examples:
-
HTTP Traffic Redirection: Demonstrates how to intercept and redirect HTTP traffic to an authentication server for identity verification using eBPF.
- http_redirect.c: C code implementing the eBPF program for HTTP traffic redirection.
- http_redirect.py: Python script for loading and attaching the eBPF program to the network stack.
To run the eBPF code examples in this repository, follow these steps:
-
Prerequisites:
- Ensure you have access to a Linux environment with BPF support enabled.
- Install the kernel headers corresponding to your Linux kernel version.
- Make sure Python and pip are installed on your system.
- Install the bcc tools, which provide utilities for working with eBPF programs.
-
Clone the Repository:
git clone https://github.com/yourusername/IdentityeBPF.git cd IdentityeBPF
-
Compile and Load the eBPF Program:
- Compile the
http_redirect.c
file into an eBPF object file:clang -O2 -target bpf -c http_redirect.c -o http_redirect.o
- Load the compiled eBPF object file into the kernel:
sudo bpftool prog load http_redirect.o /sys/fs/bpf/http_redirect
- Compile the
-
Run the Python Script:
- Run the
http_redirect.py
script to attach the eBPF program to the network stack:sudo python http_redirect.py
- Run the
Once the eBPF program is loaded and attached to the network stack, you can test the demo by sending HTTP requests to the Linux system. If everything is set up correctly, the eBPF program will intercept the HTTP traffic and redirect it to the configured destination, which is the SAML identity provider in this case.
Ensure that you replace placeholder values such as yourusername
in the repository URL and the SAML identity provider's IP address and port in the eBPF program with the appropriate values for your environment.
After testing, you can clean up by unloading the eBPF program from the kernel:
sudo bpftool prog unload /sys/fs/bpf/http_redirect
These steps should allow you to run the demo successfully on your Linux system with both the .c
and .py
files.
Contributions to this repository are welcome! If you have additional eBPF code examples, improvements, or suggestions, feel free to submit a pull request.
This repository is licensed under the GNU Public License.