hyp/hypd/server
Steven Polley 2951c1f684
Some checks failed
continuous-integration/drone/push Build is failing
add support for multiple secrets (independent agents) on the knock daemon
This allows you to generate more than one pre-shared secret on the knock daemon so that you can distribute the secret and control revocation at a more granular level.  Each additional secret creates one more concurrent authentic knock sequence.
2024-04-19 22:04:00 -06:00
..
bpf_endian.h enter eBPF, libpcap and CGO = bloat 2024-04-13 21:22:22 -06:00
hyp_bpf_bpfeb.go added generated go code from ebpg-go 2024-04-14 21:03:22 -06:00
hyp_bpf_bpfeb.o Added pre-compiled ebpf programs 2024-04-14 21:00:31 -06:00
hyp_bpf_bpfel.go added generated go code from ebpg-go 2024-04-14 21:03:22 -06:00
hyp_bpf_bpfel.o Added pre-compiled ebpf programs 2024-04-14 21:00:31 -06:00
hyp_bpf.c remove unreferenced macros... 2024-04-16 20:09:01 -06:00
packet.go add support for multiple secrets (independent agents) on the knock daemon 2024-04-19 22:04:00 -06:00
README.md README add/edit 2024-04-16 20:09:37 -06:00
vmlinux.h enter eBPF, libpcap and CGO = bloat 2024-04-13 21:22:22 -06:00

hypd server

hypd is the port knocking daemon which runs on an edge device connecting to an untrusted network. Leveraging eBPF's XDP hook point, it extracts header information directly and sends to userspace the specific information required. This method is faster than alternative methods such as using libpcap.

eBPF

The hyp_bpf.c program can be recompiled using go generate.

# Debian: sudo apt install git clang linux-headers-amd64 libbpf-dev
go generate .

Generating vmlinux.h

vmlinux.h is included in hyp_bpf.c and can be regenerated with bpftool.

# Debian: sudo apt install bpftool
sudo bpftool btf dump file /sys/kernel/btf/vmlinux format c > ../headers/vmlinux.h

Building hypd

hypd has no CGO dependencies and so can run on musl systems as well.

# To ensure it can run on  systems don't use CGO
CGO_ENABLED=0 go build .