Enhanced Session Recording Improvements

Gopkg.toml

@@ -212,4 +212,4 @@ ignored = ["github.com/Sirupsen/logrus", "github.com/gravitational/license/gener
 [[override]]
   name = "github.com/iovisor/gobpf"
   source = "github.com/gravitational/gobpf"
-  revision = "0e328af3088341056aa453a95756f94c87492220"
+  version = "=v0.0.1"

Makefile

@@ -10,7 +10,7 @@
 # Naming convention:
 #	for stable releases we use "1.0.0" format
 #   for pre-releases, we use   "1.0.0-beta.2" format
-VERSION=4.2.0-dev.4
+VERSION=4.2.2-alpha.1
 
 DOCKER_IMAGE ?= quay.io/gravitational/teleport
 

build.assets/Dockerfile-centos6

@@ -18,6 +18,12 @@ COPY pam/teleport-success /etc/pam.d
 
 RUN yum makecache fast && yum -y install gcc pam-devel glibc-devel net-tools tree git zip && yum clean all
 
+# Install GCC 6 through devtools. Newer version of GCC is needed for gobpf
+# which uses __has_include.
+RUN yum -y install centos-release-scl && yum -y install devtoolset-6
+ENV CC=/opt/rh/devtoolset-6/root/usr/bin/gcc
+ENV CXX=/opt/rh/devtoolset-6/root/usr/bin/g++
+
 RUN (groupadd jenkins --gid=$GID -o && useradd jenkins --uid=$UID --gid=$GID --create-home --shell=/bin/sh ;\
      mkdir -p /var/lib/teleport && chown -R jenkins /var/lib/teleport)
 

build.assets/Dockerfile-centos6-fips

@@ -18,6 +18,12 @@ COPY pam/teleport-success /etc/pam.d
 
 RUN yum makecache fast && yum -y install gcc pam-devel glibc-devel net-tools tree git zip && yum clean all
 
+# Install GCC 6 through devtools. Newer version of GCC is needed for gobpf
+# which uses __has_include.
+RUN yum -y install centos-release-scl && yum -y install devtoolset-6
+ENV CC=/opt/rh/devtoolset-6/root/usr/bin/gcc
+ENV CXX=/opt/rh/devtoolset-6/root/usr/bin/g++
+
 RUN (groupadd jenkins --gid=$GID -o && useradd jenkins --uid=$UID --gid=$GID --create-home --shell=/bin/sh ;\
      mkdir -p /var/lib/teleport && chown -R jenkins /var/lib/teleport)
 

build.assets/Makefile

@@ -193,7 +193,7 @@ release-fips: bbox-fips
 #
 .PHONY:release-centos6
 release-centos6: bbox-centos6
-	docker run $(DOCKERFLAGS) -i $(NOROOT) $(BBOXCENTOS6) \
+	docker run $(DOCKERFLAGS) $(BCCFLAGS) -i $(NOROOT) $(BBOXCENTOS6) \
 		/usr/bin/make release -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(RUNTIME)
 
 #
@@ -202,7 +202,7 @@ release-centos6: bbox-centos6
 #
 .PHONY:release-centos6-fips
 release-centos6-fips: bbox-centos6-fips
-	docker run $(DOCKERFLAGS) -i $(NOROOT) $(BBOXCENTOS6FIPS) \
+	docker run $(DOCKERFLAGS) $(BCCFLAGS) -i $(NOROOT) $(BBOXCENTOS6FIPS) \
 		/usr/bin/make release -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(RUNTIME) FIPS=yes
 
 #

lib/bpf/bpf.go

@@ -124,23 +124,23 @@ func New(config *Config) (BPF, error) {
 	start := time.Now()
 	log.Debugf("Starting enhanced session recording.")
 
-	// Compile and start BPF programs.
-	s.exec, err = startExec(closeContext, config.CommandBufferSize)
+	// Compile and start BPF programs if they are enabled (buffer size given).
+	s.exec, err = startExec(closeContext, *config.CommandBufferSize)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
-	s.open, err = startOpen(closeContext, config.DiskBufferSize)
+	s.open, err = startOpen(closeContext, *config.DiskBufferSize)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
-	s.conn, err = startConn(closeContext, config.NetworkBufferSize)
+	s.conn, err = startConn(closeContext, *config.NetworkBufferSize)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
 
 	log.Debugf("Started enhanced session recording with buffer sizes (command=%v, "+
 		"disk=%v, network=%v) and cgroup mount path: %v. Took %v.",
-		s.CommandBufferSize, s.DiskBufferSize, s.NetworkBufferSize, s.CgroupPath,
+		*s.CommandBufferSize, *s.DiskBufferSize, *s.NetworkBufferSize, s.CgroupPath,
 		time.Since(start))
 
 	// Start pulling events off the perf buffers and emitting them to the
@@ -294,8 +294,8 @@ func (s *Service) emitCommandEvent(eventBytes []byte) {
 			events.EventLogin:      ctx.Login,
 			events.EventUser:       ctx.User,
 			// Command fields.
-			events.PID:        event.PPID,
-			events.PPID:       event.PID,
+			events.PID:        event.PID,
+			events.PPID:       event.PPID,
 			events.CgroupID:   event.CgroupID,
 			events.Program:    convertString(unsafe.Pointer(&event.Command)),
 			events.Path:       argv[0],

lib/bpf/command.go

@@ -89,6 +89,11 @@ func startExec(closeContext context.Context, pageCount int) (*exec, error) {
 		closeContext: closeContext,
 	}
 
+	// If the page count is zero, don't start any BPF module.
+	if pageCount == 0 {
+		return e, nil
+	}
+
 	// Compile the BPF program.
 	e.module = bcc.NewModule(execveSource, []string{})
 	if e.module == nil {

lib/bpf/common.go

@@ -85,28 +85,31 @@ type Config struct {
 	Enabled bool
 
 	// CommandBufferSize is the size of the perf buffer for command events.
-	CommandBufferSize int
+	CommandBufferSize *int
 
 	// DiskBufferSize is the size of the perf buffer for disk events.
-	DiskBufferSize int
+	DiskBufferSize *int
 
 	// NetworkBufferSize is the size of the perf buffer for network events.
-	NetworkBufferSize int
+	NetworkBufferSize *int
 
 	// CgroupPath is where the cgroupv2 hierarchy is mounted.
 	CgroupPath string
 }
 
 // CheckAndSetDefaults checks BPF configuration.
 func (c *Config) CheckAndSetDefaults() error {
-	if c.CommandBufferSize == 0 {
-		c.CommandBufferSize = defaults.PerfBufferPageCount
+	var perfBufferPageCount = defaults.PerfBufferPageCount
+	var openPerfBufferPageCount = defaults.OpenPerfBufferPageCount
+
+	if c.CommandBufferSize == nil {
+		c.CommandBufferSize = &perfBufferPageCount
 	}
-	if c.DiskBufferSize == 0 {
-		c.DiskBufferSize = defaults.OpenPerfBufferPageCount
+	if c.DiskBufferSize == nil {
+		c.DiskBufferSize = &openPerfBufferPageCount
 	}
-	if c.NetworkBufferSize == 0 {
-		c.NetworkBufferSize = defaults.PerfBufferPageCount
+	if c.NetworkBufferSize == nil {
+		c.NetworkBufferSize = &perfBufferPageCount
 	}
 	if c.CgroupPath == "" {
 		c.CgroupPath = defaults.CgroupPath

lib/bpf/common_test.go

@@ -0,0 +1,87 @@
+/*
+Copyright 2019 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package bpf
+
+import (
+	"fmt"
+
+	"github.com/gravitational/teleport/lib/defaults"
+	"github.com/gravitational/teleport/lib/utils"
+
+	"gopkg.in/check.v1"
+)
+
+type CommonSuite struct{}
+
+var _ = fmt.Printf
+var _ = check.Suite(&CommonSuite{})
+
+func (s *CommonSuite) SetUpSuite(c *check.C) {
+	utils.InitLoggerForTests()
+}
+func (s *CommonSuite) TearDownSuite(c *check.C) {}
+func (s *CommonSuite) SetUpTest(c *check.C)     {}
+func (s *CommonSuite) TearDownTest(c *check.C)  {}
+
+// TestCheckAndSetDefaults makes sure defaults are set when the user does not
+// provide values for the page sizes and hard coded values (like zero or a
+// specific page size) are respected when given.
+func (s *CommonSuite) TestCheckAndSetDefaults(c *check.C) {
+	var perfBufferPageCount = defaults.PerfBufferPageCount
+	var openPerfBufferPageCount = defaults.OpenPerfBufferPageCount
+	var zeroPageCount = 0
+
+	var tests = []struct {
+		inConfig  *Config
+		outConfig *Config
+	}{
+		// Empty values get defaults.
+		{
+			inConfig: &Config{
+				CommandBufferSize: nil,
+				DiskBufferSize:    nil,
+				NetworkBufferSize: nil,
+			},
+			outConfig: &Config{
+				CommandBufferSize: &perfBufferPageCount,
+				DiskBufferSize:    &openPerfBufferPageCount,
+				NetworkBufferSize: &perfBufferPageCount,
+			},
+		},
+		// Values are not wiped out with defaults.
+		{
+			inConfig: &Config{
+				CommandBufferSize: &zeroPageCount,
+				DiskBufferSize:    &zeroPageCount,
+				NetworkBufferSize: &perfBufferPageCount,
+			},
+			outConfig: &Config{
+				CommandBufferSize: &zeroPageCount,
+				DiskBufferSize:    &zeroPageCount,
+				NetworkBufferSize: &perfBufferPageCount,
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		err := tt.inConfig.CheckAndSetDefaults()
+		c.Assert(err, check.IsNil)
+		c.Assert(*tt.inConfig.CommandBufferSize, check.Equals, *tt.outConfig.CommandBufferSize)
+		c.Assert(*tt.inConfig.DiskBufferSize, check.Equals, *tt.outConfig.DiskBufferSize)
+		c.Assert(*tt.inConfig.NetworkBufferSize, check.Equals, *tt.outConfig.NetworkBufferSize)
+	}
+}

lib/bpf/disk.go

@@ -86,6 +86,11 @@ func startOpen(closeContext context.Context, pageCount int) (*open, error) {
 		closeContext: closeContext,
 	}
 
+	// If the page count is zero, don't start any BPF module.
+	if pageCount == 0 {
+		return e, nil
+	}
+
 	// Compile the BPF program.
 	e.module = bcc.NewModule(openSource, []string{})
 	if e.module == nil {

lib/bpf/network.go

@@ -118,6 +118,11 @@ func startConn(closeContext context.Context, pageCount int) (*conn, error) {
 		closeContext: closeContext,
 	}
 
+	// If the page count is zero, don't start any BPF module.
+	if pageCount == 0 {
+		return e, nil
+	}
+
 	e.module = bcc.NewModule(connSource, []string{})
 	if e.module == nil {
 		return nil, trace.BadParameter("failed to load libbcc")