Skip to content

feat(ssh-monitor): eBPF Rust probe with Go userspace loader for SSH t… #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
maheshbhatiya73 merged 1 commit into from
Jul 8, 2025
Merged

feat(ssh-monitor): eBPF Rust probe with Go userspace loader for SSH t… #7

maheshbhatiya73 merged 1 commit into from
Jul 8, 2025

Conversation

@maheshbhatiya73
Copy link
Member

@maheshbhatiya73 maheshbhatiya73 commented Jul 8, 2025

…racking

  • Added an eBPF program in Rust using aya to track SSH (port 22) connection attempts.

    • Attached as a kprobe to tcp_v4_connect.
    • Extracts PID and destination IPv4 from sockaddr.
    • Stores attempt counts in a BPF HashMap keyed by (PID, IP).

  • Implemented a Go userspace loader using cilium/ebpf:

    • Loads and attaches the compiled ssh_monitor.o.
    • Periodically reads from the ssh_attempts map and prints the PID/IP/Count.
    • Gracefully handles SIGINT/SIGTERM for clean shutdown.

Tested locally with loopback SSH connections. Working end-to-end integration between kernel-level probe and userland reporting.

@maheshbhatiya73
feat(ssh-monitor): eBPF Rust probe with Go userspace loader for SSH t…
1d455de 
…racking

- Added an eBPF program in Rust using aya to track SSH (port 22) connection attempts.
  - Attached as a kprobe to tcp_v4_connect.
  - Extracts PID and destination IPv4 from sockaddr.
  - Stores attempt counts in a BPF HashMap keyed by (PID, IP).

- Implemented a Go userspace loader using cilium/ebpf:
  - Loads and attaches the compiled ssh_monitor.o.
  - Periodically reads from the ssh_attempts map and prints the PID/IP/Count.
  - Gracefully handles SIGINT/SIGTERM for clean shutdown.

Tested locally with loopback SSH connections. Working end-to-end integration between kernel-level probe and userland reporting.
@maheshbhatiya73 maheshbhatiya73 merged commit 13d70df into main Jul 8, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maheshbhatiya73