TapeTrack Documentation

Because there is more to tape management than you ever realized

User Tools

Site Tools

Trace: volume_attributes_dynamic onetimepassword upgrading attribute_list_values test_netconnection diagnosing_connection_problems ebpf_configuration security_linux upgrade_server
technote:ebpf_configuration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
technote:ebpf_configuration [2025/10/03 02:44] – created Scott Cunliffetechnote:ebpf_configuration [2025/10/03 02:58] (current) – [eBPF Configuration] Scott Cunliffe
Line 1: Line 1:
-====== eBPF Configuration Tech Note ======+====== eBPF Configuration  ======
  
-This page outlines how to configure and enable **eBPF integration** for TapeTrack Server on Linux systems. eBPF (Extended Berkeley Packet Filter) allows TapeTrack to dynamically manage IP-level blocking at the kernel level during the time-out period.+This page outlines how to configure and enable eBPF integration for TapeTrack Server on Linux systems. eBPF (Extended Berkeley Packet Filter) allows TapeTrack to dynamically manage IP-level blocking at the kernel level during the time-out period.
  
 +{{ebpf_logo.png}}
 ===== Prerequisites ===== ===== Prerequisites =====
 Before enabling eBPF support, ensure the following: Before enabling eBPF support, ensure the following:
  
-  * Linux kernel version **4.4 or later** +  * Linux kernel version 4.4 or later 
-  * **Root or sudo privileges**+  * Root or sudo privileges
   * TapeTrack Server binary supports the `-B` argument   * TapeTrack Server binary supports the `-B` argument
-  * A **preloaded eBPF table** is available and accessible+  * A preloaded eBPF table is available and accessible
  
 ===== Setup ===== ===== Setup =====
Line 22: Line 23:
  
 Example: Example:
-```bash+<code>
 bpftool map create /sys/fs/bpf/tapetrack_block_map type hash key 4 value 4 entries 1024 name tapetrack_block_map bpftool map create /sys/fs/bpf/tapetrack_block_map type hash key 4 value 4 entries 1024 name tapetrack_block_map
 +</code>
  
 +==== Start TapeTrack Server with eBPF Integration ==== 
 +
 +Launch the TapeTrack Server with the -B argument pointing to the eBPF table:
 +
 +<code>
 +./TapeTrackServer -B /sys/fs/bpf/tapetrack_block_map
 +</code>
 +
 +This enables dynamic IP blocking. When a client sends a non-TapeTrack packet, its IP will be added to the eBPF table and blocked at the kernel level for the duration of the time-out period.
 +
 +====  Monitor and Verify ==== 
 +
 +To confirm that IPs are being added and removed correctly:
 +
 +<code>
 +bpftool map dump name tapetrack_block_map
 +</code>
 +
 +You should see entries corresponding to banned IP addresses.
 +
 +===== Notes =====
 +
 +eBPF integration is optional but recommended for public-facing servers
 +
 +Ensure firewall rules do not conflict with eBPF behavior
 +
 +TapeTrack will manage the table dynamically — manual edits may be overwritten
 +
 +===== See Also =====
 +
 +[[technote:security_linux|TapeTrack Server: Anti-Throttle and Anti-Hacking Measures]]
 +
 +
 +
 +{{tag>tapetrack ebpf linux firewall security technote server}}
technote/ebpf_configuration.1759459455.txt.gz · Last modified: 2025/10/03 02:44 by Scott Cunliffe