You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+78-1
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,9 @@ _“Yossarian also thought Milo was a jerk; but he also know that Milo was a gen
6
6
7
7
## What is this?
8
8
Minderbinder is a tool that uses eBPF to inject failures into running processes.
9
-
Presently it can inject failures into **system calls** by attaching kprobes to the system call handler and failures into **outgoing network traffic** by attaching a traffic filter to the [TC subsystem](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/linux-traffic-control_configuring-and-managing-networking).
9
+
Presently it can inject failures into **system calls** by attaching kprobes to the system call handler and failures into **outgoing network traffic** by attaching a traffic filter to Linux's traffic control subsystem.
10
+
11
+
You can read a bit more about the motiviation and implementation details [in this blog entry](https://blog.scottgerring.com/introducing-minderbinder/).
10
12
11
13
## What's it for?
12
14
Minderbinder aims to make it easy to generically inject failures into processes. At the moment you can write a config.yaml that describes the failures to inject and the processes to inject them into, start minderbinder, and see what happens.
Note: The graphs that pop up show general system call behaviour across the monitored values, and don't directly reflect the
49
51
actions minderbinder is performing on the targeted processes.
50
52
53
+
## How's it work?
54
+
55
+
Here's a helpful diagram! At a high level, the flow is:
56
+
57
+
* The user-space app reads the configuration file, attaches necessary probes, and writes the configuration into `syscall_target_config` and `outgoing_network_config` eBPF maps
58
+
* The `execve` kprobes catch new processes launching. Upon finding processes that match targets in the `_config` maps, they add the PID data to the target configuration and update the corresponding `_target` map. For example, a matched element in `syscall_target_config` leads to a PID+target configuration being added to `syscall_targets`
59
+
* The eBPF responsible for each module then fires for its particular hooks, and upon finding a relevant entry in its `_targets` map, and "breaks" the operation being considered accordingly
I["kprobe(execve)"]:::probeClass --> J["Record parent details"] --> C
93
+
K["kretprobe(execve)"]:::probeClass --> L
94
+
K --> M
95
+
A -.-> L
96
+
D -.-> M
97
+
C -.-> L
98
+
C -.-> M
99
+
L --> B
100
+
M --> E
101
+
end
102
+
103
+
subgraph "syscall Module"
104
+
N["kprobe(targeted_syscall)"]:::probeClass
105
+
N --> O["Targeted process?"]
106
+
B -.-> O
107
+
O --> P["Delay past?"]
108
+
P --> Q["Random chance met?"]
109
+
Q --> R["bpf_override_return(err)"]
110
+
end
111
+
112
+
subgraph "TC Module"
113
+
X["cgroup(sock_create)"]:::probeClass
114
+
X --> Y["Targeted process?"]
115
+
E -.->Y
116
+
Y --> Z["Set socket mark"]
117
+
118
+
S["tc(filter)"]:::probeClass
119
+
S --> T["Socket mark set?"]
120
+
E -.-> T
121
+
T --> U["Delay past?"]
122
+
U --> V["Random chance met?"]
123
+
V --> W["return TC_ACT_STOLEN"]
124
+
end
125
+
```
126
+
127
+
51
128
## Big Picture
52
129
53
130
The long-term goal is to provide a back-end for existing unit test frameworks, so that we can write component tests that can trivially break the code under test in interesting, chaos-related fashions. This might look something like this:
0 commit comments