Start endpoint in linux

The Linux Kernel

This document is a guide to use the PCI Endpoint Framework in order to create endpoint controller driver, endpoint function driver, and using configfs interface to bind the function driver to the controller driver.

9.1. Introduction¶

Linux has a comprehensive PCI subsystem to support PCI controllers that operates in Root Complex mode. The subsystem has capability to scan PCI bus, assign memory resources and IRQ resources, load PCI driver (based on vendor ID, device ID), support other services like hot-plug, power management, advanced error reporting and virtual channels.

However the PCI controller IP integrated in some SoCs is capable of operating either in Root Complex mode or Endpoint mode. PCI Endpoint Framework will add endpoint mode support in Linux. This will help to run Linux in an EP system which can have a wide variety of use cases from testing or validation, co-processor accelerator, etc.

9.2. PCI Endpoint Core¶

The PCI Endpoint Core layer comprises 3 components: the Endpoint Controller library, the Endpoint Function library, and the configfs layer to bind the endpoint function with the endpoint controller.

9.2.1. PCI Endpoint Controller(EPC) Library¶

The EPC library provides APIs to be used by the controller that can operate in endpoint mode. It also provides APIs to be used by function driver/library in order to implement a particular endpoint function.

9.2.1.1. APIs for the PCI controller Driver¶

This section lists the APIs that the PCI Endpoint core provides to be used by the PCI controller driver.

• write_header: ops to populate configuration space header
• set_bar: ops to configure the BAR
• clear_bar: ops to reset the BAR
• alloc_addr_space: ops to allocate in PCI controller address space
• free_addr_space: ops to free the allocated address space
• raise_irq: ops to raise a legacy, MSI or MSI-X interrupt
• start: ops to start the PCI link
• stop: ops to stop the PCI link

The PCI controller driver can then create a new EPC device by invoking devm_pci_epc_create()/pci_epc_create().

The PCI controller driver can destroy the EPC device created by either devm_pci_epc_create() or pci_epc_create() using devm_pci_epc_destroy() or pci_epc_destroy().

In order to notify all the function devices that the EPC device to which they are linked has established a link with the host, the PCI controller driver should invoke pci_epc_linkup().

9.2.1.2. EPC APIs for the PCI Endpoint Function Driver¶

This section lists the APIs that the PCI Endpoint core provides to be used by the PCI endpoint function driver.

The PCI endpoint function driver should use pci_epc_write_header() to write the standard configuration header to the endpoint controller.

The PCI endpoint function driver should use pci_epc_set_bar() to configure the Base Address Register in order for the host to assign PCI addr space. Register space of the function driver is usually configured using this API.

The PCI endpoint function driver should use pci_epc_raise_irq() to raise Legacy Interrupt, MSI or MSI-X Interrupt.

The PCI endpoint function driver should use pci_epc_mem_alloc_addr(), to allocate memory address from EPC addr space which is required to access RC’s buffer

The PCI endpoint function driver should use pci_epc_mem_free_addr() to free the memory space allocated using pci_epc_mem_alloc_addr().

9.2.1.3. Other EPC APIs¶

There are other APIs provided by the EPC library. These are used for binding the EPF device with EPC device. pci-ep-cfs.c can be used as reference for using these APIs.

Add a PCI endpoint function to a PCI endpoint controller. A PCIe device can have up to 8 functions according to the specification.

The PCI endpoint function driver should invoke pci_epc_start() once it has configured the endpoint function and wants to start the PCI link.

9.2.2. PCI Endpoint Function(EPF) Library¶

The EPF library provides APIs to be used by the function driver and the EPC library to provide endpoint mode functionality.

9.2.2.1. EPF APIs for the PCI Endpoint Function Driver¶

This section lists the APIs that the PCI Endpoint core provides to be used by the PCI endpoint function driver.

• bind: ops to perform when a EPC device has been bound to EPF device
• unbind: ops to perform when a binding has been lost between a EPC device and EPF device
• linkup: ops to perform when the EPC device has established a connection with a host system

The PCI Function driver can then register the PCI EPF driver by using pci_epf_register_driver().

9.2.2.2. APIs for the PCI Endpoint Controller Library¶

This section lists the APIs that the PCI Endpoint core provides to be used by the PCI endpoint controller library.

The PCI endpoint controller library invokes pci_epf_linkup() when the EPC device has established the connection to the host.

9.2.2.3. Other EPF APIs¶

There are other APIs provided by the EPF library. These are used to notify the function driver when the EPF device is bound to the EPC device. pci-ep-cfs.c can be used as reference for using these APIs.

Create a new PCI EPF device by passing the name of the PCI EPF device. This name will be used to bind the EPF device to a EPF driver.

Источник

Add Linux endpoints in Nebula

Nebula offers the Endpoint Agent for Linux machines. The Downloads page in the Nebula console has instructions on setting up your repository source to point to the Malwarebytes Linux repository. Then, download and install the Endpoint Agent using standard Linux commands, apt-get/apt install or yum install.

For minimum requirements to install on Linux machines, see Minimum requirements for Nebula.

Select a topic to learn more:

Linux Endpoint Installer Notes

• Endpoints are assigned to the Default Group and use the Default Policy unless you specify a different group. To automatically assign endpoints to a group during installation:
  1. On the left navigation menu, click Download Center.
  2. Under Advanced tools, click the Specify group assignment link.
• The Deployment tab has two options available for your Linux endpoints:
  • Install: Use these commands to download and install the endpoint agent on the endpoint.
  • Upgrades: For applicable Linux distros. Use these commands to upgrade the endpoint agent on the endpoint.

  Install the endpoint agent on a Linux device

  To manually add an endpoint to Nebula, select your Linux distro and copy the commands displayed in Nebula.

  Endpoints are assigned to the Default Group and use the Default Policy unless you specify a different group as a parameter.

  1. On the left navigation menu, click Download Center.
  2. Select Linux from the platform drop-down menu.
  3. Choose the distribution you are using in the installer version drop-down menu.
  4. After selecting your distro, copy the text in the Install field and paste the text into your Linux command line. Your Account Token is automatically populated in the field for convenience.
  5. Run the script in your Linux environment.

  When the installation process completes, the Endpoint Agent registers and the Linux endpoint shows up in the Endpoints page of Nebula and the agent begins logging events and errors on the endpoint. For information on gathering logs, see Collect Malwarebytes Endpoint Agent diagnostic logs.

  NOTICE — All Linux endpoints are counted as Servers.

  Endpoint Detection and Response for Linux

  Endpoint Detection and Response (EDR) requires the Dynamic Kernel Management System (DKMS) to be installed and the Linux kernel to be digitally signed if it is required.

  • The kernel headers package is a dependency for the DKMS package, and the kernel headers version must match the kernel version running on the endpoint. To identify the exact kernel version in use, run the $uname -r command.
  • Installing the DKMS package with the standard package management tools may not install the proper version of the kernel headers package. Carefully check the DKMS package dependencies before installing. On older distributions such as CentOS, it may be necessary to manually add older or archived repositories beforehand, or to manually download and install the proper kernel headers .rpm package.
  • On Ubuntu-based distros, an attempt to install DKMS is automatically made during the Endpoint Agent install.

  Manually install DKMS for the following Linux distros:

  Install DKMS with the following commands:

  Red Hat Enterprise Linux 7

  Red Hat Enterprise Linux 8

  Note: DKMS is not in the default repository. An extra repository needs to be enabled with the following command:

  sudo yum -y update epel-release

  Install DKMS with the following command:

  Check if Linux kernel headers are missing and install

  sudo apt list linux-headers-$(uname -r)

  sudo apt install linux-headers-$(uname -r)

  Once the proper kernel header version and DKMS are installed, proceed with enabling EDR for Linux in the policy.

  Run endpoint agent on startup

  To confirm your Linux server starts the endpoint agent when it boots up, run the following command:

  If the output reads disabled, then run the following command to enable the agent:

  Created symlink /etc/systemd/system/multi-user.target.wants/mbdaemon.service → /lib/systemd/system/mbdaemon.service

  Run the following command again and verify the output now reads enabled.

  Proxy Server Settings

  You can use the variables listed below during installation or the mblinux command-line options to configure Malwarebytes for Linux to use a proxy server. If you need to use a password for proxy server authentication, you must use the mblinux command-line options to configure it.

  Variable Name	Description
  NEBULA_PROXY_SERVER	The address to the proxy server
  NEBULA_PROXY_PORT	The port for the proxy server
  NEBULA_PROXY_USER	The username for proxy server authentication
  NEBULA_PROXY_BYPASS_LOCAL	Set if proxy should be bypassed for local addresses

  Источник

  Exposing WebSocket endpoints via 3scale API Management

  

  WebSocket is a communications protocol that provides full-duplex communication channels to web servers and clients over a single TCP connection. The protocol was standardized by the World Wide Web Consortium (W3C) and has been in common use by web developers for more than a decade.

  Red Hat 3scale API Management is a hosted environment for web applications. In this quick tip, you will see how to use 3scale to set up WebSocket communication easily. Figure 1 shows how 3scale mediates between the web client and the WebSocket interface on the server.

  

  This tip takes you through the following steps:

  • Setting up the WebSocket server.
  • Configuring 3scale API Management.
  • Using a WebSocket client to test the WebSocket endpoint.

  Step 1: Set up the WebSocket server

  You can use any of your favorite frameworks to start the WebSocket server. For this article, we use Node.js. (Installing Node.js is out of the scope of this tip.)

  We’ll also use a simple JavaScript program that sets up a WebSocket server, accepts a request, and sends a reply. You can save it as index.js :

  // Minimal amount of secure websocket server var fs = require('fs'); // read ssl certificate var privateKey = fs.readFileSync('ssl-cert/key.pem', 'utf8'); var certificate = fs.readFileSync('ssl-cert/certificate.pem', 'utf8'); var credentials = < key: privateKey, cert: certificate >; var https = require('https'); //pass in your credentials to create an https server var httpsServer = https.createServer(credentials); httpsServer.listen(8443,"0.0.0.0"); var WebSocketServer = require('ws').Server; var wss = new WebSocketServer(< server: httpsServer >); wss.on('connection', function connection(ws) < ws.on('message', function incoming(message) < console.log('received: %s', message); ws.send('reply from server : ' + message) >); ws.send('something'); >);

  You can use Node.js to start the script:

  Step 2: Configure 3scale API Management

  Follow the 3scale documentation to add a back end and create the necessary metrics, products, and application plan to expose an endpoint. Provide the WebSocket server URL as the Private Base URL, as shown in Figure 2.

  

  Add your WebSockets policy to the policy chain, as shown in Figure 3. No configuration is needed inside the policy.

  

  Promote the endpoint to the staging API Gateway for testing. Figure 4 shows how the endpoint and mapping rules appear in the console.

  

  Step 3: Use a WebSocket client to test the WebSocket endpoint

  A convenient client we use for testing in this example is the Chrome browser’s Web Socket Client extension. Enter the staging API Gateway URL and append the WebSocket public path to connect, as shown in Figure 5.

  

  Conclusion

  3scale API Management offers policies to support communication between your front end and back end. See these resources for further information:

  Источник