Documentation
  • Introduction
    • How It Works
    • Architecture & Data Flow
    • Why another Agent?
    • eBPF Concepts
    • Use Cases
  • Deployment
  • Qtap
    • Getting Started
    • System Requirements
    • Installation
      • Linux Binary
      • Docker Container
      • Helm Chart
      • Kubernetes Manifest
    • Configuration
      • Storage Configuration
      • Traffic Processing with Plugins
      • Traffic Capture Settings
      • Configuration Examples
  • Qplane
    • Getting Started
      • Create an Account
      • Install Qtap
      • Review your Dashboards
    • Installation
      • Linux Binary
      • Docker Container
      • Helm Chart
    • Configuration
  • Security & Compliance
  • License
  • Appendix
    • Qcontrol (Beta)
    • Java
    • Object Storage
      • Google Cloud Storage
    • S3 Credentials for Qtap using Kubernetes Secrets
  • FAQ
Powered by GitBook
On this page
  • The Power of Being Local
  • Technical Foundation
  • eBPF Technology
  • Kernel Integration Points
  • Linux-Centric Design
  • Operating Modes
  1. Introduction

Why another Agent?

Qpoint operates directly on your linux application servers through our Qtap agent. This host-based approach is fundamental to providing the deep visibility and process-level traffic attribution that makes Qpoint powerful.

The Power of Being Local

Operating directly on the host gives us several key advantages:

  • Process Attribution: We can see exactly which processes are making external calls

  • Pre-Encryption Visibility: Access to traffic before TLS encryption occurs

  • Container and Pod Context: Direct access to container runtime information

  • Efficient Operation: Minimal overhead by operating at the source

  • No Network Changes: No need to redirect traffic or modify network architecture

Technical Foundation

eBPF Technology

At the heart of Qtap is eBPF (Extended Berkeley Packet Filter), a powerful Linux kernel technology that allows us to:

  • Execute programs safely within kernel space

  • Attach to specific kernel functions and events

  • Access network events and socket operations

  • Collect detailed process and connection information

Kernel Integration Points

Qtap taps into several key areas of the Linux kernel:

  1. Network Stack

    • Socket operations

    • TCP/IP protocol events

  2. Process Context

    • Process creation and execution

    • Container runtime details

  3. TLS/SSL Libraries

    • OpenSSL function calls

    • GoTLS operations

    • NodeTLS interactions

    • Java 17 - 21

Linux-Centric Design

Qtap is specifically designed for Linux environments because:

  • eBPF is a Linux kernel technology

  • Most cloud-native workloads run on Linux

  • Linux provides rich kernel instrumentation capabilities

  • Strong container and orchestration support

Operating Modes

Qtap can operate in two primary modes:

  1. Native TLS Introspection

    • Direct integration with SSL/TLS libraries

    • Works with OpenSSL, GoTLS, and NodeTLS

    • No configuration changes needed

  2. Egress Controller

    • Support for other runtimes

    • Simple environment variable configuration

    • Local certificate injection

PreviousArchitecture & Data FlowNexteBPF Concepts

Last updated 23 days ago