Why another Agent?

Qpoint operates directly on your hosts through our Qtap agent. This host-based approach is fundamental to providing the deep visibility and process-level traffic attribution that makes Qpoint powerful.

The Power of Being Local

Operating directly on the host gives us several key advantages:

Process Attribution: We can see exactly which processes are making external calls
Pre-Encryption Visibility: Access to traffic before TLS encryption occurs
Container and Pod Context: Direct access to container runtime information
Efficient Operation: Minimal overhead by operating at the source
No Network Changes: No need to redirect traffic or modify network architecture

Technical Foundation

eBPF Technology

At the heart of Qtap is eBPF (Extended Berkeley Packet Filter), a powerful Linux kernel technology that allows us to:

Execute programs safely within kernel space
Attach to specific kernel functions and events
Access network events and socket operations
Collect detailed process and connection information

Kernel Integration Points

Qtap taps into several key areas of the Linux kernel:

Network Stack
- Socket operations
- TCP/IP protocol events
Process Context
- Process creation and execution
- Container runtime details
TLS/SSL Libraries
- OpenSSL function calls
- GoTLS operations
- NodeTLS interactions

Linux-Centric Design

Qtap is specifically designed for Linux environments because:

eBPF is a Linux kernel technology
Most cloud-native workloads run on Linux
Linux provides rich kernel instrumentation capabilities
Strong container and orchestration support

Operating Modes

Qtap can operate in two primary modes:

Native TLS Introspection
- Direct integration with SSL/TLS libraries
- Works with OpenSSL, GoTLS, and NodeTLS
- No configuration changes needed
Egress Controller
- Support for Java and other runtimes
- Simple environment variable configuration
- Local certificate injection

PreviousUse Cases NexteBPF Concepts

Last updated 4 days ago