Documentation
¶
Index ¶
- Constants
- Variables
- func PoliciesMaxExceededError() error
- func PoliciesOutOfRangeError(idx int) error
- func PolicyAlreadyExists(policy *Policy, id int) error
- func PolicyNilError() error
- func PolicyNotFoundByIDError(idx int) error
- func PolicyNotFoundByNameError(name string) error
- func Snapshots() *snapshots
- type Policies
- func (ps *Policies) Add(p *Policy) error
- func (ps *Policies) Clone() utils.Cloner
- func (ps *Policies) ContainerFilterEnabled() uint64
- func (ps *Policies) Count() int
- func (ps *Policies) Delete(id int) error
- func (ps *Policies) FilterableInUserland() uint64
- func (ps *Policies) FilterableInUserlandMap() map[*Policy]int
- func (ps *Policies) LookupById(id int) (*Policy, error)
- func (ps *Policies) LookupByName(name string) (*Policy, error)
- func (ps *Policies) Map() map[*Policy]int
- func (ps *Policies) MatchedNames(matched uint64) []string
- func (ps *Policies) PIDFilterMax() uint64
- func (ps *Policies) PIDFilterMin() uint64
- func (ps *Policies) Set(p *Policy) error
- func (ps *Policies) SetVersion(version uint16)
- func (ps *Policies) UIDFilterMax() uint64
- func (ps *Policies) UIDFilterMin() uint64
- func (ps *Policies) UpdateBPF(bpfModule *bpf.Module, cts *containers.Containers, ...) (*PoliciesConfig, error)
- func (ps *Policies) Version() uint16
- type PoliciesConfig
- type Policy
Constants ¶
const ( // outer maps UIDFilterMapVersion = "uid_filter_version" PIDFilterMapVersion = "pid_filter_version" MntNSFilterMapVersion = "mnt_ns_filter_version" PidNSFilterMapVersion = "pid_ns_filter_version" UTSFilterMapVersion = "uts_ns_filter_version" CommFilterMapVersion = "comm_filter_version" CgroupIdFilterVersion = "cgroup_id_filter_version" ProcessTreeFilterMapVersion = "process_tree_map_version" BinaryFilterMapVersion = "binary_filter_version" PoliciesConfigVersion = "policies_config_version" // inner maps UIDFilterMap = "uid_filter" PIDFilterMap = "pid_filter" MntNSFilterMap = "mnt_ns_filter" PidNSFilterMap = "pid_ns_filter" UTSFilterMap = "uts_ns_filter" CommFilterMap = "comm_filter" CgroupIdFilterMap = "cgroup_id_filter" ProcessTreeFilterMap = "process_tree_map" BinaryFilterMap = "binary_filter" PoliciesConfigMap = "policies_config_map" ProcInfoMap = "proc_info_map" )
const ( MaxPolicies int = 64 AllPoliciesOn = ^uint64(0) )
Variables ¶
var AlwaysSubmit = events.EventState{ Submit: AllPoliciesOn, }
Functions ¶
func PoliciesMaxExceededError ¶
func PoliciesMaxExceededError() error
func PoliciesOutOfRangeError ¶
func PolicyAlreadyExists ¶
func PolicyNilError ¶
func PolicyNilError() error
func PolicyNotFoundByIDError ¶
Types ¶
type Policies ¶
type Policies struct {
// contains filtered or unexported fields
}
TODO: refactor filterEnabledPoliciesMap and filterUserlandPoliciesMap maps to use int (Policy id) as key instead of *Policy. TODO: create a new map with policy name as key to speed up LookupByName()
func NewPolicies ¶
func NewPolicies() *Policies
func (*Policies) Add ¶
Add adds a policy to Policies. Its ID (index) is set to the first room found. Returns nil if policy is already inserted.
func (*Policies) ContainerFilterEnabled ¶
ContainerFilterEnabled returns a bitmap of policies that have at least one container filter type enabled.
func (*Policies) FilterableInUserland ¶
FilterableInUserland returns a bitmap of policies that must be filtered in userland (ArgFilter, RetFilter, ContextFilter, UIDFilter and PIDFilter).
func (*Policies) FilterableInUserlandMap ¶
FilterableInUserlandMap returns a reduced policies map which must be filtered in userland (ArgFilter, RetFilter, ContextFilter, UIDFilter and PIDFilter).
It does not return a copy of the map, so it must be used only for iteration and after its snapshot has been stored, otherwise it may be in the initial state and not contain all policies computed.
func (*Policies) LookupById ¶
LookupById returns a policy by ID.
func (*Policies) LookupByName ¶
LookupByName returns a policy by name.
func (*Policies) Map ¶
Map returns map with all policies.
It does not return a copy of the map, so it must be used only for iteration and after its snapshot has been stored, otherwise it may be in the initial state and not contain all policies computed.
func (*Policies) MatchedNames ¶
MatchedNames returns a list of matched policies names based on the given matched bitmap.
func (*Policies) PIDFilterMax ¶
func (*Policies) PIDFilterMin ¶
func (*Policies) SetVersion ¶
func (*Policies) UIDFilterMax ¶
func (*Policies) UIDFilterMin ¶
func (*Policies) UpdateBPF ¶
func (ps *Policies) UpdateBPF( bpfModule *bpf.Module, cts *containers.Containers, eventsState map[events.ID]events.EventState, eventsParams map[events.ID][]bufferdecoder.ArgType, createNewMaps bool, updateProcTree bool, ) (*PoliciesConfig, error)
UpdateBPF updates the BPF maps with the policies filters. createNewMaps indicates whether new maps should be created or not. updateProcTree indicates whether the process tree map should be updated or not.
type PoliciesConfig ¶
type PoliciesConfig struct {
UIDFilterEnabledScopes uint64
PIDFilterEnabledScopes uint64
MntNsFilterEnabledScopes uint64
PidNsFilterEnabledScopes uint64
UtsNsFilterEnabledScopes uint64
CommFilterEnabledScopes uint64
CgroupIdFilterEnabledScopes uint64
ContFilterEnabledScopes uint64
NewContFilterEnabledScopes uint64
NewPidFilterEnabledScopes uint64
ProcTreeFilterEnabledScopes uint64
BinPathFilterEnabledScopes uint64
FollowFilterEnabledScopes uint64
UIDFilterOutScopes uint64
PIDFilterOutScopes uint64
MntNsFilterOutScopes uint64
PidNsFilterOutScopes uint64
UtsNsFilterOutScopes uint64
CommFilterOutScopes uint64
CgroupIdFilterOutScopes uint64
ContFilterOutScopes uint64
NewContFilterOutScopes uint64
NewPidFilterOutScopes uint64
ProcTreeFilterOutScopes uint64
BinPathFilterOutScopes uint64
EnabledScopes uint64
UidMax uint64
UidMin uint64
PidMax uint64
PidMin uint64
}
PoliciesConfig mirrors the C struct policies_config (policies_config_t). Order of fields is important, as it is used as a value for the PoliciesConfigMap BPF map.
type Policy ¶
type Policy struct {
ID int
Name string
EventsToTrace map[events.ID]string
UIDFilter *filters.UIntFilter[uint32]
PIDFilter *filters.UIntFilter[uint32]
NewPidFilter *filters.BoolFilter
MntNSFilter *filters.UIntFilter[uint64]
PidNSFilter *filters.UIntFilter[uint64]
UTSFilter *filters.StringFilter
CommFilter *filters.StringFilter
ContFilter *filters.BoolFilter
NewContFilter *filters.BoolFilter
ContIDFilter *filters.StringFilter
RetFilter *filters.RetFilter
ArgFilter *filters.ArgFilter
ContextFilter *filters.ContextFilter
ProcessTreeFilter *filters.ProcessTreeFilter
BinaryFilter *filters.BinaryFilter
Follow bool
}
func (*Policy) ContainerFilterEnabled ¶
ContainerFilterEnabled returns true when the policy has at least one container filter type enabled
Source Files
Directories