policy

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 3, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// outer maps
	UIDFilterMapVersion         = "uid_filter_version"
	PIDFilterMapVersion         = "pid_filter_version"
	MntNSFilterMapVersion       = "mnt_ns_filter_version"
	PidNSFilterMapVersion       = "pid_ns_filter_version"
	UTSFilterMapVersion         = "uts_ns_filter_version"
	CommFilterMapVersion        = "comm_filter_version"
	CgroupIdFilterVersion       = "cgroup_id_filter_version"
	ProcessTreeFilterMapVersion = "process_tree_map_version"
	BinaryFilterMapVersion      = "binary_filter_version"
	PoliciesConfigVersion       = "policies_config_version"

	// inner maps
	UIDFilterMap         = "uid_filter"
	PIDFilterMap         = "pid_filter"
	MntNSFilterMap       = "mnt_ns_filter"
	PidNSFilterMap       = "pid_ns_filter"
	UTSFilterMap         = "uts_ns_filter"
	CommFilterMap        = "comm_filter"
	CgroupIdFilterMap    = "cgroup_id_filter"
	ProcessTreeFilterMap = "process_tree_map"
	BinaryFilterMap      = "binary_filter"
	PoliciesConfigMap    = "policies_config_map"

	ProcInfoMap = "proc_info_map"
)
View Source 
const (
	PolicyMax  = int(64)
	PolicyAll  = ^uint64(0)
	PolicyNone = uint64(0)
)

Variables

View Source 
var AlwaysSubmit = events.EventState{
	Submit: PolicyAll,
}

Functions

func PoliciesMaxExceededError 

func PoliciesMaxExceededError() error

func PoliciesOutOfRangeError 

func PoliciesOutOfRangeError(idx int) error

func PolicyAlreadyExistsError added in v0.20.0 

func PolicyAlreadyExistsError(name string, idx int) error

func PolicyNilError 

func PolicyNilError() error

func PolicyNotFoundByIDError added in v0.20.0 

func PolicyNotFoundByIDError(idx int) error

func PolicyNotFoundByNameError added in v0.20.0 

func PolicyNotFoundByNameError(name string) error

func Snapshots added in v0.20.0 

func Snapshots() *snapshots

Types

type Policies 

type Policies struct {
	// contains filtered or unexported fields
}

func NewPolicies 

func NewPolicies() *Policies

func (*Policies) Add 

func (ps *Policies) Add(p *Policy) error

Add adds a policy. The policy ID (index) is automatically assigned to the first empty slot.

func (*Policies) Clone added in v0.20.0 

func (ps *Policies) Clone() *Policies

Clone returns a deep copy of Policies.

func (*Policies) ContainerFilterEnabled 

func (ps *Policies) ContainerFilterEnabled() bool

ContainerFilterEnabled returns true if at least one policy has a container filter type enabled.

func (*Policies) Count 

func (ps *Policies) Count() int

func (*Policies) CreateAllIterator added in v0.20.0 

func (ps *Policies) CreateAllIterator() utils.Iterator[*Policy]

CreateAllIterator returns a new iterator for all policies.

func (*Policies) CreateUserlandIterator added in v0.20.0 

func (ps *Policies) CreateUserlandIterator() utils.Iterator[*Policy]

CreateUserlandIterator returns a new iterator for a reduced list of policies which must be filtered in userland (ArgFilter, RetFilter, ScopeFilter, UIDFilter and PIDFilter).

func (*Policies) FilterableInUserland 

func (ps *Policies) FilterableInUserland() uint64

FilterableInUserland returns a bitmap of policies that must be filtered in userland (ArgFilter, RetFilter, ScopeFilter, UIDFilter and PIDFilter).

func (*Policies) LookupById added in v0.20.0 

func (ps *Policies) LookupById(id int) (*Policy, error)

LookupById returns a policy by ID.

func (*Policies) LookupByName added in v0.20.0 

func (ps *Policies) LookupByName(name string) (*Policy, error)

LookupByName returns a policy by name.

func (*Policies) MatchedNames 

func (ps *Policies) MatchedNames(matched uint64) []string

MatchedNames returns a list of matched policies names based on the given matched bitmap.

func (*Policies) Remove added in v0.20.0 

func (ps *Policies) Remove(name string) error

Remove removes a policy by name.

func (*Policies) Set 

func (ps *Policies) Set(p *Policy) error

Set sets a policy. A policy overwrite is allowed only if the policy that is going to be overwritten has the same ID and name.

func (*Policies) UpdateBPF added in v0.20.0 

func (ps *Policies) UpdateBPF(
	bpfModule *bpf.Module,
	cts *containers.Containers,
	eventsState map[events.ID]events.EventState,
	eventsParams map[events.ID][]bufferdecoder.ArgType,
	createNewMaps bool,
	updateProcTree bool,
) (*PoliciesConfig, error)

UpdateBPF updates the BPF maps with the policies filters. createNewMaps indicates whether new maps should be created or not. updateProcTree indicates whether the process tree map should be updated or not.

func (*Policies) Version deprecated added in v0.20.0 

func (ps *Policies) Version() uint16

Deprecated: Version returns the version of the Policies. Will be removed soon.

func (*Policies) WithContainerFilterEnabled added in v0.20.0 

func (ps *Policies) WithContainerFilterEnabled() uint64

WithContainerFilterEnabled returns a bitmap of policies that have at least one container filter type enabled.

type PoliciesConfig added in v0.20.0 

type PoliciesConfig struct {
	UIDFilterEnabledScopes      uint64
	PIDFilterEnabledScopes      uint64
	MntNsFilterEnabledScopes    uint64
	PidNsFilterEnabledScopes    uint64
	UtsNsFilterEnabledScopes    uint64
	CommFilterEnabledScopes     uint64
	CgroupIdFilterEnabledScopes uint64
	ContFilterEnabledScopes     uint64
	NewContFilterEnabledScopes  uint64
	NewPidFilterEnabledScopes   uint64
	ProcTreeFilterEnabledScopes uint64
	BinPathFilterEnabledScopes  uint64
	FollowFilterEnabledScopes   uint64

	UIDFilterOutScopes      uint64
	PIDFilterOutScopes      uint64
	MntNsFilterOutScopes    uint64
	PidNsFilterOutScopes    uint64
	UtsNsFilterOutScopes    uint64
	CommFilterOutScopes     uint64
	CgroupIdFilterOutScopes uint64
	ContFilterOutScopes     uint64
	NewContFilterOutScopes  uint64
	NewPidFilterOutScopes   uint64
	ProcTreeFilterOutScopes uint64
	BinPathFilterOutScopes  uint64

	EnabledScopes uint64

	UidMax uint64
	UidMin uint64
	PidMax uint64
	PidMin uint64
}

PoliciesConfig mirrors the C struct policies_config (policies_config_t). Order of fields is important, as it is used as a value for the PoliciesConfigMap BPF map.

func (*PoliciesConfig) UpdateBPF added in v0.20.0 

func (pc *PoliciesConfig) UpdateBPF(bpfConfigMap *bpf.BPFMapLow) error

type PoliciesIterator added in v0.20.0 

type PoliciesIterator struct {
	// contains filtered or unexported fields
}

PoliciesIterator is an iterator for Policies.

func (*PoliciesIterator) HasNext added in v0.20.0 

func (i *PoliciesIterator) HasNext() bool

HasNext returns true if there are more policies to iterate.

func (*PoliciesIterator) Next added in v0.20.0 

func (i *PoliciesIterator) Next() *Policy

Next returns the next policy in the iteration.

type Policy 

type Policy struct {
	ID                int
	Name              string
	EventsToTrace     map[events.ID]string
	UIDFilter         *filters.UIntFilter[uint32]
	PIDFilter         *filters.UIntFilter[uint32]
	NewPidFilter      *filters.BoolFilter
	MntNSFilter       *filters.UIntFilter[uint64]
	PidNSFilter       *filters.UIntFilter[uint64]
	UTSFilter         *filters.StringFilter
	CommFilter        *filters.StringFilter
	ContFilter        *filters.BoolFilter
	NewContFilter     *filters.BoolFilter
	ContIDFilter      *filters.StringFilter
	RetFilter         *filters.RetFilter
	DataFilter        *filters.DataFilter
	ScopeFilter       *filters.ScopeFilter
	ProcessTreeFilter *filters.ProcessTreeFilter
	BinaryFilter      *filters.BinaryFilter
	Follow            bool
}

func NewPolicy 

func NewPolicy() *Policy

func (*Policy) Clone added in v0.20.0 

func (p *Policy) Clone() *Policy

func (*Policy) ContainerFilterEnabled 

func (p *Policy) ContainerFilterEnabled() bool

ContainerFilterEnabled returns true if the policy has at least one container filter type enabled.

type PolicyManager added in v0.20.0 

type PolicyManager struct {
	// contains filtered or unexported fields
}

PolicyManager is a thread-safe struct that manages the enabled policies for each rule

func NewPolicyManager added in v0.20.0 

func NewPolicyManager(ps *Policies) *PolicyManager

func (*PolicyManager) CreateAllIterator added in v0.20.0 

func (pm *PolicyManager) CreateAllIterator() utils.Iterator[*Policy]

func (*PolicyManager) CreateUserlandIterator added in v0.20.0 

func (pm *PolicyManager) CreateUserlandIterator() utils.Iterator[*Policy]

func (*PolicyManager) DisableEvent added in v0.20.0 

func (pm *PolicyManager) DisableEvent(eventId events.ID)

DisableEvent disables a given event

func (*PolicyManager) DisableRule added in v0.20.0 

func (pm *PolicyManager) DisableRule(policyId int, ruleId events.ID)

DisableRule disables a rule for a given event policy

func (*PolicyManager) EnableEvent added in v0.20.0 

func (pm *PolicyManager) EnableEvent(eventId events.ID)

EnableEvent enables a given event

func (*PolicyManager) EnableRule added in v0.20.0 

func (pm *PolicyManager) EnableRule(policyId int, ruleId events.ID)

EnableRule enables a rule for a given event policy

func (*PolicyManager) FilterableInUserland added in v0.20.0 

func (pm *PolicyManager) FilterableInUserland(bitmap uint64) bool

func (*PolicyManager) IsEnabled added in v0.20.0 

func (pm *PolicyManager) IsEnabled(matchedPolicies uint64, ruleId events.ID) bool

IsEnabled tests if a event, or a policy per event is enabled (in the future it will also check if a policy is enabled) TODO: add metrics about an event being enabled/disabled, or a policy being enabled/disabled?

func (*PolicyManager) IsEventEnabled added in v0.20.0 

func (pm *PolicyManager) IsEventEnabled(evenId events.ID) bool

IsEventEnabled returns true if a given event policy is enabled for a given rule

func (*PolicyManager) IsRuleEnabled added in v0.20.0 

func (pm *PolicyManager) IsRuleEnabled(matchedPolicies uint64, ruleId events.ID) bool

IsRuleEnabled returns true if a given event policy is enabled for a given rule

func (*PolicyManager) LookupByName added in v0.20.0 

func (pm *PolicyManager) LookupByName(name string) (*Policy, error)

func (*PolicyManager) MatchedNames added in v0.20.0 

func (pm *PolicyManager) MatchedNames(matched uint64) []string

func (*PolicyManager) UpdateBPF added in v0.20.0 

func (pm *PolicyManager) UpdateBPF(
	bpfModule *bpf.Module,
	cts *containers.Containers,
	eventsState map[events.ID]events.EventState,
	eventsParams map[events.ID][]bufferdecoder.ArgType,
	createNewMaps bool,
	updateProcTree bool,
) (*PoliciesConfig, error)

func (*PolicyManager) WithContainerFilterEnabled added in v0.20.0 

func (pm *PolicyManager) WithContainerFilterEnabled() uint64

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.