Documentation
¶
Index ¶
- Constants
- Variables
- func NewPolicies() *policies
- func PoliciesMaxExceededError() error
- func PoliciesOutOfRangeError(idx int) error
- func PolicyAlreadyExistsError(name string, idx int) error
- func PolicyNilError() error
- func PolicyNotFoundByIDError(idx int) error
- func PolicyNotFoundByNameError(name string) error
- func Snapshots() *snapshots
- type PoliciesConfig
- type Policy
- type PolicyManager
- func (pm *PolicyManager) CreateAllIterator() utils.Iterator[*Policy]
- func (pm *PolicyManager) CreateUserlandIterator() utils.Iterator[*Policy]
- func (pm *PolicyManager) DisableEvent(id events.ID)
- func (pm *PolicyManager) DisableRule(policyId int, id events.ID) error
- func (pm *PolicyManager) EnableEvent(id events.ID)
- func (pm *PolicyManager) EnableRule(policyId int, id events.ID) error
- func (pm *PolicyManager) FilterableInUserland(bitmap uint64) bool
- func (pm *PolicyManager) IsEnabled(matchedPolicies uint64, id events.ID) bool
- func (pm *PolicyManager) IsEventEnabled(id events.ID) bool
- func (pm *PolicyManager) IsRuleEnabled(matchedPolicies uint64, id events.ID) bool
- func (pm *PolicyManager) LookupByName(name string) (*Policy, error)
- func (pm *PolicyManager) MatchedNames(matched uint64) []string
- func (pm *PolicyManager) UpdateBPF(bpfModule *bpf.Module, cts *containers.Containers, ...) (*PoliciesConfig, error)
- func (pm *PolicyManager) WithContainerFilterEnabled() uint64
Constants ¶
View Source
const ( // outer maps UIDFilterMapVersion = "uid_filter_version" PIDFilterMapVersion = "pid_filter_version" MntNSFilterMapVersion = "mnt_ns_filter_version" PidNSFilterMapVersion = "pid_ns_filter_version" UTSFilterMapVersion = "uts_ns_filter_version" CommFilterMapVersion = "comm_filter_version" CgroupIdFilterVersion = "cgroup_id_filter_version" ProcessTreeFilterMapVersion = "process_tree_map_version" BinaryFilterMapVersion = "binary_filter_version" PoliciesConfigVersion = "policies_config_version" // inner maps UIDFilterMap = "uid_filter" PIDFilterMap = "pid_filter" MntNSFilterMap = "mnt_ns_filter" PidNSFilterMap = "pid_ns_filter" UTSFilterMap = "uts_ns_filter" CommFilterMap = "comm_filter" CgroupIdFilterMap = "cgroup_id_filter" ProcessTreeFilterMap = "process_tree_map" BinaryFilterMap = "binary_filter" PoliciesConfigMap = "policies_config_map" ProcInfoMap = "proc_info_map" )
View Source
const ( PolicyMax = int(64) PolicyAll = ^uint64(0) PolicyNone = uint64(0) )
Variables ¶
View Source
var AlwaysSubmit = events.EventState{ Submit: PolicyAll, }
Functions ¶
func NewPolicies ¶
func NewPolicies() *policies
func PoliciesMaxExceededError ¶
func PoliciesMaxExceededError() error
func PoliciesOutOfRangeError ¶
func PolicyAlreadyExistsError ¶ added in v0.21.0
func PolicyNilError ¶
func PolicyNilError() error
func PolicyNotFoundByIDError ¶ added in v0.18.0
func PolicyNotFoundByNameError ¶ added in v0.18.0
Types ¶
type PoliciesConfig ¶ added in v0.20.0
type PoliciesConfig struct {
UIDFilterEnabledScopes uint64
PIDFilterEnabledScopes uint64
MntNsFilterEnabledScopes uint64
PidNsFilterEnabledScopes uint64
UtsNsFilterEnabledScopes uint64
CommFilterEnabledScopes uint64
CgroupIdFilterEnabledScopes uint64
ContFilterEnabledScopes uint64
NewContFilterEnabledScopes uint64
NewPidFilterEnabledScopes uint64
ProcTreeFilterEnabledScopes uint64
BinPathFilterEnabledScopes uint64
FollowFilterEnabledScopes uint64
UIDFilterOutScopes uint64
PIDFilterOutScopes uint64
MntNsFilterOutScopes uint64
PidNsFilterOutScopes uint64
UtsNsFilterOutScopes uint64
CommFilterOutScopes uint64
CgroupIdFilterOutScopes uint64
ContFilterOutScopes uint64
NewContFilterOutScopes uint64
NewPidFilterOutScopes uint64
ProcTreeFilterOutScopes uint64
BinPathFilterOutScopes uint64
EnabledScopes uint64
UidMax uint64
UidMin uint64
PidMax uint64
PidMin uint64
}
PoliciesConfig mirrors the C struct policies_config (policies_config_t). Order of fields is important, as it is used as a value for the PoliciesConfigMap BPF map.
type Policy ¶
type Policy struct {
ID int
Name string
EventsToTrace map[events.ID]string
UIDFilter *filters.UIntFilter[uint32]
PIDFilter *filters.UIntFilter[uint32]
NewPidFilter *filters.BoolFilter
MntNSFilter *filters.UIntFilter[uint64]
PidNSFilter *filters.UIntFilter[uint64]
UTSFilter *filters.StringFilter
CommFilter *filters.StringFilter
ContFilter *filters.BoolFilter
NewContFilter *filters.BoolFilter
ContIDFilter *filters.StringFilter
RetFilter *filters.RetFilter
DataFilter *filters.DataFilter
ScopeFilter *filters.ScopeFilter
ProcessTreeFilter *filters.ProcessTreeFilter
BinaryFilter *filters.BinaryFilter
Follow bool
}
func (*Policy) ContainerFilterEnabled ¶
ContainerFilterEnabled returns true if the policy has at least one container filter type enabled.
type PolicyManager ¶ added in v0.22.0
type PolicyManager struct {
// contains filtered or unexported fields
}
PolicyManager is a thread-safe struct that manages the enabled policies for each rule
func NewPolicyManager ¶ added in v0.22.0
func NewPolicyManager(policies ...*Policy) *PolicyManager
func (*PolicyManager) CreateAllIterator ¶ added in v0.22.0
func (pm *PolicyManager) CreateAllIterator() utils.Iterator[*Policy]
func (*PolicyManager) CreateUserlandIterator ¶ added in v0.22.0
func (pm *PolicyManager) CreateUserlandIterator() utils.Iterator[*Policy]
func (*PolicyManager) DisableEvent ¶ added in v0.22.0
func (pm *PolicyManager) DisableEvent(id events.ID)
DisableEvent disables a given event
func (*PolicyManager) DisableRule ¶ added in v0.22.0
func (pm *PolicyManager) DisableRule(policyId int, id events.ID) error
DisableRule disables a rule for a given event policy
func (*PolicyManager) EnableEvent ¶ added in v0.22.0
func (pm *PolicyManager) EnableEvent(id events.ID)
EnableEvent enables a given event
func (*PolicyManager) EnableRule ¶ added in v0.22.0
func (pm *PolicyManager) EnableRule(policyId int, id events.ID) error
EnableRule enables a rule for a given event policy
func (*PolicyManager) FilterableInUserland ¶ added in v0.22.0
func (pm *PolicyManager) FilterableInUserland(bitmap uint64) bool
func (*PolicyManager) IsEnabled ¶ added in v0.22.0
func (pm *PolicyManager) IsEnabled(matchedPolicies uint64, id events.ID) bool
IsEnabled tests if a event, or a policy per event is enabled (in the future it will also check if a policy is enabled) TODO: add metrics about an event being enabled/disabled, or a policy being enabled/disabled?
func (*PolicyManager) IsEventEnabled ¶ added in v0.22.0
func (pm *PolicyManager) IsEventEnabled(id events.ID) bool
IsEventEnabled returns true if a given event policy is enabled for a given rule
func (*PolicyManager) IsRuleEnabled ¶ added in v0.22.0
func (pm *PolicyManager) IsRuleEnabled(matchedPolicies uint64, id events.ID) bool
IsRuleEnabled returns true if a given event policy is enabled for a given rule
func (*PolicyManager) LookupByName ¶ added in v0.22.0
func (pm *PolicyManager) LookupByName(name string) (*Policy, error)
func (*PolicyManager) MatchedNames ¶ added in v0.22.0
func (pm *PolicyManager) MatchedNames(matched uint64) []string
func (*PolicyManager) UpdateBPF ¶ added in v0.22.0
func (pm *PolicyManager) UpdateBPF( bpfModule *bpf.Module, cts *containers.Containers, eventsState map[events.ID]events.EventState, eventsParams map[events.ID][]bufferdecoder.ArgType, createNewMaps bool, updateProcTree bool, ) (*PoliciesConfig, error)
func (*PolicyManager) WithContainerFilterEnabled ¶ added in v0.22.0
func (pm *PolicyManager) WithContainerFilterEnabled() uint64
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.