Documentation ¶
Index ¶
- Constants
- Variables
- func PoliciesMaxExceededError() error
- func PoliciesOutOfRangeError(idx int) error
- func PolicyAlreadyExists(policy *Policy, id int) error
- func PolicyNilError() error
- func PolicyNotFoundByIDError(idx int) error
- func PolicyNotFoundByNameError(name string) error
- type Policies
- func (ps *Policies) Add(p *Policy) error
- func (ps *Policies) Compute()
- func (ps *Policies) ContainerFilterEnabled() uint64
- func (ps *Policies) Count() int
- func (ps *Policies) Delete(id int) error
- func (ps *Policies) FilterableInUserland() uint64
- func (ps *Policies) FilterableInUserlandMap() map[*Policy]int
- func (ps *Policies) LookupById(id int) (*Policy, error)
- func (ps *Policies) LookupByName(name string) (*Policy, error)
- func (ps *Policies) Map() map[*Policy]int
- func (ps *Policies) MatchedNames(matched uint64) []string
- func (ps *Policies) PIDFilterMax() uint64
- func (ps *Policies) PIDFilterMin() uint64
- func (ps *Policies) PIDFilterableInUserland() bool
- func (ps *Policies) Set(p *Policy) error
- func (ps *Policies) UIDFilterMax() uint64
- func (ps *Policies) UIDFilterMin() uint64
- func (ps *Policies) UIDFilterableInUserland() bool
- type Policy
Constants ¶
const ( UIDFilterMap = "uid_filter" PIDFilterMap = "pid_filter" MntNSFilterMap = "mnt_ns_filter" PidNSFilterMap = "pid_ns_filter" UTSFilterMap = "uts_ns_filter" CommFilterMap = "comm_filter" ProcessTreeFilterMap = "process_tree_map" CgroupIdFilterMap = "cgroup_id_filter" ContIdFilter = "cont_id_filter" BinaryFilterMap = "binary_filter" ProcInfoMap = "proc_info_map" AllPoliciesOn = 0xFFFFFFFFFFFFFFFF )
const MaxPolicies = 64
Variables ¶
var AlwaysSubmit = events.EventState{ Submit: AllPoliciesOn, }
Functions ¶
func PoliciesMaxExceededError ¶
func PoliciesMaxExceededError() error
func PoliciesOutOfRangeError ¶
func PolicyAlreadyExists ¶
func PolicyNilError ¶
func PolicyNilError() error
func PolicyNotFoundByIDError ¶ added in v0.17.2
func PolicyNotFoundByNameError ¶ added in v0.17.2
Types ¶
type Policies ¶
type Policies struct {
// contains filtered or unexported fields
}
TODO: add locking mechanism as policies will change at runtime
func NewPolicies ¶
func NewPolicies() *Policies
func (*Policies) Add ¶
Add adds a policy to Policies. Its ID (index) is set to the first room found. Returns nil if policy is already inserted.
func (*Policies) Compute ¶
func (ps *Policies) Compute()
Compute recalculates values, updates flags, fills the reduced userland map, and sets the related bitmap that is used to prevent the iteration of the entire map.
It must be called at initialization and at every runtime policies changes.
func (*Policies) ContainerFilterEnabled ¶
ContainerFilterEnabled returns a bitmap of policies that have at least one container filter type enabled.
TODO: make sure the stores are also atomic (an atomic load is only protecting the read from context switches, not from CPU cache coherency issues).
func (*Policies) FilterableInUserland ¶
FilterableInUserland returns a bitmap of policies that must be filtered in userland (ArgFilter, RetFilter, ContextFilter, UIDFilter and PIDFilter).
TODO: make sure the stores are also atomic (an atomic load is only protecting the read from context switches, not from CPU cache coherency issues).
func (*Policies) FilterableInUserlandMap ¶
FilterableInUserlandMap returns a reduced policies map which must be filtered in userland (ArgFilter, RetFilter, ContextFilter, UIDFilter and PIDFilter).
func (*Policies) LookupById ¶ added in v0.17.2
LookupById returns a policy by ID.
func (*Policies) LookupByName ¶ added in v0.17.2
LookupByName returns a policy by name.
func (*Policies) MatchedNames ¶
MatchedNames returns a list of matched policies names based on the given matched bitmap.
func (*Policies) PIDFilterMax ¶
func (*Policies) PIDFilterMin ¶
func (*Policies) PIDFilterableInUserland ¶
func (*Policies) UIDFilterMax ¶
func (*Policies) UIDFilterMin ¶
func (*Policies) UIDFilterableInUserland ¶
type Policy ¶
type Policy struct { ID int Name string EventsToTrace map[events.ID]string UIDFilter *filters.BPFUIntFilter[uint32] PIDFilter *filters.BPFUIntFilter[uint32] NewPidFilter *filters.BoolFilter MntNSFilter *filters.BPFUIntFilter[uint64] PidNSFilter *filters.BPFUIntFilter[uint64] UTSFilter *filters.BPFStringFilter CommFilter *filters.BPFStringFilter ContFilter *filters.BoolFilter NewContFilter *filters.BoolFilter ContIDFilter *filters.ContainerFilter RetFilter *filters.RetFilter ArgFilter *filters.ArgFilter ContextFilter *filters.ContextFilter ProcessTreeFilter *filters.ProcessTreeFilter BinaryFilter *filters.BPFBinaryFilter Follow bool }
func (*Policy) ContainerFilterEnabled ¶
ContainerFilterEnabled returns true when the policy has at least one container filter type enabled