Documentation
¶
Index ¶
- Constants
- Variables
- func PoliciesMaxExceededError() error
- func PoliciesOutOfRangeError(idx int) error
- func PolicyAlreadyExistsError(name string, idx int) error
- func PolicyNilError() error
- func PolicyNotFoundByIDError(idx int) error
- func PolicyNotFoundByNameError(name string) error
- func Snapshots() *snapshots
- type Policies
- func (ps *Policies) Add(p *Policy) error
- func (ps *Policies) Clone() *Policies
- func (ps *Policies) ContainerFilterEnabled() bool
- func (ps *Policies) Count() int
- func (ps *Policies) CreateAllIterator() utils.Iterator[*Policy]
- func (ps *Policies) CreateUserlandIterator() utils.Iterator[*Policy]
- func (ps *Policies) FilterableInUserland() uint64
- func (ps *Policies) LookupById(id int) (*Policy, error)
- func (ps *Policies) LookupByName(name string) (*Policy, error)
- func (ps *Policies) MatchedNames(matched uint64) []string
- func (ps *Policies) Remove(name string) error
- func (ps *Policies) Set(p *Policy) error
- func (ps *Policies) UpdateBPF(bpfModule *bpf.Module, cts *containers.Containers, ...) (*PoliciesConfig, error)
- func (ps *Policies) Version() uint16deprecated
- func (ps *Policies) WithContainerFilterEnabled() uint64
- type PoliciesConfig
- type PoliciesIterator
- type Policy
- type PolicyManager
- func (pm *PolicyManager) CreateAllIterator() utils.Iterator[*Policy]
- func (pm *PolicyManager) CreateUserlandIterator() utils.Iterator[*Policy]
- func (pm *PolicyManager) DisableEvent(eventId events.ID)
- func (pm *PolicyManager) DisableRule(policyId int, ruleId events.ID)
- func (pm *PolicyManager) EnableEvent(eventId events.ID)
- func (pm *PolicyManager) EnableRule(policyId int, ruleId events.ID)
- func (pm *PolicyManager) FilterableInUserland(bitmap uint64) bool
- func (pm *PolicyManager) IsEnabled(matchedPolicies uint64, ruleId events.ID) bool
- func (pm *PolicyManager) IsEventEnabled(evenId events.ID) bool
- func (pm *PolicyManager) IsRuleEnabled(matchedPolicies uint64, ruleId events.ID) bool
- func (pm *PolicyManager) LookupByName(name string) (*Policy, error)
- func (pm *PolicyManager) MatchedNames(matched uint64) []string
- func (pm *PolicyManager) UpdateBPF(bpfModule *bpf.Module, cts *containers.Containers, ...) (*PoliciesConfig, error)
- func (pm *PolicyManager) WithContainerFilterEnabled() uint64
Constants ¶
const ( // outer maps UIDFilterMapVersion = "uid_filter_version" PIDFilterMapVersion = "pid_filter_version" MntNSFilterMapVersion = "mnt_ns_filter_version" PidNSFilterMapVersion = "pid_ns_filter_version" UTSFilterMapVersion = "uts_ns_filter_version" CommFilterMapVersion = "comm_filter_version" CgroupIdFilterVersion = "cgroup_id_filter_version" ProcessTreeFilterMapVersion = "process_tree_map_version" BinaryFilterMapVersion = "binary_filter_version" PoliciesConfigVersion = "policies_config_version" // inner maps UIDFilterMap = "uid_filter" PIDFilterMap = "pid_filter" MntNSFilterMap = "mnt_ns_filter" PidNSFilterMap = "pid_ns_filter" UTSFilterMap = "uts_ns_filter" CommFilterMap = "comm_filter" CgroupIdFilterMap = "cgroup_id_filter" ProcessTreeFilterMap = "process_tree_map" BinaryFilterMap = "binary_filter" PoliciesConfigMap = "policies_config_map" ProcInfoMap = "proc_info_map" )
const ( PolicyMax = int(64) PolicyAll = ^uint64(0) PolicyNone = uint64(0) )
Variables ¶
var AlwaysSubmit = events.EventState{ Submit: PolicyAll, }
Functions ¶
func PoliciesMaxExceededError ¶
func PoliciesMaxExceededError() error
func PoliciesOutOfRangeError ¶
func PolicyAlreadyExistsError ¶ added in v0.20.0
func PolicyNilError ¶
func PolicyNilError() error
func PolicyNotFoundByIDError ¶ added in v0.20.0
func PolicyNotFoundByNameError ¶ added in v0.20.0
Types ¶
type Policies ¶
type Policies struct {
// contains filtered or unexported fields
}
func NewPolicies ¶
func NewPolicies() *Policies
func (*Policies) Add ¶
Add adds a policy. The policy ID (index) is automatically assigned to the first empty slot.
func (*Policies) ContainerFilterEnabled ¶
ContainerFilterEnabled returns true if at least one policy has a container filter type enabled.
func (*Policies) CreateAllIterator ¶ added in v0.20.0
CreateAllIterator returns a new iterator for all policies.
func (*Policies) CreateUserlandIterator ¶ added in v0.20.0
CreateUserlandIterator returns a new iterator for a reduced list of policies which must be filtered in userland (ArgFilter, RetFilter, ScopeFilter, UIDFilter and PIDFilter).
func (*Policies) FilterableInUserland ¶
FilterableInUserland returns a bitmap of policies that must be filtered in userland (ArgFilter, RetFilter, ScopeFilter, UIDFilter and PIDFilter).
func (*Policies) LookupById ¶ added in v0.20.0
LookupById returns a policy by ID.
func (*Policies) LookupByName ¶ added in v0.20.0
LookupByName returns a policy by name.
func (*Policies) MatchedNames ¶
MatchedNames returns a list of matched policies names based on the given matched bitmap.
func (*Policies) Set ¶
Set sets a policy. A policy overwrite is allowed only if the policy that is going to be overwritten has the same ID and name.
func (*Policies) UpdateBPF ¶ added in v0.20.0
func (ps *Policies) UpdateBPF( bpfModule *bpf.Module, cts *containers.Containers, eventsState map[events.ID]events.EventState, eventsParams map[events.ID][]bufferdecoder.ArgType, createNewMaps bool, updateProcTree bool, ) (*PoliciesConfig, error)
UpdateBPF updates the BPF maps with the policies filters. createNewMaps indicates whether new maps should be created or not. updateProcTree indicates whether the process tree map should be updated or not.
func (*Policies) WithContainerFilterEnabled ¶ added in v0.20.0
WithContainerFilterEnabled returns a bitmap of policies that have at least one container filter type enabled.
type PoliciesConfig ¶ added in v0.20.0
type PoliciesConfig struct {
UIDFilterEnabledScopes uint64
PIDFilterEnabledScopes uint64
MntNsFilterEnabledScopes uint64
PidNsFilterEnabledScopes uint64
UtsNsFilterEnabledScopes uint64
CommFilterEnabledScopes uint64
CgroupIdFilterEnabledScopes uint64
ContFilterEnabledScopes uint64
NewContFilterEnabledScopes uint64
NewPidFilterEnabledScopes uint64
ProcTreeFilterEnabledScopes uint64
BinPathFilterEnabledScopes uint64
FollowFilterEnabledScopes uint64
UIDFilterOutScopes uint64
PIDFilterOutScopes uint64
MntNsFilterOutScopes uint64
PidNsFilterOutScopes uint64
UtsNsFilterOutScopes uint64
CommFilterOutScopes uint64
CgroupIdFilterOutScopes uint64
ContFilterOutScopes uint64
NewContFilterOutScopes uint64
NewPidFilterOutScopes uint64
ProcTreeFilterOutScopes uint64
BinPathFilterOutScopes uint64
EnabledScopes uint64
UidMax uint64
UidMin uint64
PidMax uint64
PidMin uint64
}
PoliciesConfig mirrors the C struct policies_config (policies_config_t). Order of fields is important, as it is used as a value for the PoliciesConfigMap BPF map.
type PoliciesIterator ¶ added in v0.20.0
type PoliciesIterator struct {
// contains filtered or unexported fields
}
PoliciesIterator is an iterator for Policies.
func (*PoliciesIterator) HasNext ¶ added in v0.20.0
func (i *PoliciesIterator) HasNext() bool
HasNext returns true if there are more policies to iterate.
func (*PoliciesIterator) Next ¶ added in v0.20.0
func (i *PoliciesIterator) Next() *Policy
Next returns the next policy in the iteration.
type Policy ¶
type Policy struct {
ID int
Name string
EventsToTrace map[events.ID]string
UIDFilter *filters.UIntFilter[uint32]
PIDFilter *filters.UIntFilter[uint32]
NewPidFilter *filters.BoolFilter
MntNSFilter *filters.UIntFilter[uint64]
PidNSFilter *filters.UIntFilter[uint64]
UTSFilter *filters.StringFilter
CommFilter *filters.StringFilter
ContFilter *filters.BoolFilter
NewContFilter *filters.BoolFilter
ContIDFilter *filters.StringFilter
RetFilter *filters.RetFilter
DataFilter *filters.DataFilter
ScopeFilter *filters.ScopeFilter
ProcessTreeFilter *filters.ProcessTreeFilter
BinaryFilter *filters.BinaryFilter
Follow bool
}
func (*Policy) ContainerFilterEnabled ¶
ContainerFilterEnabled returns true if the policy has at least one container filter type enabled.
type PolicyManager ¶ added in v0.20.0
type PolicyManager struct {
// contains filtered or unexported fields
}
PolicyManager is a thread-safe struct that manages the enabled policies for each rule
func NewPolicyManager ¶ added in v0.20.0
func NewPolicyManager(ps *Policies) *PolicyManager
func (*PolicyManager) CreateAllIterator ¶ added in v0.20.0
func (pm *PolicyManager) CreateAllIterator() utils.Iterator[*Policy]
func (*PolicyManager) CreateUserlandIterator ¶ added in v0.20.0
func (pm *PolicyManager) CreateUserlandIterator() utils.Iterator[*Policy]
func (*PolicyManager) DisableEvent ¶ added in v0.20.0
func (pm *PolicyManager) DisableEvent(eventId events.ID)
DisableEvent disables a given event
func (*PolicyManager) DisableRule ¶ added in v0.20.0
func (pm *PolicyManager) DisableRule(policyId int, ruleId events.ID)
DisableRule disables a rule for a given event policy
func (*PolicyManager) EnableEvent ¶ added in v0.20.0
func (pm *PolicyManager) EnableEvent(eventId events.ID)
EnableEvent enables a given event
func (*PolicyManager) EnableRule ¶ added in v0.20.0
func (pm *PolicyManager) EnableRule(policyId int, ruleId events.ID)
EnableRule enables a rule for a given event policy
func (*PolicyManager) FilterableInUserland ¶ added in v0.20.0
func (pm *PolicyManager) FilterableInUserland(bitmap uint64) bool
func (*PolicyManager) IsEnabled ¶ added in v0.20.0
func (pm *PolicyManager) IsEnabled(matchedPolicies uint64, ruleId events.ID) bool
IsEnabled tests if a event, or a policy per event is enabled (in the future it will also check if a policy is enabled) TODO: add metrics about an event being enabled/disabled, or a policy being enabled/disabled?
func (*PolicyManager) IsEventEnabled ¶ added in v0.20.0
func (pm *PolicyManager) IsEventEnabled(evenId events.ID) bool
IsEventEnabled returns true if a given event policy is enabled for a given rule
func (*PolicyManager) IsRuleEnabled ¶ added in v0.20.0
func (pm *PolicyManager) IsRuleEnabled(matchedPolicies uint64, ruleId events.ID) bool
IsRuleEnabled returns true if a given event policy is enabled for a given rule
func (*PolicyManager) LookupByName ¶ added in v0.20.0
func (pm *PolicyManager) LookupByName(name string) (*Policy, error)
func (*PolicyManager) MatchedNames ¶ added in v0.20.0
func (pm *PolicyManager) MatchedNames(matched uint64) []string
func (*PolicyManager) UpdateBPF ¶ added in v0.20.0
func (pm *PolicyManager) UpdateBPF( bpfModule *bpf.Module, cts *containers.Containers, eventsState map[events.ID]events.EventState, eventsParams map[events.ID][]bufferdecoder.ArgType, createNewMaps bool, updateProcTree bool, ) (*PoliciesConfig, error)
func (*PolicyManager) WithContainerFilterEnabled ¶ added in v0.20.0
func (pm *PolicyManager) WithContainerFilterEnabled() uint64
Source Files
Directories