-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
kfilters_bpf.go
139 lines (118 loc) · 2.92 KB
/
kfilters_bpf.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.
//go:build linux
// Package kfilters holds kfilters related files
package kfilters
import (
"github.com/DataDog/datadog-agent/pkg/security/probe/managerhelper"
manager "github.com/DataDog/ebpf-manager"
)
type activeKFilter interface {
Remove(*manager.Manager) error
Apply(*manager.Manager) error
Key() interface{}
GetTableName() string
}
type activeKFilters map[interface{}]activeKFilter
func newActiveKFilters(kfilters ...activeKFilter) (ak activeKFilters) {
ak = make(map[interface{}]activeKFilter)
for _, kfilter := range kfilters {
if kfilter != nil {
ak.Add(kfilter)
}
}
return
}
func (ak activeKFilters) HasKey(key interface{}) bool {
_, found := ak[key]
return found
}
func (ak activeKFilters) Sub(ak2 activeKFilters) {
for key := range ak {
if _, found := ak2[key]; found {
delete(ak, key)
}
}
}
func (ak activeKFilters) Add(a activeKFilter) {
ak[a.Key()] = a
}
func (ak activeKFilters) Remove(a activeKFilter) {
delete(ak, a.Key())
}
type mapHash struct {
tableName string
key interface{}
}
type arrayEntry struct {
tableName string
index interface{}
value interface{}
zeroValue interface{}
}
func (e *arrayEntry) Key() interface{} {
return mapHash{
tableName: e.tableName,
key: e.index,
}
}
func (e *arrayEntry) GetTableName() string {
return e.tableName
}
func (e *arrayEntry) Remove(manager *manager.Manager) error {
table, err := managerhelper.Map(manager, e.tableName)
if err != nil {
return err
}
return table.Put(e.index, e.zeroValue)
}
func (e *arrayEntry) Apply(manager *manager.Manager) error {
table, err := managerhelper.Map(manager, e.tableName)
if err != nil {
return err
}
return table.Put(e.index, e.value)
}
type mapEventMask struct {
tableName string
tableKey interface{}
key interface{}
eventMask uint64
}
func (e *mapEventMask) Key() interface{} {
return mapHash{
tableName: e.tableName,
key: e.key,
}
}
func (e *mapEventMask) GetTableName() string {
return e.tableName
}
func (e *mapEventMask) Remove(manager *manager.Manager) error {
table, err := managerhelper.Map(manager, e.tableName)
if err != nil {
return err
}
var eventMask uint64
if err := table.Lookup(e.tableKey, &eventMask); err != nil {
return err
}
if eventMask &^= e.eventMask; eventMask == 0 {
return table.Delete(e.tableKey)
}
return table.Put(e.tableKey, eventMask)
}
func (e *mapEventMask) Apply(manager *manager.Manager) error {
table, err := managerhelper.Map(manager, e.tableName)
if err != nil {
return err
}
var eventMask uint64
_ = table.Lookup(e.tableKey, &eventMask)
if eventMask |= e.eventMask; eventMask == 0 {
return table.Delete(e.tableKey)
}
return table.Put(e.tableKey, eventMask)
}