-
Notifications
You must be signed in to change notification settings - Fork 2
/
policy.go
94 lines (72 loc) · 2.2 KB
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package ebpftracer
import (
"time"
"github.com/castai/kvisor/pkg/ebpftracer/events"
"github.com/castai/kvisor/pkg/ebpftracer/types"
)
type Policy struct {
SystemEvents []events.ID // List of events required for internal tasks such as cache cleanup
SignatureEvents []events.ID
Events []*EventPolicy
Output PolicyOutputConfig
}
// PreEventFilter allows for filtering of events coming from the kernel before they are decoded
type PreEventFilter func(ctx *types.EventContext) error
// EventFilterGenerator Produces an pre event filter for each call
type PreEventFilterGenerator func() PreEventFilter
// EventFilter allows for filtering of events before they are send to the server
type EventFilter func(event *types.Event) error
// EventFilterGenerator Produces an event filter for each call
type EventFilterGenerator func() EventFilter
type EventPolicy struct {
ID events.ID
PreFilterGenerator PreEventFilterGenerator
FilterGenerator EventFilterGenerator
}
// RateLimitPolicy allows to configure event rate limiting.
type RateLimitPolicy struct {
// If interval is set rate limit can be used as interval based sampling. In such case burst is always 1.
Interval time.Duration
// Rate is events per second.
Rate float64
Burst int
}
type LRUPolicy struct {
Size int
}
type PolicyOutputConfig struct {
StackAddresses bool
ExecEnv bool
RelativeTime bool
ExecHash bool
ParseArguments bool
ParseArgumentsFDs bool
EventsSorting bool
}
func newCgroupEventPolicy(policy *EventPolicy) *cgroupEventPolicy {
result := &cgroupEventPolicy{}
if policy.PreFilterGenerator != nil {
result.preFilter = policy.PreFilterGenerator()
}
if policy.FilterGenerator != nil {
result.filter = policy.FilterGenerator()
}
return result
}
// cgroupEventPolicy is internal structure to work with event policies per cgroups.
type cgroupEventPolicy struct {
preFilter PreEventFilter
filter EventFilter
}
func (c *cgroupEventPolicy) allowPre(ctx *types.EventContext) error {
if c.preFilter != nil {
return c.preFilter(ctx)
}
return nil
}
func (c *cgroupEventPolicy) allow(event *types.Event) error {
if c.filter != nil {
return c.filter(event)
}
return nil
}