New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix in netmasks #1091

Merged
merged 2 commits into from Apr 4, 2018

Conversation

Projects
None yet
2 participants
@mstemm
Contributor

mstemm commented Apr 2, 2018

Previously, if an expression had an xxx in (a, b, c, ...) check, the
values a, b, c would be put in a set and xxx would do a set membership
test to see if it's in the set.

For almost all filtercheck types, this is preferred, but for some types
like PT_IPV4NET, you can't actually do set membership tests, as the
notion of equals isn't a simple == operator.

So for PT_IPV4NET and any type that trivially returns false from
::flt_compare(), instead of doing the set membership test, compare the
filtercheck values individually and return true as soon as you find one
that is equal.

This fixes falcosecurity/falco#339.

mstemm added some commits Apr 2, 2018

Only do set equality/group searches for some types
Previously, if an expression had an xxx in (a, b, c, ...) check, the
values a, b, c would be put in a set and xxx would do a set membership
test to see if it's in the set.

For almost all filtercheck types, this is preferred, but for some types
like PT_IPV4NET, you can't actually do set membership tests, as the
notion of equals isn't a simple == operator.

So for PT_IPV4NET and any type that trivially returns false from
::flt_compare(), instead of doing the set membership test, compare the
filtercheck values individually and return true as soon as you find one
that is equal.

This fixes falcosecurity/falco#339.
Allow in matches for fd.net
If a filter check has an in operator against a set of values, which gets
turned into a piecewise equality comparison, treat the operator CO_IN
just like CO_EQ.

@mstemm mstemm requested a review from mattpag Apr 2, 2018

mstemm added a commit to falcosecurity/falco that referenced this pull request Apr 2, 2018

@mattpag

mattpag approved these changes Apr 3, 2018

lgtm!

@mstemm mstemm merged commit 1bb9f0b into dev Apr 4, 2018

3 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
sign-off-checker The commit doesn't require sysdig sign-off CLA because it belongs to mstemm part of draios/sysdig collaborators
Details

@mstemm mstemm deleted the fix-in-netmasks branch Apr 4, 2018

mstemm added a commit to falcosecurity/falco that referenced this pull request Apr 4, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment