-
Notifications
You must be signed in to change notification settings - Fork 1
/
policy.go
72 lines (66 loc) · 2.44 KB
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package policy
import (
"github.com/nextlinux/tracee/pkg/events"
"github.com/nextlinux/tracee/pkg/filters"
)
const (
UIDFilterMap = "uid_filter"
PIDFilterMap = "pid_filter"
MntNSFilterMap = "mnt_ns_filter"
PidNSFilterMap = "pid_ns_filter"
UTSFilterMap = "uts_ns_filter"
CommFilterMap = "comm_filter"
ProcessTreeFilterMap = "process_tree_map"
CgroupIdFilterMap = "cgroup_id_filter"
ContIdFilter = "cont_id_filter"
BinaryFilterMap = "binary_filter"
ProcInfoMap = "proc_info_map"
)
type Policy struct {
ID int
Name string
EventsToTrace map[events.ID]string
UIDFilter *filters.BPFUIntFilter[uint32]
PIDFilter *filters.BPFUIntFilter[uint32]
NewPidFilter *filters.BoolFilter
MntNSFilter *filters.BPFUIntFilter[uint64]
PidNSFilter *filters.BPFUIntFilter[uint64]
UTSFilter *filters.BPFStringFilter
CommFilter *filters.BPFStringFilter
ContFilter *filters.BoolFilter
NewContFilter *filters.BoolFilter
ContIDFilter *filters.ContainerFilter
RetFilter *filters.RetFilter
ArgFilter *filters.ArgFilter
ContextFilter *filters.ContextFilter
ProcessTreeFilter *filters.ProcessTreeFilter
BinaryFilter *filters.BPFBinaryFilter
Follow bool
}
func NewPolicy() *Policy {
return &Policy{
ID: 0,
Name: "",
EventsToTrace: map[events.ID]string{},
UIDFilter: filters.NewBPFUInt32Filter(UIDFilterMap),
PIDFilter: filters.NewBPFUInt32Filter(PIDFilterMap),
NewPidFilter: filters.NewBoolFilter(),
MntNSFilter: filters.NewBPFUIntFilter(MntNSFilterMap),
PidNSFilter: filters.NewBPFUIntFilter(PidNSFilterMap),
UTSFilter: filters.NewBPFStringFilter(UTSFilterMap),
CommFilter: filters.NewBPFStringFilter(CommFilterMap),
ContFilter: filters.NewBoolFilter(),
NewContFilter: filters.NewBoolFilter(),
ContIDFilter: filters.NewContainerFilter(CgroupIdFilterMap),
RetFilter: filters.NewRetFilter(),
ArgFilter: filters.NewArgFilter(),
ContextFilter: filters.NewContextFilter(),
ProcessTreeFilter: filters.NewProcessTreeFilter(ProcessTreeFilterMap),
BinaryFilter: filters.NewBPFBinaryFilter(BinaryFilterMap, ProcInfoMap),
Follow: false,
}
}
const MaxPolicies = 64
func isIDInRange(id int) bool {
return id >= 0 && id < MaxPolicies
}