Skip to content

Commit

Permalink
tetragon: Add Postfix and NotPostfix operators to matchBinaries selector
Browse files Browse the repository at this point in the history
Adding Postifx and NotPostfix operators to matchBinaries selector as it
already done for matchArgs selector.

Signed-off-by: Andrei Fedotov <[email protected]>
  • Loading branch information
anfedotoff committed Aug 12, 2024
1 parent 15d9c1f commit c84e55d
Show file tree
Hide file tree
Showing 13 changed files with 80 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -456,6 +456,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -1065,6 +1067,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -1705,6 +1709,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -2282,6 +2288,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -456,6 +456,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -1065,6 +1067,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -1705,6 +1709,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -2282,6 +2288,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down
5 changes: 4 additions & 1 deletion pkg/api/processapi/processapi.go
Original file line number Diff line number Diff line change
Expand Up @@ -139,8 +139,11 @@ type MsgCapabilities struct {
}

type Binary struct {
PathLength int64
PathLength int32
Reversed uint32
Path [BINARY_PATH_MAX_LEN]byte
End [BINARY_PATH_MAX_LEN]byte
End_r [BINARY_PATH_MAX_LEN]byte
MBSet uint64
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -456,6 +456,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -1065,6 +1067,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -1705,6 +1709,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -2282,6 +2288,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -456,6 +456,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -1065,6 +1067,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -1705,6 +1709,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down Expand Up @@ -2282,6 +2288,8 @@ spec:
- NotIn
- Prefix
- NotPrefix
- Postfix
- NotPostfix
type: string
values:
description: Value to compare the argument against.
Expand Down
2 changes: 1 addition & 1 deletion pkg/k8s/apis/cilium.io/v1alpha1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ type KProbeArg struct {
}

type BinarySelector struct {
// +kubebuilder:validation:Enum=In;NotIn;Prefix;NotPrefix
// +kubebuilder:validation:Enum=In;NotIn;Prefix;NotPrefix;Postfix;NotPostfix
// Filter operation.
Operator string `json:"operator"`
// Value to compare the argument against.
Expand Down
2 changes: 1 addition & 1 deletion pkg/k8s/apis/cilium.io/v1alpha1/version.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ package v1alpha1
// Used to determine if CRD needs to be updated in cluster
//
// Developers: Bump patch for each change in the CRD schema.
const CustomResourceDefinitionSchemaVersion = "1.2.3"
const CustomResourceDefinitionSchemaVersion = "1.2.4"
27 changes: 23 additions & 4 deletions pkg/selectors/kernel.go
Original file line number Diff line number Diff line change
Expand Up @@ -712,7 +712,7 @@ func writePrefixStrings(k *KernelSelectorState, values []string) error {
return nil
}

func writePostfixStrings(k *KernelSelectorState, values []string, ty uint32) error {
func writePostfix(k *KernelSelectorState, values []string, ty uint32, selector string) (uint32, error) {
mid, m := k.newStringPostfixMap()
for _, v := range values {
var value []byte
Expand All @@ -725,7 +725,7 @@ func writePostfixStrings(k *KernelSelectorState, values []string, ty uint32) err
// Due to the constraints of the reverse copy in BPF, we will not be able to match a postfix
// longer than 127 characters, so throw an error if the user specified one.
if size >= StringPostfixMaxLength {
return fmt.Errorf("MatchArgs value %s invalid: string is longer than %d characters", v, StringPostfixMaxLength-1)
return 0, fmt.Errorf("%s value %s invalid: string is longer than %d characters", selector, v, StringPostfixMaxLength-1)
}
val := KernelLPMTrieStringPostfix{prefixLen: size * 8} // postfix is in bits, but size is in bytes
// Copy postfix in reverse order, so that it can be used in LPM map
Expand All @@ -734,7 +734,18 @@ func writePostfixStrings(k *KernelSelectorState, values []string, ty uint32) err
}
m[val] = struct{}{}
}
// write the map id into the selector
return mid, nil
}

func writePostfixBinaries(k *KernelSelectorState, values []string) (uint32, error) {
return writePostfix(k, values, gt.GenericCharBuffer, "MatchBinaries")
}

func writePostfixStrings(k *KernelSelectorState, values []string, ty uint32) error {
mid, err := writePostfix(k, values, ty, "MatchArgs")
if err != nil {
return err
}
WriteSelectorUint32(&k.data, mid)
return nil
}
Expand Down Expand Up @@ -1209,8 +1220,16 @@ func ParseMatchBinary(k *KernelSelectorState, b *v1alpha1.BinarySelector, selIdx
if err != nil {
return fmt.Errorf("failed to write the prefix operator for the matchBinaries selector: %w", err)
}
case SelectorOpPostfix, SelectorOpNotPostfix:
if !kernels.EnableLargeProgs() {
return fmt.Errorf("matchBinary error: \"Postfix\" and \"NotPostfix\" operators need large BPF progs (kernel>5.3)")
}
sel.MapID, err = writePostfixBinaries(k, b.Values)
if err != nil {
return fmt.Errorf("failed to write the prefix operator for the matchBinaries selector: %w", err)
}
default:
return fmt.Errorf("matchBinary error: Only \"In\", \"NotIn\", \"Prefix\" and \"NotPrefix\" operators are supported")
return fmt.Errorf("matchBinary error: Only \"In\", \"NotIn\", \"Prefix\", \"NotPrefix\", \"Postfix\" and \"NotPostfix\" operators are supported")
}

k.AddMatchBinaries(selIdx, sel)
Expand Down
2 changes: 1 addition & 1 deletion pkg/sensors/exec/procevents/proc_reader.go
Original file line number Diff line number Diff line change
Expand Up @@ -350,7 +350,7 @@ func writeExecveMap(procs []procs) {
v.Namespaces.CgroupInum = p.cgroup_ns
v.Namespaces.UserInum = p.user_ns
pathLength := copy(v.Binary.Path[:], p.exe)
v.Binary.PathLength = int64(pathLength)
v.Binary.PathLength = int32(pathLength)

err := m.Put(k, v)
if err != nil {
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit c84e55d

Please sign in to comment.