From ba06bb981c3c9168781b72c8de0ef4ebfc40b95f Mon Sep 17 00:00:00 2001 From: Justin Chen Date: Fri, 25 Oct 2024 15:12:03 +0800 Subject: [PATCH] tetra: fix `--policy-names` to apply all event types In #1867, the `--policy-names` flag was added to filter events based on the tracing policy. However, the filter was only appled to `kprobe` events. This patch extends the filter to support all events types: `kprobe`, `tracepoint`, `uprobe` and `lsm`. Signed-off-by: Justin Chen --- pkg/filters/filters.go | 14 ++++- pkg/filters/policies_test.go | 114 ++++++++++++++++++++--------------- 2 files changed, 77 insertions(+), 51 deletions(-) diff --git a/pkg/filters/filters.go b/pkg/filters/filters.go index 3659dd8b6e2..648f7457b02 100644 --- a/pkg/filters/filters.go +++ b/pkg/filters/filters.go @@ -127,5 +127,17 @@ func GetPolicyName(event *v1.Event) string { if !ok { return "" } - return helpers.ResponseGetProcessKprobe(response).GetPolicyName() + + switch ev := (response.Event).(type) { + case *tetragon.GetEventsResponse_ProcessKprobe: + return ev.ProcessKprobe.GetPolicyName() + case *tetragon.GetEventsResponse_ProcessTracepoint: + return ev.ProcessTracepoint.GetPolicyName() + case *tetragon.GetEventsResponse_ProcessUprobe: + return ev.ProcessUprobe.GetPolicyName() + case *tetragon.GetEventsResponse_ProcessLsm: + return ev.ProcessLsm.GetPolicyName() + default: + return "" + } } diff --git a/pkg/filters/policies_test.go b/pkg/filters/policies_test.go index 2af0f088b61..ef44e6d85bf 100644 --- a/pkg/filters/policies_test.go +++ b/pkg/filters/policies_test.go @@ -18,14 +18,11 @@ func TestPolicyNamesFilterInvalidEvent(t *testing.T) { filterFuncs := []OnBuildFilter{&PolicyNamesFilter{}} fs, err := BuildFilterList(ctx, filters, filterFuncs) assert.NoError(t, err) - ev := v1.Event{ - Event: &tetragon.GetEventsResponse{ - Event: &tetragon.GetEventsResponse_ProcessKprobe{ - ProcessKprobe: &tetragon.ProcessKprobe{}, - }, - }, + + events := eventsWithPolicyName("") + for _, ev := range events { + assert.False(t, fs.MatchOne(&ev)) } - assert.False(t, fs.MatchOne(&ev)) } func TestPolicyNamesFilterCorrectValue(t *testing.T) { @@ -34,36 +31,22 @@ func TestPolicyNamesFilterCorrectValue(t *testing.T) { filterFuncs := []OnBuildFilter{&PolicyNamesFilter{}} fs, err := BuildFilterList(ctx, filters, filterFuncs) assert.NoError(t, err) - ev := v1.Event{ - Event: &tetragon.GetEventsResponse{ - Event: &tetragon.GetEventsResponse_ProcessKprobe{ - ProcessKprobe: &tetragon.ProcessKprobe{ - PolicyName: "red-policy", - }, - }, - }, - } - assert.True(t, fs.MatchOne(&ev)) - ev = v1.Event{ - Event: &tetragon.GetEventsResponse{ - Event: &tetragon.GetEventsResponse_ProcessKprobe{ - ProcessKprobe: &tetragon.ProcessKprobe{ - PolicyName: "blue-policy", - }, - }, - }, + + testCases := []struct { + policyName string + match bool + }{ + {"red-policy", true}, + {"blue-policy", true}, + {"yellow-policy", false}, } - assert.True(t, fs.MatchOne(&ev)) - ev = v1.Event{ - Event: &tetragon.GetEventsResponse{ - Event: &tetragon.GetEventsResponse_ProcessKprobe{ - ProcessKprobe: &tetragon.ProcessKprobe{ - PolicyName: "yellow-policy", - }, - }, - }, + + for _, tc := range testCases { + events := eventsWithPolicyName(tc.policyName) + for _, ev := range events { + assert.Equal(t, tc.match, fs.MatchOne(&ev)) + } } - assert.False(t, fs.MatchOne(&ev)) } func TestPolicyNamesFilterEmptyValue(t *testing.T) { @@ -73,16 +56,10 @@ func TestPolicyNamesFilterEmptyValue(t *testing.T) { fs, err := BuildFilterList(ctx, filters, filterFuncs) assert.NoError(t, err) // empty selector matches nothing - ev := v1.Event{ - Event: &tetragon.GetEventsResponse{ - Event: &tetragon.GetEventsResponse_ProcessKprobe{ - ProcessKprobe: &tetragon.ProcessKprobe{ - PolicyName: "red-policy", - }, - }, - }, + events := eventsWithPolicyName("red-policy") + for _, ev := range events { + assert.False(t, fs.MatchOne(&ev)) } - assert.False(t, fs.MatchOne(&ev)) } func TestPolicyNamesFilterNilValue(t *testing.T) { @@ -92,14 +69,51 @@ func TestPolicyNamesFilterNilValue(t *testing.T) { fs, err := BuildFilterList(ctx, filters, filterFuncs) assert.NoError(t, err) // nil selector matches everything, i.e., does not filter events - ev := v1.Event{ - Event: &tetragon.GetEventsResponse{ - Event: &tetragon.GetEventsResponse_ProcessKprobe{ - ProcessKprobe: &tetragon.ProcessKprobe{ - PolicyName: "red-policy", + events := eventsWithPolicyName("red-policy") + for _, ev := range events { + assert.True(t, fs.MatchOne(&ev)) + } +} + +// eventsWithPolicyName generates kprobe, tracepoint, uprobe, and lsm events +// with the specified policy name. +func eventsWithPolicyName(policyName string) []v1.Event { + return []v1.Event{ + { + Event: &tetragon.GetEventsResponse{ + Event: &tetragon.GetEventsResponse_ProcessKprobe{ + ProcessKprobe: &tetragon.ProcessKprobe{ + PolicyName: policyName, + }, + }, + }, + }, + { + Event: &tetragon.GetEventsResponse{ + Event: &tetragon.GetEventsResponse_ProcessTracepoint{ + ProcessTracepoint: &tetragon.ProcessTracepoint{ + PolicyName: policyName, + }, + }, + }, + }, + { + Event: &tetragon.GetEventsResponse{ + Event: &tetragon.GetEventsResponse_ProcessUprobe{ + ProcessUprobe: &tetragon.ProcessUprobe{ + PolicyName: policyName, + }, + }, + }, + }, + { + Event: &tetragon.GetEventsResponse{ + Event: &tetragon.GetEventsResponse_ProcessLsm{ + ProcessLsm: &tetragon.ProcessLsm{ + PolicyName: policyName, + }, }, }, }, } - assert.True(t, fs.MatchOne(&ev)) }