github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/pkg/ebpftracer/policy.go (about)

     1  package ebpftracer
     2  
     3  import (
     4  	"time"
     5  
     6  	"github.com/castai/kvisor/pkg/ebpftracer/events"
     7  	"github.com/castai/kvisor/pkg/ebpftracer/types"
     8  )
     9  
    10  type Policy struct {
    11  	SystemEvents    []events.ID // List of events required for internal tasks such as cache cleanup
    12  	SignatureEvents []events.ID
    13  	Events          []*EventPolicy
    14  	Output          PolicyOutputConfig
    15  }
    16  
    17  // PreEventFilter allows for filtering of events coming from the kernel before they are decoded
    18  type PreEventFilter func(ctx *types.EventContext) error
    19  
    20  // EventFilterGenerator Produces an pre event filter for each call
    21  type PreEventFilterGenerator func() PreEventFilter
    22  
    23  // EventFilter allows for filtering of events before they are send to the server
    24  type EventFilter func(event *types.Event) error
    25  
    26  // EventFilterGenerator Produces an event filter for each call
    27  type EventFilterGenerator func() EventFilter
    28  
    29  type EventPolicy struct {
    30  	ID                 events.ID
    31  	PreFilterGenerator PreEventFilterGenerator
    32  	FilterGenerator    EventFilterGenerator
    33  }
    34  
    35  // RateLimitPolicy allows to configure event rate limiting.
    36  type RateLimitPolicy struct {
    37  	// If interval is set rate limit can be used as interval based sampling. In such case burst is always 1.
    38  	Interval time.Duration
    39  
    40  	// Rate is events per second.
    41  	Rate  float64
    42  	Burst int
    43  }
    44  
    45  type LRUPolicy struct {
    46  	Size int
    47  }
    48  
    49  type PolicyOutputConfig struct {
    50  	StackAddresses bool
    51  	ExecEnv        bool
    52  	RelativeTime   bool
    53  	ExecHash       bool
    54  
    55  	ParseArguments    bool
    56  	ParseArgumentsFDs bool
    57  	EventsSorting     bool
    58  }
    59  
    60  func newCgroupEventPolicy(policy *EventPolicy) *cgroupEventPolicy {
    61  	result := &cgroupEventPolicy{}
    62  
    63  	if policy.PreFilterGenerator != nil {
    64  		result.preFilter = policy.PreFilterGenerator()
    65  	}
    66  
    67  	if policy.FilterGenerator != nil {
    68  		result.filter = policy.FilterGenerator()
    69  	}
    70  
    71  	return result
    72  }
    73  
    74  // cgroupEventPolicy is internal structure to work with event policies per cgroups.
    75  type cgroupEventPolicy struct {
    76  	preFilter PreEventFilter
    77  	filter    EventFilter
    78  }
    79  
    80  func (c *cgroupEventPolicy) allowPre(ctx *types.EventContext) error {
    81  	if c.preFilter != nil {
    82  		return c.preFilter(ctx)
    83  	}
    84  
    85  	return nil
    86  }
    87  
    88  func (c *cgroupEventPolicy) allow(event *types.Event) error {
    89  	if c.filter != nil {
    90  		return c.filter(event)
    91  	}
    92  
    93  	return nil
    94  }