From f597b8a99bb92a43c1d806673ca38d3df25a13ca Mon Sep 17 00:00:00 2001 From: Luigi De Matteis Date: Fri, 2 Feb 2024 20:59:07 +0200 Subject: [PATCH] pkg/selectors: deduplicate generic type arguments There are two versions of the same generic type arguments currently in use. This patch unifies them by bringing all arguments into the pkg/generictypes/generictypes.go class. Fixes: #530 Signed-off-by: Luigi De Matteis --- pkg/generictypes/generictypes.go | 3 + pkg/selectors/kernel.go | 136 +++++++++++++------------------ 2 files changed, 59 insertions(+), 80 deletions(-) diff --git a/pkg/generictypes/generictypes.go b/pkg/generictypes/generictypes.go index 98405028413..b05b6b9f98a 100644 --- a/pkg/generictypes/generictypes.go +++ b/pkg/generictypes/generictypes.go @@ -44,6 +44,9 @@ const ( GenericS8Type = 31 GenericU8Type = 32 + GenericUrlType = 33 + GenericFqdnType = 34 + GenericNopType = -1 GenericInvalidType = -2 ) diff --git a/pkg/selectors/kernel.go b/pkg/selectors/kernel.go index 2eb91e221e6..ffceea90911 100644 --- a/pkg/selectors/kernel.go +++ b/pkg/selectors/kernel.go @@ -12,6 +12,7 @@ import ( "github.com/cilium/tetragon/api/v1/tetragon" "github.com/cilium/tetragon/pkg/api/processapi" + gt "github.com/cilium/tetragon/pkg/generictypes" "github.com/cilium/tetragon/pkg/idtable" "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" "github.com/cilium/tetragon/pkg/kernels" @@ -153,69 +154,44 @@ var capabilitiesTypeTable = map[string]uint32{ "permitted": capsPermitted, } -const ( - argTypeInt = 1 - argTypeCharBuf = 2 - argTypeCharIovec = 3 - argTypeSizet = 4 - argTypeSkb = 5 - argTypeString = 6 - argTypeSock = 7 - - argTypeS64 = 10 - argTypeU64 = 11 - argTypeS32 = 12 - argTypeU32 = 13 - - argTypePath = 15 - argTypeFile = 16 - argTypeFd = 17 - - argTypeUrl = 18 - argTypeFqdn = 19 - - // mirrors gt.GenericSyscall64 - argTypeSyscall64 = 28 -) - var argTypeTable = map[string]uint32{ - "int": argTypeInt, - "uint32": argTypeU32, - "int32": argTypeS32, - "uint64": argTypeU64, - "int64": argTypeS64, - "char_buf": argTypeCharBuf, - "char_iovec": argTypeCharIovec, - "sizet": argTypeSizet, - "skb": argTypeSkb, - "string": argTypeString, - "fd": argTypeFd, - "path": argTypePath, - "file": argTypeFile, - "sock": argTypeSock, - "url": argTypeUrl, - "fqdn": argTypeFqdn, - "syscall64": argTypeSyscall64, + "int": gt.GenericIntType, + "uint32": gt.GenericU32Type, + "int32": gt.GenericS32Type, + "uint64": gt.GenericU64Type, + "int64": gt.GenericS64Type, + "char_buf": gt.GenericCharBuffer, + "char_iovec": gt.GenericCharIovec, + "sizet": gt.GenericSizeType, + "skb": gt.GenericSkbType, + "string": gt.GenericStringType, + "fd": gt.GenericFdType, + "path": gt.GenericPathType, + "file": gt.GenericFileType, + "sock": gt.GenericSockType, + "url": gt.GenericUrlType, + "fqdn": gt.GenericFqdnType, + "syscall64": gt.GenericSyscall64, } var argTypeStringTable = map[uint32]string{ - argTypeInt: "int", - argTypeU32: "uint32", - argTypeS32: "int32", - argTypeU64: "uint64", - argTypeS64: "int64", - argTypeCharBuf: "char_buf", - argTypeCharIovec: "char_iovec", - argTypeSizet: "sizet", - argTypeSkb: "skb", - argTypeString: "string", - argTypeFd: "fd", - argTypeFile: "file", - argTypePath: "path", - argTypeSock: "sock", - argTypeUrl: "url", - argTypeFqdn: "fqdn", - argTypeSyscall64: "syscall64", + gt.GenericIntType: "int", + gt.GenericU32Type: "uint32", + gt.GenericS32Type: "int32", + gt.GenericU64Type: "uint64", + gt.GenericS64Type: "int64", + gt.GenericCharBuffer: "char_buf", + gt.GenericCharIovec: "char_iovec", + gt.GenericSizeType: "sizet", + gt.GenericSkbType: "skb", + gt.GenericStringType: "string", + gt.GenericFdType: "fd", + gt.GenericFileType: "file", + gt.GenericPathType: "path", + gt.GenericSockType: "sock", + gt.GenericUrlType: "url", + gt.GenericFqdnType: "fqdn", + gt.GenericSyscall64: "syscall64", } const ( @@ -474,14 +450,14 @@ func writeRangeInMap(v string, ty uint32, op uint32, m *ValueMap) error { } for idx := 0; idx < 2; idx++ { switch ty { - case argTypeS64, argTypeInt: + case gt.GenericS64Type, gt.GenericIntType: i, err := strconv.ParseInt(rangeStr[idx], 10, 64) if err != nil { return fmt.Errorf("MatchArgs value %s invalid: %w", v, err) } sRangeVal[idx] = i - case argTypeU64: + case gt.GenericU64Type: i, err := strconv.ParseUint(rangeStr[idx], 10, 64) if err != nil { return fmt.Errorf("MatchArgs value %s invalid: %w", v, err) @@ -492,7 +468,7 @@ func writeRangeInMap(v string, ty uint32, op uint32, m *ValueMap) error { } } switch ty { - case argTypeS64, argTypeInt: + case gt.GenericS64Type, gt.GenericIntType: if sRangeVal[0] > sRangeVal[1] { sRangeVal[0], sRangeVal[1] = sRangeVal[1], sRangeVal[0] } @@ -502,7 +478,7 @@ func writeRangeInMap(v string, ty uint32, op uint32, m *ValueMap) error { m.Data[valByte] = struct{}{} } - case argTypeU64: + case gt.GenericU64Type: if uRangeVal[0] > uRangeVal[1] { uRangeVal[0], uRangeVal[1] = uRangeVal[1], uRangeVal[0] } @@ -540,9 +516,9 @@ func writeListValuesInMap(k *KernelSelectorState, v string, ty uint32, m *ValueM var val [8]byte switch ty { - case argTypeS64, argTypeInt, argTypeSyscall64: + case gt.GenericS64Type, gt.GenericIntType, gt.GenericSyscall64: binary.LittleEndian.PutUint64(val[:], uint64(values[idx])) - case argTypeU64: + case gt.GenericU64Type: binary.LittleEndian.PutUint64(val[:], uint64(values[idx])) default: return fmt.Errorf("Unknown type: %d", ty) @@ -573,13 +549,13 @@ func writeMatchValuesInMap(k *KernelSelectorState, values []string, ty uint32, o continue } switch ty { - case argTypeS64, argTypeInt, argTypeSyscall64: + case gt.GenericS64Type, gt.GenericIntType, gt.GenericSyscall64: i, err := strconv.ParseInt(v, 10, 64) if err != nil { return fmt.Errorf("MatchArgs value %s invalid: %w", v, err) } binary.LittleEndian.PutUint64(val[:], uint64(i)) - case argTypeU64: + case gt.GenericU64Type: i, err := strconv.ParseUint(v, 10, 64) if err != nil { return fmt.Errorf("MatchArgs value %s invalid: %w", v, err) @@ -686,33 +662,33 @@ func writeMatchValues(k *KernelSelectorState, values []string, ty, op uint32) er for _, v := range values { base := getBase(v) switch ty { - case argTypeS32, argTypeInt, argTypeSizet: + case gt.GenericS32Type, gt.GenericIntType, gt.GenericSizeType: i, err := strconv.ParseInt(v, base, 32) if err != nil { return fmt.Errorf("MatchArgs value %s invalid: %w", v, err) } WriteSelectorInt32(&k.data, int32(i)) - case argTypeU32: + case gt.GenericU32Type: i, err := strconv.ParseUint(v, base, 32) if err != nil { return fmt.Errorf("MatchArgs value %s invalid: %w", v, err) } WriteSelectorUint32(&k.data, uint32(i)) - case argTypeS64: + case gt.GenericS64Type: i, err := strconv.ParseInt(v, base, 64) if err != nil { return fmt.Errorf("MatchArgs value %s invalid: %w", v, err) } WriteSelectorInt64(&k.data, int64(i)) - case argTypeU64: + case gt.GenericU64Type: i, err := strconv.ParseUint(v, base, 64) if err != nil { return fmt.Errorf("MatchArgs value %s invalid: %w", v, err) } WriteSelectorUint64(&k.data, uint64(i)) - case argTypeSock, argTypeSkb: + case gt.GenericSockType, gt.GenericSkbType: return fmt.Errorf("MatchArgs type sock and skb do not support operator %s", selectorOpStringTable[op]) - case argTypeCharIovec: + case gt.GenericCharIovec: return fmt.Errorf("MatchArgs values %s unsupported", v) } } @@ -723,7 +699,7 @@ func writeMatchStrings(k *KernelSelectorState, values []string, ty uint32) error maps := k.createStringMaps() for _, v := range values { - trimNulSuffix := ty == argTypeString + trimNulSuffix := ty == gt.GenericStringType value, size, err := ArgStringSelectorValue(v, trimNulSuffix) if err != nil { return fmt.Errorf("MatchArgs value %s invalid: %w", v, err) @@ -777,7 +753,7 @@ func writePostfixStrings(k *KernelSelectorState, values []string, ty uint32) err for _, v := range values { var value []byte var size uint32 - if ty == argTypeCharBuf { + if ty == gt.GenericCharBuffer { value, size = ArgPostfixSelectorValue(v, false) } else { value, size = ArgPostfixSelectorValue(v, true) @@ -835,7 +811,7 @@ func ParseMatchArg(k *KernelSelectorState, arg *v1alpha1.ArgSelector, sig []v1al } case SelectorOpEQ, SelectorOpNEQ: switch ty { - case argTypeFd, argTypeFile, argTypePath, argTypeString, argTypeCharBuf: + case gt.GenericFdType, gt.GenericFileType, gt.GenericPathType, gt.GenericStringType, gt.GenericCharBuffer: err := writeMatchStrings(k, arg.Values, ty) if err != nil { return fmt.Errorf("writeMatchStrings error: %w", err) @@ -857,15 +833,15 @@ func ParseMatchArg(k *KernelSelectorState, arg *v1alpha1.ArgSelector, sig []v1al return fmt.Errorf("writePostfixStrings error: %w", err) } case SelectorOpSport, SelectorOpDport, SelectorOpNotSport, SelectorOpNotDport, SelectorOpProtocol, SelectorOpFamily, SelectorOpState: - if ty != argTypeSock && ty != argTypeSkb { + if ty != gt.GenericSockType && ty != gt.GenericSkbType { return fmt.Errorf("sock/skb operators specified for non-sock/skb type") } - err := writeMatchRangesInMap(k, arg.Values, argTypeU64, op) // force type for ports and protocols as ty is sock/skb + err := writeMatchRangesInMap(k, arg.Values, gt.GenericU64Type, op) // force type for ports and protocols as ty is sock/skb if err != nil { return fmt.Errorf("writeMatchRangesInMap error: %w", err) } case SelectorOpSaddr, SelectorOpDaddr, SelectorOpNotSaddr, SelectorOpNotDaddr: - if ty != argTypeSock && ty != argTypeSkb { + if ty != gt.GenericSockType && ty != gt.GenericSkbType { return fmt.Errorf("sock/skb operators specified for non-sock/skb type") } err := writeMatchAddrsInMap(k, arg.Values) @@ -874,7 +850,7 @@ func ParseMatchArg(k *KernelSelectorState, arg *v1alpha1.ArgSelector, sig []v1al } case SelectorOpSportPriv, SelectorOpDportPriv, SelectorOpNotSportPriv, SelectorOpNotDportPriv: // These selectors do not take any values, but we do check that they are only used for sock/skb. - if ty != argTypeSock && ty != argTypeSkb { + if ty != gt.GenericSockType && ty != gt.GenericSkbType { return fmt.Errorf("sock/skb operators specified for non-sock/skb type") } default: