Skip to content

Commit 61c1d5d

Browse files
yanivagmanyanivagman
committed
renames
1 parent c8e2c7b commit 61c1d5d

1 file changed

Lines changed: 89 additions & 102 deletions

File tree

pkg/policy/ebpf.go

Lines changed: 89 additions & 102 deletions
Original file line numberDiff line numberDiff line change
@@ -298,38 +298,39 @@ func (pm *PolicyManager) computeScopeFiltersConfig(eventID events.ID) scopeFilte
298298
return cfg
299299
}
300300

301-
// updateUIntFilterBPF updates the BPF maps for the given uint RuleBitmaps.
301+
// updateUIntFilterBPF updates the BPF maps for the given uint filter map.
302302
func (pm *PolicyManager) updateUIntFilterBPF(
303303
bpfModule *bpf.Module,
304-
ruleBitmaps map[filterVersionKey]map[uint64]ruleBitmap,
304+
filterMap map[filterVersionKey]map[uint64]ruleBitmap,
305305
innerMapName string,
306306
outerMapName string,
307307
) error {
308-
for fvKey, rBitmaps := range ruleBitmaps {
308+
for vKey, innerMap := range filterMap {
309309
// Skip if no rules exist for this version/event
310-
if len(rBitmaps) == 0 {
310+
if len(innerMap) == 0 {
311311
continue
312312
}
313313

314314
// Get or create inner map
315-
bpfMap, _, err := pm.createAndUpdateInnerMap(bpfModule, innerMapName, outerMapName, fvKey)
315+
bpfMap, _, err := pm.createAndUpdateInnerMap(bpfModule, innerMapName, outerMapName, vKey)
316316
if err != nil {
317317
return fmt.Errorf("creating/getting inner map for version %d event %d: %w",
318-
fvKey.Version, fvKey.EventID, err)
318+
vKey.Version, vKey.EventID, err)
319319
}
320320

321-
for k, v := range rBitmaps {
322-
// Inner map type: u32 (key) -> eq_t (value)
323-
// where eq_t is { uint64_t equals_in_rules, uint64_t key_used_in_rules }
324-
u32Key := uint32(k)
325-
keyPointer := unsafe.Pointer(&u32Key)
321+
for key, bitmap := range innerMap {
322+
// Convert the uint64 key to []byte
323+
keyBytes := make([]byte, 4)
324+
binary.LittleEndian.PutUint32(keyBytes, uint32(key))
325+
keyPointer := unsafe.Pointer(&keyBytes[0])
326326

327-
eqVal := make([]byte, ruleBitmapSize)
328-
valuePointer := unsafe.Pointer(&eqVal[0])
329-
330-
binary.LittleEndian.PutUint64(eqVal[0:8], v.equalsInRules)
331-
binary.LittleEndian.PutUint64(eqVal[8:16], v.keyUsedInRules)
327+
// Convert the ruleBitmap to []byte
328+
bitmapBytes := make([]byte, ruleBitmapSize)
329+
binary.LittleEndian.PutUint64(bitmapBytes[0:8], bitmap.equalsInRules)
330+
binary.LittleEndian.PutUint64(bitmapBytes[8:16], bitmap.keyUsedInRules)
331+
valuePointer := unsafe.Pointer(&bitmapBytes[0])
332332

333+
// Update the BPF map
333334
if err := bpfMap.Update(keyPointer, valuePointer); err != nil {
334335
return errfmt.WrapError(err)
335336
}
@@ -339,40 +340,37 @@ func (pm *PolicyManager) updateUIntFilterBPF(
339340
return nil
340341
}
341342

342-
// updateStringFilterBPF updates the BPF maps for the given string RuleBitmaps.
343+
// updateStringFilterBPF updates the BPF maps for the given string filter map.
343344
func (pm *PolicyManager) updateStringFilterBPF(
344345
bpfModule *bpf.Module,
345-
ruleBitmaps map[filterVersionKey]map[string]ruleBitmap,
346+
filterMap map[filterVersionKey]map[string]ruleBitmap,
346347
innerMapName string,
347348
outerMapName string,
348349
) error {
349-
for fvKey, rBitmaps := range ruleBitmaps {
350+
for vKey, innerMap := range filterMap {
350351
// Skip if no rules exist for this version/event
351-
if len(rBitmaps) == 0 {
352+
if len(innerMap) == 0 {
352353
continue
353354
}
354355

355356
// Get or create inner map
356-
bpfMap, _, err := pm.createAndUpdateInnerMap(bpfModule, innerMapName, outerMapName, fvKey)
357+
bpfMap, _, err := pm.createAndUpdateInnerMap(bpfModule, innerMapName, outerMapName, vKey)
357358
if err != nil {
358359
return fmt.Errorf("creating/getting inner map for version %d event %d: %w",
359-
fvKey.Version, fvKey.EventID, err)
360+
vKey.Version, vKey.EventID, err)
360361
}
361362

362-
for k, v := range rBitmaps {
363-
// Inner map type: string_filter_t (key) -> eq_t (value)
364-
// where string_filter_t is a fixed size char array
365-
// and eq_t is { uint64_t equals_in_rules, uint64_t key_used_in_rules }
363+
for key, bitmap := range innerMap {
366364
byteStr := make([]byte, maxBpfStrFilterSize)
367-
copy(byteStr, k)
365+
copy(byteStr, key)
368366
keyPointer := unsafe.Pointer(&byteStr[0])
369367

370-
eqVal := make([]byte, ruleBitmapSize)
371-
valuePointer := unsafe.Pointer(&eqVal[0])
372-
373-
binary.LittleEndian.PutUint64(eqVal[0:8], v.equalsInRules)
374-
binary.LittleEndian.PutUint64(eqVal[8:16], v.keyUsedInRules)
368+
bitmapBytes := make([]byte, ruleBitmapSize)
369+
binary.LittleEndian.PutUint64(bitmapBytes[0:8], bitmap.equalsInRules)
370+
binary.LittleEndian.PutUint64(bitmapBytes[8:16], bitmap.keyUsedInRules)
371+
valuePointer := unsafe.Pointer(&bitmapBytes[0])
375372

373+
// Update the BPF map
376374
if err := bpfMap.Update(keyPointer, valuePointer); err != nil {
377375
return errfmt.WrapError(err)
378376
}
@@ -382,51 +380,48 @@ func (pm *PolicyManager) updateStringFilterBPF(
382380
return nil
383381
}
384382

385-
// updateBinaryFilterBPF updates the BPF maps for the given binary RuleBitmaps.
383+
// updateBinaryFilterBPF updates the BPF maps for the given binary filter map.
386384
func (pm *PolicyManager) updateBinaryFilterBPF(
387385
bpfModule *bpf.Module,
388-
ruleBitmaps map[filterVersionKey]map[filters.NSBinary]ruleBitmap,
386+
filterMap map[filterVersionKey]map[filters.NSBinary]ruleBitmap,
389387
innerMapName string,
390388
outerMapName string,
391389
) error {
392-
for fvKey, rBitmaps := range ruleBitmaps {
390+
for vKey, innerMap := range filterMap {
393391
// Skip if no rules exist for this version/event
394-
if len(rBitmaps) == 0 {
392+
if len(innerMap) == 0 {
395393
continue
396394
}
397395

398396
// Get or create inner map
399-
bpfMap, _, err := pm.createAndUpdateInnerMap(bpfModule, innerMapName, outerMapName, fvKey)
397+
bpfMap, _, err := pm.createAndUpdateInnerMap(bpfModule, innerMapName, outerMapName, vKey)
400398
if err != nil {
401399
return fmt.Errorf("creating/getting inner map for version %d event %d: %w",
402-
fvKey.Version, fvKey.EventID, err)
400+
vKey.Version, vKey.EventID, err)
403401
}
404402

405-
for k, v := range rBitmaps {
406-
if len(k.Path) > maxBpfBinPathSize {
407-
return filters.InvalidValue(k.Path)
403+
for key, bitmap := range innerMap {
404+
if len(key.Path) > maxBpfBinPathSize {
405+
return filters.InvalidValue(key.Path)
408406
}
409407

410-
// Inner map type: binary_t (key) -> eq_t (value)
411-
// where binary_t is { uint32_t mount_ns, char path[MAX_BIN_PATH_SIZE] }
412-
// and eq_t is { uint64_t equals_in_rules, uint64_t key_used_in_rules }
413408
binBytes := make([]byte, bpfBinFilterSize)
414-
if k.MntNS == 0 {
409+
if key.MntNS == 0 {
415410
// if no mount namespace given, bpf map key is only the path
416-
copy(binBytes, k.Path)
411+
copy(binBytes, key.Path)
417412
} else {
418413
// otherwise, key is composed of the mount namespace and the path
419-
binary.LittleEndian.PutUint32(binBytes, k.MntNS)
420-
copy(binBytes[4:], k.Path)
414+
binary.LittleEndian.PutUint32(binBytes, key.MntNS)
415+
copy(binBytes[4:], key.Path)
421416
}
422417
keyPointer := unsafe.Pointer(&binBytes[0])
423418

424-
eqVal := make([]byte, ruleBitmapSize)
425-
valuePointer := unsafe.Pointer(&eqVal[0])
426-
427-
binary.LittleEndian.PutUint64(eqVal[0:8], v.equalsInRules)
428-
binary.LittleEndian.PutUint64(eqVal[8:16], v.keyUsedInRules)
419+
bitmapBytes := make([]byte, ruleBitmapSize)
420+
binary.LittleEndian.PutUint64(bitmapBytes[0:8], bitmap.equalsInRules)
421+
binary.LittleEndian.PutUint64(bitmapBytes[8:16], bitmap.keyUsedInRules)
422+
valuePointer := unsafe.Pointer(&bitmapBytes[0])
429423

424+
// Update the BPF map
430425
if err := bpfMap.Update(keyPointer, valuePointer); err != nil {
431426
return errfmt.WrapError(err)
432427
}
@@ -436,52 +431,47 @@ func (pm *PolicyManager) updateBinaryFilterBPF(
436431
return nil
437432
}
438433

439-
// updateStringDataFilterLPMBPF updates the BPF maps for the given kernel data LPM RuleBitmaps.
434+
// updateStringDataFilterLPMBPF updates the BPF maps for the given kernel data LPM filter map.
440435
func (pm *PolicyManager) updateStringDataFilterLPMBPF(
441436
bpfModule *bpf.Module,
442-
ruleBitmaps map[filterVersionKey]map[string]ruleBitmap,
437+
filterMap map[filterVersionKey]map[string]ruleBitmap,
443438
innerMapName string,
444439
outerMapName string,
445440
) error {
446-
for fvKey, rBitmaps := range ruleBitmaps {
441+
for vKey, innerMap := range filterMap {
447442
// Skip if no rules exist for this version/event
448-
if len(rBitmaps) == 0 {
443+
if len(innerMap) == 0 {
449444
continue
450445
}
451446

452447
// Get or create inner map
453-
bpfMap, _, err := pm.createAndUpdateInnerMap(bpfModule, innerMapName, outerMapName, fvKey)
448+
bpfMap, _, err := pm.createAndUpdateInnerMap(bpfModule, innerMapName, outerMapName, vKey)
454449
if err != nil {
455450
return fmt.Errorf("creating/getting inner map for version %d event %d: %w",
456-
fvKey.Version, fvKey.EventID, err)
451+
vKey.Version, vKey.EventID, err)
457452
}
458453

459-
for k, v := range rBitmaps {
454+
for key, bitmap := range innerMap {
460455
// Ensure the string length is within the maximum allowed limit,
461456
// excluding the NULL terminator.
462-
if len(k) > maxBpfDataFilterStrSize-1 {
463-
return filters.InvalidValueMax(k, maxBpfDataFilterStrSize-1)
457+
if len(key) > maxBpfDataFilterStrSize-1 {
458+
return filters.InvalidValueMax(key, maxBpfDataFilterStrSize-1)
464459
}
465460

466-
// Inner map type: data_filter_lpm_key_t (key) -> eq_t (value)
467-
// where data_filter_lpm_key_t is { uint32_t prefixlen, char str[MAX_DATA_STR_SIZE] }
468-
// and eq_t is { uint64_t equals_in_rules, uint64_t key_used_in_rules }
469-
binBytes := make([]byte, bpfDataFilterStrSize)
470-
471461
// key is composed of: prefixlen and a string
472462
// multiply by 8 to convert prefix length from bytes to bits for LPM Trie
473-
prefixlen := len(k) * 8
474-
binary.LittleEndian.PutUint32(binBytes, uint32(prefixlen)) // prefixlen
475-
copy(binBytes[4:], k) // string
476-
477-
keyPointer := unsafe.Pointer(&binBytes[0])
478-
479-
eqVal := make([]byte, ruleBitmapSize)
480-
valuePointer := unsafe.Pointer(&eqVal[0])
481-
482-
binary.LittleEndian.PutUint64(eqVal[0:8], v.equalsInRules)
483-
binary.LittleEndian.PutUint64(eqVal[8:16], v.keyUsedInRules)
484-
463+
keyBytes := make([]byte, bpfDataFilterStrSize)
464+
prefixlen := len(key) * 8
465+
binary.LittleEndian.PutUint32(keyBytes, uint32(prefixlen))
466+
copy(keyBytes[4:], key)
467+
keyPointer := unsafe.Pointer(&keyBytes[0])
468+
469+
bitmapBytes := make([]byte, ruleBitmapSize)
470+
binary.LittleEndian.PutUint64(bitmapBytes[0:8], bitmap.equalsInRules)
471+
binary.LittleEndian.PutUint64(bitmapBytes[8:16], bitmap.keyUsedInRules)
472+
valuePointer := unsafe.Pointer(&bitmapBytes[0])
473+
474+
// Update the BPF map
485475
if err := bpfMap.Update(keyPointer, valuePointer); err != nil {
486476
return errfmt.WrapError(err)
487477
}
@@ -491,46 +481,43 @@ func (pm *PolicyManager) updateStringDataFilterLPMBPF(
491481
return nil
492482
}
493483

494-
// updateStringDataFilterBPF updates the BPF maps for the given kernel data RuleBitmaps.
484+
// updateStringDataFilterBPF updates the BPF maps for the given kernel data filter map.
495485
func (pm *PolicyManager) updateStringDataFilterBPF(
496486
bpfModule *bpf.Module,
497-
ruleBitmaps map[filterVersionKey]map[string]ruleBitmap,
487+
filterMap map[filterVersionKey]map[string]ruleBitmap,
498488
innerMapName string,
499489
outerMapName string,
500490
) error {
501-
for fvKey, rBitmaps := range ruleBitmaps {
491+
for vKey, innerMap := range filterMap {
502492
// Skip if no rules exist for this version/event
503-
if len(rBitmaps) == 0 {
493+
if len(innerMap) == 0 {
504494
continue
505495
}
506496

507497
// Get or create inner map
508-
bpfMap, _, err := pm.createAndUpdateInnerMap(bpfModule, innerMapName, outerMapName, fvKey)
498+
bpfMap, _, err := pm.createAndUpdateInnerMap(bpfModule, innerMapName, outerMapName, vKey)
509499
if err != nil {
510500
return fmt.Errorf("creating/getting inner map for version %d event %d: %w",
511-
fvKey.Version, fvKey.EventID, err)
501+
vKey.Version, vKey.EventID, err)
512502
}
513503

514-
for k, v := range rBitmaps {
504+
for key, bitmap := range innerMap {
515505
// Ensure the string length is within the maximum allowed limit,
516506
// excluding the NULL terminator
517-
if len(k) > maxBpfDataFilterStrSize-1 {
518-
return filters.InvalidValueMax(k, maxBpfDataFilterStrSize-1)
507+
if len(key) > maxBpfDataFilterStrSize-1 {
508+
return filters.InvalidValueMax(key, maxBpfDataFilterStrSize-1)
519509
}
520510

521-
// Inner map type: data_filter_key_t (key) -> eq_t (value)
522-
// where data_filter_key_t is a fixed size char array
523-
// and eq_t is { uint64_t equals_in_rules, uint64_t key_used_in_rules }
524-
binBytes := make([]byte, maxBpfDataFilterStrSize)
525-
copy(binBytes, k) // string
526-
keyPointer := unsafe.Pointer(&binBytes[0])
527-
528-
eqVal := make([]byte, ruleBitmapSize)
529-
valuePointer := unsafe.Pointer(&eqVal[0])
511+
keyBytes := make([]byte, maxBpfDataFilterStrSize)
512+
copy(keyBytes, key) // string
513+
keyPointer := unsafe.Pointer(&keyBytes[0])
530514

531-
binary.LittleEndian.PutUint64(eqVal[0:8], v.equalsInRules)
532-
binary.LittleEndian.PutUint64(eqVal[8:16], v.keyUsedInRules)
515+
bitmapBytes := make([]byte, ruleBitmapSize)
516+
binary.LittleEndian.PutUint64(bitmapBytes[0:8], bitmap.equalsInRules)
517+
binary.LittleEndian.PutUint64(bitmapBytes[8:16], bitmap.keyUsedInRules)
518+
valuePointer := unsafe.Pointer(&bitmapBytes[0])
533519

520+
// Update the BPF map
534521
if err := bpfMap.Update(keyPointer, valuePointer); err != nil {
535522
return errfmt.WrapError(err)
536523
}
@@ -649,7 +636,7 @@ type procInfo struct {
649636
// populateProcInfoMap populates the ProcInfoMap with the binaries to track.
650637
// TODO: Should ProcInfoMap be cleared when a Policies new version is created?
651638
// Or should it be versioned too?
652-
func populateProcInfoMap(bpfModule *bpf.Module, ruleBitmaps map[filterVersionKey]map[filters.NSBinary]ruleBitmap) error {
639+
func populateProcInfoMap(bpfModule *bpf.Module, filterMap map[filterVersionKey]map[filters.NSBinary]ruleBitmap) error {
653640
procInfoMap, err := bpfModule.GetMap(ProcInfoMap)
654641
if err != nil {
655642
return errfmt.WrapError(err)
@@ -660,8 +647,8 @@ func populateProcInfoMap(bpfModule *bpf.Module, ruleBitmaps map[filterVersionKey
660647
return errfmt.WrapError(err)
661648
}
662649

663-
for _, rBitmaps := range ruleBitmaps {
664-
for bin := range rBitmaps {
650+
for _, innerMap := range filterMap {
651+
for bin := range innerMap {
665652
procs := binsProcs[bin.Path]
666653
for _, p := range procs {
667654
binBytes := make([]byte, maxBpfBinPathSize)

0 commit comments

Comments
 (0)