tetra: fix --policy-names to apply all event types

In #1867, the `--policy-names` flag was added to filter events based on the tracing policy. However, the filter was only appled to `kprobe` events. This patch extends the filter to support all events types: `kprobe`, `tracepoint`, `uprobe` and `lsm`. Signed-off-by: Justin Chen <[email protected]>
cilium · Oct 25, 2024 · 547ccdd · 547ccdd
1 parent f535464
commit 547ccdd
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 51 deletions.
diff --git a/pkg/filters/filters.go b/pkg/filters/filters.go
@@ -127,5 +127,17 @@ func GetPolicyName(event *v1.Event) string {
 	if !ok {
 		return ""
 	}
-	return helpers.ResponseGetProcessKprobe(response).GetPolicyName()
+
+	switch ev := (response.Event).(type) {
+	case *tetragon.GetEventsResponse_ProcessKprobe:
+		return ev.ProcessKprobe.GetPolicyName()
+	case *tetragon.GetEventsResponse_ProcessTracepoint:
+		return ev.ProcessTracepoint.GetPolicyName()
+	case *tetragon.GetEventsResponse_ProcessUprobe:
+		return ev.ProcessUprobe.GetPolicyName()
+	case *tetragon.GetEventsResponse_ProcessLsm:
+		return ev.ProcessLsm.GetPolicyName()
+	default:
+		return ""
+	}
 }
diff --git a/pkg/filters/policies_test.go b/pkg/filters/policies_test.go
@@ -18,14 +18,11 @@ func TestPolicyNamesFilterInvalidEvent(t *testing.T) {
 	filterFuncs := []OnBuildFilter{&PolicyNamesFilter{}}
 	fs, err := BuildFilterList(ctx, filters, filterFuncs)
 	assert.NoError(t, err)
-	ev := v1.Event{
-		Event: &tetragon.GetEventsResponse{
-			Event: &tetragon.GetEventsResponse_ProcessKprobe{
-				ProcessKprobe: &tetragon.ProcessKprobe{},
-			},
-		},
+
+	events := eventsWithPolicyName("")
+	for _, ev := range events {
+		assert.False(t, fs.MatchOne(&ev))
 	}
-	assert.False(t, fs.MatchOne(&ev))
 }
 
 func TestPolicyNamesFilterCorrectValue(t *testing.T) {
@@ -34,36 +31,22 @@ func TestPolicyNamesFilterCorrectValue(t *testing.T) {
 	filterFuncs := []OnBuildFilter{&PolicyNamesFilter{}}
 	fs, err := BuildFilterList(ctx, filters, filterFuncs)
 	assert.NoError(t, err)
-	ev := v1.Event{
-		Event: &tetragon.GetEventsResponse{
-			Event: &tetragon.GetEventsResponse_ProcessKprobe{
-				ProcessKprobe: &tetragon.ProcessKprobe{
-					PolicyName: "red-policy",
-				},
-			},
-		},
-	}
-	assert.True(t, fs.MatchOne(&ev))
-	ev = v1.Event{
-		Event: &tetragon.GetEventsResponse{
-			Event: &tetragon.GetEventsResponse_ProcessKprobe{
-				ProcessKprobe: &tetragon.ProcessKprobe{
-					PolicyName: "blue-policy",
-				},
-			},
-		},
+
+	testCases := []struct {
+		policyName string
+		match      bool
+	}{
+		{"red-policy", true},
+		{"blue-policy", true},
+		{"yellow-policy", false},
 	}
-	assert.True(t, fs.MatchOne(&ev))
-	ev = v1.Event{
-		Event: &tetragon.GetEventsResponse{
-			Event: &tetragon.GetEventsResponse_ProcessKprobe{
-				ProcessKprobe: &tetragon.ProcessKprobe{
-					PolicyName: "yellow-policy",
-				},
-			},
-		},
+
+	for _, tc := range testCases {
+		events := eventsWithPolicyName(tc.policyName)
+		for _, ev := range events {
+			assert.Equal(t, tc.match, fs.MatchOne(&ev))
+		}
 	}
-	assert.False(t, fs.MatchOne(&ev))
 }
 
 func TestPolicyNamesFilterEmptyValue(t *testing.T) {
@@ -73,16 +56,10 @@ func TestPolicyNamesFilterEmptyValue(t *testing.T) {
 	fs, err := BuildFilterList(ctx, filters, filterFuncs)
 	assert.NoError(t, err)
 	// empty selector matches nothing
-	ev := v1.Event{
-		Event: &tetragon.GetEventsResponse{
-			Event: &tetragon.GetEventsResponse_ProcessKprobe{
-				ProcessKprobe: &tetragon.ProcessKprobe{
-					PolicyName: "red-policy",
-				},
-			},
-		},
+	events := eventsWithPolicyName("red-policy")
+	for _, ev := range events {
+		assert.False(t, fs.MatchOne(&ev))
 	}
-	assert.False(t, fs.MatchOne(&ev))
 }
 
 func TestPolicyNamesFilterNilValue(t *testing.T) {
@@ -92,14 +69,51 @@ func TestPolicyNamesFilterNilValue(t *testing.T) {
 	fs, err := BuildFilterList(ctx, filters, filterFuncs)
 	assert.NoError(t, err)
 	// nil selector matches everything, i.e., does not filter events
-	ev := v1.Event{
-		Event: &tetragon.GetEventsResponse{
-			Event: &tetragon.GetEventsResponse_ProcessKprobe{
-				ProcessKprobe: &tetragon.ProcessKprobe{
-					PolicyName: "red-policy",
+	events := eventsWithPolicyName("red-policy")
+	for _, ev := range events {
+		assert.True(t, fs.MatchOne(&ev))
+	}
+}
+
+// eventsWithPolicyName generates kprobe, tracepoint, uprobe, and lsm events
+// with the specified policy name.
+func eventsWithPolicyName(policyName string) []v1.Event {
+	return []v1.Event{
+		{
+			Event: &tetragon.GetEventsResponse{
+				Event: &tetragon.GetEventsResponse_ProcessKprobe{
+					ProcessKprobe: &tetragon.ProcessKprobe{
+						PolicyName: policyName,
+					},
+				},
+			},
+		},
+		{
+			Event: &tetragon.GetEventsResponse{
+				Event: &tetragon.GetEventsResponse_ProcessTracepoint{
+					ProcessTracepoint: &tetragon.ProcessTracepoint{
+						PolicyName: policyName,
+					},
+				},
+			},
+		},
+		{
+			Event: &tetragon.GetEventsResponse{
+				Event: &tetragon.GetEventsResponse_ProcessUprobe{
+					ProcessUprobe: &tetragon.ProcessUprobe{
+						PolicyName: policyName,
+					},
+				},
+			},
+		},
+		{
+			Event: &tetragon.GetEventsResponse{
+				Event: &tetragon.GetEventsResponse_ProcessLsm{
+					ProcessLsm: &tetragon.ProcessLsm{
+						PolicyName: policyName,
+					},
 				},
 			},
 		},
 	}
-	assert.True(t, fs.MatchOne(&ev))
 }