diff options
| author | Paul Buetow <paul@buetow.org> | 2024-02-17 14:12:01 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-02-17 14:12:01 +0200 |
| commit | c3a41ac0cb15d3f2665d75051260c1909b434548 (patch) | |
| tree | 561ac1b4ba53d465d86e6a49c68ef8e68984b7ce | |
| parent | 08f7a9bfa2ade822fd781609f63a4d71eee1b64e (diff) | |
using global variables for more efficient filtering of events
| -rw-r--r-- | internal/flags/flags.bpf.h | 3 | ||||
| -rw-r--r-- | internal/flags/flags.go | 14 | ||||
| -rw-r--r-- | internal/ioriotng.bpf.c | 5 | ||||
| -rw-r--r-- | internal/ioriotng.go | 5 | ||||
| -rw-r--r-- | internal/types/maps.bpf.h | 7 |
5 files changed, 10 insertions, 24 deletions
diff --git a/internal/flags/flags.bpf.h b/internal/flags/flags.bpf.h new file mode 100644 index 0000000..769d9ef --- /dev/null +++ b/internal/flags/flags.bpf.h @@ -0,0 +1,3 @@ +//+build ignore + +const volatile u32 UID_FILTER = 0; diff --git a/internal/flags/flags.go b/internal/flags/flags.go index 2331762..f139654 100644 --- a/internal/flags/flags.go +++ b/internal/flags/flags.go @@ -3,8 +3,6 @@ package flags import ( "flag" "fmt" - "ioriotng/internal/types" - "unsafe" bpf "github.com/aquasecurity/libbpfgo" ) @@ -23,16 +21,10 @@ func New() (flags Flags) { } func (flags Flags) SetBPF(bpfModule *bpf.Module) error { - flagsMap, err := bpfModule.GetMap("flags_map") - if err != nil { - return err + if err := bpfModule.InitGlobalVariable("UID_FILTER", uint32(flags.UidFilter)); err != nil { + return fmt.Errorf("unable to set up UID_FILTER global variable: %w", err) } - - var ( - key = uint32(1) - flagsValues = types.FlagValues{uint32(flags.UidFilter)} - ) - return flagsMap.Update(unsafe.Pointer(&key), unsafe.Pointer(&flagsValues)) + return nil } func (flags Flags) ResizeBPFMaps(bpfModule *bpf.Module) error { diff --git a/internal/ioriotng.bpf.c b/internal/ioriotng.bpf.c index 3296611..32b831a 100644 --- a/internal/ioriotng.bpf.c +++ b/internal/ioriotng.bpf.c @@ -4,11 +4,10 @@ #include <bpf/bpf_helpers.h> #include "types/types.bpf.h" #include "types/maps.bpf.h" +#include "flags/flags.bpf.h" static inline int filter() { - u32 key = 1; - struct flags *flagsp = bpf_map_lookup_elem(&flags_map, &key); - return flagsp == NULL || (bpf_get_current_uid_gid() & 0xFFFFFFFF) != flagsp->uid_filter; + return (bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER; } SEC("tracepoint/syscalls/sys_enter_openat") diff --git a/internal/ioriotng.go b/internal/ioriotng.go index 2ab2b33..3482a86 100644 --- a/internal/ioriotng.go +++ b/internal/ioriotng.go @@ -35,12 +35,11 @@ func Run(flags flags.Flags) { panic(err) } - err = bpfModule.BPFLoadObject() - if err != nil { + if err := flags.SetBPF(bpfModule); err != nil { panic(err) } - if err := flags.SetBPF(bpfModule); err != nil { + if err := bpfModule.BPFLoadObject(); err != nil { panic(err) } diff --git a/internal/types/maps.bpf.h b/internal/types/maps.bpf.h index dc55993..7ec871c 100644 --- a/internal/types/maps.bpf.h +++ b/internal/types/maps.bpf.h @@ -4,10 +4,3 @@ struct { __uint(type, BPF_MAP_TYPE_RINGBUF); __uint(max_entries, 1 << 24); } event_map SEC(".maps"); - -struct { - __uint(type, BPF_MAP_TYPE_HASH); - __type(key, u32); - __type(value, struct flags); - __uint(max_entries, 1 << 24); -} flags_map SEC(".maps"); |