diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-21 08:16:08 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-21 08:16:08 +0300 |
| commit | be8735fe701f7398c19c17c394f4827614eab875 (patch) | |
| tree | aba59890563edb6e03f2eb82fee5d89b49fa2c81 /internal/tracepoints/selector.go | |
| parent | 3a5706f21d30258577a5934efb93c400dad723db (diff) | |
p7 add attach-time trace dimension gating
Diffstat (limited to 'internal/tracepoints/selector.go')
| -rw-r--r-- | internal/tracepoints/selector.go | 46 |
1 files changed, 42 insertions, 4 deletions
diff --git a/internal/tracepoints/selector.go b/internal/tracepoints/selector.go index af2f39e..91df58f 100644 --- a/internal/tracepoints/selector.go +++ b/internal/tracepoints/selector.go @@ -2,6 +2,7 @@ package tracepoints import ( "fmt" + "maps" "regexp" "slices" "strings" @@ -18,6 +19,12 @@ type Selector struct { // Exclude is the list of compiled regexes that suppress specific // tracepoints even when they match the Attach list. Exclude []*regexp.Regexp + // Syscalls optionally restricts attach to an explicit syscall allowlist. + // Keys are bare syscall names (for example "openat", not "sys_enter_openat"). + // When RestrictSyscalls is true, only entries in this map are attached. + Syscalls map[string]struct{} + // RestrictSyscalls gates whether Syscalls should be enforced. + RestrictSyscalls bool } // ParseSelector parses the comma-separated regex strings for the -tps and @@ -65,11 +72,27 @@ func (s Selector) ShouldAttach(tracepointName string) bool { } } if len(s.Attach) == 0 { - return true + if !s.RestrictSyscalls { + return true + } + syscall, ok := SyscallNameFromTracepoint(tracepointName) + if !ok { + return false + } + _, allowed := s.Syscalls[syscall] + return allowed } for _, re := range s.Attach { if re.MatchString(tracepointName) { - return true + if !s.RestrictSyscalls { + return true + } + syscall, ok := SyscallNameFromTracepoint(tracepointName) + if !ok { + return false + } + _, allowed := s.Syscalls[syscall] + return allowed } } return false @@ -79,7 +102,22 @@ func (s Selector) ShouldAttach(tracepointName string) bool { // copy's slices do not affect the original. func (s Selector) Clone() Selector { return Selector{ - Attach: slices.Clone(s.Attach), - Exclude: slices.Clone(s.Exclude), + Attach: slices.Clone(s.Attach), + Exclude: slices.Clone(s.Exclude), + Syscalls: maps.Clone(s.Syscalls), + RestrictSyscalls: s.RestrictSyscalls, + } +} + +// SyscallNameFromTracepoint returns the bare syscall name for a tracepoint +// (for example "openat" from "sys_enter_openat"). +func SyscallNameFromTracepoint(tracepointName string) (string, bool) { + switch { + case strings.HasPrefix(tracepointName, "sys_enter_"): + return strings.TrimPrefix(tracepointName, "sys_enter_"), true + case strings.HasPrefix(tracepointName, "sys_exit_"): + return strings.TrimPrefix(tracepointName, "sys_exit_"), true + default: + return "", false } } |