diff --git a/bpf/lib/process.h b/bpf/lib/process.h index 865d32a5556..a4f14948f7d 100644 --- a/bpf/lib/process.h +++ b/bpf/lib/process.h @@ -7,6 +7,7 @@ #include "bpf_event.h" #include "bpf_helpers.h" #include "bpf_cred.h" +#include "../process/string_maps.h" /* Applying 'packed' attribute to structs causes clang to write to the * members byte-by-byte, as offsets may not be aligned. This is bad for @@ -274,6 +275,7 @@ struct msg_k8s { struct heap_exe { char buf[BINARY_PATH_MAX_LEN]; + char end[STRING_POSTFIX_MAX_LENGTH]; __u32 len; __u32 error; }; // All fields aligned so no 'packed' attribute. @@ -311,10 +313,16 @@ typedef __u64 mbset_t; struct binary { // length of the path stored in path, this should be < BINARY_PATH_MAX_LEN // but can contain negative value in case of copy error. - // While s16 would be sufficient, 64 bits are handy for alignment. - __s64 path_length; + // While s16 would be sufficient, 32 bits are handy for alignment. + __s32 path_length; + // if end_r contains reversed path postfix + __u32 reversed; // BINARY_PATH_MAX_LEN first bytes of the path char path[BINARY_PATH_MAX_LEN]; + // STRING_POSTFIX_MAX_LENGTH last bytes of the path + char end[STRING_POSTFIX_MAX_LENGTH]; + // STRING_POSTFIX_MAX_LENGTH reversed last bytes of the path + char end_r[STRING_POSTFIX_MAX_LENGTH]; // matchBinary bitset for binary mbset_t mb_bitset; }; // All fields aligned so no 'packed' attribute diff --git a/bpf/process/bpf_execve_event.c b/bpf/process/bpf_execve_event.c index 6cc4288f262..af8e4d46f2b 100644 --- a/bpf/process/bpf_execve_event.c +++ b/bpf/process/bpf_execve_event.c @@ -179,6 +179,8 @@ read_exe(struct task_struct *task, struct heap_exe *exe) { struct file *file = BPF_CORE_READ(task, mm, exe_file); struct path *path = __builtin_preserve_access_index(&file->f_path); + __u64 offset = 0; + __u64 revlen = STRING_POSTFIX_MAX_LENGTH - 1; // we need to walk the complete 4096 len dentry in order to have an accurate // matching on the prefix operators, even if we only keep a subset of that @@ -188,14 +190,20 @@ read_exe(struct task_struct *task, struct heap_exe *exe) if (!buffer) return 0; + if (exe->len > STRING_POSTFIX_MAX_LENGTH - 1) + offset = exe->len - (STRING_POSTFIX_MAX_LENGTH - 1); + else + revlen = exe->len; // buffer used by d_path_local can contain up to MAX_BUF_LEN i.e. 4096 we // only keep the first 255 chars for our needs (we sacrifice one char to the // verifier for the > 0 check) - if (exe->len > 255) - exe->len = 255; + if (exe->len > BINARY_PATH_MAX_LEN - 1) + exe->len = BINARY_PATH_MAX_LEN - 1; asm volatile("%[len] &= 0xff;\n" : [len] "+r"(exe->len)); probe_read(exe->buf, exe->len, buffer); + if (revlen < STRING_POSTFIX_MAX_LENGTH) + probe_read(exe->end, revlen, (char *)(buffer + offset)); return exe->len; } @@ -378,6 +386,11 @@ execve_send(void *ctx) curr->bin.path_length = probe_read(curr->bin.path, event->exe.len, event->exe.buf); if (curr->bin.path_length == 0) curr->bin.path_length = event->exe.len; + __u64 revlen = event->exe.len; + + if (event->exe.len > STRING_POSTFIX_MAX_LENGTH - 1) + revlen = STRING_POSTFIX_MAX_LENGTH - 1; + probe_read(curr->bin.end, revlen, event->exe.end); } #else // reuse p->args first string that contains the filename, this can't be diff --git a/bpf/process/types/basic.h b/bpf/process/types/basic.h index 41fa4c5be2d..06de0defca1 100644 --- a/bpf/process/types/basic.h +++ b/bpf/process/types/basic.h @@ -827,10 +827,7 @@ filter_char_buf_prefix(struct selector_arg_filter *filter, char *arg_str, uint a return !!pass; } -// Define a mask for the maximum path length on Linux. -#define PATH_MASK (4096 - 1) - -FUNC_INLINE void copy_reverse(__u8 *dest, uint len, __u8 *src, uint offset) +FUNC_INLINE void __copy_reverse(__u8 *dest, uint len, __u8 *src, uint offset, uint mask) { uint i; @@ -849,12 +846,25 @@ FUNC_INLINE void copy_reverse(__u8 *dest, uint len, __u8 *src, uint offset) // Alternative (prettier) fixes resulted in a confused verifier // unfortunately. for (i = 0; i < (STRING_POSTFIX_MAX_MATCH_LENGTH - 1); i++) { - dest[i & STRING_POSTFIX_MAX_MASK] = src[(len + offset - 1 - i) & PATH_MASK]; + dest[i & STRING_POSTFIX_MAX_MASK] = src[(len + offset - 1 - i) & mask]; if (len + offset == (i + 1)) return; } } +// Define a mask for the maximum path length on Linux. +#define PATH_MASK (4096 - 1) + +FUNC_INLINE void copy_reverse(__u8 *dest, uint len, __u8 *src, uint offset) +{ + __copy_reverse(dest, len, src, offset, PATH_MASK); +} + +FUNC_INLINE void file_copy_reverse(__u8 *dest, uint len, __u8 *src, uint offset) +{ + __copy_reverse(dest, len, src, offset, STRING_POSTFIX_MAX_LENGTH - 1); +} + FUNC_LOCAL long filter_char_buf_postfix(struct selector_arg_filter *filter, char *arg_str, uint arg_len) { @@ -1554,7 +1564,10 @@ FUNC_INLINE int match_binaries(__u32 selidx) __u8 *found_key; #ifdef __LARGE_BPF_PROG struct string_prefix_lpm_trie prefix_key; - long ret; + struct string_postfix_lpm_trie *postfix_key; + __u64 postfix_len = STRING_POSTFIX_MAX_MATCH_LENGTH - 1; + + int zero = 0; #endif /* __LARGE_BPF_PROG */ struct match_binaries_sel_opts *selector_options; @@ -1602,11 +1615,30 @@ FUNC_INLINE int match_binaries(__u32 selidx) // prepare the key on the stack to perform lookup in the LPM_TRIE memset(&prefix_key, 0, sizeof(prefix_key)); prefix_key.prefixlen = current->bin.path_length * 8; // prefixlen is in bits - ret = probe_read(prefix_key.data, current->bin.path_length & (STRING_PREFIX_MAX_LENGTH - 1), current->bin.path); - if (ret < 0) + if (probe_read(prefix_key.data, current->bin.path_length & (STRING_PREFIX_MAX_LENGTH - 1), current->bin.path) < 0) return 0; found_key = map_lookup_elem(path_map, &prefix_key); break; + case op_filter_str_postfix: + case op_filter_str_notpostfix: + path_map = map_lookup_elem(&string_postfix_maps, &selector_options->map_id); + if (!path_map) + return 0; + if (current->bin.path_length < STRING_POSTFIX_MAX_MATCH_LENGTH) + postfix_len = current->bin.path_length; + postfix_key = (struct string_postfix_lpm_trie *)map_lookup_elem(&string_postfix_maps_heap, &zero); + if (!postfix_key) + return 0; + postfix_key->prefixlen = postfix_len * 8; // prefixlen is in bits + if (!current->bin.reversed) { + file_copy_reverse((__u8 *)current->bin.end_r, postfix_len, (__u8 *)current->bin.end, current->bin.path_length - postfix_len); + current->bin.reversed = true; + } + if (postfix_len < STRING_POSTFIX_MAX_MATCH_LENGTH) + if (probe_read(postfix_key->data, postfix_len, current->bin.end_r) < 0) + return 0; + found_key = map_lookup_elem(path_map, postfix_key); + break; #endif /* __LARGE_BPF_PROG */ default: // should not happen diff --git a/docs/content/en/docs/concepts/tracing-policy/selectors.md b/docs/content/en/docs/concepts/tracing-policy/selectors.md index 32f60554566..c0f38fe7d1e 100644 --- a/docs/content/en/docs/concepts/tracing-policy/selectors.md +++ b/docs/content/en/docs/concepts/tracing-policy/selectors.md @@ -158,9 +158,17 @@ calls and kernel functions that are coming from `cat` or `tail`. - "/usr/bin/tail" ``` -Currently, only the `In` operator type is supported and the `values` field has -to be a map of `strings`. The default behaviour is `followForks: true`, so all -the child processes are followed. The current limitation is 4 values. +The available operators for `matchBinaries` are: +- `In` +- `NotIn` +- `Prefix` +- `NotPrefix` +- `Postfix` +- `NotPostfix` + +The `values` field has to be a map of `strings`. The default behaviour +is `followForks: true`, so all the child processes are followed. +The current limitation is 4 values. **Further examples** diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml index 8287774126b..0524ff9df29 100644 --- a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml +++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml @@ -456,6 +456,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1065,6 +1067,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1705,6 +1709,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -2282,6 +2288,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml index 2578bb937a6..f7aed86615b 100644 --- a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml +++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml @@ -456,6 +456,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1065,6 +1067,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1705,6 +1709,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -2282,6 +2288,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. diff --git a/pkg/api/processapi/processapi.go b/pkg/api/processapi/processapi.go index 7854630282c..4329efa60f0 100644 --- a/pkg/api/processapi/processapi.go +++ b/pkg/api/processapi/processapi.go @@ -45,6 +45,8 @@ const ( MSG_COMMON_FLAG_USER_STACKTRACE = 0x4 BINARY_PATH_MAX_LEN = 256 + + STRING_POSTFIX_MAX_LENGTH = 128 ) type MsgExec struct { @@ -139,8 +141,11 @@ type MsgCapabilities struct { } type Binary struct { - PathLength int64 + PathLength int32 + Reversed uint32 Path [BINARY_PATH_MAX_LEN]byte + End [STRING_POSTFIX_MAX_LENGTH]byte + End_r [STRING_POSTFIX_MAX_LENGTH]byte MBSet uint64 } diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index 8287774126b..0524ff9df29 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -456,6 +456,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1065,6 +1067,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1705,6 +1709,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -2282,6 +2288,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index 2578bb937a6..f7aed86615b 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -456,6 +456,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1065,6 +1067,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1705,6 +1709,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -2282,6 +2288,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/types.go b/pkg/k8s/apis/cilium.io/v1alpha1/types.go index 76cb339679c..2c2059684ac 100644 --- a/pkg/k8s/apis/cilium.io/v1alpha1/types.go +++ b/pkg/k8s/apis/cilium.io/v1alpha1/types.go @@ -90,7 +90,7 @@ type KProbeArg struct { } type BinarySelector struct { - // +kubebuilder:validation:Enum=In;NotIn;Prefix;NotPrefix + // +kubebuilder:validation:Enum=In;NotIn;Prefix;NotPrefix;Postfix;NotPostfix // Filter operation. Operator string `json:"operator"` // Value to compare the argument against. diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/version.go b/pkg/k8s/apis/cilium.io/v1alpha1/version.go index 72d1c52eb9d..8d62932e8be 100644 --- a/pkg/k8s/apis/cilium.io/v1alpha1/version.go +++ b/pkg/k8s/apis/cilium.io/v1alpha1/version.go @@ -7,4 +7,4 @@ package v1alpha1 // Used to determine if CRD needs to be updated in cluster // // Developers: Bump patch for each change in the CRD schema. -const CustomResourceDefinitionSchemaVersion = "1.2.3" +const CustomResourceDefinitionSchemaVersion = "1.2.4" diff --git a/pkg/selectors/kernel.go b/pkg/selectors/kernel.go index a4eb84ef385..105118c7baa 100644 --- a/pkg/selectors/kernel.go +++ b/pkg/selectors/kernel.go @@ -712,7 +712,7 @@ func writePrefixStrings(k *KernelSelectorState, values []string) error { return nil } -func writePostfixStrings(k *KernelSelectorState, values []string, ty uint32) error { +func writePostfix(k *KernelSelectorState, values []string, ty uint32, selector string) (uint32, error) { mid, m := k.newStringPostfixMap() for _, v := range values { var value []byte @@ -725,7 +725,7 @@ func writePostfixStrings(k *KernelSelectorState, values []string, ty uint32) err // Due to the constraints of the reverse copy in BPF, we will not be able to match a postfix // longer than 127 characters, so throw an error if the user specified one. if size >= StringPostfixMaxLength { - return fmt.Errorf("MatchArgs value %s invalid: string is longer than %d characters", v, StringPostfixMaxLength-1) + return 0, fmt.Errorf("%s value %s invalid: string is longer than %d characters", selector, v, StringPostfixMaxLength-1) } val := KernelLPMTrieStringPostfix{prefixLen: size * 8} // postfix is in bits, but size is in bytes // Copy postfix in reverse order, so that it can be used in LPM map @@ -734,7 +734,18 @@ func writePostfixStrings(k *KernelSelectorState, values []string, ty uint32) err } m[val] = struct{}{} } - // write the map id into the selector + return mid, nil +} + +func writePostfixBinaries(k *KernelSelectorState, values []string) (uint32, error) { + return writePostfix(k, values, gt.GenericCharBuffer, "MatchBinaries") +} + +func writePostfixStrings(k *KernelSelectorState, values []string, ty uint32) error { + mid, err := writePostfix(k, values, ty, "MatchArgs") + if err != nil { + return err + } WriteSelectorUint32(&k.data, mid) return nil } @@ -1209,8 +1220,16 @@ func ParseMatchBinary(k *KernelSelectorState, b *v1alpha1.BinarySelector, selIdx if err != nil { return fmt.Errorf("failed to write the prefix operator for the matchBinaries selector: %w", err) } + case SelectorOpPostfix, SelectorOpNotPostfix: + if !kernels.EnableLargeProgs() { + return fmt.Errorf("matchBinary error: \"Postfix\" and \"NotPostfix\" operators need large BPF progs (kernel>5.3)") + } + sel.MapID, err = writePostfixBinaries(k, b.Values) + if err != nil { + return fmt.Errorf("failed to write the prefix operator for the matchBinaries selector: %w", err) + } default: - return fmt.Errorf("matchBinary error: Only \"In\", \"NotIn\", \"Prefix\" and \"NotPrefix\" operators are supported") + return fmt.Errorf("matchBinary error: Only \"In\", \"NotIn\", \"Prefix\", \"NotPrefix\", \"Postfix\" and \"NotPostfix\" operators are supported") } k.AddMatchBinaries(selIdx, sel) diff --git a/pkg/sensors/exec/procevents/proc_reader.go b/pkg/sensors/exec/procevents/proc_reader.go index 5ce33b8f45a..ecd5951a244 100644 --- a/pkg/sensors/exec/procevents/proc_reader.go +++ b/pkg/sensors/exec/procevents/proc_reader.go @@ -350,7 +350,7 @@ func writeExecveMap(procs []procs) { v.Namespaces.CgroupInum = p.cgroup_ns v.Namespaces.UserInum = p.user_ns pathLength := copy(v.Binary.Path[:], p.exe) - v.Binary.PathLength = int64(pathLength) + v.Binary.PathLength = int32(pathLength) err := m.Put(k, v) if err != nil { diff --git a/pkg/sensors/tracing/kprobe_test.go b/pkg/sensors/tracing/kprobe_test.go index 385484d3ca3..3b9542de014 100644 --- a/pkg/sensors/tracing/kprobe_test.go +++ b/pkg/sensors/tracing/kprobe_test.go @@ -3867,7 +3867,7 @@ func matchBinariesTest(t *testing.T, operator string, values []string, kpChecker assert.NoError(t, err) } -const skipMatchBinariesPrefix = "kernels without large progs do not support matchBinaries Prefix/NotPrefix" +const skipMatchBinaries = "kernels without large progs do not support matchBinaries Prefix/NotPrefix/Postfix/NotPostfix" func TestKprobeMatchBinaries(t *testing.T) { t.Run("In", func(t *testing.T) { @@ -3878,40 +3878,31 @@ func TestKprobeMatchBinaries(t *testing.T) { }) t.Run("Prefix", func(t *testing.T) { if !kernels.EnableLargeProgs() { - t.Skip(skipMatchBinariesPrefix) + t.Skip(skipMatchBinaries) } matchBinariesTest(t, "Prefix", []string{"/usr/bin/t"}, createBinariesChecker("/usr/bin/tail", "/etc/passwd")) }) t.Run("NotPrefix", func(t *testing.T) { if !kernels.EnableLargeProgs() { - t.Skip(skipMatchBinariesPrefix) + t.Skip(skipMatchBinaries) } matchBinariesTest(t, "NotPrefix", []string{"/usr/bin/t"}, createBinariesChecker("/usr/bin/head", "/etc/passwd")) }) + t.Run("Postfix", func(t *testing.T) { + if !kernels.EnableLargeProgs() { + t.Skip(skipMatchBinaries) + } + matchBinariesTest(t, "Postfix", []string{"bin/tail"}, createBinariesChecker("/usr/bin/tail", "/etc/passwd")) + }) + t.Run("NotPostfix", func(t *testing.T) { + if !kernels.EnableLargeProgs() { + t.Skip(skipMatchBinaries) + } + matchBinariesTest(t, "NotPostfix", []string{"bin/tail"}, createBinariesChecker("/usr/bin/head", "/etc/passwd")) + }) } -func TestKprobeMatchBinariesPrefixLargePath(t *testing.T) { - if !kernels.EnableLargeProgs() { - t.Skip() - } - - // create a large temporary directory path - tmpDir := t.TempDir() - targetBinLargePath := tmpDir - // add (255 + 1) * 15 = 3840 chars to the path - // max is 4096 and we want to leave some space for the tmpdir + others - for range 15 { - targetBinLargePath += "/" + strings.Repeat("a", unix.NAME_MAX) - } - err := os.MkdirAll(targetBinLargePath, 0755) - require.NoError(t, err) - - // copy the binary into it - targetBinLargePath += "/true" - fileExec, err := exec.LookPath("true") - require.NoError(t, err) - err = exec.Command("cp", fileExec, targetBinLargePath).Run() - require.NoError(t, err) +func matchBinariesLargePathTest(t *testing.T, operator string, values []string, binary string) { var doneWG, readyWG sync.WaitGroup defer doneWG.Wait() @@ -3919,7 +3910,7 @@ func TestKprobeMatchBinariesPrefixLargePath(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), tus.Conf().CmdWaitTime) defer cancel() - createCrdFile(t, getMatchBinariesCrd("Prefix", []string{tmpDir})) + createCrdFile(t, getMatchBinariesCrd(operator, values)) obs, err := observertesthelper.GetDefaultObserverWithFile(t, ctx, testConfigFile, tus.Conf().TetragonLib, observertesthelper.WithMyPid()) if err != nil { @@ -3928,15 +3919,46 @@ func TestKprobeMatchBinariesPrefixLargePath(t *testing.T) { observertesthelper.LoopEvents(ctx, t, &doneWG, &readyWG, obs) readyWG.Wait() - if err := exec.Command(targetBinLargePath).Run(); err != nil { + if err := exec.Command(binary).Run(); err != nil { t.Fatalf("failed to run true: %s", err) } checker := ec.NewUnorderedEventChecker(ec.NewProcessKprobeChecker(""). - WithProcess(ec.NewProcessChecker().WithBinary(sm.Full(targetBinLargePath))). + WithProcess(ec.NewProcessChecker().WithBinary(sm.Full(binary))). WithFunctionName(sm.Full("fd_install"))) err = jsonchecker.JsonTestCheck(t, checker) assert.NoError(t, err) + +} +func TestKprobeMatchBinariesLargePath(t *testing.T) { + if !kernels.EnableLargeProgs() { + t.Skip() + } + + // create a large temporary directory path + tmpDir := t.TempDir() + targetBinLargePath := tmpDir + // add (255 + 1) * 15 = 3840 chars to the path + // max is 4096 and we want to leave some space for the tmpdir + others + for range 15 { + targetBinLargePath += "/" + strings.Repeat("a", unix.NAME_MAX) + } + err := os.MkdirAll(targetBinLargePath, 0755) + require.NoError(t, err) + + // copy the binary into it + targetBinLargePath += "/true" + fileExec, err := exec.LookPath("true") + require.NoError(t, err) + err = exec.Command("cp", fileExec, targetBinLargePath).Run() + require.NoError(t, err) + + t.Run("Prefix", func(t *testing.T) { + matchBinariesLargePathTest(t, "Prefix", []string{tmpDir}, targetBinLargePath) + }) + t.Run("Postfix", func(t *testing.T) { + matchBinariesLargePathTest(t, "Postfix", []string{"/true"}, targetBinLargePath) + }) } // matchBinariesPerfringTest checks that the matchBinaries do correctly @@ -4024,10 +4046,16 @@ func TestKprobeMatchBinariesPerfring(t *testing.T) { }) t.Run("Prefix", func(t *testing.T) { if !kernels.EnableLargeProgs() { - t.Skip(skipMatchBinariesPrefix) + t.Skip(skipMatchBinaries) } matchBinariesPerfringTest(t, "Prefix", []string{"/usr/bin/t"}) }) + t.Run("Postfix", func(t *testing.T) { + if !kernels.EnableLargeProgs() { + t.Skip(skipMatchBinaries) + } + matchBinariesPerfringTest(t, "Postfix", []string{"tail"}) + }) } // TestKprobeMatchBinariesEarlyExec checks that the matchBinaries can filter @@ -4106,7 +4134,7 @@ func TestKprobeMatchBinariesEarlyExec(t *testing.T) { // of its machinery. func TestKprobeMatchBinariesPrefixMatchArgs(t *testing.T) { if !kernels.EnableLargeProgs() { - t.Skip(skipMatchBinariesPrefix) + t.Skip(skipMatchBinaries) } testutils.CaptureLog(t, logger.GetLogger().(*logrus.Logger)) diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index 8287774126b..0524ff9df29 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -456,6 +456,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1065,6 +1067,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1705,6 +1709,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -2282,6 +2288,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index 2578bb937a6..f7aed86615b 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -456,6 +456,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1065,6 +1067,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -1705,6 +1709,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. @@ -2282,6 +2288,8 @@ spec: - NotIn - Prefix - NotPrefix + - Postfix + - NotPostfix type: string values: description: Value to compare the argument against. diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go index 76cb339679c..2c2059684ac 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go @@ -90,7 +90,7 @@ type KProbeArg struct { } type BinarySelector struct { - // +kubebuilder:validation:Enum=In;NotIn;Prefix;NotPrefix + // +kubebuilder:validation:Enum=In;NotIn;Prefix;NotPrefix;Postfix;NotPostfix // Filter operation. Operator string `json:"operator"` // Value to compare the argument against. diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go index 72d1c52eb9d..8d62932e8be 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go @@ -7,4 +7,4 @@ package v1alpha1 // Used to determine if CRD needs to be updated in cluster // // Developers: Bump patch for each change in the CRD schema. -const CustomResourceDefinitionSchemaVersion = "1.2.3" +const CustomResourceDefinitionSchemaVersion = "1.2.4"