filters: move enabling logic to methods

NDStrahilevitz · NDStrahilevitz · commit 1529dbe5dbc7 · 2022-10-11T18:26:25.000+03:00
diff --git a/cmd/tracee-ebpf/flags/filter.go b/cmd/tracee-ebpf/flags/filter.go
@@ -158,14 +158,14 @@ func PrepareFilter(filtersArr []string) (tracee.Filter, error) {
 
 		if strings.HasPrefix("container", filterName) {
 			if operatorAndValues == "=new" {
-				filter.NewContFilter.Enabled = true
+				filter.NewContFilter.Enable()
 				filter.NewContFilter.Value = true
 				continue
 			}
 			if operatorAndValues == "!=new" {
-				filter.ContFilter.Enabled = true
+				filter.ContFilter.Enable()
 				filter.ContFilter.Value = true
-				filter.NewContFilter.Enabled = true
+				filter.NewContFilter.Enable()
 				filter.NewContFilter.Value = false
 				continue
 			}
@@ -218,12 +218,12 @@ func PrepareFilter(filtersArr []string) (tracee.Filter, error) {
 
 		if strings.HasPrefix("pid", filterName) {
 			if operatorAndValues == "=new" {
-				filter.NewPidFilter.Enabled = true
+				filter.NewPidFilter.Enable()
 				filter.NewPidFilter.Value = true
 				continue
 			}
 			if operatorAndValues == "!=new" {
-				filter.NewPidFilter.Enabled = true
+				filter.NewPidFilter.Enable()
 				filter.NewPidFilter.Value = false
 				continue
 			}
@@ -275,7 +275,7 @@ func PrepareFilter(filtersArr []string) (tracee.Filter, error) {
 }
 
 func prepareEventsToTrace(eventFilter *filters.StringFilter, setFilter *filters.StringFilter, eventsNameToID map[string]events.ID) ([]events.ID, error) {
-	eventFilter.Enabled = true
+	eventFilter.Enable()
 	eventsToTrace := eventFilter.Equal
 	excludeEvents := eventFilter.NotEqual
 	setsToTrace := setFilter.Equal
diff --git a/cmd/tracee-ebpf/main.go b/cmd/tracee-ebpf/main.go
@@ -135,9 +135,9 @@ func main() {
 			}
 			cfg.Filter = &filter
 
-			containerMode := (cfg.Filter.ContFilter.Enabled && cfg.Filter.ContFilter.Value) ||
-				(cfg.Filter.NewContFilter.Enabled && cfg.Filter.NewContFilter.Value) ||
-				cfg.Filter.ContIDFilter.Enabled
+			containerMode := (cfg.Filter.ContFilter.Enabled() && cfg.Filter.ContFilter.Value) ||
+				(cfg.Filter.NewContFilter.Enabled() && cfg.Filter.NewContFilter.Value) ||
+				cfg.Filter.ContIDFilter.Enabled()
 
 			outputSlice := c.StringSlice("output")
 			if checkCommandIsHelp(outputSlice) {
diff --git a/pkg/ebpf/events_pipeline.go b/pkg/ebpf/events_pipeline.go
@@ -249,7 +249,7 @@ func (t *Tracee) processEvents(ctx context.Context, in <-chan *trace.Event) (<-c
 				continue
 			}
 
-			if (t.config.Filter.ContFilter.Value || t.config.Filter.NewContFilter.Enabled) && event.ContainerID == "" {
+			if (t.config.Filter.ContFilter.Value || t.config.Filter.NewContFilter.Enabled()) && event.ContainerID == "" {
 				// Don't trace false container positives -
 				// a container filter is set by the user, but this event wasn't originated in a container.
 				// Although kernel filters shouldn't submit such events, we do this check to be on the safe side.
diff --git a/pkg/ebpf/tracee.go b/pkg/ebpf/tracee.go
@@ -654,67 +654,67 @@ func (t *Tracee) getOptionsConfig() uint32 {
 
 func (t *Tracee) getFiltersConfig() uint32 {
 	var cFilterVal uint32
-	if t.config.Filter.UIDFilter.Enabled {
+	if t.config.Filter.UIDFilter.Enabled() {
 		cFilterVal = cFilterVal | filterUIDEnabled
 		if t.config.Filter.UIDFilter.FilterOut() {
 			cFilterVal = cFilterVal | filterUIDOut
 		}
 	}
-	if t.config.Filter.PIDFilter.Enabled {
+	if t.config.Filter.PIDFilter.Enabled() {
 		cFilterVal = cFilterVal | filterPidEnabled
 		if t.config.Filter.PIDFilter.FilterOut() {
 			cFilterVal = cFilterVal | filterPidOut
 		}
 	}
-	if t.config.Filter.NewPidFilter.Enabled {
+	if t.config.Filter.NewPidFilter.Enabled() {
 		cFilterVal = cFilterVal | filterNewPidEnabled
 		if t.config.Filter.NewPidFilter.FilterOut() {
 			cFilterVal = cFilterVal | filterNewPidOut
 		}
 	}
-	if t.config.Filter.MntNSFilter.Enabled {
+	if t.config.Filter.MntNSFilter.Enabled() {
 		cFilterVal = cFilterVal | filterMntNsEnabled
 		if t.config.Filter.MntNSFilter.FilterOut() {
 			cFilterVal = cFilterVal | filterMntNsOut
 		}
 	}
-	if t.config.Filter.PidNSFilter.Enabled {
+	if t.config.Filter.PidNSFilter.Enabled() {
 		cFilterVal = cFilterVal | filterPidNsEnabled
 		if t.config.Filter.PidNSFilter.FilterOut() {
 			cFilterVal = cFilterVal | filterPidNsOut
 		}
 	}
-	if t.config.Filter.UTSFilter.Enabled {
+	if t.config.Filter.UTSFilter.Enabled() {
 		cFilterVal = cFilterVal | filterUTSNsEnabled
 		if t.config.Filter.UTSFilter.FilterOut() {
 			cFilterVal = cFilterVal | filterUTSNsOut
 		}
 	}
-	if t.config.Filter.CommFilter.Enabled {
+	if t.config.Filter.CommFilter.Enabled() {
 		cFilterVal = cFilterVal | filterCommEnabled
 		if t.config.Filter.CommFilter.FilterOut() {
 			cFilterVal = cFilterVal | filterCommOut
 		}
 	}
-	if t.config.Filter.ContFilter.Enabled {
+	if t.config.Filter.ContFilter.Enabled() {
 		cFilterVal = cFilterVal | filterContEnabled
 		if t.config.Filter.ContFilter.FilterOut() {
 			cFilterVal = cFilterVal | filterContOut
 		}
 	}
-	if t.config.Filter.NewContFilter.Enabled {
+	if t.config.Filter.NewContFilter.Enabled() {
 		cFilterVal = cFilterVal | filterNewContEnabled
 		if t.config.Filter.NewContFilter.FilterOut() {
 			cFilterVal = cFilterVal | filterNewContOut
 		}
 	}
-	if t.config.Filter.ContIDFilter.Enabled {
+	if t.config.Filter.ContIDFilter.Enabled() {
 		cFilterVal = cFilterVal | filterCgroupIdEnabled
 		if t.config.Filter.ContIDFilter.FilterOut() {
 			cFilterVal = cFilterVal | filterCgroupIdOut
 		}
 	}
-	if t.config.Filter.ProcessTreeFilter.Enabled {
+	if t.config.Filter.ProcessTreeFilter.Enabled() {
 		cFilterVal = cFilterVal | filterProcTreeEnabled
 		if t.config.Filter.ProcessTreeFilter.FilterOut() {
 			cFilterVal = cFilterVal | filterProcTreeOut
@@ -1083,7 +1083,7 @@ func (t *Tracee) initBPF() error {
 		return err
 	}
 
-	err = t.config.Filter.ProcessTreeFilter.Set(t.bpfModule)
+	err = t.config.Filter.ProcessTreeFilter.InitBPF(t.bpfModule)
 	if err != nil {
 		return fmt.Errorf("error building process tree: %v", err)
 	}
diff --git a/pkg/filters/args.go b/pkg/filters/args.go
@@ -10,13 +10,13 @@ import (
 
 type ArgFilter struct {
 	Filters map[events.ID]map[string]*StringFilter // key to the first map is event id, and to the second map the argument name
-	Enabled bool
+	enabled bool
 }
 
 func NewArgFilter() *ArgFilter {
 	return &ArgFilter{
 		Filters: map[events.ID]map[string]*StringFilter{},
-		Enabled: false,
+		enabled: false,
 	}
 }
 
@@ -41,7 +41,7 @@ func matchFilter(filters []string, argValStr string) bool {
 }
 
 func (filter *ArgFilter) Filter(eventID events.ID, args []trace.Argument) bool {
-	if filter.Enabled {
+	if filter.Enabled() {
 		for argName, filter := range filter.Filters[events.ID(eventID)] {
 			var argVal interface{}
 			ok := false
@@ -70,7 +70,6 @@ func (filter *ArgFilter) Filter(eventID events.ID, args []trace.Argument) bool {
 }
 
 func (filter *ArgFilter) Parse(filterName string, operatorAndValues string, eventsNameToID map[string]events.ID) error {
-	filter.Enabled = true
 	// Event argument filter has the following format: "event.argname=argval"
 	// filterName have the format event.argname, and operatorAndValues have the format "=argval"
 	splitFilter := strings.Split(filterName, ".")
@@ -130,5 +129,29 @@ func (filter *ArgFilter) Parse(filterName string, operatorAndValues string, even
 
 	filter.Filters[id][argName] = val
 
+	filter.Enable()
+
 	return nil
 }
+
+func (filter *ArgFilter) Enable() {
+	filter.enabled = true
+	for _, filterMap := range filter.Filters {
+		for _, f := range filterMap {
+			f.Enable()
+		}
+	}
+}
+
+func (filter *ArgFilter) Disable() {
+	filter.enabled = false
+	for _, filterMap := range filter.Filters {
+		for _, f := range filterMap {
+			f.Disable()
+		}
+	}
+}
+
+func (filter *ArgFilter) Enabled() bool {
+	return filter.enabled
+}
diff --git a/pkg/filters/bool.go b/pkg/filters/bool.go
@@ -2,15 +2,15 @@ package filters
 
 type BoolFilter struct {
 	Value   bool
-	Enabled bool
+	enabled bool
 }
 
 func NewBoolFilter() *BoolFilter {
 	return &BoolFilter{}
 }
 
 func (filter *BoolFilter) Parse(value string) error {
-	filter.Enabled = true
+	filter.Enable()
 	filter.Value = false
 	if value[0] != '!' {
 		filter.Value = true
@@ -19,6 +19,18 @@ func (filter *BoolFilter) Parse(value string) error {
 	return nil
 }
 
+func (f *BoolFilter) Enable() {
+	f.enabled = true
+}
+
+func (f *BoolFilter) Disable() {
+	f.enabled = false
+}
+
+func (f *BoolFilter) Enabled() bool {
+	return f.enabled
+}
+
 func (filter *BoolFilter) FilterOut() bool {
 	if filter.Value {
 		return false
diff --git a/pkg/filters/containers.go b/pkg/filters/containers.go
@@ -19,7 +19,7 @@ func NewContainerFilter(mapName string) *ContainerFilter {
 }
 
 func (filter *ContainerFilter) InitBPF(bpfModule *bpf.Module, conts *containers.Containers) error {
-	if !filter.Enabled {
+	if !filter.Enabled() {
 		return nil
 	}
 
diff --git a/pkg/filters/int.go b/pkg/filters/int.go
@@ -18,7 +18,7 @@ type IntFilter struct {
 	Greater  int64
 	Less     int64
 	Is32Bit  bool
-	Enabled  bool
+	enabled  bool
 }
 
 func NewIntFilter() *IntFilter {
@@ -36,12 +36,23 @@ func newIntFilter(is32Bit bool) *IntFilter {
 		Greater:  maxIntVal,
 		Less:     minIntVal,
 		Is32Bit:  is32Bit,
-		Enabled:  false,
+		enabled:  false,
 	}
 }
 
+func (f *IntFilter) Enable() {
+	f.enabled = true
+}
+
+func (f *IntFilter) Disable() {
+	f.enabled = false
+}
+
+func (f *IntFilter) Enabled() bool {
+	return f.enabled
+}
+
 func (filter *IntFilter) Parse(operatorAndValues string) error {
-	filter.Enabled = true
 	if len(operatorAndValues) < 2 {
 		return fmt.Errorf("invalid operator and/or values given to filter: %s", operatorAndValues)
 	}
@@ -84,5 +95,7 @@ func (filter *IntFilter) Parse(operatorAndValues string) error {
 		}
 	}
 
+	filter.Enable()
+
 	return nil
 }
diff --git a/pkg/filters/processtree.go b/pkg/filters/processtree.go
@@ -14,21 +14,31 @@ import (
 
 type ProcessTreeFilter struct {
 	PIDs    map[uint32]bool // PIDs is a map where k=pid and v represents whether it and its descendents should be traced or not
-	Enabled bool
+	enabled bool
 	mapName string
 }
 
 func NewProcessTreeFilter(mapName string) *ProcessTreeFilter {
 	return &ProcessTreeFilter{
 		PIDs:    map[uint32]bool{},
-		Enabled: false,
+		enabled: false,
 		mapName: mapName,
 	}
 }
 
-func (filter *ProcessTreeFilter) Parse(operatorAndValues string) error {
-	filter.Enabled = true
+func (f *ProcessTreeFilter) Enable() {
+	f.enabled = true
+}
+
+func (f *ProcessTreeFilter) Disable() {
+	f.enabled = false
+}
 
+func (f *ProcessTreeFilter) Enabled() bool {
+	return f.enabled
+}
+
+func (filter *ProcessTreeFilter) Parse(operatorAndValues string) error {
 	if len(operatorAndValues) < 2 {
 		return fmt.Errorf("invalid operator and/or values given to filter: %s", operatorAndValues)
 	}
@@ -60,11 +70,13 @@ func (filter *ProcessTreeFilter) Parse(operatorAndValues string) error {
 		filter.PIDs[uint32(pid)] = equalityOperator
 	}
 
+	filter.Enable()
+
 	return nil
 }
 
-func (filter *ProcessTreeFilter) Set(bpfModule *bpf.Module) error {
-	if !filter.Enabled {
+func (filter *ProcessTreeFilter) InitBPF(bpfModule *bpf.Module) error {
+	if !filter.Enabled() {
 		return nil
 	}
 
diff --git a/pkg/filters/retval.go b/pkg/filters/retval.go
diff --git a/pkg/filters/string.go b/pkg/filters/string.go
diff --git a/pkg/filters/uint.go b/pkg/filters/uint.go

Original file line number	Diff line number	Diff line change
`@@ -249,7 +249,7 @@ func (t Tracee) processEvents(ctx context.Context, in <-chan trace.Event) (<-c`
`249`	`249`	`continue`
`250`	`250`	`}`
`251`	`251`
`252`		`- if (t.config.Filter.ContFilter.Value \|\| t.config.Filter.NewContFilter.Enabled) && event.ContainerID == "" {`
	`252`	`+ if (t.config.Filter.ContFilter.Value \|\| t.config.Filter.NewContFilter.Enabled()) && event.ContainerID == "" {`
`253`	`253`	`// Don't trace false container positives -`
`254`	`254`	`// a container filter is set by the user, but this event wasn't originated in a container.`
`255`	`255`	`// Although kernel filters shouldn't submit such events, we do this check to be on the safe side.`
Original file line number	Diff line number	Diff line change
`@@ -654,67 +654,67 @@ func (t *Tracee) getOptionsConfig() uint32 {`
`654`	`654`
`655`	`655`	`func (t *Tracee) getFiltersConfig() uint32 {`
`656`	`656`	`var cFilterVal uint32`
`657`		`- if t.config.Filter.UIDFilter.Enabled {`
	`657`	`+ if t.config.Filter.UIDFilter.Enabled() {`
`658`	`658`	`cFilterVal = cFilterVal \| filterUIDEnabled`
`659`	`659`	`if t.config.Filter.UIDFilter.FilterOut() {`
`660`	`660`	`cFilterVal = cFilterVal \| filterUIDOut`
`661`	`661`	`}`
`662`	`662`	`}`
`663`		`- if t.config.Filter.PIDFilter.Enabled {`
	`663`	`+ if t.config.Filter.PIDFilter.Enabled() {`
`664`	`664`	`cFilterVal = cFilterVal \| filterPidEnabled`
`665`	`665`	`if t.config.Filter.PIDFilter.FilterOut() {`
`666`	`666`	`cFilterVal = cFilterVal \| filterPidOut`
`667`	`667`	`}`
`668`	`668`	`}`
`669`		`- if t.config.Filter.NewPidFilter.Enabled {`
	`669`	`+ if t.config.Filter.NewPidFilter.Enabled() {`
`670`	`670`	`cFilterVal = cFilterVal \| filterNewPidEnabled`
`671`	`671`	`if t.config.Filter.NewPidFilter.FilterOut() {`
`672`	`672`	`cFilterVal = cFilterVal \| filterNewPidOut`
`673`	`673`	`}`
`674`	`674`	`}`
`675`		`- if t.config.Filter.MntNSFilter.Enabled {`
	`675`	`+ if t.config.Filter.MntNSFilter.Enabled() {`
`676`	`676`	`cFilterVal = cFilterVal \| filterMntNsEnabled`
`677`	`677`	`if t.config.Filter.MntNSFilter.FilterOut() {`
`678`	`678`	`cFilterVal = cFilterVal \| filterMntNsOut`
`679`	`679`	`}`
`680`	`680`	`}`
`681`		`- if t.config.Filter.PidNSFilter.Enabled {`
	`681`	`+ if t.config.Filter.PidNSFilter.Enabled() {`
`682`	`682`	`cFilterVal = cFilterVal \| filterPidNsEnabled`
`683`	`683`	`if t.config.Filter.PidNSFilter.FilterOut() {`
`684`	`684`	`cFilterVal = cFilterVal \| filterPidNsOut`
`685`	`685`	`}`
`686`	`686`	`}`
`687`		`- if t.config.Filter.UTSFilter.Enabled {`
	`687`	`+ if t.config.Filter.UTSFilter.Enabled() {`
`688`	`688`	`cFilterVal = cFilterVal \| filterUTSNsEnabled`
`689`	`689`	`if t.config.Filter.UTSFilter.FilterOut() {`
`690`	`690`	`cFilterVal = cFilterVal \| filterUTSNsOut`
`691`	`691`	`}`
`692`	`692`	`}`
`693`		`- if t.config.Filter.CommFilter.Enabled {`
	`693`	`+ if t.config.Filter.CommFilter.Enabled() {`
`694`	`694`	`cFilterVal = cFilterVal \| filterCommEnabled`
`695`	`695`	`if t.config.Filter.CommFilter.FilterOut() {`
`696`	`696`	`cFilterVal = cFilterVal \| filterCommOut`
`697`	`697`	`}`
`698`	`698`	`}`
`699`		`- if t.config.Filter.ContFilter.Enabled {`
	`699`	`+ if t.config.Filter.ContFilter.Enabled() {`
`700`	`700`	`cFilterVal = cFilterVal \| filterContEnabled`
`701`	`701`	`if t.config.Filter.ContFilter.FilterOut() {`
`702`	`702`	`cFilterVal = cFilterVal \| filterContOut`
`703`	`703`	`}`
`704`	`704`	`}`
`705`		`- if t.config.Filter.NewContFilter.Enabled {`
	`705`	`+ if t.config.Filter.NewContFilter.Enabled() {`
`706`	`706`	`cFilterVal = cFilterVal \| filterNewContEnabled`
`707`	`707`	`if t.config.Filter.NewContFilter.FilterOut() {`
`708`	`708`	`cFilterVal = cFilterVal \| filterNewContOut`
`709`	`709`	`}`
`710`	`710`	`}`
`711`		`- if t.config.Filter.ContIDFilter.Enabled {`
	`711`	`+ if t.config.Filter.ContIDFilter.Enabled() {`
`712`	`712`	`cFilterVal = cFilterVal \| filterCgroupIdEnabled`
`713`	`713`	`if t.config.Filter.ContIDFilter.FilterOut() {`
`714`	`714`	`cFilterVal = cFilterVal \| filterCgroupIdOut`
`715`	`715`	`}`
`716`	`716`	`}`
`717`		`- if t.config.Filter.ProcessTreeFilter.Enabled {`
	`717`	`+ if t.config.Filter.ProcessTreeFilter.Enabled() {`
`718`	`718`	`cFilterVal = cFilterVal \| filterProcTreeEnabled`
`719`	`719`	`if t.config.Filter.ProcessTreeFilter.FilterOut() {`
`720`	`720`	`cFilterVal = cFilterVal \| filterProcTreeOut`
`@@ -1083,7 +1083,7 @@ func (t *Tracee) initBPF() error {`
`1083`	`1083`	`return err`
`1084`	`1084`	`}`
`1085`	`1085`
`1086`		`- err = t.config.Filter.ProcessTreeFilter.Set(t.bpfModule)`
	`1086`	`+ err = t.config.Filter.ProcessTreeFilter.InitBPF(t.bpfModule)`
`1087`	`1087`	`if err != nil {`
`1088`	`1088`	`return fmt.Errorf("error building process tree: %v", err)`
`1089`	`1089`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ func NewContainerFilter(mapName string) *ContainerFilter {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`func (filter ContainerFilter) InitBPF(bpfModule bpf.Module, conts *containers.Containers) error {`
`22`		`- if !filter.Enabled {`
	`22`	`+ if !filter.Enabled() {`
`23`	`23`	`return nil`
`24`	`24`	`}`
`25`	`25`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ type IntFilter struct {`
`18`	`18`	`Greater int64`
`19`	`19`	`Less int64`
`20`	`20`	`Is32Bit bool`
`21`		`- Enabled bool`
	`21`	`+ enabled bool`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`func NewIntFilter() *IntFilter {`
`@@ -36,12 +36,23 @@ func newIntFilter(is32Bit bool) *IntFilter {`
`36`	`36`	`Greater: maxIntVal,`
`37`	`37`	`Less: minIntVal,`
`38`	`38`	`Is32Bit: is32Bit,`
`39`		`- Enabled: false,`
	`39`	`+ enabled: false,`
`40`	`40`	`}`
`41`	`41`	`}`
`42`	`42`
	`43`	`+func (f *IntFilter) Enable() {`
	`44`	`+ f.enabled = true`
	`45`	`+}`
	`46`	`+`
	`47`	`+func (f *IntFilter) Disable() {`
	`48`	`+ f.enabled = false`
	`49`	`+}`
	`50`	`+`
	`51`	`+func (f *IntFilter) Enabled() bool {`
	`52`	`+ return f.enabled`
	`53`	`+}`
	`54`	`+`
`43`	`55`	`func (filter *IntFilter) Parse(operatorAndValues string) error {`
`44`		`- filter.Enabled = true`
`45`	`56`	`if len(operatorAndValues) < 2 {`
`46`	`57`	`return fmt.Errorf("invalid operator and/or values given to filter: %s", operatorAndValues)`
`47`	`58`	`}`
`@@ -84,5 +95,7 @@ func (filter *IntFilter) Parse(operatorAndValues string) error {`
`84`	`95`	`}`
`85`	`96`	`}`
`86`	`97`
	`98`	`+ filter.Enable()`
	`99`	`+`
`87`	`100`	`return nil`
`88`	`101`	`}`