Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix in netmasks #1091

Merged
merged 2 commits into from
Apr 4, 2018
Merged

Fix in netmasks #1091

merged 2 commits into from
Apr 4, 2018

Conversation

mstemm
Copy link
Contributor

@mstemm mstemm commented Apr 2, 2018

Previously, if an expression had an xxx in (a, b, c, ...) check, the
values a, b, c would be put in a set and xxx would do a set membership
test to see if it's in the set.

For almost all filtercheck types, this is preferred, but for some types
like PT_IPV4NET, you can't actually do set membership tests, as the
notion of equals isn't a simple == operator.

So for PT_IPV4NET and any type that trivially returns false from
::flt_compare(), instead of doing the set membership test, compare the
filtercheck values individually and return true as soon as you find one
that is equal.

This fixes falcosecurity/falco#339.

mstemm added 2 commits April 2, 2018 13:20
@mstemm
Only do set equality/group searches for some types
da0f129 
Previously, if an expression had an xxx in (a, b, c, ...) check, the
values a, b, c would be put in a set and xxx would do a set membership
test to see if it's in the set.

For almost all filtercheck types, this is preferred, but for some types
like PT_IPV4NET, you can't actually do set membership tests, as the
notion of equals isn't a simple == operator.

So for PT_IPV4NET and any type that trivially returns false from
::flt_compare(), instead of doing the set membership test, compare the
filtercheck values individually and return true as soon as you find one
that is equal.

This fixes falcosecurity/falco#339.
@mstemm
Allow in matches for fd.net
5026a3b 
If a filter check has an in operator against a set of values, which gets
turned into a piecewise equality comparison, treat the operator CO_IN
just like CO_EQ.
@mstemm mstemm requested a review from mattpag April 2, 2018 21:47
mstemm added a commit to falcosecurity/falco that referenced this pull request Apr 2, 2018
@mstemm
Unit test for fd.net + in operator fixes
ffe8e45 
Tests fix for #339. Depends on
draios/sysdig#1091.
@mstemm mstemm mentioned this pull request Apr 2, 2018
Merged
mattpag
mattpag approved these changes Apr 3, 2018
View reviewed changes
Copy link
Contributor

@mattpag mattpag left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@mstemm mstemm merged commit 1bb9f0b into dev Apr 4, 2018
@mstemm mstemm deleted the fix-in-netmasks branch April 4, 2018 20:08
mstemm added a commit to falcosecurity/falco that referenced this pull request Apr 4, 2018
@mstemm
Unit test for fd.net + in operator fixes (#343)
88327ab 
Tests fix for #339. Depends on
draios/sysdig#1091.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattpag mattpag mattpag approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

IN operators may not work with fd.snet + netmasks
2 participants
@mstemm @mattpag