[CWS] add support for multiple field name fallbacks in constant requests

DataDog · Dec 20, 2024 · 9e2e477 · 9e2e477
1 parent 1c318b7
commit 9e2e477
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 31 deletions.
diff --git a/pkg/security/probe/constantfetch/btfhub.go b/pkg/security/probe/constantfetch/btfhub.go
@@ -84,7 +84,7 @@ func (f *BTFHubConstantFetcher) AppendSizeofRequest(id, _ string) {
 }
 
 // AppendOffsetofRequest appends an offset request
-func (f *BTFHubConstantFetcher) AppendOffsetofRequest(id, _, _ string) {
+func (f *BTFHubConstantFetcher) AppendOffsetofRequest(id, _ string, _ ...string) {
 	f.appendRequest(id)
 }
 

diff --git a/pkg/security/probe/constantfetch/core.go b/pkg/security/probe/constantfetch/core.go
@@ -11,6 +11,7 @@ package constantfetch
 import (
 	"errors"
 	"io"
+	"slices"
 	"strings"
 
 	"github.com/cilium/ebpf/btf"
@@ -56,9 +57,10 @@ func (f *BTFConstantFetcher) String() string {
 }
 
 type constantRequest struct {
-	id                  string
-	sizeof              bool
-	typeName, fieldName string
+	id         string
+	sizeof     bool
+	typeName   string
+	fieldNames []string
 }
 
 func (f *BTFConstantFetcher) runRequest(r constantRequest) {
@@ -98,12 +100,12 @@ func (f *BTFConstantFetcher) AppendSizeofRequest(id, typeName string) {
 }
 
 // AppendOffsetofRequest appends an offset request
-func (f *BTFConstantFetcher) AppendOffsetofRequest(id, typeName, fieldName string) {
+func (f *BTFConstantFetcher) AppendOffsetofRequest(id, typeName string, fieldNames ...string) {
 	f.runRequest(constantRequest{
-		id:        id,
-		sizeof:    false,
-		typeName:  getActualTypeName(typeName),
-		fieldName: fieldName,
+		id:         id,
+		sizeof:     false,
+		typeName:   getActualTypeName(typeName),
+		fieldNames: fieldNames,
 	})
 }
 
@@ -150,7 +152,7 @@ func runRequestOnBTFTypeStructOrUnion(r constantRequest, size uint32, members []
 			}
 		}
 
-		if m.Name == r.fieldName {
+		if slices.Contains(r.fieldNames, m.Name) {
 			return uint64(m.Offset.Bytes())
 		}
 	}

diff --git a/pkg/security/probe/constantfetch/fallback.go b/pkg/security/probe/constantfetch/fallback.go
@@ -167,7 +167,7 @@ func (f *FallbackConstantFetcher) AppendSizeofRequest(id, _ string) {
 }
 
 // AppendOffsetofRequest appends an offset request
-func (f *FallbackConstantFetcher) AppendOffsetofRequest(id, _, _ string) {
+func (f *FallbackConstantFetcher) AppendOffsetofRequest(id, _ string, _ ...string) {
 	f.appendRequest(id)
 }
 

diff --git a/pkg/security/probe/constantfetch/fetcher.go b/pkg/security/probe/constantfetch/fetcher.go
@@ -27,7 +27,7 @@ const ErrorSentinel uint64 = ^uint64(0)
 type ConstantFetcher interface {
 	fmt.Stringer
 	AppendSizeofRequest(id, typeName string)
-	AppendOffsetofRequest(id, typeName, fieldName string)
+	AppendOffsetofRequest(id, typeName string, fieldName ...string)
 	FinishAndGetResults() (map[string]uint64, error)
 }
 
@@ -56,28 +56,29 @@ func (f *ComposeConstantFetcher) appendRequest(req *composeRequest) {
 	f.requests = append(f.requests, req)
 	_, _ = io.WriteString(f.hasher, req.id)
 	_, _ = io.WriteString(f.hasher, req.typeName)
-	_, _ = io.WriteString(f.hasher, req.fieldName)
+	for _, fn := range req.fieldNames {
+		_, _ = io.WriteString(f.hasher, fn)
+	}
 }
 
 // AppendSizeofRequest appends a sizeof request
 func (f *ComposeConstantFetcher) AppendSizeofRequest(id, typeName string) {
 	f.appendRequest(&composeRequest{
-		id:        id,
-		sizeof:    true,
-		typeName:  typeName,
-		fieldName: "",
-		value:     ErrorSentinel,
+		id:       id,
+		sizeof:   true,
+		typeName: typeName,
+		value:    ErrorSentinel,
 	})
 }
 
 // AppendOffsetofRequest appends an offset request
-func (f *ComposeConstantFetcher) AppendOffsetofRequest(id, typeName, fieldName string) {
+func (f *ComposeConstantFetcher) AppendOffsetofRequest(id, typeName string, fieldNames ...string) {
 	f.appendRequest(&composeRequest{
-		id:        id,
-		sizeof:    false,
-		typeName:  typeName,
-		fieldName: fieldName,
-		value:     ErrorSentinel,
+		id:         id,
+		sizeof:     false,
+		typeName:   typeName,
+		fieldNames: fieldNames,
+		value:      ErrorSentinel,
 	})
 }
 
@@ -97,7 +98,7 @@ func (f *ComposeConstantFetcher) fillConstantCacheIfNeeded() {
 				if req.sizeof {
 					fetcher.AppendSizeofRequest(req.id, req.typeName)
 				} else {
-					fetcher.AppendOffsetofRequest(req.id, req.typeName, req.fieldName)
+					fetcher.AppendOffsetofRequest(req.id, req.typeName, req.fieldNames...)
 				}
 			}
 		}
@@ -160,11 +161,12 @@ type ConstantFetcherStatus struct {
 }
 
 type composeRequest struct {
-	id                  string
-	sizeof              bool
-	typeName, fieldName string
-	value               uint64
-	fetcherName         string
+	id          string
+	sizeof      bool
+	typeName    string
+	fieldNames  []string
+	value       uint64
+	fetcherName string
 }
 
 // CreateConstantEditors creates constant editors based on the constants fetched

diff --git a/pkg/security/probe/constantfetch/offset_guesser.go b/pkg/security/probe/constantfetch/offset_guesser.go
@@ -164,7 +164,7 @@ func (og *OffsetGuesser) AppendSizeofRequest(_, _ string) {
 }
 
 // AppendOffsetofRequest appends an offset request
-func (og *OffsetGuesser) AppendOffsetofRequest(id, _, _ string) {
+func (og *OffsetGuesser) AppendOffsetofRequest(id, _ string, _ ...string) {
 	og.res[id] = ErrorSentinel
 }