diff --git a/core/ebpf/SourceManager.cpp b/core/ebpf/SourceManager.cpp index 93aff008bf..3f833af299 100644 --- a/core/ebpf/SourceManager.cpp +++ b/core/ebpf/SourceManager.cpp @@ -188,7 +188,7 @@ bool SourceManager::StartPlugin(nami::PluginType plugin_type, std::unique_ptrtype = UpdataType::SECURE_UPDATE_TYPE_CONFIG_CHAGE; FillCommonConf(conf); #ifdef APSARA_UNIT_TEST_MAIN @@ -212,20 +213,21 @@ bool SourceManager::UpdatePlugin(nami::PluginType plugin_type, std::unique_ptr(i)); } @@ -241,13 +243,13 @@ bool SourceManager::StopAll() { } bool SourceManager::SuspendPlugin(nami::PluginType plugin_type) { - if (!CheckPluginRunning(plugin_type)) { - LOG_WARNING(sLogger, ("plugin not started, cannot suspend. type", int(plugin_type))); - return false; - } - auto config = std::make_unique(); - config->plugin_type_ = plugin_type; - config->type = UpdataType::SECURE_UPDATE_TYPE_SUSPEND_PROBE; + if (!CheckPluginRunning(plugin_type)) { + LOG_WARNING(sLogger, ("plugin not started, cannot suspend. type", int(plugin_type))); + return false; + } + auto config = std::make_unique(); + config->plugin_type_ = plugin_type; + config->type = UpdataType::SECURE_UPDATE_TYPE_SUSPEND_PROBE; #ifdef APSARA_UNIT_TEST_MAIN mConfig = std::move(config); return true; @@ -260,15 +262,15 @@ bool SourceManager::SuspendPlugin(nami::PluginType plugin_type) { } auto suspend_f = (suspend_func)f; - int res = suspend_f(config.release()); + int res = suspend_f(config.get()); return !res; } bool SourceManager::StopPlugin(nami::PluginType plugin_type) { if (!CheckPluginRunning(plugin_type)) { - LOG_WARNING(sLogger, ("plugin not started, do nothing. type", int(plugin_type))); - return true; + LOG_WARNING(sLogger, ("plugin not started, do nothing. type", int(plugin_type))); + return true; } auto config = std::make_unique(); @@ -288,7 +290,7 @@ bool SourceManager::StopPlugin(nami::PluginType plugin_type) { } auto remove_f = (remove_func)f; - int res = remove_f(config.release()); + int res = remove_f(config.get()); if (!res) mRunning[int(plugin_type)] = false; return !res; } diff --git a/core/ebpf/config.cpp b/core/ebpf/config.cpp index 026d37c70f..559b026bfd 100644 --- a/core/ebpf/config.cpp +++ b/core/ebpf/config.cpp @@ -368,10 +368,10 @@ bool SecurityOptions::Init(SecurityProbeType probeType, } nami::SecurityOption thisSecurityOption; GetSecurityProbeDefaultCallName(probeType, thisSecurityOption.call_names_); - mOptionList.emplace_back(thisSecurityOption); + mOptionList.emplace_back(std::move(thisSecurityOption)); return true; } - auto innerConfig = config["ProbeConfig"]; + const auto& innerConfig = config["ProbeConfig"]; nami::SecurityOption thisSecurityOption; // Genral Filter (Optional) std::variant thisFilter; @@ -402,8 +402,8 @@ bool SecurityOptions::Init(SecurityProbeType probeType, mContext->GetRegion()); } thisSecurityOption.filter_ = thisFilter; - GetSecurityProbeDefaultCallName(probeType, thisSecurityOption.call_names_); - mOptionList.emplace_back(thisSecurityOption); + GetSecurityProbeDefaultCallName(probeType, thisSecurityOption.call_names_); + mOptionList.emplace_back(std::move(thisSecurityOption)); mProbeType = probeType; return true; } diff --git a/core/ebpf/eBPFServer.cpp b/core/ebpf/eBPFServer.cpp index d79a9541e8..9c08757fe8 100644 --- a/core/ebpf/eBPFServer.cpp +++ b/core/ebpf/eBPFServer.cpp @@ -189,7 +189,7 @@ void eBPFServer::Stop() { for (int i = 0; i < int(nami::PluginType::MAX); i ++) { UpdatePipelineName(static_cast(i), "", ""); } - + // UpdateContext must after than StopPlugin if (mEventCB) mEventCB->UpdateContext(nullptr, -1, -1); if (mMeterCB) mMeterCB->UpdateContext(nullptr, -1, -1); @@ -199,11 +199,12 @@ void eBPFServer::Stop() { if (mFileSecureCB) mFileSecureCB->UpdateContext(nullptr, -1, -1); } -bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, uint32_t plugin_index, - nami::PluginType type, - const logtail::PipelineContext* ctx, - const std::variant options, PluginMetricManagerPtr mgr) { - +bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, + uint32_t plugin_index, + nami::PluginType type, + const logtail::PipelineContext* ctx, + const std::variant options, + PluginMetricManagerPtr mgr) { std::string prev_pipeline_name = CheckLoadedPipelineName(type); if (prev_pipeline_name.size() && prev_pipeline_name != pipeline_name) { LOG_WARNING(sLogger, ("pipeline already loaded, plugin type", int(type)) @@ -217,11 +218,10 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, uint32_t mMonitorMgr->Init(type, mgr, pipeline_name, ctx->GetProjectName()); // step1: convert options to export type - std::variant config; bool ret = false; auto eBPFConfig = std::make_unique(); eBPFConfig->plugin_type_ = type; - eBPFConfig->stats_handler_ = [this](auto stats){ return mMonitorMgr->HandleStatistic(stats); }; + eBPFConfig->stats_handler_ = [this](auto& stats){ return mMonitorMgr->HandleStatistic(stats); }; // call update function // step2: call init function switch(type) { @@ -230,10 +230,9 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, uint32_t pconfig.process_security_cb_ = [this](std::vector>& events) { return mProcessSecureCB->handle(events); }; SecurityOptions* opts = std::get(options); pconfig.options_ = opts->mOptionList; - config = std::move(pconfig); // UpdateContext must ahead of StartPlugin mProcessSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); - eBPFConfig->config_ = config; + eBPFConfig->config_ = std::move(pconfig); ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); break; } @@ -244,7 +243,7 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, uint32_t nami::ObserverNetworkOption* opts = std::get(options); if (opts->mEnableMetric) { nconfig.enable_metric_ = true; - nconfig.measure_cb_ = [this](std::vector>& events, auto ts) { return mMeterCB->handle(events, ts); }; + nconfig.measure_cb_ = [this](std::vector>& events, auto ts) { return mMeterCB->handle(events, ts); }; nconfig.enable_metric_ = true; mMeterCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); } @@ -261,8 +260,7 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, uint32_t mEventCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); } - config = std::move(nconfig); - eBPFConfig->config_ = config; + eBPFConfig->config_ = std::move(nconfig); ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); break; } @@ -272,8 +270,7 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, uint32_t nconfig.network_security_cb_ = [this](std::vector>& events) { return mNetworkSecureCB->handle(events); }; SecurityOptions* opts = std::get(options); nconfig.options_ = opts->mOptionList; - config = std::move(nconfig); - eBPFConfig->config_ = config; + eBPFConfig->config_ = std::move(nconfig); // UpdateContext must ahead of StartPlugin mNetworkSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); @@ -285,8 +282,7 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, uint32_t fconfig.file_security_cb_ = [this](std::vector>& events) { return mFileSecureCB->handle(events); }; SecurityOptions* opts = std::get(options); fconfig.options_ = opts->mOptionList; - config = std::move(fconfig); - eBPFConfig->config_ = config; + eBPFConfig->config_ = std::move(fconfig); // UpdateContext must ahead of StartPlugin mFileSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); diff --git a/core/ebpf/handler/SecurityHandler.cpp b/core/ebpf/handler/SecurityHandler.cpp index 8c0919078e..ee6ea0acd6 100644 --- a/core/ebpf/handler/SecurityHandler.cpp +++ b/core/ebpf/handler/SecurityHandler.cpp @@ -49,7 +49,7 @@ void SecurityHandler::handle(std::vector> event_group.SetTag(host_ip_key, mHostIp); event_group.SetTag(host_name_key, mHostName); for (const auto& x : events) { - auto event = event_group.AddLogEvent(); + auto* event = event_group.AddLogEvent(); for (const auto& tag : x->GetAllTags()) { event->SetContent(tag.first, tag.second); } diff --git a/core/ebpf/include/SysAkApi.h b/core/ebpf/include/SysAkApi.h index 8559bcd55e..80818e5abb 100644 --- a/core/ebpf/include/SysAkApi.h +++ b/core/ebpf/include/SysAkApi.h @@ -4,8 +4,10 @@ #pragma once -using init_func = int (*)(void *); -using remove_func = int (*)(void *); -using suspend_func = int(*)(void *); +#include "ebpf/include/export.h" + +using init_func = int (*)(nami::eBPFConfig*); +using remove_func = int (*)(nami::eBPFConfig*); using deinit_func = void (*)(void); -using update_func = int(*)(void*); +using suspend_func = int (*)(nami::eBPFConfig*); +using update_func = int (*)(nami::eBPFConfig*); \ No newline at end of file diff --git a/core/ebpf/include/export.h b/core/ebpf/include/export.h index 2bd4ad0d2a..cf8c5c6304 100644 --- a/core/ebpf/include/export.h +++ b/core/ebpf/include/export.h @@ -4,13 +4,14 @@ #pragma once -#include -#include -#include #include +#include #include +#include +#include #include #include +#include enum class SecureEventType { SECURE_EVENT_TYPE_SOCKET_SECURE, @@ -237,6 +238,24 @@ struct SecurityNetworkFilter { struct SecurityOption { std::vector call_names_; std::variant filter_; + + SecurityOption() = default; + + SecurityOption(const SecurityOption& other) = default; + + SecurityOption(SecurityOption&& other) noexcept + : call_names_(std::move(other.call_names_)), filter_(std::move(other.filter_)) {} + + SecurityOption& operator=(const SecurityOption& other) = default; + + SecurityOption& operator=(SecurityOption&& other) noexcept { + call_names_ = other.call_names_; + filter_ = other.filter_; + return *this; + } + + ~SecurityOption() {} + bool operator==(const SecurityOption& other) const { return call_names_ == other.call_names_ && filter_ == other.filter_; @@ -384,4 +403,4 @@ struct eBPFConfig { } }; -}; +}; // namespace nami