|
libintrovirt v0.57.4
IntroVirt introspection library
|
Base class for system call filtering. More...
#include <SystemCallFilter.hh>
Public Member Functions | |
| void | mask (uint64_t mask) |
| Mask incoming system calls with the given mask before checking for a match. | |
| uint64_t | mask () const |
| Get the mask that is in use by the filter. | |
| void | enabled (bool enabled) |
| Set if the filter is enabled. | |
| bool | enabled () const |
| Check if the filter is enabled. | |
| bool | matches (const Event &event) const |
| Check if the filter matches the given system call event. | |
| bool | matches (const Vcpu &vcpu) const |
| Check if the filter matches the given system call event. | |
| void | set_32 (uint32_t index, bool enabled) |
| Set a filter entry for 32-bit system calls. | |
| void | set_64 (uint32_t index, bool enabled) |
| Set a filter entry for 64-bit system calls. | |
| void | clear () |
| Clear the filter. | |
| SystemCallFilter () | |
| Construct a new System Call Filter object. | |
| virtual | ~SystemCallFilter () |
| Destroy the instance. | |
Base class for system call filtering.
This class may be used on its own, but checks will be performed in libintrovirt rather than the hypervisor, which will perform worse.
Ideally, the hypervisor library exends this class, and has the hypervisor map in the bitmap page. Then, system call filtering can be performed at the hypervisor level, rather than in libintrovirt.
| introvirt::SystemCallFilter::SystemCallFilter | ( | ) |
Construct a new System Call Filter object.
|
virtual |
Destroy the instance.
| void introvirt::SystemCallFilter::clear | ( | ) |
Clear the filter.
| bool introvirt::SystemCallFilter::enabled | ( | ) | const |
Check if the filter is enabled.
If the filter is not enabled, matches() will always return true.
| void introvirt::SystemCallFilter::enabled | ( | bool | enabled | ) |
Set if the filter is enabled.
| enabled | If set to true, enable the bitmap |
| uint64_t introvirt::SystemCallFilter::mask | ( | ) | const |
Get the mask that is in use by the filter.
| void introvirt::SystemCallFilter::mask | ( | uint64_t | mask | ) |
Mask incoming system calls with the given mask before checking for a match.
This allows each check to be performed with a mask. For example, if the system call 0xABCD comes in, and the mask is set to 0xFF, the filter will attempt to match 0xCD.
| mask | The mask to set |
| bool introvirt::SystemCallFilter::matches | ( | const Event & | event | ) | const |
Check if the filter matches the given system call event.
matches() will always return true if the filter is not enabled.
| event | The incoming event |
| bool introvirt::SystemCallFilter::matches | ( | const Vcpu & | vcpu | ) | const |
Check if the filter matches the given system call event.
matches() will always return true if the filter is not enabled.
This version is more naive, and assumes the call number is held in rax.
| vcpu | The vcpu to check (syscall number read from vcpu registers) |
| void introvirt::SystemCallFilter::set_32 | ( | uint32_t | index, |
| bool | enabled | ||
| ) |
Set a filter entry for 32-bit system calls.
| index | The system call number to set |
| enabled | Set to true to enable intercepts for the given index |
| void introvirt::SystemCallFilter::set_64 | ( | uint32_t | index, |
| bool | enabled | ||
| ) |
Set a filter entry for 64-bit system calls.
| index | The system call number to set |
| enabled | Set to true to enable intercepts for the given index |