usm: sowatcher: Extend paths support up to 220 characters (#31975)

DataDog · Dec 10, 2024 · 90e7b91 · 90e7b91
1 parent 6dea12d
commit 90e7b91
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 3 deletions.
diff --git a/pkg/network/ebpf/c/shared-libraries/types.h b/pkg/network/ebpf/c/shared-libraries/types.h
@@ -4,7 +4,7 @@
 #include "ktypes.h"
 
 #define LIB_SO_SUFFIX_SIZE 9
-#define LIB_PATH_MAX_SIZE 120
+#define LIB_PATH_MAX_SIZE 220
 
 typedef struct {
     __u32 pid;

diff --git a/pkg/network/usm/sharedlibraries/types_linux.go b/pkg/network/usm/sharedlibraries/types_linux.go
diff --git a/pkg/network/usm/sharedlibraries/watcher_test.go b/pkg/network/usm/sharedlibraries/watcher_test.go
@@ -104,6 +104,53 @@ func (s *SharedLibrarySuite) TestSharedLibraryDetection() {
 	}, time.Second*10, 100*time.Millisecond)
 }
 
+func (s *SharedLibrarySuite) TestLongPath() {
+	t := s.T()
+
+	const (
+		fileName             = "foo-libssl.so"
+		nullTerminatorLength = len("\x00")
+	)
+	padLength := LibPathMaxSize - len(fileName) - len(t.TempDir()) - len("_") - len(string(filepath.Separator)) - nullTerminatorLength
+	fooPath1, fooPathID1 := createTempTestFile(t, strings.Repeat("a", padLength)+"_"+fileName)
+	// fooPath2 is longer than the limit we have, thus it will be ignored.
+	fooPath2, fooPathID2 := createTempTestFile(t, strings.Repeat("a", padLength+1)+"_"+fileName)
+
+	registerRecorder := new(utils.CallbackRecorder)
+	unregisterRecorder := new(utils.CallbackRecorder)
+
+	watcher, err := NewWatcher(utils.NewUSMEmptyConfig(), LibsetCrypto,
+		Rule{
+			Re:           regexp.MustCompile(`foo-libssl.so`),
+			RegisterCB:   registerRecorder.Callback(),
+			UnregisterCB: unregisterRecorder.Callback(),
+		},
+	)
+	require.NoError(t, err)
+	watcher.Start()
+	t.Cleanup(watcher.Stop)
+
+	// create files
+	command1, err := fileopener.OpenFromAnotherProcess(t, fooPath1)
+	require.NoError(t, err)
+
+	command2, err := fileopener.OpenFromAnotherProcess(t, fooPath2)
+	require.NoError(t, err)
+
+	require.Eventuallyf(t, func() bool {
+		return registerRecorder.CallsForPathID(fooPathID1) == 1 &&
+			registerRecorder.CallsForPathID(fooPathID2) == 0
+	}, time.Second*10, 100*time.Millisecond, "")
+
+	require.NoError(t, command1.Process.Kill())
+	require.NoError(t, command2.Process.Kill())
+
+	require.Eventually(t, func() bool {
+		return unregisterRecorder.CallsForPathID(fooPathID1) == 1 &&
+			unregisterRecorder.CallsForPathID(fooPathID2) == 0
+	}, time.Second*10, 100*time.Millisecond)
+}
+
 func (s *SharedLibrarySuite) TestSharedLibraryDetectionWithPIDAndRootNamespace() {
 	t := s.T()
 	_, err := os.Stat("/usr/bin/busybox")