Merge branch 'dev'

Merge pull request #239 from draios/update-for-0.6.1
Update for 0.6.1.
2026-03-22 04:32:21 +00:00 · 2017-05-15 11:12:11 -07:00 · 2017-05-15 11:07:44 -07:00 · 2017-05-15 10:37:57 -07:00 · 2017-05-02 14:04:23 -07:00 · 2017-05-02 11:46:20 -07:00
5 changed files with 68 additions and 16 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,26 @@

 This file documents all notable changes to Falco. The release numbering uses [semantic versioning](http://semver.org).

+## v0.6.1
+
+Released 2016-05-15
+
+### Major Changes
+
+None
+
+### Minor Changes
+
+* Small changes to token bucket used to throttle falco events [[#234](https://github.com/draios/falco/pull/234)]] [[#235](https://github.com/draios/falco/pull/235)]] [[#236](https://github.com/draios/falco/pull/236)]] [[#238](https://github.com/draios/falco/pull/238)]]
+
+### Bug Fixes
+
+* Update the falco driver to work with kernel 4.11 [[#829](https://github.com/draios/sysdig/pull/829)]
+
+### Rule Changes
+
+* Don't allow apache2 to spawn shells in containers [[#231](https://github.com/draios/falco/issues/231)] [[#232](https://github.com/draios/falco/pull/232)]
+
 ## v0.6.0

 Released 2016-03-29
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@

 #### Latest release

-**v0.6.0**
+**v0.6.1**
 Read the [change log](https://github.com/draios/falco/blob/dev/CHANGELOG.md)

 Dev Branch: [![Build Status](https://travis-ci.org/draios/falco.svg?branch=dev)](https://travis-ci.org/draios/falco)<br />
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -433,7 +433,7 @@
    and shell_procs
    and proc.pname exists
    and not proc.pname in (shell_binaries, docker_binaries, k8s_binaries, lxd_binaries, aide_wrapper_binaries, nids_binaries,
-                           monitoring_binaries, gitlab_binaries, initdb, pg_ctl, awk, apache2, falco, cron, erl_child_setup)
+                           monitoring_binaries, gitlab_binaries, initdb, pg_ctl, awk, falco, cron, erl_child_setup)
    and not trusted_containers
  output: "Shell spawned in a container other than entrypoint (user=%user.name %container.info shell=%proc.name parent=%proc.pname cmdline=%proc.cmdline)"
  priority: WARNING
--- a/userspace/engine/token_bucket.cpp
+++ b/userspace/engine/token_bucket.cpp
@@ -31,20 +31,30 @@ token_bucket::~token_bucket()
 {
 }

-void token_bucket::init(uint32_t rate, uint32_t max_tokens)
+void token_bucket::init(double rate, double max_tokens, uint64_t now)
 {
 	m_rate = rate;
 	m_max_tokens = max_tokens;
 	m_tokens = max_tokens;
-	m_last_seen = sinsp_utils::get_current_time_ns();
+
+	if(now == 0)
+	{
+		now = sinsp_utils::get_current_time_ns();
+	}
+
+	m_last_seen = now;
 }

 bool token_bucket::claim()
 {
-	// Determine the number of tokens gained. Delta between
-	// last_seen and now, divided by the rate.
 	uint64_t now = sinsp_utils::get_current_time_ns();
-	uint64_t tokens_gained = (now - m_last_seen) / (m_rate * 1000000000);
+
+	return claim(1, now);
+}
+
+bool token_bucket::claim(double tokens, uint64_t now)
+{
+	double tokens_gained = m_rate * ((now - m_last_seen) / (1000000000.0));
 	m_last_seen = now;

 	m_tokens += tokens_gained;
@@ -58,14 +68,24 @@ bool token_bucket::claim()
 	}

 	//
-	// If tokens is < 1, can't claim.
+	// If m_tokens is < tokens, can't claim.
 	//
-	if(m_tokens < 1)
+	if(m_tokens < tokens)
 	{
 		return false;
 	}

-	m_tokens--;
+	m_tokens -= tokens;

 	return true;
 }
+
+double token_bucket::get_tokens()
+{
+	return m_tokens;
+}
+
+uint64_t token_bucket::get_last_seen()
+{
+	return m_last_seen;
+}
--- a/userspace/engine/token_bucket.h
+++ b/userspace/engine/token_bucket.h
@@ -31,30 +31,42 @@ public:
 	//
 	// Initialize the token bucket and start accumulating tokens
 	//
-	void init(uint32_t rate, uint32_t max_tokens);
+	void init(double rate, double max_tokens, uint64_t now = 0);

 	//
-	// Returns true if a token can be claimed. Also updates
-	// internal metrics.
+	// Try to claim tokens tokens from the token bucket, using a
+	// timestamp of now. Returns true if the tokens could be
+	// claimed. Also updates internal metrics.
 	//
+	bool claim(double tokens, uint64_t now);
+
+	// Simpler version of claim that claims a single token and
+	// uses the current time for now
 	bool claim();
+
+	// Return the current number of tokens available
+	double get_tokens();
+
+	// Return the last time someone tried to claim a token.
+	uint64_t get_last_seen();
+
 private:

 	//
 	// The number of tokens generated per second.
 	//
-	uint64_t m_rate;
+	double m_rate;

 	//
 	// The maximum number of tokens that can be banked for future
 	// claim()s.
 	//
-	uint64_t m_max_tokens;
+	double m_max_tokens;

 	//
 	// The current number of tokens
 	//
-	uint64_t m_tokens;
+	double m_tokens;

 	//
 	// The last time claim() was called (or the object was created).
Author	SHA1	Message	Date
Mark Stemm	b0ae29c23a	Merge branch 'dev'	2017-05-15 11:12:11 -07:00
Mark Stemm	a86e3fc748	Merge pull request #239 from draios/update-for-0.6.1 Update for 0.6.1.	2017-05-15 11:07:44 -07:00
Mark Stemm	e97056569f	Update for 0.6.1. Update README/CHANGELOG for 0.6.1.	2017-05-15 10:37:57 -07:00
Mark Stemm	0e163b892f	Merge pull request #238 from draios/claim-multiple-tokens Add ability to claim multiple tokens.	2017-05-02 14:04:23 -07:00
Mark Stemm	4d148ce28f	Add ability to claim multiple tokens. This way you can use it as a form of bandwidth throttling.	2017-05-02 11:46:20 -07:00
Mark Stemm	a3c83e7f6e	Merge pull request #236 from draios/expose-tokens Add ability to get number of tokens.	2017-04-27 13:19:47 -07:00
Mark Stemm	dafc4c2b88	Expose last seen time. Also expose last seen time for token bucket.	2017-04-27 12:03:02 -07:00
Mark Stemm	c066be3905	Allow the initial time to be externally provided. Allow the initial start time to be externally provided. Saves a call to getttimeofday and allows running from an external clock (i.e. trace files).	2017-04-27 12:02:21 -07:00
Mark Stemm	f5ce6752be	Add ability to get number of tokens. Add a method to fetch the current number of available tokens.	2017-04-27 11:22:19 -07:00
Mark Stemm	060db62644	Merge pull request #235 from draios/fix-token-bucket-rate Fix token bucket rate	2017-04-27 08:12:25 -07:00
Mark Stemm	1ad91c05f5	Fix token bucket rate We were dividing the tokens gained by the rate instead of multiplying.	2017-04-26 19:02:04 -07:00
Mark Stemm	76876bc3ae	Merge pull request #234 from draios/token-bucket-external-time Allow for an external clock in token bucket.	2017-04-25 17:40:50 -07:00
Mark Stemm	e183de3b89	Allow rate to be less than 1. Change all the token-related variables to doubles so the rate can be less than 1.	2017-04-25 13:02:34 -07:00
Mark Stemm	87a6c74290	Allow for an external clock in token bucket. Allow now to be externally provided to avoid unnecessary gettimeofday() calls.	2017-04-25 10:01:25 -07:00
Mark Stemm	718113f7bd	Merge pull request #232 from draios/remove-apache-shell-spawner Don't allow apache2 to spawn shells in containers	2017-04-07 13:05:30 -07:00
Mark Stemm	955e1d78b1	Don't allow apache2 to spawn shells in containers This ensures that interpreted php,perl,etc code run by apache won't be able to spawn shells, either. This fixes https://github.com/draios/falco/issues/231.	2017-04-06 15:24:21 -07:00