To reject a syscall in Tetragon, you can use the Cilium Network Policy API to define a policy that blocks the syscall. Here are the general steps:
Identify the syscall: First, you need to identify the specific syscall that you want to block. You can find a list of syscalls in the Linux kernel documentation or by using tools like
straceto trace system calls made by your applications.Define a policy: Once you have identified the syscall, you can create a Cilium Network Policy that blocks it. Here’s an example policy that blocks the
open()syscall:
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: deny-open
spec:
endpointSelector:
matchLabels:
role: backend
ingress:
- fromEndpoints:
- matchLabels:
role: frontend
rules:
- action: DENY
syscallMatch:
names:
- open
This policy applies to all endpoints with the role=backend label and denies incoming traffic from endpoints with the role=frontend label that includes any attempt to make an open() syscall.
- Apply the policy: Finally, apply this policy to your Kubernetes cluster using kubectl or other Kubernetes deployment tools.
Note that blocking syscalls may break certain functionality of your application or service, so it is important to test thoroughly before applying such policies in production environments.
![/data # iw --debug dev wlan0 connect -w "lucky-5g" auth open key 0:1234567890
Usage: iw [options] dev connect [-w] [] [] [auth open|shared] [key 0:abcde d:1:6162636465] [mfp:req/opt/no]
Join the network with ...](https://linuxcpp.0voice.com/zb_users/upload/2023/05/202305162239148267954.png)
![驱动代码
void kalRxTaskletSchedule(struct GLUE_INFO *pr)
{
static unsigned int num = 0;
tasklet_hi_schedule(&pr->rRxTask[(num++)%NR_CPUS]);
// tasklet_hi_schedule(&pr->rRxTask);
DBGLOG(HAL, ERROR,](https://linuxcpp.0voice.com/zb_users/upload/2023/05/202305162226144313964.png)
