From 66fe668258cd5373ad195dcc5958651fef099898 Mon Sep 17 00:00:00 2001
From: Paul Cacheux <paul.cacheux@datadoghq.com>
Date: Tue, 19 Apr 2022 09:23:11 +0200
Subject: [PATCH] [CWS] COS constant fixes (#11587)

* [CWS] skip `TestNetworkCIDR` on SLES

* [CWS] fix COS offsets
---
 pkg/security/probe/constantfetch/fallback.go | 14 ++++++++++++++
 pkg/security/tests/network_test.go           |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/pkg/security/probe/constantfetch/fallback.go b/pkg/security/probe/constantfetch/fallback.go
index 48fb0c36a553cd..1064e0536b8abe 100644
--- a/pkg/security/probe/constantfetch/fallback.go
+++ b/pkg/security/probe/constantfetch/fallback.go
@@ -524,6 +524,12 @@ func getPipeInodeInfoBufsOffset(kv *kernel.Version) uint64 {
 		offset = 152
 	case kv.IsDebianKernel() && kv.IsInRangeCloseOpen(kernel.Kernel5_10, kernel.Kernel5_11):
 		offset = 152
+	case kv.IsCOSKernel() && kv.IsInRangeCloseOpen(kernel.Kernel4_19, kernel.Kernel4_20):
+		fallthrough
+	case kv.IsCOSKernel() && kv.IsInRangeCloseOpen(kernel.Kernel5_4, kernel.Kernel5_5):
+		offset = 160
+	case kv.IsCOSKernel() && kv.IsInRangeCloseOpen(kernel.Kernel5_10, kernel.Kernel5_11):
+		offset = 208
 
 	case kv.IsInRangeCloseOpen(kernel.Kernel4_13, kernel.Kernel5_6):
 		offset = 120
@@ -575,6 +581,12 @@ func getNetNSOffset(kv *kernel.Version) uint64 {
 	}
 
 	switch {
+	case kv.IsCOSKernel() && kv.IsInRangeCloseOpen(kernel.Kernel4_19, kernel.Kernel4_20):
+		return 176
+	case kv.IsCOSKernel() && kv.IsInRangeCloseOpen(kernel.Kernel5_4, kernel.Kernel5_5):
+		fallthrough
+	case kv.IsCOSKernel() && kv.IsInRangeCloseOpen(kernel.Kernel5_10, kernel.Kernel5_11):
+		return 192
 	case kv.IsInRangeCloseOpen(kernel.Kernel4_15, kernel.Kernel4_16) && ubuntuAbiVersionCheck(kv, hashMixAbiMinVersion):
 		fallthrough
 	// Commit 355b98553789b646ed97ad801a619ff898471b92 introduces a hashmix field for security
@@ -623,6 +635,8 @@ func getNFConnCTNetOffset(kv *kernel.Version) uint64 {
 	offset := uint64(144)
 
 	switch {
+	case kv.IsCOSKernel():
+		offset = 168
 	case kv.IsRH7Kernel():
 		offset = 240
 	}
diff --git a/pkg/security/tests/network_test.go b/pkg/security/tests/network_test.go
index e6e3c0ca4f8a70..81a8e6495a0417 100644
--- a/pkg/security/tests/network_test.go
+++ b/pkg/security/tests/network_test.go
@@ -26,7 +26,7 @@ import (
 func TestNetworkCIDR(t *testing.T) {
 	checkKernelCompatibility(t, "RHEL, SLES and Oracle kernels", func(kv *kernel.Version) bool {
 		// TODO: Oracle because we are missing offsets
-		return kv.IsRH7Kernel() || kv.IsOracleUEKKernel()
+		return kv.IsRH7Kernel() || kv.IsOracleUEKKernel() || kv.IsSLESKernel()
 	})
 
 	if testEnvironment != DockerEnvironment && !config.IsContainerized() {