RFC: Tap selectors #266
Description
Currently (RFC 76) a policy must specify exactly one Tap by name to create a source input stream from. This effectively binds the policy logic to a specific Tap entity. If the same policy logic should apply to a different Tap on the same agent, a new policy is required.
For use cases where multiple similar taps exist on a single agent (for example, several pcap taps with different BPF which shard the traffic capture streams, or on different physical interfaces on a switch/router), it would be convenient to specify tap selectors instead of a single, explicit Tap. In this way a single policy could apply to multiple Taps on the agent.
A "tap selector", if specified instead of an explicit tap name, would be a set of key/value pairs which should match against key/value pairs listed in the Tap definition (RFC 75). The policy would then apply to each Tap which matched.
visor:
taps:
vhost1:
input_type: pcap
config:
iface: eth0
bpf: "host 192.168.0.1"
tags:
virtual: true
vhost: 1
vhost2:
input_type: pcap
config:
iface: eth0
bpf: "host 192.168.0.2"
tags:
virtual: true
vhost: 2
policies:
sample_policy:
kind: collection
input:
tap_selector:
virtual:true
input_type: pcap
handlers:
...