RFC: Tap selectors

[weyrick]

Currently (RFC 76) a policy must specify exactly one Tap by name to create a source input stream from. This effectively binds the policy logic to a specific Tap entity. If the same policy logic should apply to a different Tap on the same agent, a new policy is required.

For use cases where multiple similar taps exist on a single agent (for example, several pcap taps with different BPF which shard the traffic capture streams, or on different physical interfaces on a switch/router), it would be convenient to specify tap selectors instead of a single, explicit Tap. In this way a single policy could apply to multiple Taps on the agent.

A "tap selector", if specified instead of an explicit tap name, would be a set of key/value pairs which should match against key/value pairs listed in the Tap definition (RFC 75). The policy would then apply to each Tap which matched.

visor:
  taps:
    vhost1:
      input_type: pcap
      config:
        iface: eth0
        bpf: "host 192.168.0.1"
      tags:
        virtual: true
        vhost: 1
    vhost2:
      input_type: pcap
      config:
        iface: eth0
        bpf: "host 192.168.0.2"
      tags:
        virtual: true
        vhost: 2
  policies:
    sample_policy:
      kind: collection
      input:
        tap_selector:
          virtual:true
        input_type: pcap
      handlers:
...