cleanup: move some initializations and add helpers

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
2025-08-31 14:20:04 +00:00 · 2023-11-17 14:44:40 +01:00
parent 1ee6569a5d
commit 1f27f3b7f0
8 changed files with 23 additions and 20 deletions
--- a/userspace/falco/app/actions/create_requested_paths.cpp
+++ b/userspace/falco/app/actions/create_requested_paths.cpp
@@ -35,7 +35,7 @@ static int create_dir(const std::string &path);

 falco::app::run_result falco::app::actions::create_requested_paths(falco::app::state& s)
 {
-	if(s.is_gvisor_enabled())
+	if(s.is_gvisor())
 	{
 		// This is bad: parsing gvisor config to get endpoint
 		// to be able to auto-create the path to the file for the user.
--- a/userspace/falco/app/actions/helpers_inspector.cpp
+++ b/userspace/falco/app/actions/helpers_inspector.cpp
@@ -69,7 +69,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 			}
 			return run_result::fatal("Can't find plugin for event source: " + source);
 		}
-		else if (s.config->m_engine_mode == engine_kind_t::NONE) /* nodriver engine. */
+		else if (s.is_nodriver()) /* nodriver engine. */
 		{
 			// when opening a capture with no driver, Falco will first check
 			// if a plugin is capable of generating raw events from the libscap
@@ -88,18 +88,18 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 			falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with no driver\n");
 			inspector->open_nodriver();
 		}
-		else if(s.is_gvisor_enabled()) /* gvisor engine. */
+		else if(s.is_gvisor()) /* gvisor engine. */
 		{
 			falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with gVisor. Configuration path: " + s.config->m_gvisor.m_config);
 			inspector->open_gvisor(s.config->m_gvisor.m_config, s.config->m_gvisor.m_root);
 		}
-		else if(s.config->m_engine_mode == engine_kind_t::MODERN_EBPF) /* modern BPF engine. */
+		else if(s.is_modern_ebpf()) /* modern BPF engine. */
 		{
 			falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with modern BPF probe.");
 			falco_logger::log(falco_logger::level::INFO, "One ring buffer every '" + std::to_string(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer) +  "' CPUs.");
 			inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, true, s.selected_sc_set);
 		}
-		else if(s.config->m_engine_mode == engine_kind_t::EBPF) /* BPF engine. */
+		else if(s.is_ebpf()) /* BPF engine. */
 		{
 			const char *bpf_probe_path = s.config->m_ebpf.m_probe_path.c_str();
 			char full_path[PATH_MAX];
--- a/userspace/falco/app/actions/process_events.cpp
+++ b/userspace/falco/app/actions/process_events.cpp
@@ -348,7 +348,7 @@ static void process_inspector_events(
 		syscall_evt_drop_mgr sdropmgr;
 		bool is_capture_mode = source.empty();
 		bool check_drops_timeouts = is_capture_mode
-			|| (source == falco_common::syscall_source && !s.is_gvisor_enabled());
+			|| (source == falco_common::syscall_source && !s.is_gvisor());

 		duration = ((double)clock()) / CLOCKS_PER_SEC;

--- a/userspace/falco/app/options.cpp
+++ b/userspace/falco/app/options.cpp
@@ -32,15 +32,11 @@ namespace app {
 // initialize their linked variables.
 options::options()
 	: event_buffer_format(sinsp_evt::PF_NORMAL),
-	  gvisor_config(""),	
 	  list_fields(false),
 	  list_plugins(false),
 	  list_syscall_events(false),
 	  markdown(false),
-	  modern_bpf(false),
-	  dry_run(false),
-	  nodriver(false),
-	  trace_filename("")
+	  dry_run(false)
 {
 }

--- a/userspace/falco/app/options.h
+++ b/userspace/falco/app/options.h
@@ -47,10 +47,7 @@ public:
 	std::vector<std::string> disable_sources;
 	std::vector<std::string> disabled_rule_substrings;
 	std::vector<std::string> enable_sources;
-	std::string trace_filename;
-	std::string gvisor_config;
 	std::string gvisor_generate_config_with_socket;
-	std::string gvisor_root;
 	bool describe_all_rules;
 	std::string describe_rule;
 	bool print_ignored_events;
@@ -76,9 +73,15 @@ public:
 	bool verbose;
 	bool print_version_info;
 	bool print_page_size;
-	bool modern_bpf;
 	bool dry_run;
-	bool nodriver;
+
+	// todo!: remove them in Falco 0.38.0 since they are deprecated
+	std::string trace_filename = "";
+	std::string gvisor_config = "";
+	std::string gvisor_root = "";
+	bool modern_bpf = false;
+	bool nodriver = false;
+

 	bool parse(int argc, char **argv, std::string &errstr);

--- a/userspace/falco/app/state.h
+++ b/userspace/falco/app/state.h
@@ -150,11 +150,16 @@ struct state
        return config->m_engine_mode == engine_kind_t::REPLAY;
    }

-    inline bool is_gvisor_enabled() const
+    inline bool is_gvisor() const
    {
        return config->m_engine_mode == engine_kind_t::GVISOR;
    }
-    
+
+    inline bool is_ebpf() const
+    {
+        return config->m_engine_mode == engine_kind_t::EBPF;
+    }
+
    inline bool is_modern_ebpf() const
    {
        return config->m_engine_mode == engine_kind_t::MODERN_EBPF;
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@@ -41,7 +41,6 @@ namespace fs = std::filesystem;
 static re2::RE2 ip_address_re("((^\\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\\s*$)|(^\\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?\\s*$))");

 falco_configuration::falco_configuration():
-	m_engine_mode(engine_kind_t::KMOD),
 	m_json_output(false),
 	m_json_include_output_property(true),
 	m_json_include_tags_property(true),
--- a/userspace/falco/configuration.h
+++ b/userspace/falco/configuration.h
@@ -160,7 +160,7 @@ public:
 	bool m_metrics_include_empty_values;

 	// Falco engine
-	engine_kind_t m_engine_mode;
+	engine_kind_t m_engine_mode = engine_kind_t::KMOD;
 	kmod_config m_kmod;
 	ebpf_config m_ebpf;
 	modern_ebpf_config m_modern_ebpf;