From 249ccf2f4b9a218a3769a447dda5ffacdca9b3f5 Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Thu, 23 Nov 2023 19:14:24 +0100 Subject: [PATCH] new: add some deprecation warnings Signed-off-by: Andrea Terzolo --- userspace/falco/app/actions/load_config.cpp | 53 ++++++++++++++++++++- userspace/falco/app/options.cpp | 13 ----- 2 files changed, 52 insertions(+), 14 deletions(-) diff --git a/userspace/falco/app/actions/load_config.cpp b/userspace/falco/app/actions/load_config.cpp index 9860c06a..2b604967 100644 --- a/userspace/falco/app/actions/load_config.cpp +++ b/userspace/falco/app/actions/load_config.cpp @@ -29,18 +29,69 @@ using namespace falco::app::actions; // applies legacy/in-deprecation options to the current state static falco::app::run_result apply_deprecated_options(falco::app::state& s) { + // Check that at most one command line option is provided + int open_modes = 0; + open_modes += !s.options.capture_file.empty(); + open_modes += !s.options.gvisor_config.empty(); + open_modes += s.options.modern_bpf; + open_modes += getenv(FALCO_BPF_ENV_VARIABLE) != NULL; + open_modes += s.options.nodriver; + if(open_modes > 1) + { + return run_result::fatal("You can not specify more than one of -e, -g (--gvisor-config), --modern-bpf, --nodriver, and the FALCO_BPF_PROBE env var"); + } + // Please note: is not possible to mix command line options and configs to obtain a configuration // we need to use only one method. For example, is not possible to set the gvisor-config through // the command line and the gvisor-root through the config file. For this reason, if we detect // at least one change in the default config we don't allow to use the command line options. if(s.config->m_changes_in_engine_config) { - falco_logger::log(falco_logger::level::WARNING, + // If a command line option is specified, print a warning because it will be ignored + if(open_modes == 1) + { + falco_logger::log(falco_logger::level::WARNING, "Since the new 'engine' config key is being used, deprecated CLI options " "[-e,-g,--gvisor-config,--nodriver,--modern-bpf] and FALCO_BPF_PROBE environment variable will be ignored.\n"); + } + + // If these configs are specified, print a warning because they will be ignored + if(s.config->m_syscall_drop_failed_exit != DEFAULT_DROP_FAILED_EXIT) + { + falco_logger::log(falco_logger::level::WARNING, + "Since the new 'engine' config key is being used, deprecated config 'syscall_drop_failed_exit' will be ignored.\n"); + } + if(s.config->m_syscall_buf_size_preset != DEFAULT_BUF_SIZE_PRESET) + { + falco_logger::log(falco_logger::level::WARNING, + "Since the new 'engine' config key is being used, deprecated config 'syscall_buf_size_preset' will be ignored.\n"); + } + if(s.config->m_cpus_for_each_syscall_buffer != DEFAULT_CPUS_FOR_EACH_SYSCALL_BUFFER) + { + falco_logger::log(falco_logger::level::WARNING, + "Since the new 'engine' config key is being used, deprecated config 'modern_bpf.cpus_for_each_syscall_buffer' will be ignored.\n"); + } return run_result::ok(); } + // These warnings are similar to the ones above, but in this case, the configs are not ignored + // they are just deprecated + if(s.config->m_syscall_drop_failed_exit != DEFAULT_DROP_FAILED_EXIT) + { + falco_logger::log(falco_logger::level::WARNING, + "DEPRECATION NOTICE: 'syscall_drop_failed_exit' config is deprecated and will be removed in Falco 0.38! Use `engine..drop_failed_exit' config instead\n"); + } + if(s.config->m_syscall_buf_size_preset != DEFAULT_BUF_SIZE_PRESET) + { + falco_logger::log(falco_logger::level::WARNING, + "DEPRECATION NOTICE: 'syscall_buf_size_preset' config is deprecated and will be removed in Falco 0.38! Use `engine..buf_size_preset' config instead\n"); + } + if(s.config->m_cpus_for_each_syscall_buffer != DEFAULT_CPUS_FOR_EACH_SYSCALL_BUFFER) + { + falco_logger::log(falco_logger::level::WARNING, + "DEPRECATION NOTICE: 'modern_bpf.cpus_for_each_syscall_buffer' config is deprecated and will be removed in Falco 0.38! Use `engine.modern-ebpf.cpus_for_each_buffer' config instead\n"); + } + // Replace the kmod default values in case the engine was open with the kmod. // We don't have a command line option to open the kmod so we have to always enforce the // default values. diff --git a/userspace/falco/app/options.cpp b/userspace/falco/app/options.cpp index 3159fb45..f3d8a714 100644 --- a/userspace/falco/app/options.cpp +++ b/userspace/falco/app/options.cpp @@ -142,19 +142,6 @@ bool options::parse(int argc, char **argv, std::string &errstr) list_fields = m_cmdline_parsed.count("list") > 0; - // TODO: remove for Falco 0.38 since these CLI options are deprecated. - int open_modes = 0; - open_modes += !capture_file.empty(); - open_modes += !gvisor_config.empty(); - open_modes += modern_bpf; - open_modes += getenv("FALCO_BPF_PROBE") != NULL; - open_modes += nodriver; - if (open_modes > 1) - { - errstr = std::string("You can not specify more than one of -e, -g (--gvisor-config), --modern-bpf, --nodriver, and the FALCO_BPF_PROBE env var"); - return false; - } - return true; }