From 3681cacda1634d4b4d4f7726e03f60b5c5d26baf Mon Sep 17 00:00:00 2001 From: Jason Dellaluce Date: Wed, 17 May 2023 15:16:10 +0000 Subject: [PATCH] new(userspace/falco): add new --nodriver option Signed-off-by: Jason Dellaluce --- userspace/falco/app/options.cpp | 18 +++++++++++++++++- userspace/falco/app/options.h | 1 + 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/userspace/falco/app/options.cpp b/userspace/falco/app/options.cpp index 58bf241c..28193974 100644 --- a/userspace/falco/app/options.cpp +++ b/userspace/falco/app/options.cpp @@ -36,7 +36,9 @@ options::options() list_plugins(false), list_syscall_events(false), markdown(false), - modern_bpf(false) + modern_bpf(false), + dry_run(false), + nodriver(false) { } @@ -147,6 +149,19 @@ bool options::parse(int argc, char **argv, std::string &errstr) list_fields = m_cmdline_parsed.count("list") > 0 ? true : false; + int open_modes = 0; + open_modes += !trace_filename.empty(); + open_modes += userspace; + open_modes += !gvisor_config.empty(); + open_modes += modern_bpf; + open_modes += getenv("FALCO_BPF_PROBE") != NULL; + open_modes += nodriver; + if (open_modes > 1) + { + errstr = std::string("You can not specify more than one of -e, -u (--userspace), -g (--gvisor-config), --modern-bpf, --nodriver, and the FALCO_BPF_PROBE env var"); + return false; + } + return true; } @@ -198,6 +213,7 @@ void options::define(cxxopts::Options& opts) ("M", "Stop collecting after reached.", cxxopts::value(duration_to_tot)->default_value("0"), "") ("markdown", "When used with --list/--list-syscall-events, print the content in Markdown format", cxxopts::value(markdown)) ("N", "When used with --list, only print field names.", cxxopts::value(names_only)->default_value("false")) + ("nodriver", "Capture for system events without drivers. If a loaded plugin has event sourcing capability and can produce system events, it will be used to for event collection.", cxxopts::value(nodriver)->default_value("false")) ("o,option", "Set the value of option to . Overrides values in configuration file. can be identified using its location in configuration file using dot notation. Elements which are entries of lists can be accessed via square brackets [].\n E.g. base.id = val\n base.subvalue.subvalue2 = val\n base.list[1]=val", cxxopts::value(cmdline_config_options), "=") ("plugin-info", "Print info for a single plugin and exit.\nThis includes all descriptivo info like name and author, along with the\nschema format for the init configuration and a list of suggested open parameters.\n can be the name of the plugin or its configured library_path.", cxxopts::value(print_plugin_info), "") ("p,print", "Add additional information to each falco notification's output.\nWith -pc or -pcontainer will use a container-friendly format.\nWith -pk or -pkubernetes will use a kubernetes-friendly format.\nAdditionally, specifying -pc/-pk will change the interpretation of %container.info in rule output fields.", cxxopts::value(print_additional), "") diff --git a/userspace/falco/app/options.h b/userspace/falco/app/options.h index 99effbdf..a63e3674 100644 --- a/userspace/falco/app/options.h +++ b/userspace/falco/app/options.h @@ -84,6 +84,7 @@ public: bool print_page_size; bool modern_bpf; bool dry_run; + bool nodriver; bool parse(int argc, char **argv, std::string &errstr);