Add actions to replace falco_init

Convert hunks of code from falco_init to actions. Hunks were generally
copied as-is, replacing references to local variables to state
instance variables when shared across actions.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>

userspace/falco/app_actions/init_falco_engine.cpp

@@ -0,0 +1,116 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include "init_falco_engine.h"
+
+namespace falco {
+namespace app {
+
+act_init_falco_engine::act_init_falco_engine(application &app)
+	: action(app), m_name("init falco engine"),
+	  m_prerequsites({"init inspector"})
+{
+}
+
+act_init_falco_engine::~act_init_falco_engine()
+{
+}
+
+const std::string &act_init_falco_engine::name()
+{
+	return m_name;
+}
+
+const std::list<std::string> &act_init_falco_engine::prerequsites()
+{
+	return m_prerequsites;
+}
+
+runnable_action::run_result act_init_falco_engine::run()
+{
+	run_result ret = {true, "", true};
+
+	configure_output_format();
+
+	// Create "factories" that can create filters/formatters for
+	// syscalls and k8s audit events.
+
+	// libs requires raw pointer, we should modify libs to use reference/shared_ptr
+	std::shared_ptr<gen_event_filter_factory> syscall_filter_factory(new sinsp_filter_factory(app().state().inspector.get()));
+	std::shared_ptr<gen_event_filter_factory> k8s_audit_filter_factory(new json_event_filter_factory());
+
+	// libs requires raw pointer, we should modify libs to use reference/shared_ptr
+	std::shared_ptr<gen_event_formatter_factory> syscall_formatter_factory(new sinsp_evt_formatter_factory(app().state().inspector.get()));
+	std::shared_ptr<gen_event_formatter_factory> k8s_audit_formatter_factory(new json_event_formatter_factory(k8s_audit_filter_factory));
+
+	app().state().engine->add_source(application::s_syscall_source, syscall_filter_factory, syscall_formatter_factory);
+	app().state().engine->add_source(application::s_k8s_audit_source, k8s_audit_filter_factory, k8s_audit_formatter_factory);
+
+	if(app().state().config->m_json_output)
+	{
+		syscall_formatter_factory->set_output_format(gen_event_formatter::OF_JSON);
+		k8s_audit_formatter_factory->set_output_format(gen_event_formatter::OF_JSON);
+	}
+
+	for(const auto &src : app().options().disable_sources)
+	{
+		app().state().enabled_sources.erase(src);
+	}
+
+	// XXX/mstemm technically this isn't right, you could disable syscall *and* k8s_audit and configure a plugin.
+	if(app().state().enabled_sources.empty())
+	{
+		throw std::invalid_argument("The event source \"syscall\" and \"k8s_audit\" can not be disabled together");
+	}
+
+	return ret;
+}
+
+void act_init_falco_engine::configure_output_format()
+{
+	std::string output_format;
+	bool replace_container_info = false;
+
+	if(app().options().print_container)
+	{
+		output_format = "container=%container.name (id=%container.id)";
+		replace_container_info = true;
+	}
+	else if(app().options().print_kubernetes)
+	{
+		output_format = "k8s.ns=%k8s.ns.name k8s.pod=%k8s.pod.name container=%container.id";
+		replace_container_info = true;
+	}
+	else if(app().options().print_mesos)
+	{
+		output_format = "task=%mesos.task.name container=%container.id";
+		replace_container_info = true;
+	}
+	else if(!app().options().print_additional.empty())
+	{
+		output_format = app().options().print_additional;
+		replace_container_info = false;
+	}
+
+	if(!output_format.empty())
+	{
+		app().state().engine->set_extra(output_format, replace_container_info);
+	}
+}
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/init_falco_engine.h

@@ -0,0 +1,47 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+
+#pragma once
+
+#include <string>
+
+#include "app_action.h"
+
+namespace falco {
+namespace app {
+
+class act_init_falco_engine : public action {
+public:
+	act_init_falco_engine(application &app);
+	virtual ~act_init_falco_engine();
+
+	const std::string &name() override;
+
+	const std::list<std::string> &prerequsites() override;
+
+	run_result run() override;
+
+private:
+	void configure_output_format();
+
+	std::string m_name;
+	std::list<std::string> m_prerequsites;
+};
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/init_inspector.cpp

@@ -0,0 +1,129 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include "init_inspector.h"
+
+namespace falco {
+namespace app {
+
+act_init_inspector::act_init_inspector(application &app)
+	: action(app), m_name("init inspector"),
+	  m_prerequsites({"load config"})
+{
+}
+
+act_init_inspector::~act_init_inspector()
+{
+}
+
+const std::string &act_init_inspector::name()
+{
+	return m_name;
+}
+
+const std::list<std::string> &act_init_inspector::prerequsites()
+{
+	return m_prerequsites;
+}
+
+runnable_action::run_result act_init_inspector::run()
+{
+	run_result ret = {true, "", true};
+
+	app().state().inspector->set_buffer_format(app().options().event_buffer_format);
+
+	// If required, set the CRI paths
+	for (auto &p : app().options().cri_socket_paths)
+	{
+		if (!p.empty())
+		{
+			app().state().inspector->add_cri_socket_path(p);
+		}
+	}
+
+	// Decide wether to do sync or async for CRI metadata fetch
+	app().state().inspector->set_cri_async(!app().options().disable_cri_async);
+
+	//
+	// If required, set the snaplen
+	//
+	if(app().options().snaplen != 0)
+	{
+		app().state().inspector->set_snaplen(app().options().snaplen);
+	}
+
+	if(!app().options().all_events)
+	{
+		// Drop EF_DROP_SIMPLE_CONS kernel side
+		app().state().inspector->set_simple_consumer();
+		// Eventually, drop any EF_DROP_SIMPLE_CONS event
+		// that reached userspace (there are some events that are not syscall-based
+		// like signaldeliver, that have the EF_DROP_SIMPLE_CONS flag)
+		app().state().inspector->set_drop_event_flags(EF_DROP_SIMPLE_CONS);
+	}
+
+	app().state().inspector->set_hostname_and_port_resolution_mode(false);
+
+#ifndef MINIMAL_BUILD
+	// Initializing k8s/mesos might have to move to open inspector
+	//
+	// Run k8s, if required
+	//
+	char *k8s_api_env = NULL;
+	if(!app().options().k8s_api.empty() ||
+	   (k8s_api_env = getenv("FALCO_K8S_API")))
+	{
+		// Create string pointers for some config vars
+		// and pass to inspector. The inspector then
+		// owns the pointers.
+		std::string *k8s_api_ptr = new string((!app().options().k8s_api.empty() ? app().options().k8s_api : k8s_api_env));
+		std::string *k8s_api_cert_ptr = new string(app().options().k8s_api_cert);
+		std::string *k8s_node_name_ptr = new string(app().options().k8s_node_name);
+
+		if(k8s_api_cert_ptr->empty())
+		{
+			if(char* k8s_cert_env = getenv("FALCO_K8S_API_CERT"))
+			{
+				*k8s_api_cert_ptr = k8s_cert_env;
+			}
+		}
+		app().state().inspector->init_k8s_client(k8s_api_ptr, k8s_api_cert_ptr, k8s_node_name_ptr, app().options().verbose);
+	}
+
+	//
+	// Run mesos, if required
+	//
+	if(!app().options().mesos_api.empty())
+	{
+		// Differs from init_k8s_client in that it
+		// passes a pointer but the inspector does
+		// *not* own it and does not use it after
+		// init_mesos_client() returns.
+		app().state().inspector->init_mesos_client(&(app().options().mesos_api), app().options().verbose);
+	}
+	else if(char* mesos_api_env = getenv("FALCO_MESOS_API"))
+	{
+		std::string mesos_api_copy = mesos_api_env;
+		app().state().inspector->init_mesos_client(&mesos_api_copy, app().options().verbose);
+	}
+
+#endif
+	return ret;
+}
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/init_inspector.h

@@ -0,0 +1,45 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+
+#pragma once
+
+#include <string>
+
+#include "app_action.h"
+
+namespace falco {
+namespace app {
+
+class act_init_inspector : public action {
+public:
+	act_init_inspector(application &app);
+	virtual ~act_init_inspector();
+
+	const std::string &name() override;
+
+	const std::list<std::string> &prerequsites() override;
+
+	run_result run() override;
+
+private:
+	std::string m_name;
+	std::list<std::string> m_prerequsites;
+};
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/init_outputs.cpp

@@ -0,0 +1,88 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "init_outputs.h"
+
+namespace falco {
+namespace app {
+
+act_init_outputs::act_init_outputs(application &app)
+	: action(app), m_name("init outputs"),
+	  m_prerequsites({"load config", "init falco engine"})
+{
+}
+
+act_init_outputs::~act_init_outputs()
+{
+}
+
+const std::string &act_init_outputs::name()
+{
+	return m_name;
+}
+
+const std::list<std::string> &act_init_outputs::prerequsites()
+{
+	return m_prerequsites;
+}
+
+runnable_action::run_result act_init_outputs::run()
+{
+	run_result ret = {true, "", true};
+
+	// read hostname
+	std::string hostname;
+	if(char* env_hostname = getenv("FALCO_GRPC_HOSTNAME"))
+	{
+		hostname = env_hostname;
+	}
+	else
+	{
+		char c_hostname[256];
+		int err = gethostname(c_hostname, 256);
+		if(err != 0)
+		{
+			ret.success = false;
+			ret.errstr = "Failed to get hostname";
+			ret.proceed = false;
+		}
+		hostname = c_hostname;
+	}
+
+	app().state().outputs->init(app().state().engine,
+				    app().state().config->m_json_output,
+				    app().state().config->m_json_include_output_property,
+				    app().state().config->m_json_include_tags_property,
+				    app().state().config->m_output_timeout,
+				    app().state().config->m_notifications_rate, app().state().config->m_notifications_max_burst,
+				    app().state().config->m_buffered_outputs,
+				    app().state().config->m_time_format_iso_8601,
+				    hostname);
+
+	for(auto output : app().state().config->m_outputs)
+	{
+		app().state().outputs->add_output(output);
+	}
+
+	return ret;
+}
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/init_outputs.h

@@ -0,0 +1,45 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+
+#pragma once
+
+#include <string>
+
+#include "app_action.h"
+
+namespace falco {
+namespace app {
+
+class act_init_outputs : public action {
+public:
+	act_init_outputs(application &app);
+	virtual ~act_init_outputs();
+
+	const std::string &name() override;
+
+	const std::list<std::string> &prerequsites() override;
+
+	run_result run() override;
+
+private:
+	std::string m_name;
+	std::list<std::string> m_prerequsites;
+};
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/list_plugins.cpp

@@ -0,0 +1,78 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include "list_plugins.h"
+
+namespace falco {
+namespace app {
+
+act_list_plugins::act_list_plugins(application &app)
+	: action(app), m_name("list plugins"),
+	  m_prerequsites({"load plugins"})
+{
+}
+
+act_list_plugins::~act_list_plugins()
+{
+}
+
+const std::string &act_list_plugins::name()
+{
+	return m_name;
+}
+
+const std::list<std::string> &act_list_plugins::prerequsites()
+{
+	return m_prerequsites;
+}
+
+runnable_action::run_result act_list_plugins::run()
+{
+	run_result ret = {true, "", true};
+
+	if(app().options().list_plugins)
+	{
+		std::ostringstream os;
+
+		for(auto &info : app().state().plugin_infos)
+		{
+			os << "Name: " << info.name << std::endl;
+			os << "Description: " << info.description << std::endl;
+			os << "Contact: " << info.contact << std::endl;
+			os << "Version: " << info.plugin_version.as_string() << std::endl;
+
+			if(info.type == TYPE_SOURCE_PLUGIN)
+			{
+				os << "Type: source plugin" << std::endl;
+				os << "ID: " << info.id << std::endl;
+			}
+			else
+			{
+				os << "Type: extractor plugin" << std::endl;
+			}
+			os << std::endl;
+		}
+
+		printf("%lu Plugins Loaded:\n\n%s\n", app().state().plugin_infos.size(), os.str().c_str());
+		ret.proceed = false;
+	}
+
+	return ret;
+}
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/list_plugins.h

@@ -0,0 +1,45 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+
+#pragma once
+
+#include <string>
+
+#include "app_action.h"
+
+namespace falco {
+namespace app {
+
+class act_list_plugins : public action {
+public:
+	act_list_plugins(application &app);
+	virtual ~act_list_plugins();
+
+	const std::string &name() override;
+
+	const std::list<std::string> &prerequsites() override;
+
+	run_result run() override;
+
+private:
+	std::string m_name;
+	std::list<std::string> m_prerequsites;
+};
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/load_plugins.cpp

@@ -0,0 +1,151 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include "load_plugins.h"
+
+namespace falco {
+namespace app {
+
+act_load_plugins::act_load_plugins(application &app)
+	: action(app), m_name("load plugins"),
+	  m_prerequsites({"init falco engine"})
+{
+}
+
+act_load_plugins::~act_load_plugins()
+{
+}
+
+const std::string &act_load_plugins::name()
+{
+	return m_name;
+}
+
+const std::list<std::string> &act_load_plugins::prerequsites()
+{
+	return m_prerequsites;
+}
+
+runnable_action::run_result act_load_plugins::run()
+{
+	run_result ret = {true, "", true};
+
+	// All filterchecks created by plugins go in this
+	// list. If we ever support multiple event sources at
+	// the same time, this (and the below factories) will
+	// have to be a map from event source to filtercheck
+	// list.
+	filter_check_list plugin_filter_checks;
+
+	// Factories that can create filters/formatters for
+	// the (single) source supported by the (single) input plugin.
+	// libs requires raw pointer, we should modify libs to use reference/shared_ptr
+	std::shared_ptr<gen_event_filter_factory> plugin_filter_factory(new sinsp_filter_factory(app().state().inspector.get(), plugin_filter_checks));
+	std::shared_ptr<gen_event_formatter_factory> plugin_formatter_factory(new sinsp_evt_formatter_factory(app().state().inspector.get(), plugin_filter_checks));
+
+	if(app().state().config->m_json_output)
+	{
+		plugin_formatter_factory->set_output_format(gen_event_formatter::OF_JSON);
+	}
+
+	std::shared_ptr<sinsp_plugin> input_plugin;
+	std::list<std::shared_ptr<sinsp_plugin>> extractor_plugins;
+	for(auto &p : app().state().config->m_plugins)
+	{
+		std::shared_ptr<sinsp_plugin> plugin;
+#ifdef MUSL_OPTIMIZED
+		ret.success = ret.proceed = false;
+		ret.errstr = "Can not load/use plugins with musl optimized build";
+		return ret;
+#else
+		falco_logger::log(LOG_INFO, "Loading plugin (" + p.m_name + ") from file " + p.m_library_path + "\n");
+
+		// libs requires raw pointer, we should modify libs to use reference/shared_ptr
+		plugin = sinsp_plugin::register_plugin(app().state().inspector.get(),
+						       p.m_library_path,
+						       (p.m_init_config.empty() ? NULL : (char *)p.m_init_config.c_str()),
+						       plugin_filter_checks);
+#endif
+
+		if(plugin->type() == TYPE_SOURCE_PLUGIN)
+		{
+			sinsp_source_plugin *splugin = static_cast<sinsp_source_plugin *>(plugin.get());
+
+			if(input_plugin)
+			{
+				ret.success = false;
+				ret.errstr = string("Can not load multiple source plugins. ") + input_plugin->name() + " already loaded";
+				ret.proceed = false;
+				return ret;
+			}
+
+			input_plugin = plugin;
+			app().state().event_source = splugin->event_source();
+
+			app().state().inspector->set_input_plugin(p.m_name);
+			if(!p.m_open_params.empty())
+			{
+				app().state().inspector->set_input_plugin_open_params(p.m_open_params.c_str());
+			}
+
+			app().state().engine->add_source(app().state().event_source, plugin_filter_factory, plugin_formatter_factory);
+
+		} else {
+			extractor_plugins.push_back(plugin);
+		}
+	}
+
+	// Ensure that extractor plugins are compatible with the event source.
+	// Also, ensure that extractor plugins don't have overlapping compatible event sources.
+	std::set<std::string> compat_sources_seen;
+	for(auto plugin : extractor_plugins)
+	{
+		// If the extractor plugin names compatible sources,
+		// ensure that the input plugin's source is in the list
+		// of compatible sources.
+		sinsp_extractor_plugin *eplugin = static_cast<sinsp_extractor_plugin *>(plugin.get());
+		const std::set<std::string> &compat_sources = eplugin->extract_event_sources();
+		if(input_plugin &&
+		   !compat_sources.empty())
+		{
+			if (compat_sources.find(app().state().event_source) == compat_sources.end())
+			{
+				ret.success = ret.proceed = false;
+				ret.errstr = string("Extractor plugin not compatible with event source ") + app().state().event_source;
+				return ret;
+			}
+
+			for(const auto &compat_source : compat_sources)
+			{
+				if(compat_sources_seen.find(compat_source) != compat_sources_seen.end())
+				{
+					ret.success = ret.proceed = false;
+					ret.errstr = string("Extractor plugins have overlapping compatible event source ") + compat_source;
+					return ret;
+				}
+				compat_sources_seen.insert(compat_source);
+			}
+		}
+	}
+
+	app().state().plugin_infos = sinsp_plugin::plugin_infos(app().state().inspector.get());
+
+	return ret;
+}
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/load_plugins.h

@@ -0,0 +1,45 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+
+#pragma once
+
+#include <string>
+
+#include "app_action.h"
+
+namespace falco {
+namespace app {
+
+class act_load_plugins : public action {
+public:
+	act_load_plugins(application &app);
+	virtual ~act_load_plugins();
+
+	const std::string &name() override;
+
+	const std::list<std::string> &prerequsites() override;
+
+	run_result run() override;
+
+private:
+	std::string m_name;
+	std::list<std::string> m_prerequsites;
+};
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/print_ignored_events.cpp

@@ -0,0 +1,98 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include "print_ignored_events.h"
+
+namespace falco {
+namespace app {
+
+act_print_ignored_events::act_print_ignored_events(application &app)
+	: action(app), m_name("print ignored events"),
+	  m_prerequsites({"init inspector"})
+{
+}
+
+act_print_ignored_events::~act_print_ignored_events()
+{
+}
+
+const std::string &act_print_ignored_events::name()
+{
+	return m_name;
+}
+
+const std::list<std::string> &act_print_ignored_events::prerequsites()
+{
+	return m_prerequsites;
+}
+
+runnable_action::run_result act_print_ignored_events::run()
+{
+	run_result ret = {true, "", true};
+
+	if(app().options().print_ignored_events)
+	{
+		print_all_ignored_events();
+		ret.proceed = false;
+	}
+
+	return ret;
+}
+
+void act_print_ignored_events::print_all_ignored_events()
+{
+	sinsp_evttables* einfo = app().state().inspector->get_event_info_tables();
+	const struct ppm_event_info* etable = einfo->m_event_info;
+	const struct ppm_syscall_desc* stable = einfo->m_syscall_info_table;
+
+	std::set<string> ignored_event_names;
+	for(uint32_t j = 0; j < PPM_EVENT_MAX; j++)
+	{
+		if(!sinsp::simple_consumer_consider_evtnum(j))
+		{
+			std::string name = etable[j].name;
+			// Ignore event names NA*
+			if(name.find("NA") != 0)
+			{
+				ignored_event_names.insert(name);
+			}
+		}
+	}
+
+	for(uint32_t j = 0; j < PPM_SC_MAX; j++)
+	{
+		if(!sinsp::simple_consumer_consider_syscallid(j))
+		{
+			std::string name = stable[j].name;
+			// Ignore event names NA*
+			if(name.find("NA") != 0)
+			{
+				ignored_event_names.insert(name);
+			}
+		}
+	}
+
+	printf("Ignored Event(s):");
+	for(auto it : ignored_event_names)
+	{
+		printf(" %s", it.c_str());
+	}
+	printf("\n");
+}
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/print_ignored_events.h

@@ -0,0 +1,46 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+
+#pragma once
+
+#include <string>
+
+#include "app_action.h"
+
+namespace falco {
+namespace app {
+
+class act_print_ignored_events : public action {
+public:
+	act_print_ignored_events(application &app);
+	virtual ~act_print_ignored_events();
+
+	const std::string &name() override;
+
+	const std::list<std::string> &prerequsites() override;
+
+	run_result run() override;
+
+private:
+	void print_all_ignored_events();
+	std::string m_name;
+	std::list<std::string> m_prerequsites;
+};
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/start_grpc_server.cpp

@@ -0,0 +1,82 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include "start_grpc_server.h"
+
+#ifndef MINIMAL_BUILD
+
+namespace falco {
+namespace app {
+
+act_start_grpc_server::act_start_grpc_server(application &app)
+	: action(app), m_name("start grpc server"),
+	  m_prerequsites({"load config"})
+{
+}
+
+act_start_grpc_server::~act_start_grpc_server()
+{
+}
+
+const std::string &act_start_grpc_server::name()
+{
+	return m_name;
+}
+
+const std::list<std::string> &act_start_grpc_server::prerequsites()
+{
+	return m_prerequsites;
+}
+
+runnable_action::run_result act_start_grpc_server::run()
+{
+	run_result ret = {true, "", true};
+
+	// gRPC server
+	if(app().state().config->m_grpc_enabled)
+	{
+		falco_logger::log(LOG_INFO, "gRPC server threadiness equals to " + to_string(app().state().config->m_grpc_threadiness) + "\n");
+		// TODO(fntlnz,leodido): when we want to spawn multiple threads we need to have a queue per thread, or implement
+		// different queuing mechanisms, round robin, fanout? What we want to achieve?
+		m_grpc_server.init(
+			app().state().config->m_grpc_bind_address,
+			app().state().config->m_grpc_threadiness,
+			app().state().config->m_grpc_private_key,
+			app().state().config->m_grpc_cert_chain,
+			app().state().config->m_grpc_root_certs,
+			app().state().config->m_log_level
+			);
+		m_grpc_server_thread = std::thread([this] {
+			m_grpc_server.run();
+		});
+	}
+	return ret;
+}
+
+void act_start_grpc_server::deinit()
+{
+	if(m_grpc_server_thread.joinable())
+	{
+		m_grpc_server.shutdown();
+		m_grpc_server_thread.join();
+	}
+}
+
+#endif
+
+}; // namespace application
+}; // namespace falco
+

userspace/falco/app_actions/start_grpc_server.h

@@ -0,0 +1,56 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+
+#pragma once
+
+#include <string>
+
+#include "app_action.h"
+
+#ifndef MINIMAL_BUILD
+
+#include "grpc_server.h"
+
+namespace falco {
+namespace app {
+
+class act_start_grpc_server : public action {
+public:
+	act_start_grpc_server(application &app);
+	virtual ~act_start_grpc_server();
+
+	const std::string &name() override;
+
+	const std::list<std::string> &prerequsites() override;
+
+	run_result run() override;
+
+	void deinit() override;
+
+private:
+	falco::grpc::server m_grpc_server;
+	std::thread m_grpc_server_thread;
+
+	std::string m_name;
+	std::list<std::string> m_prerequsites;
+};
+
+#endif
+
+}; // namespace application
+}; // namespace falco
+