diff --git a/userspace/falco/app_actions/init_falco_engine.cpp b/userspace/falco/app_actions/init_falco_engine.cpp new file mode 100644 index 00000000..824bf2e8 --- /dev/null +++ b/userspace/falco/app_actions/init_falco_engine.cpp @@ -0,0 +1,116 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include "init_falco_engine.h" + +namespace falco { +namespace app { + +act_init_falco_engine::act_init_falco_engine(application &app) + : action(app), m_name("init falco engine"), + m_prerequsites({"init inspector"}) +{ +} + +act_init_falco_engine::~act_init_falco_engine() +{ +} + +const std::string &act_init_falco_engine::name() +{ + return m_name; +} + +const std::list &act_init_falco_engine::prerequsites() +{ + return m_prerequsites; +} + +runnable_action::run_result act_init_falco_engine::run() +{ + run_result ret = {true, "", true}; + + configure_output_format(); + + // Create "factories" that can create filters/formatters for + // syscalls and k8s audit events. + + // libs requires raw pointer, we should modify libs to use reference/shared_ptr + std::shared_ptr syscall_filter_factory(new sinsp_filter_factory(app().state().inspector.get())); + std::shared_ptr k8s_audit_filter_factory(new json_event_filter_factory()); + + // libs requires raw pointer, we should modify libs to use reference/shared_ptr + std::shared_ptr syscall_formatter_factory(new sinsp_evt_formatter_factory(app().state().inspector.get())); + std::shared_ptr k8s_audit_formatter_factory(new json_event_formatter_factory(k8s_audit_filter_factory)); + + app().state().engine->add_source(application::s_syscall_source, syscall_filter_factory, syscall_formatter_factory); + app().state().engine->add_source(application::s_k8s_audit_source, k8s_audit_filter_factory, k8s_audit_formatter_factory); + + if(app().state().config->m_json_output) + { + syscall_formatter_factory->set_output_format(gen_event_formatter::OF_JSON); + k8s_audit_formatter_factory->set_output_format(gen_event_formatter::OF_JSON); + } + + for(const auto &src : app().options().disable_sources) + { + app().state().enabled_sources.erase(src); + } + + // XXX/mstemm technically this isn't right, you could disable syscall *and* k8s_audit and configure a plugin. + if(app().state().enabled_sources.empty()) + { + throw std::invalid_argument("The event source \"syscall\" and \"k8s_audit\" can not be disabled together"); + } + + return ret; +} + +void act_init_falco_engine::configure_output_format() +{ + std::string output_format; + bool replace_container_info = false; + + if(app().options().print_container) + { + output_format = "container=%container.name (id=%container.id)"; + replace_container_info = true; + } + else if(app().options().print_kubernetes) + { + output_format = "k8s.ns=%k8s.ns.name k8s.pod=%k8s.pod.name container=%container.id"; + replace_container_info = true; + } + else if(app().options().print_mesos) + { + output_format = "task=%mesos.task.name container=%container.id"; + replace_container_info = true; + } + else if(!app().options().print_additional.empty()) + { + output_format = app().options().print_additional; + replace_container_info = false; + } + + if(!output_format.empty()) + { + app().state().engine->set_extra(output_format, replace_container_info); + } +} + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/init_falco_engine.h b/userspace/falco/app_actions/init_falco_engine.h new file mode 100644 index 00000000..b9607763 --- /dev/null +++ b/userspace/falco/app_actions/init_falco_engine.h @@ -0,0 +1,47 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +#pragma once + +#include + +#include "app_action.h" + +namespace falco { +namespace app { + +class act_init_falco_engine : public action { +public: + act_init_falco_engine(application &app); + virtual ~act_init_falco_engine(); + + const std::string &name() override; + + const std::list &prerequsites() override; + + run_result run() override; + +private: + void configure_output_format(); + + std::string m_name; + std::list m_prerequsites; +}; + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/init_inspector.cpp b/userspace/falco/app_actions/init_inspector.cpp new file mode 100644 index 00000000..380b68dd --- /dev/null +++ b/userspace/falco/app_actions/init_inspector.cpp @@ -0,0 +1,129 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include "init_inspector.h" + +namespace falco { +namespace app { + +act_init_inspector::act_init_inspector(application &app) + : action(app), m_name("init inspector"), + m_prerequsites({"load config"}) +{ +} + +act_init_inspector::~act_init_inspector() +{ +} + +const std::string &act_init_inspector::name() +{ + return m_name; +} + +const std::list &act_init_inspector::prerequsites() +{ + return m_prerequsites; +} + +runnable_action::run_result act_init_inspector::run() +{ + run_result ret = {true, "", true}; + + app().state().inspector->set_buffer_format(app().options().event_buffer_format); + + // If required, set the CRI paths + for (auto &p : app().options().cri_socket_paths) + { + if (!p.empty()) + { + app().state().inspector->add_cri_socket_path(p); + } + } + + // Decide wether to do sync or async for CRI metadata fetch + app().state().inspector->set_cri_async(!app().options().disable_cri_async); + + // + // If required, set the snaplen + // + if(app().options().snaplen != 0) + { + app().state().inspector->set_snaplen(app().options().snaplen); + } + + if(!app().options().all_events) + { + // Drop EF_DROP_SIMPLE_CONS kernel side + app().state().inspector->set_simple_consumer(); + // Eventually, drop any EF_DROP_SIMPLE_CONS event + // that reached userspace (there are some events that are not syscall-based + // like signaldeliver, that have the EF_DROP_SIMPLE_CONS flag) + app().state().inspector->set_drop_event_flags(EF_DROP_SIMPLE_CONS); + } + + app().state().inspector->set_hostname_and_port_resolution_mode(false); + +#ifndef MINIMAL_BUILD + // Initializing k8s/mesos might have to move to open inspector + // + // Run k8s, if required + // + char *k8s_api_env = NULL; + if(!app().options().k8s_api.empty() || + (k8s_api_env = getenv("FALCO_K8S_API"))) + { + // Create string pointers for some config vars + // and pass to inspector. The inspector then + // owns the pointers. + std::string *k8s_api_ptr = new string((!app().options().k8s_api.empty() ? app().options().k8s_api : k8s_api_env)); + std::string *k8s_api_cert_ptr = new string(app().options().k8s_api_cert); + std::string *k8s_node_name_ptr = new string(app().options().k8s_node_name); + + if(k8s_api_cert_ptr->empty()) + { + if(char* k8s_cert_env = getenv("FALCO_K8S_API_CERT")) + { + *k8s_api_cert_ptr = k8s_cert_env; + } + } + app().state().inspector->init_k8s_client(k8s_api_ptr, k8s_api_cert_ptr, k8s_node_name_ptr, app().options().verbose); + } + + // + // Run mesos, if required + // + if(!app().options().mesos_api.empty()) + { + // Differs from init_k8s_client in that it + // passes a pointer but the inspector does + // *not* own it and does not use it after + // init_mesos_client() returns. + app().state().inspector->init_mesos_client(&(app().options().mesos_api), app().options().verbose); + } + else if(char* mesos_api_env = getenv("FALCO_MESOS_API")) + { + std::string mesos_api_copy = mesos_api_env; + app().state().inspector->init_mesos_client(&mesos_api_copy, app().options().verbose); + } + +#endif + return ret; +} + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/init_inspector.h b/userspace/falco/app_actions/init_inspector.h new file mode 100644 index 00000000..c4d1bed6 --- /dev/null +++ b/userspace/falco/app_actions/init_inspector.h @@ -0,0 +1,45 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +#pragma once + +#include + +#include "app_action.h" + +namespace falco { +namespace app { + +class act_init_inspector : public action { +public: + act_init_inspector(application &app); + virtual ~act_init_inspector(); + + const std::string &name() override; + + const std::list &prerequsites() override; + + run_result run() override; + +private: + std::string m_name; + std::list m_prerequsites; +}; + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/init_outputs.cpp b/userspace/falco/app_actions/init_outputs.cpp new file mode 100644 index 00000000..2719ead4 --- /dev/null +++ b/userspace/falco/app_actions/init_outputs.cpp @@ -0,0 +1,88 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include +#include + +#include "init_outputs.h" + +namespace falco { +namespace app { + +act_init_outputs::act_init_outputs(application &app) + : action(app), m_name("init outputs"), + m_prerequsites({"load config", "init falco engine"}) +{ +} + +act_init_outputs::~act_init_outputs() +{ +} + +const std::string &act_init_outputs::name() +{ + return m_name; +} + +const std::list &act_init_outputs::prerequsites() +{ + return m_prerequsites; +} + +runnable_action::run_result act_init_outputs::run() +{ + run_result ret = {true, "", true}; + + // read hostname + std::string hostname; + if(char* env_hostname = getenv("FALCO_GRPC_HOSTNAME")) + { + hostname = env_hostname; + } + else + { + char c_hostname[256]; + int err = gethostname(c_hostname, 256); + if(err != 0) + { + ret.success = false; + ret.errstr = "Failed to get hostname"; + ret.proceed = false; + } + hostname = c_hostname; + } + + app().state().outputs->init(app().state().engine, + app().state().config->m_json_output, + app().state().config->m_json_include_output_property, + app().state().config->m_json_include_tags_property, + app().state().config->m_output_timeout, + app().state().config->m_notifications_rate, app().state().config->m_notifications_max_burst, + app().state().config->m_buffered_outputs, + app().state().config->m_time_format_iso_8601, + hostname); + + for(auto output : app().state().config->m_outputs) + { + app().state().outputs->add_output(output); + } + + return ret; +} + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/init_outputs.h b/userspace/falco/app_actions/init_outputs.h new file mode 100644 index 00000000..1af140a9 --- /dev/null +++ b/userspace/falco/app_actions/init_outputs.h @@ -0,0 +1,45 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +#pragma once + +#include + +#include "app_action.h" + +namespace falco { +namespace app { + +class act_init_outputs : public action { +public: + act_init_outputs(application &app); + virtual ~act_init_outputs(); + + const std::string &name() override; + + const std::list &prerequsites() override; + + run_result run() override; + +private: + std::string m_name; + std::list m_prerequsites; +}; + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/list_plugins.cpp b/userspace/falco/app_actions/list_plugins.cpp new file mode 100644 index 00000000..2401a771 --- /dev/null +++ b/userspace/falco/app_actions/list_plugins.cpp @@ -0,0 +1,78 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include "list_plugins.h" + +namespace falco { +namespace app { + +act_list_plugins::act_list_plugins(application &app) + : action(app), m_name("list plugins"), + m_prerequsites({"load plugins"}) +{ +} + +act_list_plugins::~act_list_plugins() +{ +} + +const std::string &act_list_plugins::name() +{ + return m_name; +} + +const std::list &act_list_plugins::prerequsites() +{ + return m_prerequsites; +} + +runnable_action::run_result act_list_plugins::run() +{ + run_result ret = {true, "", true}; + + if(app().options().list_plugins) + { + std::ostringstream os; + + for(auto &info : app().state().plugin_infos) + { + os << "Name: " << info.name << std::endl; + os << "Description: " << info.description << std::endl; + os << "Contact: " << info.contact << std::endl; + os << "Version: " << info.plugin_version.as_string() << std::endl; + + if(info.type == TYPE_SOURCE_PLUGIN) + { + os << "Type: source plugin" << std::endl; + os << "ID: " << info.id << std::endl; + } + else + { + os << "Type: extractor plugin" << std::endl; + } + os << std::endl; + } + + printf("%lu Plugins Loaded:\n\n%s\n", app().state().plugin_infos.size(), os.str().c_str()); + ret.proceed = false; + } + + return ret; +} + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/list_plugins.h b/userspace/falco/app_actions/list_plugins.h new file mode 100644 index 00000000..0cf90290 --- /dev/null +++ b/userspace/falco/app_actions/list_plugins.h @@ -0,0 +1,45 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +#pragma once + +#include + +#include "app_action.h" + +namespace falco { +namespace app { + +class act_list_plugins : public action { +public: + act_list_plugins(application &app); + virtual ~act_list_plugins(); + + const std::string &name() override; + + const std::list &prerequsites() override; + + run_result run() override; + +private: + std::string m_name; + std::list m_prerequsites; +}; + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/load_plugins.cpp b/userspace/falco/app_actions/load_plugins.cpp new file mode 100644 index 00000000..5caf0dbe --- /dev/null +++ b/userspace/falco/app_actions/load_plugins.cpp @@ -0,0 +1,151 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include "load_plugins.h" + +namespace falco { +namespace app { + +act_load_plugins::act_load_plugins(application &app) + : action(app), m_name("load plugins"), + m_prerequsites({"init falco engine"}) +{ +} + +act_load_plugins::~act_load_plugins() +{ +} + +const std::string &act_load_plugins::name() +{ + return m_name; +} + +const std::list &act_load_plugins::prerequsites() +{ + return m_prerequsites; +} + +runnable_action::run_result act_load_plugins::run() +{ + run_result ret = {true, "", true}; + + // All filterchecks created by plugins go in this + // list. If we ever support multiple event sources at + // the same time, this (and the below factories) will + // have to be a map from event source to filtercheck + // list. + filter_check_list plugin_filter_checks; + + // Factories that can create filters/formatters for + // the (single) source supported by the (single) input plugin. + // libs requires raw pointer, we should modify libs to use reference/shared_ptr + std::shared_ptr plugin_filter_factory(new sinsp_filter_factory(app().state().inspector.get(), plugin_filter_checks)); + std::shared_ptr plugin_formatter_factory(new sinsp_evt_formatter_factory(app().state().inspector.get(), plugin_filter_checks)); + + if(app().state().config->m_json_output) + { + plugin_formatter_factory->set_output_format(gen_event_formatter::OF_JSON); + } + + std::shared_ptr input_plugin; + std::list> extractor_plugins; + for(auto &p : app().state().config->m_plugins) + { + std::shared_ptr plugin; +#ifdef MUSL_OPTIMIZED + ret.success = ret.proceed = false; + ret.errstr = "Can not load/use plugins with musl optimized build"; + return ret; +#else + falco_logger::log(LOG_INFO, "Loading plugin (" + p.m_name + ") from file " + p.m_library_path + "\n"); + + // libs requires raw pointer, we should modify libs to use reference/shared_ptr + plugin = sinsp_plugin::register_plugin(app().state().inspector.get(), + p.m_library_path, + (p.m_init_config.empty() ? NULL : (char *)p.m_init_config.c_str()), + plugin_filter_checks); +#endif + + if(plugin->type() == TYPE_SOURCE_PLUGIN) + { + sinsp_source_plugin *splugin = static_cast(plugin.get()); + + if(input_plugin) + { + ret.success = false; + ret.errstr = string("Can not load multiple source plugins. ") + input_plugin->name() + " already loaded"; + ret.proceed = false; + return ret; + } + + input_plugin = plugin; + app().state().event_source = splugin->event_source(); + + app().state().inspector->set_input_plugin(p.m_name); + if(!p.m_open_params.empty()) + { + app().state().inspector->set_input_plugin_open_params(p.m_open_params.c_str()); + } + + app().state().engine->add_source(app().state().event_source, plugin_filter_factory, plugin_formatter_factory); + + } else { + extractor_plugins.push_back(plugin); + } + } + + // Ensure that extractor plugins are compatible with the event source. + // Also, ensure that extractor plugins don't have overlapping compatible event sources. + std::set compat_sources_seen; + for(auto plugin : extractor_plugins) + { + // If the extractor plugin names compatible sources, + // ensure that the input plugin's source is in the list + // of compatible sources. + sinsp_extractor_plugin *eplugin = static_cast(plugin.get()); + const std::set &compat_sources = eplugin->extract_event_sources(); + if(input_plugin && + !compat_sources.empty()) + { + if (compat_sources.find(app().state().event_source) == compat_sources.end()) + { + ret.success = ret.proceed = false; + ret.errstr = string("Extractor plugin not compatible with event source ") + app().state().event_source; + return ret; + } + + for(const auto &compat_source : compat_sources) + { + if(compat_sources_seen.find(compat_source) != compat_sources_seen.end()) + { + ret.success = ret.proceed = false; + ret.errstr = string("Extractor plugins have overlapping compatible event source ") + compat_source; + return ret; + } + compat_sources_seen.insert(compat_source); + } + } + } + + app().state().plugin_infos = sinsp_plugin::plugin_infos(app().state().inspector.get()); + + return ret; +} + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/load_plugins.h b/userspace/falco/app_actions/load_plugins.h new file mode 100644 index 00000000..a9f654ba --- /dev/null +++ b/userspace/falco/app_actions/load_plugins.h @@ -0,0 +1,45 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +#pragma once + +#include + +#include "app_action.h" + +namespace falco { +namespace app { + +class act_load_plugins : public action { +public: + act_load_plugins(application &app); + virtual ~act_load_plugins(); + + const std::string &name() override; + + const std::list &prerequsites() override; + + run_result run() override; + +private: + std::string m_name; + std::list m_prerequsites; +}; + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/print_ignored_events.cpp b/userspace/falco/app_actions/print_ignored_events.cpp new file mode 100644 index 00000000..9c7824ac --- /dev/null +++ b/userspace/falco/app_actions/print_ignored_events.cpp @@ -0,0 +1,98 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include "print_ignored_events.h" + +namespace falco { +namespace app { + +act_print_ignored_events::act_print_ignored_events(application &app) + : action(app), m_name("print ignored events"), + m_prerequsites({"init inspector"}) +{ +} + +act_print_ignored_events::~act_print_ignored_events() +{ +} + +const std::string &act_print_ignored_events::name() +{ + return m_name; +} + +const std::list &act_print_ignored_events::prerequsites() +{ + return m_prerequsites; +} + +runnable_action::run_result act_print_ignored_events::run() +{ + run_result ret = {true, "", true}; + + if(app().options().print_ignored_events) + { + print_all_ignored_events(); + ret.proceed = false; + } + + return ret; +} + +void act_print_ignored_events::print_all_ignored_events() +{ + sinsp_evttables* einfo = app().state().inspector->get_event_info_tables(); + const struct ppm_event_info* etable = einfo->m_event_info; + const struct ppm_syscall_desc* stable = einfo->m_syscall_info_table; + + std::set ignored_event_names; + for(uint32_t j = 0; j < PPM_EVENT_MAX; j++) + { + if(!sinsp::simple_consumer_consider_evtnum(j)) + { + std::string name = etable[j].name; + // Ignore event names NA* + if(name.find("NA") != 0) + { + ignored_event_names.insert(name); + } + } + } + + for(uint32_t j = 0; j < PPM_SC_MAX; j++) + { + if(!sinsp::simple_consumer_consider_syscallid(j)) + { + std::string name = stable[j].name; + // Ignore event names NA* + if(name.find("NA") != 0) + { + ignored_event_names.insert(name); + } + } + } + + printf("Ignored Event(s):"); + for(auto it : ignored_event_names) + { + printf(" %s", it.c_str()); + } + printf("\n"); +} + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/print_ignored_events.h b/userspace/falco/app_actions/print_ignored_events.h new file mode 100644 index 00000000..e4e92643 --- /dev/null +++ b/userspace/falco/app_actions/print_ignored_events.h @@ -0,0 +1,46 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +#pragma once + +#include + +#include "app_action.h" + +namespace falco { +namespace app { + +class act_print_ignored_events : public action { +public: + act_print_ignored_events(application &app); + virtual ~act_print_ignored_events(); + + const std::string &name() override; + + const std::list &prerequsites() override; + + run_result run() override; + +private: + void print_all_ignored_events(); + std::string m_name; + std::list m_prerequsites; +}; + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/start_grpc_server.cpp b/userspace/falco/app_actions/start_grpc_server.cpp new file mode 100644 index 00000000..13fcb253 --- /dev/null +++ b/userspace/falco/app_actions/start_grpc_server.cpp @@ -0,0 +1,82 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include "start_grpc_server.h" + +#ifndef MINIMAL_BUILD + +namespace falco { +namespace app { + +act_start_grpc_server::act_start_grpc_server(application &app) + : action(app), m_name("start grpc server"), + m_prerequsites({"load config"}) +{ +} + +act_start_grpc_server::~act_start_grpc_server() +{ +} + +const std::string &act_start_grpc_server::name() +{ + return m_name; +} + +const std::list &act_start_grpc_server::prerequsites() +{ + return m_prerequsites; +} + +runnable_action::run_result act_start_grpc_server::run() +{ + run_result ret = {true, "", true}; + + // gRPC server + if(app().state().config->m_grpc_enabled) + { + falco_logger::log(LOG_INFO, "gRPC server threadiness equals to " + to_string(app().state().config->m_grpc_threadiness) + "\n"); + // TODO(fntlnz,leodido): when we want to spawn multiple threads we need to have a queue per thread, or implement + // different queuing mechanisms, round robin, fanout? What we want to achieve? + m_grpc_server.init( + app().state().config->m_grpc_bind_address, + app().state().config->m_grpc_threadiness, + app().state().config->m_grpc_private_key, + app().state().config->m_grpc_cert_chain, + app().state().config->m_grpc_root_certs, + app().state().config->m_log_level + ); + m_grpc_server_thread = std::thread([this] { + m_grpc_server.run(); + }); + } + return ret; +} + +void act_start_grpc_server::deinit() +{ + if(m_grpc_server_thread.joinable()) + { + m_grpc_server.shutdown(); + m_grpc_server_thread.join(); + } +} + +#endif + +}; // namespace application +}; // namespace falco + diff --git a/userspace/falco/app_actions/start_grpc_server.h b/userspace/falco/app_actions/start_grpc_server.h new file mode 100644 index 00000000..b275aedc --- /dev/null +++ b/userspace/falco/app_actions/start_grpc_server.h @@ -0,0 +1,56 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +#pragma once + +#include + +#include "app_action.h" + +#ifndef MINIMAL_BUILD + +#include "grpc_server.h" + +namespace falco { +namespace app { + +class act_start_grpc_server : public action { +public: + act_start_grpc_server(application &app); + virtual ~act_start_grpc_server(); + + const std::string &name() override; + + const std::list &prerequsites() override; + + run_result run() override; + + void deinit() override; + +private: + falco::grpc::server m_grpc_server; + std::thread m_grpc_server_thread; + + std::string m_name; + std::list m_prerequsites; +}; + +#endif + +}; // namespace application +}; // namespace falco +