new: support multiple buffer modes and online CPUs

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>

falco.yaml

@@ -225,6 +225,24 @@ syscall_event_timeouts:
 
 syscall_buf_size_preset: 4
 
+
+############## [EXPERIMENTAL] Modern BPF probe specific ##############
+
+# These configs are experimental they could change over releases
+
+# Possible values: {0, 1, 2, ..., MAX_CPUS_NUMBER}
+cpus_for_each_syscall_buffer: 1
+
+# Possible values:
+# - true: allocate ring buffers only for online CPUs
+# - false: allocate ring buffers for all available CPUs
+online_cpus_only: true
+
+############## [EXPERIMENTAL] Modern BPF probe specific ##############
+
+
+
+
 # Falco continuously monitors outputs performance. When an output channel does not allow
 # to deliver an alert within a given deadline, an error is reported indicating
 # which output is blocking notifications.

userspace/falco/app_actions/open_inspector.cpp

@@ -77,8 +77,11 @@ application::run_result application::open_live_inspector(
 		}
 		else if(m_options.modern_bpf) /* modern BPF engine. */
 		{
-			falco_logger::log(LOG_INFO, "Opening capture with modern BPF probe");
-			inspector->open_modern_bpf(m_state->syscall_buffer_bytes_size, DEFAULT_CPU_FOR_EACH_BUFFER, true, m_state->ppm_sc_of_interest, m_state->tp_of_interest);
+			std::string interesting_CPUs = m_state->config->m_online_cpus_only ? "online" : "available";
+			falco_logger::log(LOG_INFO, "Opening capture with modern BPF probe.");
+			falco_logger::log(LOG_INFO, "One ring buffer every '" + std::to_string(m_state->config->m_cpus_for_each_syscall_buffer) +  "' CPUs.");
+			falco_logger::log(LOG_INFO, "Allocate ring buffers for " + interesting_CPUs + " only.");
+			inspector->open_modern_bpf(m_state->syscall_buffer_bytes_size, m_state->config->m_cpus_for_each_syscall_buffer, m_state->config->m_online_cpus_only, m_state->ppm_sc_of_interest, m_state->tp_of_interest);
 		}
 		else if(getenv(FALCO_BPF_ENV_VARIABLE) != NULL) /* BPF engine. */
 		{

userspace/falco/configuration.cpp

@@ -56,7 +56,10 @@ falco_configuration::falco_configuration():
 	m_metadata_download_max_mb(100),
 	m_metadata_download_chunk_wait_us(1000),
 	m_metadata_download_watch_freq_sec(1),
-	m_syscall_buf_size_preset(4)
+	m_syscall_buf_size_preset(4),
+	m_cpus_for_each_syscall_buffer(1),
+	m_online_cpus_only(true),
+	m_config(NULL)
 {
 }
 
@@ -308,7 +311,12 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h
 	/* We put this value in the configuration file because in this way we can change the dimension at every reload.
 	 * The default value is `4` -> 8 MB.
 	 */
-	m_syscall_buf_size_preset = config.get_scalar<uint16_t>("syscall_buf_size_preset", 4);
+	m_syscall_buf_size_preset = m_config->get_scalar<uint16_t>("syscall_buf_size_preset", 4);
+	
+	m_cpus_for_each_syscall_buffer = m_config->get_scalar<uint16_t>("cpus_for_each_syscall_buffer", 1);
+
+	m_online_cpus_only = m_config->get_scalar<bool>("online_cpus_only", true);
+
 
 	std::set<std::string> load_plugins;
 

userspace/falco/configuration.h

@@ -103,6 +103,12 @@ public:
 	// Index corresponding to the syscall buffer dimension.
 	uint16_t m_syscall_buf_size_preset;
 
+	// Number of CPUs associated with a single ring buffer.
+	uint16_t m_cpus_for_each_syscall_buffer;
+
+	// If true allocate ring buffers only for online CPUs
+	bool m_online_cpus_only;
+
 	std::vector<plugin_config> m_plugins;
 
 private: