github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-02-21 14:13:27 +00:00
Code Issues Projects Releases Wiki Activity

chore!: drop gRPC output and server support

Browse Source 
Falco 0.43.0 deprecated the gRPC output and server supports. Drop
their supports as well as any reference to them.

BREAKING CHANGE: drop gRPC output and server support

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
This commit is contained in:
Leonardo Di Giovanna
2026-02-05 16:47:21 +01:00
committed by poiana
parent 33a2ce53fd
commit 43aaffc4e0
29 changed files with 16 additions and 1837 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/codeql.yaml vendored
View File

@@ -59,7 +59,7 @@ jobs:
run: sudo apt update -y
- name: Install build dependencies
run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libc-ares-dev libprotobuf-dev protobuf-compiler libyaml-cpp-dev libgrpc++-dev protobuf-compiler-grpc rpm libelf-dev cmake build-essential libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm git -y
run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libc-ares-dev libyaml-cpp-dev rpm libelf-dev cmake build-essential libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm git -y
- name: Prepare project
run: |

2
.github/workflows/reusable_build_dev.yaml vendored
View File

@@ -57,7 +57,7 @@ jobs:
- name: Install build dependencies (non-minimal)
if: inputs.minimal != true
run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libc-ares-dev libprotobuf-dev protobuf-compiler libgrpc++-dev protobuf-compiler-grpc rpm libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm -y
run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libc-ares-dev rpm libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm -y
- name: Prepare project
run: |

3
CMakeLists.txt
View File

@@ -192,9 +192,6 @@ if(NOT MINIMAL_BUILD)
AND NOT EMSCRIPTEN
)
include(cares)
include(protobuf)
# gRPC
include(grpc)
endif()
endif()

278
cmake/modules/grpc.cmake
View File

@@ -1,278 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2023 The Falco Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
# in compliance with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License
# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
# or implied. See the License for the specific language governing permissions and limitations under
# the License.
#
option(USE_BUNDLED_GRPC "Enable building of the bundled grpc" ${USE_BUNDLED_DEPS})
if(GRPC_INCLUDE)
# we already have grpc
elseif(NOT USE_BUNDLED_GRPC)
# gRPC
find_package(gRPC CONFIG)
if(gRPC_FOUND)
message(STATUS "Using gRPC ${gRPC_VERSION}")
set(GPR_LIB gRPC::gpr)
set(GRPC_LIB gRPC::grpc)
set(GRPCPP_LIB gRPC::grpc++)
# gRPC C++ plugin
get_target_property(GRPC_CPP_PLUGIN gRPC::grpc_cpp_plugin LOCATION)
if(NOT GRPC_CPP_PLUGIN)
message(FATAL_ERROR "System grpc_cpp_plugin not found")
endif()
# gRPC include dir + properly handle grpc{++,pp}
get_target_property(GRPC_INCLUDE gRPC::grpc++ INTERFACE_INCLUDE_DIRECTORIES)
find_path(
GRPCXX_INCLUDE
NAMES grpc++/grpc++.h
PATHS ${GRPC_INCLUDE}
)
if(NOT GRPCXX_INCLUDE)
find_path(
GRPCPP_INCLUDE
NAMES grpcpp/grpcpp.h
PATHS ${GRPC_INCLUDE}
)
add_definitions(-DGRPC_INCLUDE_IS_GRPCPP=1)
endif()
else()
# Fallback to manually find libraries; Some distro, namely Ubuntu focal, do not install gRPC
# config cmake module
find_library(GPR_LIB NAMES gpr)
if(GPR_LIB)
message(STATUS "Found gpr lib: ${GPR_LIB}")
else()
message(FATAL_ERROR "Couldn't find system gpr")
endif()
find_path(GRPCXX_INCLUDE NAMES grpc++/grpc++.h)
if(GRPCXX_INCLUDE)
set(GRPC_INCLUDE ${GRPCXX_INCLUDE})
else()
find_path(GRPCPP_INCLUDE NAMES grpcpp/grpcpp.h)
set(GRPC_INCLUDE ${GRPCPP_INCLUDE})
add_definitions(-DGRPC_INCLUDE_IS_GRPCPP=1)
endif()
find_library(GRPC_LIB NAMES grpc)
find_library(GRPCPP_LIB NAMES grpc++)
if(GRPC_INCLUDE
AND GRPC_LIB
AND GRPCPP_LIB
)
message(
STATUS
"Found grpc: include: ${GRPC_INCLUDE}, C lib: ${GRPC_LIB}, C++ lib: ${GRPCPP_LIB}"
)
else()
message(FATAL_ERROR "Couldn't find system grpc")
endif()
find_program(GRPC_CPP_PLUGIN grpc_cpp_plugin)
if(NOT GRPC_CPP_PLUGIN)
message(FATAL_ERROR "System grpc_cpp_plugin not found")
endif()
endif()
else()
include(cares)
include(protobuf)
include(zlib)
include(openssl)
if(BUILD_SHARED_LIBS)
set(GRPC_OPENSSL_STATIC_LIBS_OPTION FALSE)
else()
set(GRPC_OPENSSL_STATIC_LIBS_OPTION TRUE)
endif()
include(re2)
set(GRPC_SRC "${PROJECT_BINARY_DIR}/grpc-prefix/src/grpc")
set(GRPC_INSTALL_DIR "${GRPC_SRC}/target")
set(GRPC_INCLUDE "${GRPC_INSTALL_DIR}/include" "${GRPC_SRC}/third_party/abseil-cpp")
set(GPR_LIB "${GRPC_SRC}/libgpr.a")
set(GRPC_LIB "${GRPC_SRC}/libgrpc.a")
set(GRPCPP_LIB "${GRPC_SRC}/libgrpc++.a")
set(GRPC_CPP_PLUGIN "${GRPC_SRC}/grpc_cpp_plugin")
set(GRPC_MAIN_LIBS "")
list(
APPEND
GRPC_MAIN_LIBS
"${GPR_LIB}"
"${GRPC_LIB}"
"${GRPCPP_LIB}"
"${GRPC_SRC}/libgrpc++_alts.a"
"${GRPC_SRC}/libgrpc++_error_details.a"
"${GRPC_SRC}/libgrpc++_reflection.a"
"${GRPC_SRC}/libgrpc++_unsecure.a"
"${GRPC_SRC}/libgrpc_plugin_support.a"
"${GRPC_SRC}/libgrpc_unsecure.a"
"${GRPC_SRC}/libgrpcpp_channelz.a"
)
get_filename_component(PROTOC_DIR ${PROTOC} PATH)
if(NOT TARGET grpc)
message(STATUS "Using bundled grpc in '${GRPC_SRC}'")
# fixme(leogr): this workaround is required to inject the missing deps (built by gRCP
# cmakefiles) into target_link_libraries later note: the list below is manually generated
# starting from the output of pkg-config --libs grpc++
set(GRPC_LIBRARIES "")
list(
APPEND
GRPC_LIBRARIES
"${GRPC_SRC}/libaddress_sorting.a"
"${GRPC_SRC}/libupb.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/hash/libabsl_hash.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/hash/libabsl_city.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/hash/libabsl_low_level_hash.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/container/libabsl_raw_hash_set.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/container/libabsl_hashtablez_sampler.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/status/libabsl_statusor.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/status/libabsl_status.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_cord.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_cordz_functions.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/profiling/libabsl_exponential_biased.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/types/libabsl_bad_optional_access.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/types/libabsl_bad_variant_access.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_str_format_internal.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/synchronization/libabsl_synchronization.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/synchronization/libabsl_graphcycles_internal.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/debugging/libabsl_stacktrace.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/debugging/libabsl_symbolize.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/debugging/libabsl_debugging_internal.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/debugging/libabsl_demangle_internal.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_malloc_internal.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/time/libabsl_time.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/time/libabsl_civil_time.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_strings.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_strings_internal.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_base.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_spinlock_wait.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/numeric/libabsl_int128.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_throw_delegate.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_raw_logging_internal.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_log_severity.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/time/libabsl_time_zone.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_cord_internal.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_cordz_info.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_cordz_handle.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_pool_urbg.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_randen.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_randen_hwaes.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_randen_hwaes_impl.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_randen_slow.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_seed_material.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_platform.a"
"${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_seed_gen_exception.a"
)
# Make abseil-cpp build compatible with gcc-13 See
# https://patchwork.yoctoproject.org/project/oe/patch/20230518093301.2938164-1-Martin.Jansa@gmail.com/
# TO BE DROPPED once we finally upgrade grpc...
set(GRPC_PATCH_CMD
sh
-c
"sed -i '20s/^/#include <cstdint>/' ${GRPC_SRC}/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h"
&&
sh
-c
"sed -i 's|off64_t|off_t|g' ${GRPC_SRC}/third_party/abseil-cpp/absl/base/internal/direct_mmap.h"
)
# Zig workaround: Add a PATCH_COMMAND to grpc cmake to fixup emitted -march by abseil-cpp
# cmake module, making it use a name understood by zig for arm64. See
# https://github.com/abseil/abseil-cpp/blob/master/absl/copts/GENERATED_AbseilCopts.cmake#L226.
if(CMAKE_C_COMPILER MATCHES "zig")
message(STATUS "Enabling zig workaround for abseil-cpp")
set(GRPC_PATCH_CMD
${GRPC_PATCH_CMD}
&&
sh
-c
"sed -i 's/armv8-a/cortex_a57/g' ${GRPC_SRC}/third_party/abseil-cpp/absl/copts/GENERATED_AbseilCopts.cmake"
)
endif()
ExternalProject_Add(
grpc
PREFIX "${PROJECT_BINARY_DIR}/grpc-prefix"
DEPENDS openssl protobuf c-ares zlib re2
GIT_REPOSITORY https://github.com/grpc/grpc.git
GIT_TAG v1.44.0
GIT_SUBMODULES "third_party/abseil-cpp"
CMAKE_CACHE_ARGS
-DCMAKE_INSTALL_PREFIX:PATH=${GRPC_INSTALL_DIR}
-DCMAKE_BUILD_TYPE:STRING=${CMAKE_BUILD_TYPE}
-DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=${ENABLE_PIC}
-DgRPC_INSTALL:BOOL=OFF
# disable unused stuff
-DgRPC_BUILD_TESTS:BOOL=OFF
-DgRPC_BUILD_CSHARP_EXT:BOOL=OFF
-DgRPC_BUILD_GRPC_CSHARP_PLUGIN:BOOL=OFF
-DgRPC_BUILD_GRPC_NODE_PLUGIN:BOOL=OFF
-DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN:BOOL=OFF
-DgRPC_BUILD_GRPC_PHP_PLUGIN:BOOL=OFF
-DgRPC_BUILD_GRPC_PYTHON_PLUGIN:BOOL=OFF
-DgRPC_BUILD_GRPC_RUBY_PLUGIN:BOOL=OFF
# deps provided by us
# https://github.com/grpc/grpc/blob/v1.32.0/cmake/modules/Findc-ares.cmake
-DgRPC_CARES_PROVIDER:STRING=package
-Dc-ares_DIR:PATH=${CARES_SRC}
-Dc-ares_INCLUDE_DIR:PATH=${CARES_INCLUDE}
-Dc-ares_LIBRARY:PATH=${CARES_LIB}
# https://cmake.org/cmake/help/v3.6/module/FindProtobuf.html
-DgRPC_PROTOBUF_PROVIDER:STRING=package
-DCMAKE_CXX_FLAGS:STRING=-I${PROTOBUF_INCLUDE}
-DProtobuf_INCLUDE_DIR:PATH=${PROTOBUF_INCLUDE}
-DProtobuf_LIBRARY:PATH=${PROTOBUF_LIB}
-DProtobuf_PROTOC_LIBRARY:PATH=${PROTOC_LIB}
-DProtobuf_PROTOC_EXECUTABLE:PATH=${PROTOC}
# https://cmake.org/cmake/help/v3.6/module/FindOpenSSL.html
-DgRPC_SSL_PROVIDER:STRING=package
-DOPENSSL_ROOT_DIR:PATH=${OPENSSL_INSTALL_DIR}
-DOPENSSL_USE_STATIC_LIBS:BOOL=${GRPC_OPENSSL_STATIC_LIBS_OPTION}
# https://cmake.org/cmake/help/v3.6/module/FindZLIB.html
-DgRPC_ZLIB_PROVIDER:STRING=package
-DZLIB_ROOT:STRING=${ZLIB_SRC}
# RE2
-DgRPC_RE2_PROVIDER:STRING=package
-Dre2_DIR:PATH=${RE2_DIR}
BUILD_IN_SOURCE 1
BUILD_BYPRODUCTS ${GRPC_LIB} ${GRPCPP_LIB} ${GPR_LIB} ${GRPC_LIBRARIES}
# Keep installation files into the local ${GRPC_INSTALL_DIR} since here is the case when
# we are embedding gRPC
UPDATE_COMMAND ""
PATCH_COMMAND ${GRPC_PATCH_CMD}
INSTALL_COMMAND DESTDIR= ${CMAKE_MAKE_PROGRAM} install
)
install(
FILES ${GRPC_MAIN_LIBS}
DESTINATION "${CMAKE_INSTALL_LIBDIR}/${LIBS_PACKAGE_NAME}"
COMPONENT "libs-deps"
)
install(
FILES ${GRPC_LIBRARIES}
DESTINATION "${CMAKE_INSTALL_LIBDIR}/${LIBS_PACKAGE_NAME}"
COMPONENT "libs-deps"
)
install(
DIRECTORY "${GRPC_SRC}/target/include/"
DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/${LIBS_PACKAGE_NAME}"
COMPONENT "libs-deps"
)
endif()
endif()
if(NOT TARGET grpc)
add_custom_target(grpc)
endif()
include_directories("${GRPC_INCLUDE}")

67
falco.yaml
View File

@@ -70,9 +70,7 @@
# file_output [Stable]
# http_output [Stable]
# program_output [Stable]
# grpc_output [Deprecated]
# Falco exposed services
# grpc [Deprecated]
# webserver [Stable]
# Falco logging / alerting / metrics related to software functioning (basic)
# log_stderr [Stable]
@@ -719,7 +717,7 @@ outputs_queue:
# With this setting you can add more information to the Falco output message, customizable by
# rule, tag or source.
# You can also add additional data that will appear in the output_fields property
# of JSON formatted messages or gRPC output but will not be part of the regular output message.
# of JSON formatted messages but will not be part of the regular output message.
# This allows you to add custom fields that can help you filter your Falco events without
# polluting the message text.
#
@@ -780,7 +778,7 @@ append_output:
# Falco outputs channels #
##########################
# Falco supports various output channels, such as syslog, stdout, file, gRPC (deprecated),
# Falco supports various output channels, such as syslog, stdout, file,
# webhook, and more. You can enable or disable these channels as needed to
# control where Falco alerts and log messages are directed. This flexibility
# allows seamless integration with your preferred logging and alerting systems.
@@ -876,71 +874,10 @@ program_output:
# -- The program to execute.
program: "jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX"
# [Deprecated] `grpc_output`
#
# -- Use gRPC as an output service. DEPRECATION NOTICE: The gRPC output is deprecated. Consider using other outputs.
#
# gRPC is a modern and high-performance framework for remote procedure calls
# (RPC). It utilizes protocol buffers for efficient data serialization. The gRPC
# output in Falco provides a modern and efficient way to integrate with other
# systems. By default, the setting is turned off. Enabling this option stores
# output events in memory until they are consumed by a gRPC client. Ensure that
# you have a consumer for the output events or leave it disabled.
grpc_output:
# -- Enable gRPC as an output service.
enabled: false
##########################
# Falco exposed services #
##########################
# [Deprecated] `grpc`
#
# -- A gRPC server (needed by the gRPC output). DEPRECATION NOTICE: The gRPC server is deprecated as a consequence of
# the gRPC output deprecation.
#
# Falco provides support for running a gRPC server using two main binding types:
# 1. Over the network with mandatory mutual TLS authentication (mTLS), which
# ensures secure communication
# 2. Local Unix socket binding with no authentication. By default, the
# gRPC server in Falco is turned off with no enabled services (see
# `grpc_output` setting).
#
# To configure the gRPC server in Falco, you can make the following changes to
# the options:
#
# - Uncomment the relevant configuration options related to the gRPC server.
# - Update the paths of the generated certificates for mutual TLS authentication
# if you choose to use mTLS.
# - Specify the address to bind and expose the gRPC server.
# - Adjust the threadiness configuration to control the number of threads and
# contexts used by the server.
#
# Keep in mind that if any issues arise while creating the gRPC server, the
# information will be logged, but it will not stop the main Falco daemon.
#
# gRPC server using mTLS
# grpc:
# enabled: true
# bind_address: "0.0.0.0:5060"
# # When the `threadiness` value is set to 0, Falco will automatically determine
# # the appropriate number of threads based on the number of online cores in the system.
# threadiness: 0
# private_key: "/etc/falco/certs/server.key"
# cert_chain: "/etc/falco/certs/server.crt"
# root_certs: "/etc/falco/certs/ca.crt"
#
# gRPC server using a local unix socket (see default below)
grpc:
# -- Enable the gRPC server.
enabled: false
# -- Address to bind and expose the gRPC server. Use either a local unix socket with
# no authentication, or a network address with mTLS.
bind_address: "unix:///run/falco/falco.sock"
# -- When the `threadiness` value is set to 0, Falco will automatically determine
# the appropriate number of threads based on the number of online cores in the system.
threadiness: 0
# [Stable] `webserver`
#
# -- Falco supports an embedded webserver that runs within the Falco process,

9
userspace/engine/falco_engine.h
View File

@@ -201,11 +201,10 @@ public:
const std::set<std::string> &tags,
const std::string &rule);
// You can optionally add fields that will only show up in the object
// output (e.g. json, gRPC) alongside other output_fields
// and not in the text message output.
// You can add two types of fields: formatted which will act like
// an additional output format that appears in the output field
// You can optionally add fields that will only show up in the object output (e.g. json)
// alongside other output_fields and not in the text message output. You can add two types of
// fields: formatted which will act like an additional output format that appears in the output
// field
void add_extra_output_formatted_field(const std::string &key,
const std::string &format,
const std::string &source,

80
userspace/falco/CMakeLists.txt
View File

@@ -45,10 +45,8 @@ add_library(
app/actions/configure_syscall_buffer_size.cpp
app/actions/configure_syscall_buffer_num.cpp
app/actions/select_event_sources.cpp
app/actions/start_grpc_server.cpp
app/actions/start_webserver.cpp
app/actions/validate_rules_files.cpp
app/actions/create_requested_paths.cpp
app/actions/close_inspectors.cpp
app/actions/print_config_schema.cpp
app/actions/print_rule_schema.cpp
@@ -79,54 +77,21 @@ if(NOT WIN32)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT MINIMAL_BUILD)
target_sources(
falco_application
PRIVATE outputs_grpc.cpp
outputs_http.cpp
falco_metrics.cpp
webserver.cpp
grpc_context.cpp
grpc_request_context.cpp
grpc_server.cpp
grpc_context.cpp
${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.cc
${CMAKE_CURRENT_BINARY_DIR}/version.pb.cc
${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.cc
${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.cc
${CMAKE_CURRENT_BINARY_DIR}/schema.pb.cc
target_sources(falco_application PRIVATE outputs_http.cpp falco_metrics.cpp webserver.cpp)
list(APPEND FALCO_INCLUDE_DIRECTORIES FALCO_INCLUDE_DIRECTORIES "${OPENSSL_INCLUDE_DIR}"
"${CARES_INCLUDE}"
)
list(
APPEND
FALCO_INCLUDE_DIRECTORIES
FALCO_INCLUDE_DIRECTORIES
"${OPENSSL_INCLUDE_DIR}"
"${GRPC_INCLUDE}"
"${GRPCPP_INCLUDE}"
"${PROTOBUF_INCLUDE}"
"${CARES_INCLUDE}"
)
if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND USE_BUNDLED_GRPC)
list(APPEND FALCO_DEPENDENCIES grpc)
if(TARGET c-ares)
list(APPEND FALCO_DEPENDENCIES c-ares)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND USE_BUNDLED_CURL)
list(APPEND FALCO_DEPENDENCIES curl)
endif()
list(
APPEND
FALCO_LIBRARIES
httplib::httplib
"${CURL_LIBRARIES}"
"${GRPCPP_LIB}"
"${GRPC_LIB}"
"${GPR_LIB}"
"${GRPC_LIBRARIES}"
"${PROTOBUF_LIB}"
"${CARES_LIB}"
)
list(APPEND FALCO_LIBRARIES httplib::httplib "${CURL_LIBRARIES}" "${CARES_LIB}")
endif()
if(EMSCRIPTEN)
@@ -156,37 +121,6 @@ if(EMSCRIPTEN)
target_link_options(falco PRIVATE "-sEXPORTED_FUNCTIONS=['_main','_htons','_ntohs']")
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT MINIMAL_BUILD)
add_custom_command(
OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.cc
${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.h
${CMAKE_CURRENT_BINARY_DIR}/version.pb.cc
${CMAKE_CURRENT_BINARY_DIR}/version.pb.h
${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.cc
${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.h
${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.cc
${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.h
${CMAKE_CURRENT_BINARY_DIR}/schema.pb.cc
${CMAKE_CURRENT_BINARY_DIR}/schema.pb.h
COMMENT "Generate gRPC API"
# Falco gRPC Version API
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/version.proto
COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --cpp_out=.
${CMAKE_CURRENT_SOURCE_DIR}/version.proto
COMMAND
${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --grpc_out=.
--plugin=protoc-gen-grpc=${GRPC_CPP_PLUGIN} ${CMAKE_CURRENT_SOURCE_DIR}/version.proto
# Falco gRPC Outputs API
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto
COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --cpp_out=.
${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto ${CMAKE_CURRENT_SOURCE_DIR}/schema.proto
COMMAND
${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --grpc_out=.
--plugin=protoc-gen-grpc=${GRPC_CPP_PLUGIN} ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)
endif()
# strip the Falco binary when releasing using musl
if(MUSL_OPTIMIZED_BUILD AND CMAKE_BUILD_TYPE STREQUAL "release")
add_custom_command(

3
userspace/falco/app/actions/actions.h
View File

@@ -27,7 +27,6 @@ namespace actions {
falco::app::run_result configure_interesting_sets(falco::app::state& s);
falco::app::run_result configure_syscall_buffer_size(falco::app::state& s);
falco::app::run_result configure_syscall_buffer_num(const falco::app::state& s);
falco::app::run_result create_requested_paths(falco::app::state& s);
falco::app::run_result create_signal_handlers(falco::app::state& s);
falco::app::run_result pidfile(const falco::app::state& s);
falco::app::run_result init_falco_engine(falco::app::state& s);
@@ -51,9 +50,7 @@ falco::app::run_result print_version(falco::app::state& s);
falco::app::run_result process_events(falco::app::state& s);
falco::app::run_result require_config_file(const falco::app::state& s);
falco::app::run_result select_event_sources(falco::app::state& s);
falco::app::run_result start_grpc_server(falco::app::state& s);
falco::app::run_result start_webserver(falco::app::state& s);
falco::app::run_result stop_grpc_server(falco::app::state& s);
falco::app::run_result stop_webserver(falco::app::state& s);
falco::app::run_result unregister_signal_handlers(falco::app::state& s);
falco::app::run_result validate_rules_files(falco::app::state& s);

57
userspace/falco/app/actions/create_requested_paths.cpp
View File

@@ -1,57 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include "actions.h"
#include "falco_utils.h"
#include <sys/stat.h>
#include <filesystem>
using namespace falco::app;
using namespace falco::app::actions;
static int create_dir(const std::string &path);
falco::app::run_result falco::app::actions::create_requested_paths(falco::app::state &s) {
if(s.config->m_grpc_enabled && !s.config->m_grpc_bind_address.empty()) {
if(falco::utils::network::is_unix_scheme(s.config->m_grpc_bind_address)) {
auto server_path = s.config->m_grpc_bind_address.substr(
falco::utils::network::UNIX_SCHEME.length());
int ret = create_dir(server_path);
if(ret != 0) {
return run_result::fatal(server_path + ": " + strerror(errno));
}
}
}
// TODO: eventually other files written by Falco whose destination is
// customizable by users, must be handled here.
return run_result::ok();
}
// This function operates like `mkdir -p` excluding the last part of
// the path which we assume to be the filename.
static int create_dir(const std::string &path) {
std::filesystem::path dirPath(path);
try {
std::filesystem::create_directories(dirPath.parent_path());
} catch(const std::exception &ex) {
return -1;
}
return 0;
}

3
userspace/falco/app/actions/init_outputs.cpp
View File

@@ -37,8 +37,7 @@ falco::app::run_result falco::app::actions::init_outputs(falco::app::state& s) {
// read hostname
std::string hostname;
char* env_hostname = getenv("FALCO_HOSTNAME");
// todo(leogr): keep FALCO_GRPC_HOSTNAME for backward compatibility. Shall we deprecate it?
if(env_hostname || (env_hostname = getenv("FALCO_GRPC_HOSTNAME"))) {
if(env_hostname) {
hostname = env_hostname;
falco_logger::log(falco_logger::level::INFO,
"Hostname value has been overridden via environment variable to: " +

73
userspace/falco/app/actions/start_grpc_server.cpp
View File

@@ -1,73 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include "actions.h"
#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
#include "grpc_server.h"
#endif
using namespace falco::app;
using namespace falco::app::actions;
falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state& s) {
#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
// gRPC server
if(!s.config->m_grpc_enabled) {
return run_result::ok();
}
if(s.options.dry_run) {
falco_logger::log(falco_logger::level::DEBUG, "Skipping starting gRPC server in dry-run\n");
return run_result::ok();
}
falco_logger::log(falco_logger::level::INFO,
"gRPC server threadiness equals to " +
std::to_string(s.config->m_grpc_threadiness) + "\n");
// TODO(fntlnz,leodido): when we want to spawn multiple threads we need to have a queue per
// thread, or implement different queuing mechanisms, round robin, fanout? What we want to
// achieve?
s.grpc_server.init(s.config->m_grpc_bind_address,
s.config->m_grpc_threadiness,
s.config->m_grpc_private_key,
s.config->m_grpc_cert_chain,
s.config->m_grpc_root_certs,
s.config->m_log_level);
s.grpc_server_thread = std::thread([&s] { s.grpc_server.run(); });
#endif
return run_result::ok();
}
falco::app::run_result falco::app::actions::stop_grpc_server(falco::app::state& s) {
#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
if(!s.config->m_grpc_enabled) {
return run_result::ok();
}
if(s.options.dry_run) {
falco_logger::log(falco_logger::level::DEBUG, "Skipping stopping gRPC server in dry-run\n");
return run_result::ok();
}
if(s.grpc_server_thread.joinable()) {
s.grpc_server.shutdown();
s.grpc_server_thread.join();
}
#endif
return run_result::ok();
}

3
userspace/falco/app/app.cpp
View File

@@ -76,19 +76,16 @@ bool falco::app::run(falco::app::state& s, bool& restart, std::string& errstr) {
falco::app::actions::print_support,
falco::app::actions::init_outputs,
falco::app::actions::create_signal_handlers,
falco::app::actions::create_requested_paths,
falco::app::actions::pidfile,
falco::app::actions::configure_interesting_sets,
falco::app::actions::configure_syscall_buffer_size,
falco::app::actions::configure_syscall_buffer_num,
falco::app::actions::start_grpc_server,
falco::app::actions::start_webserver,
falco::app::actions::process_events,
};
std::list<app_action> const teardown_steps = {
falco::app::actions::unregister_signal_handlers,
falco::app::actions::stop_grpc_server,
falco::app::actions::stop_webserver,
falco::app::actions::close_inspectors,
};

4
userspace/falco/app/state.h
View File

@@ -24,7 +24,6 @@ limitations under the License.
#include "../configuration.h"
#include "../stats_writer.h"
#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
#include "../grpc_server.h"
#include "../webserver.h"
#endif
@@ -111,9 +110,6 @@ struct state {
std::shared_ptr<restart_handler> restarter;
#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
falco::grpc::server grpc_server;
std::thread grpc_server_thread;
falco_webserver webserver;
#endif
// Set by start_webserver to start prometheus metrics

23
userspace/falco/config_json_schema.h
View File

@@ -157,12 +157,6 @@ const char config_schema_string[] = LONG_STRING_CONST(
"program_output": {
"$ref": "#/definitions/ProgramOutput"
},
"grpc_output": {
"$ref": "#/definitions/Output"
},
"grpc": {
"$ref": "#/definitions/Grpc"
},
"webserver": {
"$ref": "#/definitions/Webserver"
},
@@ -459,23 +453,6 @@ const char config_schema_string[] = LONG_STRING_CONST(
"minProperties": 1,
"title": "FileOutput"
},
"Grpc": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean"
},
"bind_address": {
"type": "string"
},
"threadiness": {
"type": "integer"
}
},
"minProperties": 1,
"title": "Grpc"
},
"Output": {
"type": "object",
"additionalProperties": false,

33
userspace/falco/configuration.cpp
View File

@@ -74,8 +74,6 @@ falco_configuration::falco_configuration():
m_time_format_iso_8601(false),
m_buffer_format_base64(false),
m_output_timeout(2000),
m_grpc_enabled(false),
m_grpc_threadiness(0),
m_webserver_enabled(false),
m_syscall_evt_drop_threshold(.1),
m_syscall_evt_drop_rate(.03333),
@@ -443,37 +441,6 @@ void falco_configuration::load_yaml(const std::string &config_name) {
m_outputs.push_back(http_output);
}
m_grpc_enabled = m_config.get_scalar<bool>("grpc.enabled", false);
if(m_grpc_enabled) {
falco_logger::log(falco_logger::level::WARNING,
"Using deprecated gRPC server (deprecated as consequence of gRPC output "
"deprecation).");
}
m_grpc_bind_address = m_config.get_scalar<std::string>("grpc.bind_address", "0.0.0.0:5060");
m_grpc_threadiness = m_config.get_scalar<uint32_t>("grpc.threadiness", 0);
if(m_grpc_threadiness == 0) {
m_grpc_threadiness = falco::utils::hardware_concurrency();
}
// todo > else limit threadiness to avoid oversubscription?
m_grpc_private_key =
m_config.get_scalar<std::string>("grpc.private_key", "/etc/falco/certs/server.key");
m_grpc_cert_chain =
m_config.get_scalar<std::string>("grpc.cert_chain", "/etc/falco/certs/server.crt");
m_grpc_root_certs =
m_config.get_scalar<std::string>("grpc.root_certs", "/etc/falco/certs/ca.crt");
falco::outputs::config grpc_output;
grpc_output.name = "grpc";
const auto grpc_output_enabled = m_config.get_scalar<bool>("grpc_output.enabled", true);
if(grpc_output_enabled) {
falco_logger::log(falco_logger::level::WARNING,
"Using deprecated gRPC output. Please consider using other outputs.");
}
// gRPC output is enabled only if gRPC server is enabled too
if(grpc_output_enabled && m_grpc_enabled) {
m_outputs.push_back(grpc_output);
}
m_output_timeout = m_config.get_scalar<uint32_t>("output_timeout", 2000);
std::string rule_matching = m_config.get_scalar<std::string>("rule_matching", "first");

7
userspace/falco/configuration.h
View File

@@ -159,13 +159,6 @@ public:
bool m_buffer_format_base64;
uint32_t m_output_timeout;
bool m_grpc_enabled;
uint32_t m_grpc_threadiness;
std::string m_grpc_bind_address;
std::string m_grpc_private_key;
std::string m_grpc_cert_chain;
std::string m_grpc_root_certs;
bool m_webserver_enabled;
webserver_config m_webserver_config;

7
userspace/falco/falco_outputs.cpp
View File

@@ -15,10 +15,6 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
#include <google/protobuf/util/time_util.h>
#endif
#include "falco_outputs.h"
#include "config_falco.h"
@@ -34,7 +30,6 @@ limitations under the License.
#endif
#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
#include "outputs_http.h"
#include "outputs_grpc.h"
#endif
static const char *s_internal_source = "internal";
@@ -101,8 +96,6 @@ void falco_outputs::add_output(const falco::outputs::config &oc) {
#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
else if(oc.name == "http") {
oo = std::make_unique<falco::outputs::output_http>();
} else if(oc.name == "grpc") {
oo = std::make_unique<falco::outputs::output_grpc>();
}
#endif
else {

52
userspace/falco/grpc_context.cpp
View File

@@ -1,52 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include <sstream>
#include "grpc_context.h"
falco::grpc::context::context(::grpc::ServerContext* ctx): m_ctx(ctx) {
std::string session_id;
std::string request_id;
get_metadata(meta_session, session_id);
get_metadata(meta_request, request_id);
bool has_meta = false;
std::stringstream meta;
if(!session_id.empty()) {
meta << "[sid=" << session_id << "]";
has_meta = true;
}
if(!request_id.empty()) {
meta << "[rid=" << request_id << "]";
has_meta = true;
}
if(has_meta) {
meta << " ";
}
m_prefix = meta.str();
}
void falco::grpc::context::context::get_metadata(std::string key, std::string& val) {
const std::multimap<::grpc::string_ref, ::grpc::string_ref>& client_metadata =
m_ctx->client_metadata();
auto it = client_metadata.find(key);
if(it != client_metadata.end()) {
val.assign(it->second.data(), it->second.size());
}
}

65
userspace/falco/grpc_context.h
View File

@@ -1,65 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#pragma once
#include <string>
#ifdef GRPC_INCLUDE_IS_GRPCPP
#include <grpcpp/grpcpp.h>
#else
#include <grpc++/grpc++.h>
#endif
namespace falco {
namespace grpc {
const std::string meta_session = "session_id";
const std::string meta_request = "request_id";
class context {
public:
explicit context(::grpc::ServerContext* ctx);
virtual ~context() = default;
void get_metadata(std::string key, std::string& val);
private:
::grpc::ServerContext* m_ctx = nullptr;
std::string m_prefix;
};
class stream_context : public context {
public:
explicit stream_context(::grpc::ServerContext* ctx): context(ctx) {};
virtual ~stream_context() override = default;
enum : char { STREAMING = 1, SUCCESS, ERROR } m_status = STREAMING;
mutable void* m_stream = nullptr; // todo(fntlnz, leodido) > useful in the future
mutable bool m_has_more = false;
mutable bool m_is_running = true;
};
class bidi_context : public stream_context {
public:
explicit bidi_context(::grpc::ServerContext* ctx): stream_context(ctx) {};
virtual ~bidi_context() override = default;
};
} // namespace grpc
} // namespace falco

49
userspace/falco/grpc_queue.h
View File

@@ -1,49 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#pragma once
#include "outputs.pb.h"
#include "tbb/concurrent_queue.h"
namespace falco {
namespace grpc {
typedef tbb::concurrent_queue<outputs::response> response_cq;
class queue {
public:
static queue& get() {
static queue instance;
return instance;
}
bool try_pop(outputs::response& res) { return m_queue.try_pop(res); }
void push(outputs::response& res) { m_queue.push(res); }
private:
queue() {}
response_cq m_queue;
// We can use the better technique of deleting the methods we don't want.
public:
queue(queue const&) = delete;
void operator=(queue const&) = delete;
};
} // namespace grpc
} // namespace falco

205
userspace/falco/grpc_request_context.cpp
View File

@@ -1,205 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2016-2019 The Falco Authors
This file is part of falco.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include "grpc_request_context.h"
namespace falco {
namespace grpc {
template<>
void request_stream_context<outputs::service, outputs::request, outputs::response>::start(
server* srv) {
m_state = request_context_base::REQUEST;
m_srv_ctx = std::make_unique<::grpc::ServerContext>();
auto srvctx = m_srv_ctx.get();
m_res_writer = std::make_unique<::grpc::ServerAsyncWriter<outputs::response>>(srvctx);
m_stream_ctx.reset();
m_req.Clear();
auto cq = srv->m_completion_queue.get();
// todo(leodido) > log "calling m_request_func: tag=this, state=m_state"
(srv->m_output_svc.*m_request_func)(srvctx, &m_req, m_res_writer.get(), cq, cq, this);
}
template<>
void request_stream_context<outputs::service, outputs::request, outputs::response>::process(
server* srv) {
// When it is the 1st process call
if(m_state == request_context_base::REQUEST) {
m_state = request_context_base::WRITE;
m_stream_ctx = std::make_unique<stream_context>(m_srv_ctx.get());
}
// Processing
outputs::response res;
(srv->*m_process_func)(*m_stream_ctx, m_req, res); // get()
if(!m_stream_ctx->m_is_running) {
m_state = request_context_base::FINISH;
m_res_writer->Finish(::grpc::Status::OK, this);
return;
}
// When there are still more responses to stream
if(m_stream_ctx->m_has_more) {
// todo(leodido) > log "write: tag=this, state=m_state"
m_res_writer->Write(res, this);
return;
}
// No more responses to stream
// Communicate to the gRPC runtime that we have finished.
// The memory address of "this" instance uniquely identifies the event.
m_state = request_context_base::FINISH;
// todo(leodido) > log "finish: tag=this, state=m_state"
m_res_writer->Finish(::grpc::Status::OK, this);
}
template<>
void request_stream_context<outputs::service, outputs::request, outputs::response>::end(
server* srv,
bool error) {
if(m_stream_ctx) {
if(error) {
// todo(leodido) > log error "error streaming: tag=this, state=m_state,
// stream=m_stream_ctx->m_stream"
}
m_stream_ctx->m_status = error ? stream_context::ERROR : stream_context::SUCCESS;
// Complete the processing
outputs::response res;
(srv->*m_process_func)(*m_stream_ctx, m_req, res); // get()
} else {
// Flow enters here when the processing of "m_request_func" fails.
// Since this happens into the `start()` function, the processing does not advance to the
// `process()` function. So, `m_stream_ctx` is null because it is set into the `process()`
// function. The stream haven't started.
// todo(leodido) > log error "ending streaming: tag=this, state=m_state, stream=null"
}
// Ask to start processing requests
start(srv);
}
template<>
void request_context<version::service, version::request, version::response>::start(server* srv) {
m_state = request_context_base::REQUEST;
m_srv_ctx = std::make_unique<::grpc::ServerContext>();
auto srvctx = m_srv_ctx.get();
m_res_writer = std::make_unique<::grpc::ServerAsyncResponseWriter<version::response>>(srvctx);
m_req.Clear();
auto cq = srv->m_completion_queue.get();
// Request to start processing given requests.
// Using "this" - ie., the memory address of this context - as the tag that uniquely identifies
// the request. In this way, different contexts can serve different requests concurrently.
(srv->m_version_svc.*m_request_func)(srvctx, &m_req, m_res_writer.get(), cq, cq, this);
}
template<>
void request_context<version::service, version::request, version::response>::process(server* srv) {
version::response res;
(srv->*m_process_func)(context(m_srv_ctx.get()), m_req, res);
// Notify the gRPC runtime that this processing is done
m_state = request_context_base::FINISH;
// Using "this"- ie., the memory address of this context - to uniquely identify the event.
m_res_writer->Finish(res, ::grpc::Status::OK, this);
}
template<>
void request_context<version::service, version::request, version::response>::end(server* srv,
bool error) {
// todo(leodido) > handle processing errors here
// Ask to start processing requests
start(srv);
}
template<>
void request_bidi_context<outputs::service, outputs::request, outputs::response>::start(
server* srv) {
m_state = request_context_base::REQUEST;
m_srv_ctx = std::make_unique<::grpc::ServerContext>();
auto srvctx = m_srv_ctx.get();
m_reader_writer =
std::make_unique<::grpc::ServerAsyncReaderWriter<outputs::response, outputs::request>>(
srvctx);
m_req.Clear();
auto cq = srv->m_completion_queue.get();
// Request to start processing given requests.
// Using "this" - ie., the memory address of this context - as the tag that uniquely identifies
// the request. In this way, different contexts can serve different requests concurrently.
(srv->m_output_svc.*m_request_func)(srvctx, m_reader_writer.get(), cq, cq, this);
};
template<>
void request_bidi_context<outputs::service, outputs::request, outputs::response>::process(
server* srv) {
switch(m_state) {
case request_context_base::REQUEST:
m_bidi_ctx = std::make_unique<bidi_context>(m_srv_ctx.get());
m_bidi_ctx->m_status = bidi_context::STREAMING;
m_state = request_context_base::WRITE;
m_reader_writer->Read(&m_req, this);
return;
case request_context_base::WRITE:
// Processing
{
outputs::response res;
(srv->*m_process_func)(*m_bidi_ctx, m_req, res); // sub()
if(!m_bidi_ctx->m_is_running) {
m_state = request_context_base::FINISH;
m_reader_writer->Finish(::grpc::Status::OK, this);
return;
}
if(m_bidi_ctx->m_has_more) {
m_state = request_context_base::WRITE;
m_reader_writer->Write(res, this);
return;
}
m_state = request_context_base::WRITE;
m_reader_writer->Read(&m_req, this);
}
return;
default:
return;
}
};
template<>
void request_bidi_context<outputs::service, outputs::request, outputs::response>::end(server* srv,
bool error) {
if(m_bidi_ctx) {
m_bidi_ctx->m_status = error ? bidi_context::ERROR : bidi_context::SUCCESS;
// Complete the processing
outputs::response res;
(srv->*m_process_func)(*m_bidi_ctx, m_req, res); // sub()
}
// Ask to start processing requests
start(srv);
};
} // namespace grpc
} // namespace falco

126
userspace/falco/grpc_request_context.h
View File

@@ -1,126 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2016-2019 The Falco Authors
This file is part of falco.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#pragma once
#include "grpc_server.h"
namespace falco {
namespace grpc {
class request_context_base {
public:
request_context_base() = default;
// virtual to guarantee that the derived classes are destructed properly
virtual ~request_context_base() = default;
std::unique_ptr<::grpc::ServerContext> m_srv_ctx;
enum : char { UNKNOWN = 0, REQUEST, WRITE, FINISH } m_state = UNKNOWN;
virtual void start(server* srv) = 0;
virtual void process(server* srv) = 0;
virtual void end(server* srv, bool isError) = 0;
};
// The responsibility of `request_stream_context` template class
// is to handle streaming responses.
template<class Service, class Request, class Response>
class request_stream_context : public request_context_base {
public:
request_stream_context(): m_process_func(nullptr), m_request_func(nullptr) {};
~request_stream_context() override = default;
// Pointer to function that does actual processing
void (server::*m_process_func)(const stream_context&, const Request&, Response&);
// Pointer to function that requests the system to start processing given requests
void (Service::AsyncService::*m_request_func)(::grpc::ServerContext*,
Request*,
::grpc::ServerAsyncWriter<Response>*,
::grpc::CompletionQueue*,
::grpc::ServerCompletionQueue*,
void*);
void start(server* srv) override;
void process(server* srv) override;
void end(server* srv, bool error) override;
private:
std::unique_ptr<::grpc::ServerAsyncWriter<Response>> m_res_writer;
std::unique_ptr<stream_context> m_stream_ctx;
Request m_req;
};
// The responsibility of `request_context` template class
// is to handle unary responses.
template<class Service, class Request, class Response>
class request_context : public request_context_base {
public:
request_context(): m_process_func(nullptr), m_request_func(nullptr) {};
~request_context() override = default;
// Pointer to function that does actual processing
void (server::*m_process_func)(const context&, const Request&, Response&);
// Pointer to function that requests the system to start processing given requests
void (Service::AsyncService::*m_request_func)(::grpc::ServerContext*,
Request*,
::grpc::ServerAsyncResponseWriter<Response>*,
::grpc::CompletionQueue*,
::grpc::ServerCompletionQueue*,
void*);
void start(server* srv) override;
void process(server* srv) override;
void end(server* srv, bool error) override;
private:
std::unique_ptr<::grpc::ServerAsyncResponseWriter<Response>> m_res_writer;
Request m_req;
};
template<class Service, class Request, class Response>
class request_bidi_context : public request_context_base {
public:
request_bidi_context(): m_process_func(nullptr), m_request_func(nullptr) {};
~request_bidi_context() override = default;
// Pointer to function that does actual processing
void (server::*m_process_func)(const bidi_context&, const Request&, Response&);
// Pointer to function that requests the system to start processing given requests
void (Service::AsyncService::*m_request_func)(
::grpc::ServerContext*,
::grpc::ServerAsyncReaderWriter<Response, Request>*,
::grpc::CompletionQueue*,
::grpc::ServerCompletionQueue*,
void*);
void start(server* srv) override;
void process(server* srv) override;
void end(server* srv, bool error) override;
private:
std::unique_ptr<::grpc::ServerAsyncReaderWriter<Response, Request>> m_reader_writer;
std::unique_ptr<bidi_context> m_bidi_ctx;
Request m_req;
};
} // namespace grpc
} // namespace falco

316
userspace/falco/grpc_server.cpp
View File

@@ -1,316 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#ifdef GRPC_INCLUDE_IS_GRPCPP
#include <grpcpp/grpcpp.h>
#else
#include <grpc++/grpc++.h>
#endif
#include "config_falco.h"
#include "falco_engine.h"
#include "falco_engine_version.h"
#include "logger.h"
#include "grpc_server.h"
#include "grpc_queue.h"
#include "grpc_request_context.h"
#include "falco_utils.h"
#define REGISTER_STREAM(req, res, svc, rpc, impl, num) \
std::vector<request_stream_context<svc, req, res>> rpc##_contexts(num); \
for(request_stream_context<svc, req, res> & c : rpc##_contexts) { \
c.m_process_func = &server::impl; \
c.m_request_func = &svc::AsyncService::Request##rpc; \
c.start(this); \
}
#define REGISTER_UNARY(req, res, svc, rpc, impl, num) \
std::vector<request_context<svc, req, res>> rpc##_contexts(num); \
for(request_context<svc, req, res> & c : rpc##_contexts) { \
c.m_process_func = &server::impl; \
c.m_request_func = &svc::AsyncService::Request##rpc; \
c.start(this); \
}
#define REGISTER_BIDI(req, res, svc, rpc, impl, num) \
std::vector<request_bidi_context<svc, req, res>> rpc##_contexts(num); \
for(request_bidi_context<svc, req, res> & c : rpc##_contexts) { \
c.m_process_func = &server::impl; \
c.m_request_func = &svc::AsyncService::Request##rpc; \
c.start(this); \
}
static void gpr_log_dispatcher_func(gpr_log_func_args* args) {
falco_logger::level priority;
switch(args->severity) {
case GPR_LOG_SEVERITY_ERROR:
priority = falco_logger::level::ERR;
break;
case GPR_LOG_SEVERITY_DEBUG:
priority = falco_logger::level::DEBUG;
break;
default:
priority = falco_logger::level::INFO;
break;
}
std::string copy = "grpc: ";
copy.append(args->message);
copy.push_back('\n');
falco_logger::log(priority, std::move(copy));
}
void falco::grpc::server::thread_process(int thread_index) {
void* tag = nullptr;
bool event_read_success = false;
while(m_completion_queue->Next(&tag, &event_read_success)) {
if(tag == nullptr) {
// todo(leodido) > log error "server completion queue error: empty tag"
continue;
}
// Obtain the context for a given tag
request_context_base* ctx = static_cast<request_context_base*>(tag);
// todo(leodido) > log "next event: tag=tag, read_success=event_read_success,
// state=ctx->m_state"
// When event has not been read successfully
if(!event_read_success) {
if(ctx->m_state != request_context_base::REQUEST) {
// todo(leodido) > log error "server completion queue failing to read: tag=tag"
// End the context with error
ctx->end(this, true);
}
continue;
}
// Process the event
switch(ctx->m_state) {
case request_context_base::REQUEST:
// Completion of m_request_func
case request_context_base::WRITE:
// Completion of Write()
ctx->process(this);
break;
case request_context_base::FINISH:
// Completion of Finish()
ctx->end(this, false);
break;
default:
// todo(leodido) > log error "unknown completion queue event: tag=tag,
// state=ctx->m_state"
break;
}
// todo(leodido) > log "thread completed: index=thread_index"
}
}
void falco::grpc::server::init(const std::string& server_addr,
int threadiness,
const std::string& private_key,
const std::string& cert_chain,
const std::string& root_certs,
const std::string& log_level) {
m_server_addr = server_addr;
m_threadiness = threadiness;
m_private_key = private_key;
m_cert_chain = cert_chain;
m_root_certs = root_certs;
// Set the verbosity level of gpr logger
falco::schema::priority logging_level = falco::schema::INFORMATIONAL;
falco::schema::priority_Parse(log_level, &logging_level);
switch(logging_level) {
case falco::schema::ERROR:
gpr_set_log_verbosity(GPR_LOG_SEVERITY_ERROR);
break;
case falco::schema::DEBUG:
gpr_set_log_verbosity(GPR_LOG_SEVERITY_DEBUG);
break;
case falco::schema::INFORMATIONAL:
default:
// note > info will always enter here since it is != from "informational"
gpr_set_log_verbosity(GPR_LOG_SEVERITY_INFO);
break;
}
gpr_log_verbosity_init();
gpr_set_log_function(gpr_log_dispatcher_func);
if(falco::utils::network::is_unix_scheme(m_server_addr)) {
init_unix_server_builder();
return;
}
init_mtls_server_builder();
}
void falco::grpc::server::init_mtls_server_builder() {
std::string private_key;
std::string cert_chain;
std::string root_certs;
falco::utils::readfile(m_cert_chain, cert_chain);
falco::utils::readfile(m_private_key, private_key);
falco::utils::readfile(m_root_certs, root_certs);
::grpc::SslServerCredentialsOptions::PemKeyCertPair cert_pair{private_key, cert_chain};
::grpc::SslServerCredentialsOptions ssl_opts(
GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
ssl_opts.pem_root_certs = root_certs;
ssl_opts.pem_key_cert_pairs.push_back(cert_pair);
m_server_builder.AddListeningPort(m_server_addr, ::grpc::SslServerCredentials(ssl_opts));
}
void falco::grpc::server::init_unix_server_builder() {
m_server_builder.AddListeningPort(m_server_addr, ::grpc::InsecureServerCredentials());
}
void falco::grpc::server::run() {
m_server_builder.RegisterService(&m_output_svc);
m_server_builder.RegisterService(&m_version_svc);
m_completion_queue = m_server_builder.AddCompletionQueue();
m_server = m_server_builder.BuildAndStart();
if(m_server == nullptr) {
falco_logger::log(falco_logger::level::EMERG, "Error starting gRPC server\n");
return;
}
falco_logger::log(falco_logger::level::INFO, "Starting gRPC server at " + m_server_addr + "\n");
// The number of contexts is multiple of the number of threads
// This defines the number of simultaneous completion queue requests of the same type
// (service::AsyncService::Request##RPC) For this approach to be sufficient server::IMPL have to
// be fast
int context_num = m_threadiness * 10;
// todo(leodido) > take a look at thread_stress_test.cc into grpc repository
REGISTER_UNARY(version::request,
version::response,
version::service,
version,
version,
context_num)
REGISTER_STREAM(outputs::request, outputs::response, outputs::service, get, get, context_num)
REGISTER_BIDI(outputs::request, outputs::response, outputs::service, sub, sub, context_num)
m_threads.resize(m_threadiness);
int thread_idx = 0;
for(std::thread& thread : m_threads) {
thread = std::thread(&server::thread_process, this, thread_idx++);
}
// todo(leodido) > log "gRPC server running: threadiness=m_threads.size()"
m_server->Wait();
// todo(leodido) > log "stopping gRPC server"
stop();
}
void falco::grpc::server::stop() {
falco_logger::log(falco_logger::level::INFO,
"Shutting down gRPC server. Waiting until external connections are closed by "
"clients\n");
m_completion_queue->Shutdown();
falco_logger::log(falco_logger::level::INFO, "Waiting for the gRPC threads to complete\n");
for(std::thread& t : m_threads) {
if(t.joinable()) {
t.join();
}
}
m_threads.clear();
falco_logger::log(falco_logger::level::INFO, "Draining all the remaining gRPC events\n");
// Ignore remaining events
void* ignore_tag = nullptr;
bool ignore_ok = false;
while(m_completion_queue->Next(&ignore_tag, &ignore_ok)) {
}
falco_logger::log(falco_logger::level::INFO, "Shutting down gRPC server complete\n");
}
bool falco::grpc::server::is_running() {
if(m_stop) {
return false;
}
return true;
}
void falco::grpc::server::get(const stream_context& ctx,
const outputs::request& req,
outputs::response& res) {
if(ctx.m_status == stream_context::SUCCESS || ctx.m_status == stream_context::ERROR) {
// todo(leodido) > log "status=ctx->m_status, stream=ctx->m_stream"
ctx.m_stream = nullptr;
return;
}
ctx.m_is_running = is_running();
// Start or continue streaming
// m_status == stream_context::STREAMING?
// todo(leodido) > set m_stream
ctx.m_has_more = queue::get().try_pop(res);
}
void falco::grpc::server::sub(const bidi_context& ctx,
const outputs::request& req,
outputs::response& res) {
if(ctx.m_status == stream_context::SUCCESS || ctx.m_status == stream_context::ERROR) {
ctx.m_stream = nullptr;
return;
}
ctx.m_is_running = is_running();
// Start or continue streaming
// m_status == stream_context::STREAMING?
// todo(leodido) > set m_stream
ctx.m_has_more = queue::get().try_pop(res);
}
void falco::grpc::server::version(const context& ctx,
const version::request&,
version::response& res) {
auto& build = *res.mutable_build();
build = FALCO_VERSION_BUILD;
auto& prerelease = *res.mutable_prerelease();
prerelease = FALCO_VERSION_PRERELEASE;
auto& version = *res.mutable_version();
version = FALCO_VERSION;
res.set_engine_version(FALCO_ENGINE_VERSION);
res.set_engine_fields_checksum(FALCO_ENGINE_CHECKSUM);
auto engine_version = falco_engine::engine_version();
res.set_engine_major(engine_version.major());
res.set_engine_minor(engine_version.minor());
res.set_engine_patch(engine_version.patch());
res.set_major(FALCO_VERSION_MAJOR);
res.set_minor(FALCO_VERSION_MINOR);
res.set_patch(FALCO_VERSION_PATCH);
}
void falco::grpc::server::shutdown() {
m_stop = true;
m_server->Shutdown();
}

79
userspace/falco/grpc_server.h
View File

@@ -1,79 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#pragma once
#include <thread>
#include <string>
#include <atomic>
#include "outputs.grpc.pb.h"
#include "version.grpc.pb.h"
#include "grpc_context.h"
namespace falco {
namespace grpc {
class server {
public:
server() = default;
virtual ~server() = default;
void init(const std::string& server_addr,
int threadiness,
const std::string& private_key,
const std::string& cert_chain,
const std::string& root_certs,
const std::string& log_level);
void thread_process(int thread_index);
void run();
void stop();
void shutdown();
outputs::service::AsyncService m_output_svc;
version::service::AsyncService m_version_svc;
std::unique_ptr<::grpc::ServerCompletionQueue> m_completion_queue;
private:
std::string m_server_addr;
int m_threadiness = 1;
std::string m_private_key;
std::string m_cert_chain;
std::string m_root_certs;
std::vector<std::thread> m_threads;
::grpc::ServerBuilder m_server_builder;
void init_mtls_server_builder();
void init_unix_server_builder();
bool is_running();
// Outputs
void get(const stream_context& ctx, const outputs::request& req, outputs::response& res);
void sub(const bidi_context& ctx, const outputs::request& req, outputs::response& res);
// Version
void version(const context& ctx, const version::request& req, version::response& res);
std::unique_ptr<::grpc::Server> m_server;
std::atomic<bool> m_stop{false};
};
} // namespace grpc
} // namespace falco

56
userspace/falco/outputs.proto
View File

@@ -1,56 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
syntax = "proto3";
import "google/protobuf/timestamp.proto";
import "schema.proto";
package falco.outputs;
option go_package = "github.com/falcosecurity/client-go/pkg/api/outputs";
// This service defines the RPC methods
// to `request` a stream of output `response`s.
service service {
// Subscribe to a stream of Falco outputs by sending a stream of requests.
rpc sub(stream request) returns (stream response);
// Get all the Falco outputs present in the system up to this call.
rpc get(request) returns (stream response);
}
// The `request` message is the logical representation of the request model.
// It is the input of the `output.service` service.
message request {
// TODO(leodido,fntlnz): tags not supported yet, keeping it for reference.
// repeated string tags = 1;
}
// The `response` message is the representation of the output model.
// It contains all the elements that Falco emits in an output along with the
// definitions for priorities and source.
message response {
google.protobuf.Timestamp time = 1;
falco.schema.priority priority = 2;
falco.schema.source source_deprecated = 3 [deprecated=true];
string rule = 4;
string output = 5;
map<string, string> output_fields = 6;
string hostname = 7;
repeated string tags = 8;
string source = 9;
}

101
userspace/falco/outputs_grpc.cpp
View File

@@ -1,101 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include <google/protobuf/util/time_util.h>
#include "outputs_grpc.h"
#include "grpc_queue.h"
#include "falco_common.h"
#include "formats.h"
#if __has_attribute(deprecated)
#define DISABLE_WARNING_PUSH _Pragma("GCC diagnostic push")
#define DISABLE_WARNING_POP _Pragma("GCC diagnostic pop")
#define DISABLE_WARNING_DEPRECATED_DECLARATIONS \
_Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")
#elif defined(_MSC_VER)
#define DISABLE_WARNING_PUSH __pragma(warning(push))
#define DISABLE_WARNING_POP __pragma(warning(pop))
#define DISABLE_WARNING_DEPRECATED_DECLARATIONS __pragma(warning(disable : 4996))
#else
#define DISABLE_WARNING_PUSH
#define DISABLE_WARNING_POP
#define DISABLE_WARNING_DEPRECATED_DECLARATIONS
#endif
void falco::outputs::output_grpc::output(const message *msg) {
falco::outputs::response grpc_res;
// time
auto timestamp = grpc_res.mutable_time();
*timestamp = google::protobuf::util::TimeUtil::NanosecondsToTimestamp(msg->ts);
// rule
auto r = grpc_res.mutable_rule();
*r = msg->rule;
// source_deprecated (maintained for backward compatibility)
// Setting this as reserved would cause old clients to receive the
// 0-index enum element, which is the SYSCALL source in our case.
// This can be misleading for clients with an old version of the
// protobuf, so for now we deprecate the field and add a new PLUGIN
// enum entry instead.
// todo(jasondellaluce): remove source_deprecated and reserve its number
falco::schema::source s = falco::schema::source::SYSCALL;
if(!falco::schema::source_Parse(msg->source, &s)) {
// unknown source names are expected to come from plugins
s = falco::schema::source::PLUGIN;
}
DISABLE_WARNING_PUSH
DISABLE_WARNING_DEPRECATED_DECLARATIONS
grpc_res.set_source_deprecated(s);
DISABLE_WARNING_POP
// priority
falco::schema::priority p = falco::schema::priority::EMERGENCY;
if(!falco::schema::priority_Parse(falco_common::format_priority(msg->priority), &p)) {
throw falco_exception("Unknown priority passed to output_grpc::output()");
}
grpc_res.set_priority(p);
// output
auto output = grpc_res.mutable_output();
*output = msg->msg;
// output fields
auto &fields = *grpc_res.mutable_output_fields();
for(const auto &kv : msg->fields.items()) {
if(!kv.value().is_primitive()) {
throw falco_exception("output_grpc: output fields must be key-value maps");
}
fields[kv.key()] =
(kv.value().is_string()) ? kv.value().get<std::string>() : kv.value().dump();
}
// hostname
auto host = grpc_res.mutable_hostname();
*host = m_hostname;
// tags
auto tags = grpc_res.mutable_tags();
*tags = {msg->tags.begin(), msg->tags.end()};
// source
auto source = grpc_res.mutable_source();
*source = msg->source;
falco::grpc::queue::get().push(grpc_res);
}

30
userspace/falco/outputs_grpc.h
View File

@@ -1,30 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#pragma once
#include "outputs.h"
namespace falco {
namespace outputs {
class output_grpc : public abstract_output {
void output(const message *msg) override;
};
} // namespace outputs
} // namespace falco

67
userspace/falco/schema.proto
View File

@@ -1,67 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
syntax = "proto3";
package falco.schema;
option go_package = "github.com/falcosecurity/client-go/pkg/api/schema";
enum priority {
option allow_alias = true;
EMERGENCY = 0;
emergency = 0;
Emergency = 0;
ALERT = 1;
alert = 1;
Alert = 1;
CRITICAL = 2;
critical = 2;
Critical = 2;
ERROR = 3;
error = 3;
Error = 3;
WARNING = 4;
warning = 4;
Warning = 4;
NOTICE = 5;
notice = 5;
Notice = 5;
INFORMATIONAL = 6;
informational = 6;
Informational = 6;
DEBUG = 7;
debug = 7;
Debug = 7;
}
enum source {
option allow_alias = true;
SYSCALL = 0;
syscall = 0;
Syscall = 0;
K8S_AUDIT = 1;
k8s_audit = 1;
K8s_audit = 1;
K8S_audit = 1;
INTERNAL = 2;
internal = 2;
Internal = 2;
PLUGIN = 3;
plugin = 3;
Plugin = 3;
}

53
userspace/falco/version.proto
View File

@@ -1,53 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
syntax = "proto3";
package falco.version;
option go_package = "github.com/falcosecurity/client-go/pkg/api/version";
// This service defines a RPC call
// to request the Falco version.
service service {
rpc version(request) returns (response);
}
// The `request` message is an empty one.
message request
{
}
// The `response` message contains the version of Falco.
// It provides the whole version as a string and also
// its parts as per semver 2.0 specification (https://semver.org).
message response
{
// falco version
string version = 1;
uint32 major = 2;
uint32 minor = 3;
uint32 patch = 4;
string prerelease = 5;
string build = 6;
// falco engine version
uint32 engine_minor = 7;
string engine_fields_checksum = 8;
uint32 engine_major = 9;
uint32 engine_patch = 10;
string engine_version = 11;
}