diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 40093ac1..84d85dfa 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -59,7 +59,7 @@ jobs: run: sudo apt update -y - name: Install build dependencies - run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libc-ares-dev libprotobuf-dev protobuf-compiler libyaml-cpp-dev libgrpc++-dev protobuf-compiler-grpc rpm libelf-dev cmake build-essential libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm git -y + run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libc-ares-dev libyaml-cpp-dev rpm libelf-dev cmake build-essential libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm git -y - name: Prepare project run: | diff --git a/.github/workflows/reusable_build_dev.yaml b/.github/workflows/reusable_build_dev.yaml index fd43dec0..aab6bbad 100644 --- a/.github/workflows/reusable_build_dev.yaml +++ b/.github/workflows/reusable_build_dev.yaml @@ -57,7 +57,7 @@ jobs: - name: Install build dependencies (non-minimal) if: inputs.minimal != true - run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libc-ares-dev libprotobuf-dev protobuf-compiler libgrpc++-dev protobuf-compiler-grpc rpm libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm -y + run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libc-ares-dev rpm libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm -y - name: Prepare project run: | diff --git a/CMakeLists.txt b/CMakeLists.txt index 0d7d838b..58cdbeaa 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -192,9 +192,6 @@ if(NOT MINIMAL_BUILD) AND NOT EMSCRIPTEN ) include(cares) - include(protobuf) - # gRPC - include(grpc) endif() endif() diff --git a/cmake/modules/grpc.cmake b/cmake/modules/grpc.cmake deleted file mode 100644 index 35ff0f93..00000000 --- a/cmake/modules/grpc.cmake +++ /dev/null @@ -1,278 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2023 The Falco Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except -# in compliance with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed under the License -# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# or implied. See the License for the specific language governing permissions and limitations under -# the License. -# - -option(USE_BUNDLED_GRPC "Enable building of the bundled grpc" ${USE_BUNDLED_DEPS}) - -if(GRPC_INCLUDE) - # we already have grpc -elseif(NOT USE_BUNDLED_GRPC) - # gRPC - find_package(gRPC CONFIG) - if(gRPC_FOUND) - message(STATUS "Using gRPC ${gRPC_VERSION}") - set(GPR_LIB gRPC::gpr) - set(GRPC_LIB gRPC::grpc) - set(GRPCPP_LIB gRPC::grpc++) - - # gRPC C++ plugin - get_target_property(GRPC_CPP_PLUGIN gRPC::grpc_cpp_plugin LOCATION) - if(NOT GRPC_CPP_PLUGIN) - message(FATAL_ERROR "System grpc_cpp_plugin not found") - endif() - - # gRPC include dir + properly handle grpc{++,pp} - get_target_property(GRPC_INCLUDE gRPC::grpc++ INTERFACE_INCLUDE_DIRECTORIES) - find_path( - GRPCXX_INCLUDE - NAMES grpc++/grpc++.h - PATHS ${GRPC_INCLUDE} - ) - if(NOT GRPCXX_INCLUDE) - find_path( - GRPCPP_INCLUDE - NAMES grpcpp/grpcpp.h - PATHS ${GRPC_INCLUDE} - ) - add_definitions(-DGRPC_INCLUDE_IS_GRPCPP=1) - endif() - else() - # Fallback to manually find libraries; Some distro, namely Ubuntu focal, do not install gRPC - # config cmake module - find_library(GPR_LIB NAMES gpr) - if(GPR_LIB) - message(STATUS "Found gpr lib: ${GPR_LIB}") - else() - message(FATAL_ERROR "Couldn't find system gpr") - endif() - find_path(GRPCXX_INCLUDE NAMES grpc++/grpc++.h) - if(GRPCXX_INCLUDE) - set(GRPC_INCLUDE ${GRPCXX_INCLUDE}) - else() - find_path(GRPCPP_INCLUDE NAMES grpcpp/grpcpp.h) - set(GRPC_INCLUDE ${GRPCPP_INCLUDE}) - add_definitions(-DGRPC_INCLUDE_IS_GRPCPP=1) - endif() - find_library(GRPC_LIB NAMES grpc) - find_library(GRPCPP_LIB NAMES grpc++) - if(GRPC_INCLUDE - AND GRPC_LIB - AND GRPCPP_LIB - ) - message( - STATUS - "Found grpc: include: ${GRPC_INCLUDE}, C lib: ${GRPC_LIB}, C++ lib: ${GRPCPP_LIB}" - ) - else() - message(FATAL_ERROR "Couldn't find system grpc") - endif() - find_program(GRPC_CPP_PLUGIN grpc_cpp_plugin) - if(NOT GRPC_CPP_PLUGIN) - message(FATAL_ERROR "System grpc_cpp_plugin not found") - endif() - endif() -else() - include(cares) - include(protobuf) - include(zlib) - include(openssl) - if(BUILD_SHARED_LIBS) - set(GRPC_OPENSSL_STATIC_LIBS_OPTION FALSE) - else() - set(GRPC_OPENSSL_STATIC_LIBS_OPTION TRUE) - endif() - include(re2) - set(GRPC_SRC "${PROJECT_BINARY_DIR}/grpc-prefix/src/grpc") - set(GRPC_INSTALL_DIR "${GRPC_SRC}/target") - set(GRPC_INCLUDE "${GRPC_INSTALL_DIR}/include" "${GRPC_SRC}/third_party/abseil-cpp") - set(GPR_LIB "${GRPC_SRC}/libgpr.a") - set(GRPC_LIB "${GRPC_SRC}/libgrpc.a") - set(GRPCPP_LIB "${GRPC_SRC}/libgrpc++.a") - set(GRPC_CPP_PLUGIN "${GRPC_SRC}/grpc_cpp_plugin") - set(GRPC_MAIN_LIBS "") - list( - APPEND - GRPC_MAIN_LIBS - "${GPR_LIB}" - "${GRPC_LIB}" - "${GRPCPP_LIB}" - "${GRPC_SRC}/libgrpc++_alts.a" - "${GRPC_SRC}/libgrpc++_error_details.a" - "${GRPC_SRC}/libgrpc++_reflection.a" - "${GRPC_SRC}/libgrpc++_unsecure.a" - "${GRPC_SRC}/libgrpc_plugin_support.a" - "${GRPC_SRC}/libgrpc_unsecure.a" - "${GRPC_SRC}/libgrpcpp_channelz.a" - ) - - get_filename_component(PROTOC_DIR ${PROTOC} PATH) - - if(NOT TARGET grpc) - message(STATUS "Using bundled grpc in '${GRPC_SRC}'") - - # fixme(leogr): this workaround is required to inject the missing deps (built by gRCP - # cmakefiles) into target_link_libraries later note: the list below is manually generated - # starting from the output of pkg-config --libs grpc++ - set(GRPC_LIBRARIES "") - list( - APPEND - GRPC_LIBRARIES - "${GRPC_SRC}/libaddress_sorting.a" - "${GRPC_SRC}/libupb.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/hash/libabsl_hash.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/hash/libabsl_city.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/hash/libabsl_low_level_hash.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/container/libabsl_raw_hash_set.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/container/libabsl_hashtablez_sampler.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/status/libabsl_statusor.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/status/libabsl_status.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_cord.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_cordz_functions.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/profiling/libabsl_exponential_biased.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/types/libabsl_bad_optional_access.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/types/libabsl_bad_variant_access.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_str_format_internal.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/synchronization/libabsl_synchronization.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/synchronization/libabsl_graphcycles_internal.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/debugging/libabsl_stacktrace.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/debugging/libabsl_symbolize.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/debugging/libabsl_debugging_internal.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/debugging/libabsl_demangle_internal.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_malloc_internal.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/time/libabsl_time.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/time/libabsl_civil_time.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_strings.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_strings_internal.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_base.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_spinlock_wait.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/numeric/libabsl_int128.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_throw_delegate.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_raw_logging_internal.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/base/libabsl_log_severity.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/time/libabsl_time_zone.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_cord_internal.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_cordz_info.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/strings/libabsl_cordz_handle.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_pool_urbg.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_randen.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_randen_hwaes.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_randen_hwaes_impl.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_randen_slow.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_seed_material.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_internal_platform.a" - "${GRPC_SRC}/third_party/abseil-cpp/absl/random/libabsl_random_seed_gen_exception.a" - ) - - # Make abseil-cpp build compatible with gcc-13 See - # https://patchwork.yoctoproject.org/project/oe/patch/20230518093301.2938164-1-Martin.Jansa@gmail.com/ - # TO BE DROPPED once we finally upgrade grpc... - set(GRPC_PATCH_CMD - sh - -c - "sed -i '20s/^/#include /' ${GRPC_SRC}/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h" - && - sh - -c - "sed -i 's|off64_t|off_t|g' ${GRPC_SRC}/third_party/abseil-cpp/absl/base/internal/direct_mmap.h" - ) - - # Zig workaround: Add a PATCH_COMMAND to grpc cmake to fixup emitted -march by abseil-cpp - # cmake module, making it use a name understood by zig for arm64. See - # https://github.com/abseil/abseil-cpp/blob/master/absl/copts/GENERATED_AbseilCopts.cmake#L226. - if(CMAKE_C_COMPILER MATCHES "zig") - message(STATUS "Enabling zig workaround for abseil-cpp") - set(GRPC_PATCH_CMD - ${GRPC_PATCH_CMD} - && - sh - -c - "sed -i 's/armv8-a/cortex_a57/g' ${GRPC_SRC}/third_party/abseil-cpp/absl/copts/GENERATED_AbseilCopts.cmake" - ) - endif() - - ExternalProject_Add( - grpc - PREFIX "${PROJECT_BINARY_DIR}/grpc-prefix" - DEPENDS openssl protobuf c-ares zlib re2 - GIT_REPOSITORY https://github.com/grpc/grpc.git - GIT_TAG v1.44.0 - GIT_SUBMODULES "third_party/abseil-cpp" - CMAKE_CACHE_ARGS - -DCMAKE_INSTALL_PREFIX:PATH=${GRPC_INSTALL_DIR} - -DCMAKE_BUILD_TYPE:STRING=${CMAKE_BUILD_TYPE} - -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=${ENABLE_PIC} - -DgRPC_INSTALL:BOOL=OFF - # disable unused stuff - -DgRPC_BUILD_TESTS:BOOL=OFF - -DgRPC_BUILD_CSHARP_EXT:BOOL=OFF - -DgRPC_BUILD_GRPC_CSHARP_PLUGIN:BOOL=OFF - -DgRPC_BUILD_GRPC_NODE_PLUGIN:BOOL=OFF - -DgRPC_BUILD_GRPC_OBJECTIVE_C_PLUGIN:BOOL=OFF - -DgRPC_BUILD_GRPC_PHP_PLUGIN:BOOL=OFF - -DgRPC_BUILD_GRPC_PYTHON_PLUGIN:BOOL=OFF - -DgRPC_BUILD_GRPC_RUBY_PLUGIN:BOOL=OFF - # deps provided by us - # https://github.com/grpc/grpc/blob/v1.32.0/cmake/modules/Findc-ares.cmake - -DgRPC_CARES_PROVIDER:STRING=package - -Dc-ares_DIR:PATH=${CARES_SRC} - -Dc-ares_INCLUDE_DIR:PATH=${CARES_INCLUDE} - -Dc-ares_LIBRARY:PATH=${CARES_LIB} - # https://cmake.org/cmake/help/v3.6/module/FindProtobuf.html - -DgRPC_PROTOBUF_PROVIDER:STRING=package - -DCMAKE_CXX_FLAGS:STRING=-I${PROTOBUF_INCLUDE} - -DProtobuf_INCLUDE_DIR:PATH=${PROTOBUF_INCLUDE} - -DProtobuf_LIBRARY:PATH=${PROTOBUF_LIB} - -DProtobuf_PROTOC_LIBRARY:PATH=${PROTOC_LIB} - -DProtobuf_PROTOC_EXECUTABLE:PATH=${PROTOC} - # https://cmake.org/cmake/help/v3.6/module/FindOpenSSL.html - -DgRPC_SSL_PROVIDER:STRING=package - -DOPENSSL_ROOT_DIR:PATH=${OPENSSL_INSTALL_DIR} - -DOPENSSL_USE_STATIC_LIBS:BOOL=${GRPC_OPENSSL_STATIC_LIBS_OPTION} - # https://cmake.org/cmake/help/v3.6/module/FindZLIB.html - -DgRPC_ZLIB_PROVIDER:STRING=package - -DZLIB_ROOT:STRING=${ZLIB_SRC} - # RE2 - -DgRPC_RE2_PROVIDER:STRING=package - -Dre2_DIR:PATH=${RE2_DIR} - BUILD_IN_SOURCE 1 - BUILD_BYPRODUCTS ${GRPC_LIB} ${GRPCPP_LIB} ${GPR_LIB} ${GRPC_LIBRARIES} - # Keep installation files into the local ${GRPC_INSTALL_DIR} since here is the case when - # we are embedding gRPC - UPDATE_COMMAND "" - PATCH_COMMAND ${GRPC_PATCH_CMD} - INSTALL_COMMAND DESTDIR= ${CMAKE_MAKE_PROGRAM} install - ) - install( - FILES ${GRPC_MAIN_LIBS} - DESTINATION "${CMAKE_INSTALL_LIBDIR}/${LIBS_PACKAGE_NAME}" - COMPONENT "libs-deps" - ) - install( - FILES ${GRPC_LIBRARIES} - DESTINATION "${CMAKE_INSTALL_LIBDIR}/${LIBS_PACKAGE_NAME}" - COMPONENT "libs-deps" - ) - install( - DIRECTORY "${GRPC_SRC}/target/include/" - DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/${LIBS_PACKAGE_NAME}" - COMPONENT "libs-deps" - ) - endif() -endif() - -if(NOT TARGET grpc) - add_custom_target(grpc) -endif() - -include_directories("${GRPC_INCLUDE}") diff --git a/falco.yaml b/falco.yaml index c82c13cb..46f4f9e2 100644 --- a/falco.yaml +++ b/falco.yaml @@ -70,9 +70,7 @@ # file_output [Stable] # http_output [Stable] # program_output [Stable] -# grpc_output [Deprecated] # Falco exposed services -# grpc [Deprecated] # webserver [Stable] # Falco logging / alerting / metrics related to software functioning (basic) # log_stderr [Stable] @@ -719,7 +717,7 @@ outputs_queue: # With this setting you can add more information to the Falco output message, customizable by # rule, tag or source. # You can also add additional data that will appear in the output_fields property -# of JSON formatted messages or gRPC output but will not be part of the regular output message. +# of JSON formatted messages but will not be part of the regular output message. # This allows you to add custom fields that can help you filter your Falco events without # polluting the message text. # @@ -780,7 +778,7 @@ append_output: # Falco outputs channels # ########################## -# Falco supports various output channels, such as syslog, stdout, file, gRPC (deprecated), +# Falco supports various output channels, such as syslog, stdout, file, # webhook, and more. You can enable or disable these channels as needed to # control where Falco alerts and log messages are directed. This flexibility # allows seamless integration with your preferred logging and alerting systems. @@ -876,71 +874,10 @@ program_output: # -- The program to execute. program: "jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX" -# [Deprecated] `grpc_output` -# -# -- Use gRPC as an output service. DEPRECATION NOTICE: The gRPC output is deprecated. Consider using other outputs. -# -# gRPC is a modern and high-performance framework for remote procedure calls -# (RPC). It utilizes protocol buffers for efficient data serialization. The gRPC -# output in Falco provides a modern and efficient way to integrate with other -# systems. By default, the setting is turned off. Enabling this option stores -# output events in memory until they are consumed by a gRPC client. Ensure that -# you have a consumer for the output events or leave it disabled. -grpc_output: - # -- Enable gRPC as an output service. - enabled: false - ########################## # Falco exposed services # ########################## -# [Deprecated] `grpc` -# -# -- A gRPC server (needed by the gRPC output). DEPRECATION NOTICE: The gRPC server is deprecated as a consequence of -# the gRPC output deprecation. -# -# Falco provides support for running a gRPC server using two main binding types: -# 1. Over the network with mandatory mutual TLS authentication (mTLS), which -# ensures secure communication -# 2. Local Unix socket binding with no authentication. By default, the -# gRPC server in Falco is turned off with no enabled services (see -# `grpc_output` setting). -# -# To configure the gRPC server in Falco, you can make the following changes to -# the options: -# -# - Uncomment the relevant configuration options related to the gRPC server. -# - Update the paths of the generated certificates for mutual TLS authentication -# if you choose to use mTLS. -# - Specify the address to bind and expose the gRPC server. -# - Adjust the threadiness configuration to control the number of threads and -# contexts used by the server. -# -# Keep in mind that if any issues arise while creating the gRPC server, the -# information will be logged, but it will not stop the main Falco daemon. -# -# gRPC server using mTLS -# grpc: -# enabled: true -# bind_address: "0.0.0.0:5060" -# # When the `threadiness` value is set to 0, Falco will automatically determine -# # the appropriate number of threads based on the number of online cores in the system. -# threadiness: 0 -# private_key: "/etc/falco/certs/server.key" -# cert_chain: "/etc/falco/certs/server.crt" -# root_certs: "/etc/falco/certs/ca.crt" -# -# gRPC server using a local unix socket (see default below) -grpc: - # -- Enable the gRPC server. - enabled: false - # -- Address to bind and expose the gRPC server. Use either a local unix socket with - # no authentication, or a network address with mTLS. - bind_address: "unix:///run/falco/falco.sock" - # -- When the `threadiness` value is set to 0, Falco will automatically determine - # the appropriate number of threads based on the number of online cores in the system. - threadiness: 0 - # [Stable] `webserver` # # -- Falco supports an embedded webserver that runs within the Falco process, diff --git a/userspace/engine/falco_engine.h b/userspace/engine/falco_engine.h index 4a131e66..59c50e0a 100644 --- a/userspace/engine/falco_engine.h +++ b/userspace/engine/falco_engine.h @@ -201,11 +201,10 @@ public: const std::set &tags, const std::string &rule); - // You can optionally add fields that will only show up in the object - // output (e.g. json, gRPC) alongside other output_fields - // and not in the text message output. - // You can add two types of fields: formatted which will act like - // an additional output format that appears in the output field + // You can optionally add fields that will only show up in the object output (e.g. json) + // alongside other output_fields and not in the text message output. You can add two types of + // fields: formatted which will act like an additional output format that appears in the output + // field void add_extra_output_formatted_field(const std::string &key, const std::string &format, const std::string &source, diff --git a/userspace/falco/CMakeLists.txt b/userspace/falco/CMakeLists.txt index e6afd96f..027ccfc6 100644 --- a/userspace/falco/CMakeLists.txt +++ b/userspace/falco/CMakeLists.txt @@ -45,10 +45,8 @@ add_library( app/actions/configure_syscall_buffer_size.cpp app/actions/configure_syscall_buffer_num.cpp app/actions/select_event_sources.cpp - app/actions/start_grpc_server.cpp app/actions/start_webserver.cpp app/actions/validate_rules_files.cpp - app/actions/create_requested_paths.cpp app/actions/close_inspectors.cpp app/actions/print_config_schema.cpp app/actions/print_rule_schema.cpp @@ -79,54 +77,21 @@ if(NOT WIN32) endif() if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT MINIMAL_BUILD) - target_sources( - falco_application - PRIVATE outputs_grpc.cpp - outputs_http.cpp - falco_metrics.cpp - webserver.cpp - grpc_context.cpp - grpc_request_context.cpp - grpc_server.cpp - grpc_context.cpp - ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/version.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.cc + target_sources(falco_application PRIVATE outputs_http.cpp falco_metrics.cpp webserver.cpp) + + list(APPEND FALCO_INCLUDE_DIRECTORIES FALCO_INCLUDE_DIRECTORIES "${OPENSSL_INCLUDE_DIR}" + "${CARES_INCLUDE}" ) - list( - APPEND - FALCO_INCLUDE_DIRECTORIES - FALCO_INCLUDE_DIRECTORIES - "${OPENSSL_INCLUDE_DIR}" - "${GRPC_INCLUDE}" - "${GRPCPP_INCLUDE}" - "${PROTOBUF_INCLUDE}" - "${CARES_INCLUDE}" - ) - - if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND USE_BUNDLED_GRPC) - list(APPEND FALCO_DEPENDENCIES grpc) + if(TARGET c-ares) + list(APPEND FALCO_DEPENDENCIES c-ares) endif() if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND USE_BUNDLED_CURL) list(APPEND FALCO_DEPENDENCIES curl) endif() - list( - APPEND - FALCO_LIBRARIES - httplib::httplib - "${CURL_LIBRARIES}" - "${GRPCPP_LIB}" - "${GRPC_LIB}" - "${GPR_LIB}" - "${GRPC_LIBRARIES}" - "${PROTOBUF_LIB}" - "${CARES_LIB}" - ) + list(APPEND FALCO_LIBRARIES httplib::httplib "${CURL_LIBRARIES}" "${CARES_LIB}") endif() if(EMSCRIPTEN) @@ -156,37 +121,6 @@ if(EMSCRIPTEN) target_link_options(falco PRIVATE "-sEXPORTED_FUNCTIONS=['_main','_htons','_ntohs']") endif() -if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT MINIMAL_BUILD) - add_custom_command( - OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.h - ${CMAKE_CURRENT_BINARY_DIR}/version.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/version.pb.h - ${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.h - ${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.h - ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.h - COMMENT "Generate gRPC API" - # Falco gRPC Version API - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/version.proto - COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --cpp_out=. - ${CMAKE_CURRENT_SOURCE_DIR}/version.proto - COMMAND - ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --grpc_out=. - --plugin=protoc-gen-grpc=${GRPC_CPP_PLUGIN} ${CMAKE_CURRENT_SOURCE_DIR}/version.proto - # Falco gRPC Outputs API - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto - COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --cpp_out=. - ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto ${CMAKE_CURRENT_SOURCE_DIR}/schema.proto - COMMAND - ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --grpc_out=. - --plugin=protoc-gen-grpc=${GRPC_CPP_PLUGIN} ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto - WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} - ) -endif() - # strip the Falco binary when releasing using musl if(MUSL_OPTIMIZED_BUILD AND CMAKE_BUILD_TYPE STREQUAL "release") add_custom_command( diff --git a/userspace/falco/app/actions/actions.h b/userspace/falco/app/actions/actions.h index 0428be72..9951280e 100644 --- a/userspace/falco/app/actions/actions.h +++ b/userspace/falco/app/actions/actions.h @@ -27,7 +27,6 @@ namespace actions { falco::app::run_result configure_interesting_sets(falco::app::state& s); falco::app::run_result configure_syscall_buffer_size(falco::app::state& s); falco::app::run_result configure_syscall_buffer_num(const falco::app::state& s); -falco::app::run_result create_requested_paths(falco::app::state& s); falco::app::run_result create_signal_handlers(falco::app::state& s); falco::app::run_result pidfile(const falco::app::state& s); falco::app::run_result init_falco_engine(falco::app::state& s); @@ -51,9 +50,7 @@ falco::app::run_result print_version(falco::app::state& s); falco::app::run_result process_events(falco::app::state& s); falco::app::run_result require_config_file(const falco::app::state& s); falco::app::run_result select_event_sources(falco::app::state& s); -falco::app::run_result start_grpc_server(falco::app::state& s); falco::app::run_result start_webserver(falco::app::state& s); -falco::app::run_result stop_grpc_server(falco::app::state& s); falco::app::run_result stop_webserver(falco::app::state& s); falco::app::run_result unregister_signal_handlers(falco::app::state& s); falco::app::run_result validate_rules_files(falco::app::state& s); diff --git a/userspace/falco/app/actions/create_requested_paths.cpp b/userspace/falco/app/actions/create_requested_paths.cpp deleted file mode 100644 index 089db388..00000000 --- a/userspace/falco/app/actions/create_requested_paths.cpp +++ /dev/null @@ -1,57 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "actions.h" -#include "falco_utils.h" -#include -#include - -using namespace falco::app; -using namespace falco::app::actions; - -static int create_dir(const std::string &path); - -falco::app::run_result falco::app::actions::create_requested_paths(falco::app::state &s) { - if(s.config->m_grpc_enabled && !s.config->m_grpc_bind_address.empty()) { - if(falco::utils::network::is_unix_scheme(s.config->m_grpc_bind_address)) { - auto server_path = s.config->m_grpc_bind_address.substr( - falco::utils::network::UNIX_SCHEME.length()); - int ret = create_dir(server_path); - if(ret != 0) { - return run_result::fatal(server_path + ": " + strerror(errno)); - } - } - } - - // TODO: eventually other files written by Falco whose destination is - // customizable by users, must be handled here. - return run_result::ok(); -} - -// This function operates like `mkdir -p` excluding the last part of -// the path which we assume to be the filename. -static int create_dir(const std::string &path) { - std::filesystem::path dirPath(path); - - try { - std::filesystem::create_directories(dirPath.parent_path()); - } catch(const std::exception &ex) { - return -1; - } - - return 0; -} diff --git a/userspace/falco/app/actions/init_outputs.cpp b/userspace/falco/app/actions/init_outputs.cpp index e7de5cf4..0593c491 100644 --- a/userspace/falco/app/actions/init_outputs.cpp +++ b/userspace/falco/app/actions/init_outputs.cpp @@ -37,8 +37,7 @@ falco::app::run_result falco::app::actions::init_outputs(falco::app::state& s) { // read hostname std::string hostname; char* env_hostname = getenv("FALCO_HOSTNAME"); - // todo(leogr): keep FALCO_GRPC_HOSTNAME for backward compatibility. Shall we deprecate it? - if(env_hostname || (env_hostname = getenv("FALCO_GRPC_HOSTNAME"))) { + if(env_hostname) { hostname = env_hostname; falco_logger::log(falco_logger::level::INFO, "Hostname value has been overridden via environment variable to: " + diff --git a/userspace/falco/app/actions/start_grpc_server.cpp b/userspace/falco/app/actions/start_grpc_server.cpp deleted file mode 100644 index 4ef7a0a4..00000000 --- a/userspace/falco/app/actions/start_grpc_server.cpp +++ /dev/null @@ -1,73 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "actions.h" - -#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD) -#include "grpc_server.h" -#endif - -using namespace falco::app; -using namespace falco::app::actions; - -falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state& s) { -#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD) - // gRPC server - if(!s.config->m_grpc_enabled) { - return run_result::ok(); - } - - if(s.options.dry_run) { - falco_logger::log(falco_logger::level::DEBUG, "Skipping starting gRPC server in dry-run\n"); - return run_result::ok(); - } - - falco_logger::log(falco_logger::level::INFO, - "gRPC server threadiness equals to " + - std::to_string(s.config->m_grpc_threadiness) + "\n"); - // TODO(fntlnz,leodido): when we want to spawn multiple threads we need to have a queue per - // thread, or implement different queuing mechanisms, round robin, fanout? What we want to - // achieve? - s.grpc_server.init(s.config->m_grpc_bind_address, - s.config->m_grpc_threadiness, - s.config->m_grpc_private_key, - s.config->m_grpc_cert_chain, - s.config->m_grpc_root_certs, - s.config->m_log_level); - s.grpc_server_thread = std::thread([&s] { s.grpc_server.run(); }); -#endif - return run_result::ok(); -} - -falco::app::run_result falco::app::actions::stop_grpc_server(falco::app::state& s) { -#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD) - if(!s.config->m_grpc_enabled) { - return run_result::ok(); - } - - if(s.options.dry_run) { - falco_logger::log(falco_logger::level::DEBUG, "Skipping stopping gRPC server in dry-run\n"); - return run_result::ok(); - } - - if(s.grpc_server_thread.joinable()) { - s.grpc_server.shutdown(); - s.grpc_server_thread.join(); - } -#endif - return run_result::ok(); -} diff --git a/userspace/falco/app/app.cpp b/userspace/falco/app/app.cpp index 6d710291..41a6d216 100644 --- a/userspace/falco/app/app.cpp +++ b/userspace/falco/app/app.cpp @@ -76,19 +76,16 @@ bool falco::app::run(falco::app::state& s, bool& restart, std::string& errstr) { falco::app::actions::print_support, falco::app::actions::init_outputs, falco::app::actions::create_signal_handlers, - falco::app::actions::create_requested_paths, falco::app::actions::pidfile, falco::app::actions::configure_interesting_sets, falco::app::actions::configure_syscall_buffer_size, falco::app::actions::configure_syscall_buffer_num, - falco::app::actions::start_grpc_server, falco::app::actions::start_webserver, falco::app::actions::process_events, }; std::list const teardown_steps = { falco::app::actions::unregister_signal_handlers, - falco::app::actions::stop_grpc_server, falco::app::actions::stop_webserver, falco::app::actions::close_inspectors, }; diff --git a/userspace/falco/app/state.h b/userspace/falco/app/state.h index 14be3e87..85b96e40 100644 --- a/userspace/falco/app/state.h +++ b/userspace/falco/app/state.h @@ -24,7 +24,6 @@ limitations under the License. #include "../configuration.h" #include "../stats_writer.h" #if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD) -#include "../grpc_server.h" #include "../webserver.h" #endif @@ -111,9 +110,6 @@ struct state { std::shared_ptr restarter; #if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD) - falco::grpc::server grpc_server; - std::thread grpc_server_thread; - falco_webserver webserver; #endif // Set by start_webserver to start prometheus metrics diff --git a/userspace/falco/config_json_schema.h b/userspace/falco/config_json_schema.h index d241f025..c27d22fe 100644 --- a/userspace/falco/config_json_schema.h +++ b/userspace/falco/config_json_schema.h @@ -157,12 +157,6 @@ const char config_schema_string[] = LONG_STRING_CONST( "program_output": { "$ref": "#/definitions/ProgramOutput" }, - "grpc_output": { - "$ref": "#/definitions/Output" - }, - "grpc": { - "$ref": "#/definitions/Grpc" - }, "webserver": { "$ref": "#/definitions/Webserver" }, @@ -459,23 +453,6 @@ const char config_schema_string[] = LONG_STRING_CONST( "minProperties": 1, "title": "FileOutput" }, - "Grpc": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "bind_address": { - "type": "string" - }, - "threadiness": { - "type": "integer" - } - }, - "minProperties": 1, - "title": "Grpc" - }, "Output": { "type": "object", "additionalProperties": false, diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 157c2d8f..9f5d9ce8 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -74,8 +74,6 @@ falco_configuration::falco_configuration(): m_time_format_iso_8601(false), m_buffer_format_base64(false), m_output_timeout(2000), - m_grpc_enabled(false), - m_grpc_threadiness(0), m_webserver_enabled(false), m_syscall_evt_drop_threshold(.1), m_syscall_evt_drop_rate(.03333), @@ -443,37 +441,6 @@ void falco_configuration::load_yaml(const std::string &config_name) { m_outputs.push_back(http_output); } - m_grpc_enabled = m_config.get_scalar("grpc.enabled", false); - if(m_grpc_enabled) { - falco_logger::log(falco_logger::level::WARNING, - "Using deprecated gRPC server (deprecated as consequence of gRPC output " - "deprecation)."); - } - m_grpc_bind_address = m_config.get_scalar("grpc.bind_address", "0.0.0.0:5060"); - m_grpc_threadiness = m_config.get_scalar("grpc.threadiness", 0); - if(m_grpc_threadiness == 0) { - m_grpc_threadiness = falco::utils::hardware_concurrency(); - } - // todo > else limit threadiness to avoid oversubscription? - m_grpc_private_key = - m_config.get_scalar("grpc.private_key", "/etc/falco/certs/server.key"); - m_grpc_cert_chain = - m_config.get_scalar("grpc.cert_chain", "/etc/falco/certs/server.crt"); - m_grpc_root_certs = - m_config.get_scalar("grpc.root_certs", "/etc/falco/certs/ca.crt"); - - falco::outputs::config grpc_output; - grpc_output.name = "grpc"; - const auto grpc_output_enabled = m_config.get_scalar("grpc_output.enabled", true); - if(grpc_output_enabled) { - falco_logger::log(falco_logger::level::WARNING, - "Using deprecated gRPC output. Please consider using other outputs."); - } - // gRPC output is enabled only if gRPC server is enabled too - if(grpc_output_enabled && m_grpc_enabled) { - m_outputs.push_back(grpc_output); - } - m_output_timeout = m_config.get_scalar("output_timeout", 2000); std::string rule_matching = m_config.get_scalar("rule_matching", "first"); diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index a723f8f9..68baea7d 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -159,13 +159,6 @@ public: bool m_buffer_format_base64; uint32_t m_output_timeout; - bool m_grpc_enabled; - uint32_t m_grpc_threadiness; - std::string m_grpc_bind_address; - std::string m_grpc_private_key; - std::string m_grpc_cert_chain; - std::string m_grpc_root_certs; - bool m_webserver_enabled; webserver_config m_webserver_config; diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp index 0023756c..319de301 100644 --- a/userspace/falco/falco_outputs.cpp +++ b/userspace/falco/falco_outputs.cpp @@ -15,10 +15,6 @@ See the License for the specific language governing permissions and limitations under the License. */ -#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD) -#include -#endif - #include "falco_outputs.h" #include "config_falco.h" @@ -34,7 +30,6 @@ limitations under the License. #endif #if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD) #include "outputs_http.h" -#include "outputs_grpc.h" #endif static const char *s_internal_source = "internal"; @@ -101,8 +96,6 @@ void falco_outputs::add_output(const falco::outputs::config &oc) { #if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD) else if(oc.name == "http") { oo = std::make_unique(); - } else if(oc.name == "grpc") { - oo = std::make_unique(); } #endif else { diff --git a/userspace/falco/grpc_context.cpp b/userspace/falco/grpc_context.cpp deleted file mode 100644 index e21f2bdf..00000000 --- a/userspace/falco/grpc_context.cpp +++ /dev/null @@ -1,52 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include - -#include "grpc_context.h" - -falco::grpc::context::context(::grpc::ServerContext* ctx): m_ctx(ctx) { - std::string session_id; - std::string request_id; - - get_metadata(meta_session, session_id); - get_metadata(meta_request, request_id); - - bool has_meta = false; - std::stringstream meta; - if(!session_id.empty()) { - meta << "[sid=" << session_id << "]"; - has_meta = true; - } - if(!request_id.empty()) { - meta << "[rid=" << request_id << "]"; - has_meta = true; - } - if(has_meta) { - meta << " "; - } - m_prefix = meta.str(); -} - -void falco::grpc::context::context::get_metadata(std::string key, std::string& val) { - const std::multimap<::grpc::string_ref, ::grpc::string_ref>& client_metadata = - m_ctx->client_metadata(); - auto it = client_metadata.find(key); - if(it != client_metadata.end()) { - val.assign(it->second.data(), it->second.size()); - } -} diff --git a/userspace/falco/grpc_context.h b/userspace/falco/grpc_context.h deleted file mode 100644 index e40421fd..00000000 --- a/userspace/falco/grpc_context.h +++ /dev/null @@ -1,65 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#pragma once - -#include - -#ifdef GRPC_INCLUDE_IS_GRPCPP -#include -#else -#include -#endif - -namespace falco { -namespace grpc { - -const std::string meta_session = "session_id"; -const std::string meta_request = "request_id"; - -class context { -public: - explicit context(::grpc::ServerContext* ctx); - virtual ~context() = default; - - void get_metadata(std::string key, std::string& val); - -private: - ::grpc::ServerContext* m_ctx = nullptr; - std::string m_prefix; -}; - -class stream_context : public context { -public: - explicit stream_context(::grpc::ServerContext* ctx): context(ctx) {}; - virtual ~stream_context() override = default; - - enum : char { STREAMING = 1, SUCCESS, ERROR } m_status = STREAMING; - - mutable void* m_stream = nullptr; // todo(fntlnz, leodido) > useful in the future - mutable bool m_has_more = false; - mutable bool m_is_running = true; -}; - -class bidi_context : public stream_context { -public: - explicit bidi_context(::grpc::ServerContext* ctx): stream_context(ctx) {}; - virtual ~bidi_context() override = default; -}; - -} // namespace grpc -} // namespace falco diff --git a/userspace/falco/grpc_queue.h b/userspace/falco/grpc_queue.h deleted file mode 100644 index 96af3a8e..00000000 --- a/userspace/falco/grpc_queue.h +++ /dev/null @@ -1,49 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#pragma once - -#include "outputs.pb.h" -#include "tbb/concurrent_queue.h" - -namespace falco { -namespace grpc { -typedef tbb::concurrent_queue response_cq; - -class queue { -public: - static queue& get() { - static queue instance; - return instance; - } - - bool try_pop(outputs::response& res) { return m_queue.try_pop(res); } - - void push(outputs::response& res) { m_queue.push(res); } - -private: - queue() {} - - response_cq m_queue; - - // We can use the better technique of deleting the methods we don't want. -public: - queue(queue const&) = delete; - void operator=(queue const&) = delete; -}; -} // namespace grpc -} // namespace falco diff --git a/userspace/falco/grpc_request_context.cpp b/userspace/falco/grpc_request_context.cpp deleted file mode 100644 index 66b9d4f4..00000000 --- a/userspace/falco/grpc_request_context.cpp +++ /dev/null @@ -1,205 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2016-2019 The Falco Authors - -This file is part of falco. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include "grpc_request_context.h" - -namespace falco { -namespace grpc { - -template<> -void request_stream_context::start( - server* srv) { - m_state = request_context_base::REQUEST; - m_srv_ctx = std::make_unique<::grpc::ServerContext>(); - auto srvctx = m_srv_ctx.get(); - m_res_writer = std::make_unique<::grpc::ServerAsyncWriter>(srvctx); - m_stream_ctx.reset(); - m_req.Clear(); - auto cq = srv->m_completion_queue.get(); - // todo(leodido) > log "calling m_request_func: tag=this, state=m_state" - (srv->m_output_svc.*m_request_func)(srvctx, &m_req, m_res_writer.get(), cq, cq, this); -} - -template<> -void request_stream_context::process( - server* srv) { - // When it is the 1st process call - if(m_state == request_context_base::REQUEST) { - m_state = request_context_base::WRITE; - m_stream_ctx = std::make_unique(m_srv_ctx.get()); - } - - // Processing - outputs::response res; - (srv->*m_process_func)(*m_stream_ctx, m_req, res); // get() - - if(!m_stream_ctx->m_is_running) { - m_state = request_context_base::FINISH; - m_res_writer->Finish(::grpc::Status::OK, this); - return; - } - - // When there are still more responses to stream - if(m_stream_ctx->m_has_more) { - // todo(leodido) > log "write: tag=this, state=m_state" - m_res_writer->Write(res, this); - return; - } - - // No more responses to stream - // Communicate to the gRPC runtime that we have finished. - // The memory address of "this" instance uniquely identifies the event. - m_state = request_context_base::FINISH; - // todo(leodido) > log "finish: tag=this, state=m_state" - m_res_writer->Finish(::grpc::Status::OK, this); -} - -template<> -void request_stream_context::end( - server* srv, - bool error) { - if(m_stream_ctx) { - if(error) { - // todo(leodido) > log error "error streaming: tag=this, state=m_state, - // stream=m_stream_ctx->m_stream" - } - m_stream_ctx->m_status = error ? stream_context::ERROR : stream_context::SUCCESS; - - // Complete the processing - outputs::response res; - (srv->*m_process_func)(*m_stream_ctx, m_req, res); // get() - } else { - // Flow enters here when the processing of "m_request_func" fails. - // Since this happens into the `start()` function, the processing does not advance to the - // `process()` function. So, `m_stream_ctx` is null because it is set into the `process()` - // function. The stream haven't started. - - // todo(leodido) > log error "ending streaming: tag=this, state=m_state, stream=null" - } - - // Ask to start processing requests - start(srv); -} - -template<> -void request_context::start(server* srv) { - m_state = request_context_base::REQUEST; - m_srv_ctx = std::make_unique<::grpc::ServerContext>(); - auto srvctx = m_srv_ctx.get(); - m_res_writer = std::make_unique<::grpc::ServerAsyncResponseWriter>(srvctx); - m_req.Clear(); - auto cq = srv->m_completion_queue.get(); - // Request to start processing given requests. - // Using "this" - ie., the memory address of this context - as the tag that uniquely identifies - // the request. In this way, different contexts can serve different requests concurrently. - (srv->m_version_svc.*m_request_func)(srvctx, &m_req, m_res_writer.get(), cq, cq, this); -} - -template<> -void request_context::process(server* srv) { - version::response res; - (srv->*m_process_func)(context(m_srv_ctx.get()), m_req, res); - - // Notify the gRPC runtime that this processing is done - m_state = request_context_base::FINISH; - // Using "this"- ie., the memory address of this context - to uniquely identify the event. - m_res_writer->Finish(res, ::grpc::Status::OK, this); -} - -template<> -void request_context::end(server* srv, - bool error) { - // todo(leodido) > handle processing errors here - - // Ask to start processing requests - start(srv); -} - -template<> -void request_bidi_context::start( - server* srv) { - m_state = request_context_base::REQUEST; - m_srv_ctx = std::make_unique<::grpc::ServerContext>(); - auto srvctx = m_srv_ctx.get(); - m_reader_writer = - std::make_unique<::grpc::ServerAsyncReaderWriter>( - srvctx); - m_req.Clear(); - auto cq = srv->m_completion_queue.get(); - // Request to start processing given requests. - // Using "this" - ie., the memory address of this context - as the tag that uniquely identifies - // the request. In this way, different contexts can serve different requests concurrently. - (srv->m_output_svc.*m_request_func)(srvctx, m_reader_writer.get(), cq, cq, this); -}; - -template<> -void request_bidi_context::process( - server* srv) { - switch(m_state) { - case request_context_base::REQUEST: - m_bidi_ctx = std::make_unique(m_srv_ctx.get()); - m_bidi_ctx->m_status = bidi_context::STREAMING; - m_state = request_context_base::WRITE; - m_reader_writer->Read(&m_req, this); - return; - case request_context_base::WRITE: - // Processing - { - outputs::response res; - (srv->*m_process_func)(*m_bidi_ctx, m_req, res); // sub() - - if(!m_bidi_ctx->m_is_running) { - m_state = request_context_base::FINISH; - m_reader_writer->Finish(::grpc::Status::OK, this); - return; - } - - if(m_bidi_ctx->m_has_more) { - m_state = request_context_base::WRITE; - m_reader_writer->Write(res, this); - return; - } - - m_state = request_context_base::WRITE; - m_reader_writer->Read(&m_req, this); - } - - return; - default: - return; - } -}; - -template<> -void request_bidi_context::end(server* srv, - bool error) { - if(m_bidi_ctx) { - m_bidi_ctx->m_status = error ? bidi_context::ERROR : bidi_context::SUCCESS; - - // Complete the processing - outputs::response res; - (srv->*m_process_func)(*m_bidi_ctx, m_req, res); // sub() - } - - // Ask to start processing requests - start(srv); -}; - -} // namespace grpc -} // namespace falco diff --git a/userspace/falco/grpc_request_context.h b/userspace/falco/grpc_request_context.h deleted file mode 100644 index ca004248..00000000 --- a/userspace/falco/grpc_request_context.h +++ /dev/null @@ -1,126 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2016-2019 The Falco Authors - -This file is part of falco. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#pragma once - -#include "grpc_server.h" - -namespace falco { -namespace grpc { - -class request_context_base { -public: - request_context_base() = default; - // virtual to guarantee that the derived classes are destructed properly - virtual ~request_context_base() = default; - - std::unique_ptr<::grpc::ServerContext> m_srv_ctx; - enum : char { UNKNOWN = 0, REQUEST, WRITE, FINISH } m_state = UNKNOWN; - - virtual void start(server* srv) = 0; - virtual void process(server* srv) = 0; - virtual void end(server* srv, bool isError) = 0; -}; - -// The responsibility of `request_stream_context` template class -// is to handle streaming responses. -template -class request_stream_context : public request_context_base { -public: - request_stream_context(): m_process_func(nullptr), m_request_func(nullptr) {}; - ~request_stream_context() override = default; - - // Pointer to function that does actual processing - void (server::*m_process_func)(const stream_context&, const Request&, Response&); - - // Pointer to function that requests the system to start processing given requests - void (Service::AsyncService::*m_request_func)(::grpc::ServerContext*, - Request*, - ::grpc::ServerAsyncWriter*, - ::grpc::CompletionQueue*, - ::grpc::ServerCompletionQueue*, - void*); - - void start(server* srv) override; - void process(server* srv) override; - void end(server* srv, bool error) override; - -private: - std::unique_ptr<::grpc::ServerAsyncWriter> m_res_writer; - std::unique_ptr m_stream_ctx; - Request m_req; -}; - -// The responsibility of `request_context` template class -// is to handle unary responses. -template -class request_context : public request_context_base { -public: - request_context(): m_process_func(nullptr), m_request_func(nullptr) {}; - ~request_context() override = default; - - // Pointer to function that does actual processing - void (server::*m_process_func)(const context&, const Request&, Response&); - - // Pointer to function that requests the system to start processing given requests - void (Service::AsyncService::*m_request_func)(::grpc::ServerContext*, - Request*, - ::grpc::ServerAsyncResponseWriter*, - ::grpc::CompletionQueue*, - ::grpc::ServerCompletionQueue*, - void*); - - void start(server* srv) override; - void process(server* srv) override; - void end(server* srv, bool error) override; - -private: - std::unique_ptr<::grpc::ServerAsyncResponseWriter> m_res_writer; - Request m_req; -}; - -template -class request_bidi_context : public request_context_base { -public: - request_bidi_context(): m_process_func(nullptr), m_request_func(nullptr) {}; - ~request_bidi_context() override = default; - - // Pointer to function that does actual processing - void (server::*m_process_func)(const bidi_context&, const Request&, Response&); - - // Pointer to function that requests the system to start processing given requests - void (Service::AsyncService::*m_request_func)( - ::grpc::ServerContext*, - ::grpc::ServerAsyncReaderWriter*, - ::grpc::CompletionQueue*, - ::grpc::ServerCompletionQueue*, - void*); - - void start(server* srv) override; - void process(server* srv) override; - void end(server* srv, bool error) override; - -private: - std::unique_ptr<::grpc::ServerAsyncReaderWriter> m_reader_writer; - std::unique_ptr m_bidi_ctx; - Request m_req; -}; - -} // namespace grpc -} // namespace falco diff --git a/userspace/falco/grpc_server.cpp b/userspace/falco/grpc_server.cpp deleted file mode 100644 index d8578e13..00000000 --- a/userspace/falco/grpc_server.cpp +++ /dev/null @@ -1,316 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#ifdef GRPC_INCLUDE_IS_GRPCPP -#include -#else -#include -#endif - -#include "config_falco.h" -#include "falco_engine.h" -#include "falco_engine_version.h" -#include "logger.h" -#include "grpc_server.h" -#include "grpc_queue.h" -#include "grpc_request_context.h" -#include "falco_utils.h" - -#define REGISTER_STREAM(req, res, svc, rpc, impl, num) \ - std::vector> rpc##_contexts(num); \ - for(request_stream_context & c : rpc##_contexts) { \ - c.m_process_func = &server::impl; \ - c.m_request_func = &svc::AsyncService::Request##rpc; \ - c.start(this); \ - } - -#define REGISTER_UNARY(req, res, svc, rpc, impl, num) \ - std::vector> rpc##_contexts(num); \ - for(request_context & c : rpc##_contexts) { \ - c.m_process_func = &server::impl; \ - c.m_request_func = &svc::AsyncService::Request##rpc; \ - c.start(this); \ - } - -#define REGISTER_BIDI(req, res, svc, rpc, impl, num) \ - std::vector> rpc##_contexts(num); \ - for(request_bidi_context & c : rpc##_contexts) { \ - c.m_process_func = &server::impl; \ - c.m_request_func = &svc::AsyncService::Request##rpc; \ - c.start(this); \ - } - -static void gpr_log_dispatcher_func(gpr_log_func_args* args) { - falco_logger::level priority; - switch(args->severity) { - case GPR_LOG_SEVERITY_ERROR: - priority = falco_logger::level::ERR; - break; - case GPR_LOG_SEVERITY_DEBUG: - priority = falco_logger::level::DEBUG; - break; - default: - priority = falco_logger::level::INFO; - break; - } - - std::string copy = "grpc: "; - copy.append(args->message); - copy.push_back('\n'); - falco_logger::log(priority, std::move(copy)); -} - -void falco::grpc::server::thread_process(int thread_index) { - void* tag = nullptr; - bool event_read_success = false; - while(m_completion_queue->Next(&tag, &event_read_success)) { - if(tag == nullptr) { - // todo(leodido) > log error "server completion queue error: empty tag" - continue; - } - - // Obtain the context for a given tag - request_context_base* ctx = static_cast(tag); - - // todo(leodido) > log "next event: tag=tag, read_success=event_read_success, - // state=ctx->m_state" - - // When event has not been read successfully - if(!event_read_success) { - if(ctx->m_state != request_context_base::REQUEST) { - // todo(leodido) > log error "server completion queue failing to read: tag=tag" - - // End the context with error - ctx->end(this, true); - } - continue; - } - - // Process the event - switch(ctx->m_state) { - case request_context_base::REQUEST: - // Completion of m_request_func - case request_context_base::WRITE: - // Completion of Write() - ctx->process(this); - break; - case request_context_base::FINISH: - // Completion of Finish() - ctx->end(this, false); - break; - default: - // todo(leodido) > log error "unknown completion queue event: tag=tag, - // state=ctx->m_state" - break; - } - - // todo(leodido) > log "thread completed: index=thread_index" - } -} - -void falco::grpc::server::init(const std::string& server_addr, - int threadiness, - const std::string& private_key, - const std::string& cert_chain, - const std::string& root_certs, - const std::string& log_level) { - m_server_addr = server_addr; - m_threadiness = threadiness; - m_private_key = private_key; - m_cert_chain = cert_chain; - m_root_certs = root_certs; - - // Set the verbosity level of gpr logger - falco::schema::priority logging_level = falco::schema::INFORMATIONAL; - falco::schema::priority_Parse(log_level, &logging_level); - switch(logging_level) { - case falco::schema::ERROR: - gpr_set_log_verbosity(GPR_LOG_SEVERITY_ERROR); - break; - case falco::schema::DEBUG: - gpr_set_log_verbosity(GPR_LOG_SEVERITY_DEBUG); - break; - case falco::schema::INFORMATIONAL: - default: - // note > info will always enter here since it is != from "informational" - gpr_set_log_verbosity(GPR_LOG_SEVERITY_INFO); - break; - } - gpr_log_verbosity_init(); - gpr_set_log_function(gpr_log_dispatcher_func); - - if(falco::utils::network::is_unix_scheme(m_server_addr)) { - init_unix_server_builder(); - return; - } - init_mtls_server_builder(); -} - -void falco::grpc::server::init_mtls_server_builder() { - std::string private_key; - std::string cert_chain; - std::string root_certs; - falco::utils::readfile(m_cert_chain, cert_chain); - falco::utils::readfile(m_private_key, private_key); - falco::utils::readfile(m_root_certs, root_certs); - ::grpc::SslServerCredentialsOptions::PemKeyCertPair cert_pair{private_key, cert_chain}; - ::grpc::SslServerCredentialsOptions ssl_opts( - GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY); - ssl_opts.pem_root_certs = root_certs; - ssl_opts.pem_key_cert_pairs.push_back(cert_pair); - - m_server_builder.AddListeningPort(m_server_addr, ::grpc::SslServerCredentials(ssl_opts)); -} - -void falco::grpc::server::init_unix_server_builder() { - m_server_builder.AddListeningPort(m_server_addr, ::grpc::InsecureServerCredentials()); -} - -void falco::grpc::server::run() { - m_server_builder.RegisterService(&m_output_svc); - m_server_builder.RegisterService(&m_version_svc); - - m_completion_queue = m_server_builder.AddCompletionQueue(); - m_server = m_server_builder.BuildAndStart(); - if(m_server == nullptr) { - falco_logger::log(falco_logger::level::EMERG, "Error starting gRPC server\n"); - return; - } - falco_logger::log(falco_logger::level::INFO, "Starting gRPC server at " + m_server_addr + "\n"); - - // The number of contexts is multiple of the number of threads - // This defines the number of simultaneous completion queue requests of the same type - // (service::AsyncService::Request##RPC) For this approach to be sufficient server::IMPL have to - // be fast - int context_num = m_threadiness * 10; - // todo(leodido) > take a look at thread_stress_test.cc into grpc repository - - REGISTER_UNARY(version::request, - version::response, - version::service, - version, - version, - context_num) - REGISTER_STREAM(outputs::request, outputs::response, outputs::service, get, get, context_num) - REGISTER_BIDI(outputs::request, outputs::response, outputs::service, sub, sub, context_num) - - m_threads.resize(m_threadiness); - int thread_idx = 0; - for(std::thread& thread : m_threads) { - thread = std::thread(&server::thread_process, this, thread_idx++); - } - // todo(leodido) > log "gRPC server running: threadiness=m_threads.size()" - - m_server->Wait(); - // todo(leodido) > log "stopping gRPC server" - stop(); -} - -void falco::grpc::server::stop() { - falco_logger::log(falco_logger::level::INFO, - "Shutting down gRPC server. Waiting until external connections are closed by " - "clients\n"); - m_completion_queue->Shutdown(); - - falco_logger::log(falco_logger::level::INFO, "Waiting for the gRPC threads to complete\n"); - for(std::thread& t : m_threads) { - if(t.joinable()) { - t.join(); - } - } - m_threads.clear(); - - falco_logger::log(falco_logger::level::INFO, "Draining all the remaining gRPC events\n"); - // Ignore remaining events - void* ignore_tag = nullptr; - bool ignore_ok = false; - while(m_completion_queue->Next(&ignore_tag, &ignore_ok)) { - } - - falco_logger::log(falco_logger::level::INFO, "Shutting down gRPC server complete\n"); -} - -bool falco::grpc::server::is_running() { - if(m_stop) { - return false; - } - return true; -} - -void falco::grpc::server::get(const stream_context& ctx, - const outputs::request& req, - outputs::response& res) { - if(ctx.m_status == stream_context::SUCCESS || ctx.m_status == stream_context::ERROR) { - // todo(leodido) > log "status=ctx->m_status, stream=ctx->m_stream" - ctx.m_stream = nullptr; - return; - } - - ctx.m_is_running = is_running(); - - // Start or continue streaming - // m_status == stream_context::STREAMING? - // todo(leodido) > set m_stream - - ctx.m_has_more = queue::get().try_pop(res); -} - -void falco::grpc::server::sub(const bidi_context& ctx, - const outputs::request& req, - outputs::response& res) { - if(ctx.m_status == stream_context::SUCCESS || ctx.m_status == stream_context::ERROR) { - ctx.m_stream = nullptr; - return; - } - - ctx.m_is_running = is_running(); - - // Start or continue streaming - // m_status == stream_context::STREAMING? - // todo(leodido) > set m_stream - - ctx.m_has_more = queue::get().try_pop(res); -} - -void falco::grpc::server::version(const context& ctx, - const version::request&, - version::response& res) { - auto& build = *res.mutable_build(); - build = FALCO_VERSION_BUILD; - - auto& prerelease = *res.mutable_prerelease(); - prerelease = FALCO_VERSION_PRERELEASE; - - auto& version = *res.mutable_version(); - version = FALCO_VERSION; - - res.set_engine_version(FALCO_ENGINE_VERSION); - res.set_engine_fields_checksum(FALCO_ENGINE_CHECKSUM); - auto engine_version = falco_engine::engine_version(); - res.set_engine_major(engine_version.major()); - res.set_engine_minor(engine_version.minor()); - res.set_engine_patch(engine_version.patch()); - - res.set_major(FALCO_VERSION_MAJOR); - res.set_minor(FALCO_VERSION_MINOR); - res.set_patch(FALCO_VERSION_PATCH); -} - -void falco::grpc::server::shutdown() { - m_stop = true; - m_server->Shutdown(); -} diff --git a/userspace/falco/grpc_server.h b/userspace/falco/grpc_server.h deleted file mode 100644 index 5c28206a..00000000 --- a/userspace/falco/grpc_server.h +++ /dev/null @@ -1,79 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#pragma once - -#include -#include -#include - -#include "outputs.grpc.pb.h" -#include "version.grpc.pb.h" -#include "grpc_context.h" - -namespace falco { -namespace grpc { - -class server { -public: - server() = default; - virtual ~server() = default; - - void init(const std::string& server_addr, - int threadiness, - const std::string& private_key, - const std::string& cert_chain, - const std::string& root_certs, - const std::string& log_level); - void thread_process(int thread_index); - void run(); - void stop(); - void shutdown(); - - outputs::service::AsyncService m_output_svc; - version::service::AsyncService m_version_svc; - - std::unique_ptr<::grpc::ServerCompletionQueue> m_completion_queue; - -private: - std::string m_server_addr; - int m_threadiness = 1; - std::string m_private_key; - std::string m_cert_chain; - std::string m_root_certs; - - std::vector m_threads; - ::grpc::ServerBuilder m_server_builder; - void init_mtls_server_builder(); - void init_unix_server_builder(); - - bool is_running(); - - // Outputs - void get(const stream_context& ctx, const outputs::request& req, outputs::response& res); - void sub(const bidi_context& ctx, const outputs::request& req, outputs::response& res); - - // Version - void version(const context& ctx, const version::request& req, version::response& res); - - std::unique_ptr<::grpc::Server> m_server; - - std::atomic m_stop{false}; -}; - -} // namespace grpc -} // namespace falco diff --git a/userspace/falco/outputs.proto b/userspace/falco/outputs.proto deleted file mode 100644 index 0e72f9e0..00000000 --- a/userspace/falco/outputs.proto +++ /dev/null @@ -1,56 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -syntax = "proto3"; - -import "google/protobuf/timestamp.proto"; -import "schema.proto"; - -package falco.outputs; - -option go_package = "github.com/falcosecurity/client-go/pkg/api/outputs"; - -// This service defines the RPC methods -// to `request` a stream of output `response`s. -service service { - // Subscribe to a stream of Falco outputs by sending a stream of requests. - rpc sub(stream request) returns (stream response); - // Get all the Falco outputs present in the system up to this call. - rpc get(request) returns (stream response); -} - -// The `request` message is the logical representation of the request model. -// It is the input of the `output.service` service. -message request { - // TODO(leodido,fntlnz): tags not supported yet, keeping it for reference. - // repeated string tags = 1; -} - -// The `response` message is the representation of the output model. -// It contains all the elements that Falco emits in an output along with the -// definitions for priorities and source. -message response { - google.protobuf.Timestamp time = 1; - falco.schema.priority priority = 2; - falco.schema.source source_deprecated = 3 [deprecated=true]; - string rule = 4; - string output = 5; - map output_fields = 6; - string hostname = 7; - repeated string tags = 8; - string source = 9; -} diff --git a/userspace/falco/outputs_grpc.cpp b/userspace/falco/outputs_grpc.cpp deleted file mode 100644 index 7aef458d..00000000 --- a/userspace/falco/outputs_grpc.cpp +++ /dev/null @@ -1,101 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include -#include "outputs_grpc.h" -#include "grpc_queue.h" -#include "falco_common.h" -#include "formats.h" - -#if __has_attribute(deprecated) -#define DISABLE_WARNING_PUSH _Pragma("GCC diagnostic push") -#define DISABLE_WARNING_POP _Pragma("GCC diagnostic pop") -#define DISABLE_WARNING_DEPRECATED_DECLARATIONS \ - _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"") -#elif defined(_MSC_VER) -#define DISABLE_WARNING_PUSH __pragma(warning(push)) -#define DISABLE_WARNING_POP __pragma(warning(pop)) -#define DISABLE_WARNING_DEPRECATED_DECLARATIONS __pragma(warning(disable : 4996)) -#else -#define DISABLE_WARNING_PUSH -#define DISABLE_WARNING_POP -#define DISABLE_WARNING_DEPRECATED_DECLARATIONS -#endif - -void falco::outputs::output_grpc::output(const message *msg) { - falco::outputs::response grpc_res; - - // time - auto timestamp = grpc_res.mutable_time(); - *timestamp = google::protobuf::util::TimeUtil::NanosecondsToTimestamp(msg->ts); - - // rule - auto r = grpc_res.mutable_rule(); - *r = msg->rule; - - // source_deprecated (maintained for backward compatibility) - // Setting this as reserved would cause old clients to receive the - // 0-index enum element, which is the SYSCALL source in our case. - // This can be misleading for clients with an old version of the - // protobuf, so for now we deprecate the field and add a new PLUGIN - // enum entry instead. - // todo(jasondellaluce): remove source_deprecated and reserve its number - falco::schema::source s = falco::schema::source::SYSCALL; - if(!falco::schema::source_Parse(msg->source, &s)) { - // unknown source names are expected to come from plugins - s = falco::schema::source::PLUGIN; - } - DISABLE_WARNING_PUSH - DISABLE_WARNING_DEPRECATED_DECLARATIONS - grpc_res.set_source_deprecated(s); - DISABLE_WARNING_POP - - // priority - falco::schema::priority p = falco::schema::priority::EMERGENCY; - if(!falco::schema::priority_Parse(falco_common::format_priority(msg->priority), &p)) { - throw falco_exception("Unknown priority passed to output_grpc::output()"); - } - grpc_res.set_priority(p); - - // output - auto output = grpc_res.mutable_output(); - *output = msg->msg; - - // output fields - auto &fields = *grpc_res.mutable_output_fields(); - for(const auto &kv : msg->fields.items()) { - if(!kv.value().is_primitive()) { - throw falco_exception("output_grpc: output fields must be key-value maps"); - } - fields[kv.key()] = - (kv.value().is_string()) ? kv.value().get() : kv.value().dump(); - } - - // hostname - auto host = grpc_res.mutable_hostname(); - *host = m_hostname; - - // tags - auto tags = grpc_res.mutable_tags(); - *tags = {msg->tags.begin(), msg->tags.end()}; - - // source - auto source = grpc_res.mutable_source(); - *source = msg->source; - - falco::grpc::queue::get().push(grpc_res); -} diff --git a/userspace/falco/outputs_grpc.h b/userspace/falco/outputs_grpc.h deleted file mode 100644 index b388e8a5..00000000 --- a/userspace/falco/outputs_grpc.h +++ /dev/null @@ -1,30 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#pragma once - -#include "outputs.h" - -namespace falco { -namespace outputs { - -class output_grpc : public abstract_output { - void output(const message *msg) override; -}; - -} // namespace outputs -} // namespace falco diff --git a/userspace/falco/schema.proto b/userspace/falco/schema.proto deleted file mode 100644 index 00939c12..00000000 --- a/userspace/falco/schema.proto +++ /dev/null @@ -1,67 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -syntax = "proto3"; - -package falco.schema; - -option go_package = "github.com/falcosecurity/client-go/pkg/api/schema"; - -enum priority { - option allow_alias = true; - EMERGENCY = 0; - emergency = 0; - Emergency = 0; - ALERT = 1; - alert = 1; - Alert = 1; - CRITICAL = 2; - critical = 2; - Critical = 2; - ERROR = 3; - error = 3; - Error = 3; - WARNING = 4; - warning = 4; - Warning = 4; - NOTICE = 5; - notice = 5; - Notice = 5; - INFORMATIONAL = 6; - informational = 6; - Informational = 6; - DEBUG = 7; - debug = 7; - Debug = 7; -} - -enum source { - option allow_alias = true; - SYSCALL = 0; - syscall = 0; - Syscall = 0; - K8S_AUDIT = 1; - k8s_audit = 1; - K8s_audit = 1; - K8S_audit = 1; - INTERNAL = 2; - internal = 2; - Internal = 2; - PLUGIN = 3; - plugin = 3; - Plugin = 3; -} diff --git a/userspace/falco/version.proto b/userspace/falco/version.proto deleted file mode 100644 index 98c10f6d..00000000 --- a/userspace/falco/version.proto +++ /dev/null @@ -1,53 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* -Copyright (C) 2023 The Falco Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -syntax = "proto3"; - -package falco.version; - -option go_package = "github.com/falcosecurity/client-go/pkg/api/version"; - -// This service defines a RPC call -// to request the Falco version. -service service { - rpc version(request) returns (response); -} - -// The `request` message is an empty one. -message request -{ -} - -// The `response` message contains the version of Falco. -// It provides the whole version as a string and also -// its parts as per semver 2.0 specification (https://semver.org). -message response -{ -// falco version - string version = 1; - uint32 major = 2; - uint32 minor = 3; - uint32 patch = 4; - string prerelease = 5; - string build = 6; -// falco engine version - uint32 engine_minor = 7; - string engine_fields_checksum = 8; - uint32 engine_major = 9; - uint32 engine_patch = 10; - string engine_version = 11; -}