refactor(userspace/falco/app): standalone sources for action helpers

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>

userspace/falco/CMakeLists.txt

@@ -19,6 +19,9 @@ set(
   app/state.cpp
   app/signals.cpp
   app/options.cpp
+  app/actions/helpers_generic.cpp
+  app/actions/helpers_inspector.cpp
+  app/actions/helpers_interesting_sets.cpp
   app/actions/create_signal_handlers.cpp
   app/actions/daemonize.cpp
   app/actions/init_falco_engine.cpp
@@ -30,7 +33,6 @@ set(
   app/actions/load_config.cpp
   app/actions/load_plugins.cpp
   app/actions/load_rules_files.cpp
-  app/actions/open_inspector.cpp
   app/actions/process_events.cpp
   app/actions/print_generated_gvisor_config.cpp
   app/actions/print_help.cpp
@@ -46,7 +48,6 @@ set(
   app/actions/start_webserver.cpp
   app/actions/validate_rules_files.cpp
   app/actions/create_requested_paths.cpp
-  app/actions/configure_interesting_sets.cpp
   configuration.cpp
   logger.cpp
   falco_outputs.cpp

userspace/falco/app/actions/actions.h

@@ -23,88 +23,37 @@ namespace falco {
 namespace app {
 namespace actions {
 
-falco::app::run_result create_signal_handlers(falco::app::state& s);
 falco::app::run_result attach_inotify_signals(falco::app::state& s);
+falco::app::run_result configure_syscall_buffer_size(falco::app::state& s);
+falco::app::run_result create_requested_paths(falco::app::state& s);
+falco::app::run_result create_signal_handlers(falco::app::state& s);
 falco::app::run_result daemonize(falco::app::state& s);
+falco::app::run_result init_clients(falco::app::state& s);
 falco::app::run_result init_falco_engine(falco::app::state& s);
 falco::app::run_result init_inspectors(falco::app::state& s);
-falco::app::run_result init_clients(falco::app::state& s);
 falco::app::run_result init_outputs(falco::app::state& s);
 falco::app::run_result list_fields(falco::app::state& s);
 falco::app::run_result list_plugins(falco::app::state& s);
 falco::app::run_result load_config(falco::app::state& s);
-falco::app::run_result require_config_file(falco::app::state& s);
 falco::app::run_result load_plugins(falco::app::state& s);
 falco::app::run_result load_rules_files(falco::app::state& s);
-falco::app::run_result create_requested_paths(falco::app::state& s);
 falco::app::run_result print_generated_gvisor_config(falco::app::state& s);
 falco::app::run_result print_help(falco::app::state& s);
 falco::app::run_result print_ignored_events(falco::app::state& s);
+falco::app::run_result print_page_size(falco::app::state& s);
 falco::app::run_result print_plugin_info(falco::app::state& s);
 falco::app::run_result print_support(falco::app::state& s);
 falco::app::run_result print_syscall_events(falco::app::state& s);
 falco::app::run_result print_version(falco::app::state& s);
-falco::app::run_result print_page_size(falco::app::state& s);
 falco::app::run_result process_events(falco::app::state& s);
+falco::app::run_result require_config_file(falco::app::state& s);
 falco::app::run_result select_event_sources(falco::app::state& s);
-falco::app::run_result configure_syscall_buffer_size(falco::app::state& s);
 falco::app::run_result start_grpc_server(falco::app::state& s);
 falco::app::run_result start_webserver(falco::app::state& s);
-falco::app::run_result validate_rules_files(falco::app::state& s);
-
-// teardown
-falco::app::run_result unregister_signal_handlers(falco::app::state& s);
 falco::app::run_result stop_grpc_server(falco::app::state& s);
 falco::app::run_result stop_webserver(falco::app::state& s);
-
-// helpers
-bool check_rules_plugin_requirements(falco::app::state& s, std::string& err);
-falco::app::run_result open_offline_inspector(falco::app::state& s);
-void print_enabled_event_sources(falco::app::state& s);
-void configure_interesting_sets(falco::app::state& s);
-void format_plugin_info(std::shared_ptr<sinsp_plugin> p, std::ostream& os);
-falco::app::run_result open_live_inspector(
-    falco::app::state& s,
-    std::shared_ptr<sinsp> inspector,
-    const std::string& source);
-
-template<class InputIterator>
-void read_files(InputIterator begin, InputIterator end,
-		std::vector<std::string>& rules_contents,
-		falco::load_result::rules_contents_t& rc)
-{
-	// Read the contents in a first pass
-	for(auto it = begin; it != end; it++)
-	{
-		std::string &filename = *it;
-		std::ifstream is;
-		is.open(filename);
-		if (!is.is_open())
-		{
-			throw falco_exception("Could not open file " + filename + " for reading");
-		}
-
-		std::string rules_content((std::istreambuf_iterator<char>(is)),
-						std::istreambuf_iterator<char>());
-		rules_contents.emplace_back(std::move(rules_content));
-	}
-
-	// Populate the map in a second pass to avoid
-	// references becoming invalid.
-	auto it = begin;
-	auto rit = rules_contents.begin();
-	for(; it != end && rit != rules_contents.end(); it++, rit++)
-	{
-		rc.emplace(*it, *rit);
-	}
-
-	// Both it and rit must be at the end, otherwise
-	// there's a bug in the above
-	if(it != end || rit != rules_contents.end())
-	{
-		throw falco_exception("Unexpected mismatch in rules content name/rules content sets?");
-	}
-}
+falco::app::run_result unregister_signal_handlers(falco::app::state& s);
+falco::app::run_result validate_rules_files(falco::app::state& s);
 
 }; // namespace actions
 }; // namespace app

userspace/falco/app/actions/helpers.h

@@ -0,0 +1,77 @@
+/*
+Copyright (C) 2023 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#pragma once
+
+#include "../state.h"
+#include "../run_result.h"
+
+namespace falco {
+namespace app {
+namespace actions {
+
+bool check_rules_plugin_requirements(falco::app::state& s, std::string& err);
+void print_enabled_event_sources(falco::app::state& s);
+void configure_interesting_sets(falco::app::state& s);
+void format_plugin_info(std::shared_ptr<sinsp_plugin> p, std::ostream& os);
+falco::app::run_result open_offline_inspector(falco::app::state& s);
+falco::app::run_result open_live_inspector(
+    falco::app::state& s,
+    std::shared_ptr<sinsp> inspector,
+    const std::string& source);
+
+template<class InputIterator>
+void read_files(InputIterator begin, InputIterator end,
+		std::vector<std::string>& rules_contents,
+		falco::load_result::rules_contents_t& rc)
+{
+	// Read the contents in a first pass
+	for(auto it = begin; it != end; it++)
+	{
+		std::string &filename = *it;
+		std::ifstream is;
+		is.open(filename);
+		if (!is.is_open())
+		{
+			throw falco_exception("Could not open file " + filename + " for reading");
+		}
+
+		std::string rules_content((std::istreambuf_iterator<char>(is)),
+						std::istreambuf_iterator<char>());
+		rules_contents.emplace_back(std::move(rules_content));
+	}
+
+	// Populate the map in a second pass to avoid
+	// references becoming invalid.
+	auto it = begin;
+	auto rit = rules_contents.begin();
+	for(; it != end && rit != rules_contents.end(); it++, rit++)
+	{
+		rc.emplace(*it, *rit);
+	}
+
+	// Both it and rit must be at the end, otherwise
+	// there's a bug in the above
+	if(it != end || rit != rules_contents.end())
+	{
+		throw falco_exception("Unexpected mismatch in rules content name/rules content sets?");
+	}
+}
+
+
+}; // namespace actions
+}; // namespace app
+}; // namespace falco

userspace/falco/app/actions/helpers_generic.cpp

@@ -0,0 +1,69 @@
+/*
+Copyright (C) 2023 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include "helpers.h"
+#include <plugin_manager.h>
+
+#include <unordered_set>
+
+using namespace falco::app;
+using namespace falco::app::actions;
+
+bool falco::app::actions::check_rules_plugin_requirements(falco::app::state& s, std::string& err)
+{
+	// Ensure that all plugins are compatible with the loaded set of rules
+	// note: offline inspector contains all the loaded plugins
+	std::vector<falco_engine::plugin_version_requirement> plugin_reqs;
+	for (const auto &plugin : s.offline_inspector->get_plugin_manager()->plugins())
+ 	{
+		falco_engine::plugin_version_requirement req;
+		req.name = plugin->name();
+		req.version = plugin->plugin_version().as_string();
+		plugin_reqs.push_back(req);
+ 	}
+	return s.engine->check_plugin_requirements(plugin_reqs, err);
+}
+
+void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
+{
+	/* Print all enabled sources. */
+	std::string str;
+	for (const auto &s : s.enabled_sources)
+	{
+		str += str.empty() ? "" : ", ";
+		str += s;
+	}
+	falco_logger::log(LOG_INFO, "Enabled event sources: " + str + "\n");
+}
+
+void falco::app::actions::format_plugin_info(std::shared_ptr<sinsp_plugin> p, std::ostream& os)
+{
+	os << "Name: " << p->name() << std::endl;
+	os << "Description: " << p->description() << std::endl;
+	os << "Contact: " << p->contact() << std::endl;
+	os << "Version: " << p->plugin_version().as_string() << std::endl;
+	os << "Capabilities: " << std::endl;
+	if(p->caps() & CAP_SOURCING)
+	{
+		os << "  - Event Sourcing (ID=" << p->id();
+		os << ", source='" << p->event_source() << "')" << std::endl;
+	}
+	if(p->caps() & CAP_EXTRACTION)
+	{
+		os << "  - Field Extraction" << std::endl;
+	}
+}
+

userspace/falco/app/actions/helpers_inspector.cpp

@@ -20,7 +20,7 @@ limitations under the License.
 
 #include <plugin_manager.h>
 
-#include "actions.h"
+#include "helpers.h"
 
 /* DEPRECATED: we will remove it in Falco 0.34. */
 #define FALCO_BPF_ENV_VARIABLE "FALCO_BPF_PROBE"

userspace/falco/app/actions/helpers_interesting_sets.cpp

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-#include "actions.h"
+#include "helpers.h"
 
 using namespace falco::app;
 using namespace falco::app::actions;

userspace/falco/app/actions/init_inspectors.cpp

@@ -15,7 +15,10 @@ limitations under the License.
 */
 
 #include "actions.h"
+#include "helpers.h"
+
 #include <unordered_set>
+
 #include <plugin_manager.h>
 
 using namespace falco::app;

userspace/falco/app/actions/list_plugins.cpp

@@ -15,6 +15,8 @@ limitations under the License.
 */
 
 #include "actions.h"
+#include "helpers.h"
+
 #include <plugin_manager.h>
 
 using namespace falco::app;

userspace/falco/app/actions/load_rules_files.cpp

@@ -15,6 +15,8 @@ limitations under the License.
 */
 
 #include "actions.h"
+#include "helpers.h"
+
 #include <plugin_manager.h>
 
 #include <unordered_set>
@@ -22,21 +24,6 @@ limitations under the License.
 using namespace falco::app;
 using namespace falco::app::actions;
 
-bool falco::app::actions::check_rules_plugin_requirements(falco::app::state& s, std::string& err)
-{
-	// Ensure that all plugins are compatible with the loaded set of rules
-	// note: offline inspector contains all the loaded plugins
-	std::vector<falco_engine::plugin_version_requirement> plugin_reqs;
-	for (const auto &plugin : s.offline_inspector->get_plugin_manager()->plugins())
- 	{
-		falco_engine::plugin_version_requirement req;
-		req.name = plugin->name();
-		req.version = plugin->plugin_version().as_string();
-		plugin_reqs.push_back(req);
- 	}
-	return s.engine->check_plugin_requirements(plugin_reqs, err);
-}
-
 static void check_for_ignored_events(falco::app::state& s)
 {
 	/* Get the events from the rules. */

userspace/falco/app/actions/print_ignored_events.cpp

@@ -15,6 +15,7 @@ limitations under the License.
 */
 
 #include "actions.h"
+#include "helpers.h"
 
 using namespace falco::app;
 using namespace falco::app::actions;

userspace/falco/app/actions/print_plugin_info.cpp

@@ -15,29 +15,13 @@ limitations under the License.
 */
 
 #include "actions.h"
+#include "helpers.h"
+
 #include <plugin_manager.h>
 
 using namespace falco::app;
 using namespace falco::app::actions;
 
-void falco::app::actions::format_plugin_info(std::shared_ptr<sinsp_plugin> p, std::ostream& os)
-{
-	os << "Name: " << p->name() << std::endl;
-	os << "Description: " << p->description() << std::endl;
-	os << "Contact: " << p->contact() << std::endl;
-	os << "Version: " << p->plugin_version().as_string() << std::endl;
-	os << "Capabilities: " << std::endl;
-	if(p->caps() & CAP_SOURCING)
-	{
-		os << "  - Event Sourcing (ID=" << p->id();
-		os << ", source='" << p->event_source() << "')" << std::endl;
-	}
-	if(p->caps() & CAP_EXTRACTION)
-	{
-		os << "  - Field Extraction" << std::endl;
-	}
-}
-
 falco::app::run_result falco::app::actions::print_plugin_info(falco::app::state& s)
 {
 #ifdef MUSL_OPTIMIZED

userspace/falco/app/actions/print_support.cpp

@@ -16,7 +16,6 @@ limitations under the License.
 
 #include <sys/utsname.h>
 
-#include "versions_info.h"
 #include "actions.h"
 #include "../../versions_info.h"
 

userspace/falco/app/actions/print_syscall_events.cpp

@@ -15,6 +15,7 @@ limitations under the License.
 */
 
 #include "actions.h"
+#include "helpers.h"
 
 using namespace falco::app;
 using namespace falco::app::actions;

userspace/falco/app/actions/process_events.cpp

@@ -24,14 +24,16 @@ limitations under the License.
 #include <unordered_map>
 
 #include "falco_utils.h"
-#include "event_drops.h"
-#include "actions.h"
-#include "falco_outputs.h"
 #include "token_bucket.h"
+
+#include "actions.h"
+#include "helpers.h"
 #include "../options.h"
 #include "../signals.h"
 #include "../../semaphore.h"
 #include "../../stats_writer.h"
+#include "../../falco_outputs.h"
+#include "../../event_drops.h"
 #ifndef MINIMAL_BUILD
 #include "../../webserver.h"
 #endif
@@ -460,8 +462,10 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
 				}
 				else
 				{
-					ctx.thread.reset(new std::thread([&s, &src_info, &statsw, &source, &ctx](){
-						process_inspector_events(s, src_info->inspector, statsw, source, ctx.sync.get(), &ctx.res);
+					auto res_ptr = &ctx.res;
+					auto sync_ptr = ctx.sync.get();
+					ctx.thread.reset(new std::thread([&s, src_info, &statsw, source, sync_ptr, res_ptr](){
+						process_inspector_events(s, src_info->inspector, statsw, source, sync_ptr, res_ptr);
 					}));
 				}
 			}

userspace/falco/app/actions/select_event_sources.cpp

@@ -12,22 +12,11 @@ limitations under the License.
 */
 
 #include "actions.h"
+#include "helpers.h"
 
 using namespace falco::app;
 using namespace falco::app::actions;
 
-void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
-{
-	/* Print all enabled sources. */
-	std::string str;
-	for (const auto &s : s.enabled_sources)
-	{
-		str += str.empty() ? "" : ", ";
-		str += s;
-	}
-	falco_logger::log(LOG_INFO, "Enabled event sources: " + str + "\n");
-}
-
 falco::app::run_result falco::app::actions::select_event_sources(falco::app::state& s)
 {
 	s.enabled_sources = s.loaded_sources;

userspace/falco/app/actions/validate_rules_files.cpp

@@ -15,6 +15,8 @@ limitations under the License.
 */
 
 #include "actions.h"
+#include "helpers.h"
+
 #include <string>
 
 using namespace falco::app;