mirror of
https://github.com/falcosecurity/falco.git
synced 2025-08-01 14:37:49 +00:00
fix(userspace/falco): do not start webserver in capture mode.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro
poiana
parent
f6dba24b81
commit
5f00cea3c9
@ -25,8 +25,7 @@ using namespace falco::app;
|
||||
application::run_result application::start_webserver()
|
||||
{
|
||||
run_result ret;
|
||||
|
||||
if(m_state->config->m_webserver_enabled)
|
||||
if(!is_capture_mode() && m_state->config->m_webserver_enabled)
|
||||
{
|
||||
std::string ssl_option = (m_state->config->m_webserver_ssl_enabled ? " (SSL)" : "");
|
||||
falco_logger::log(LOG_INFO, "Starting internal webserver, listening on port " + to_string(m_state->config->m_webserver_listen_port) + ssl_option + "\n");
|
||||
@ -36,14 +35,15 @@ application::run_result application::start_webserver()
|
||||
m_state->config->m_webserver_ssl_certificate,
|
||||
m_state->config->m_webserver_ssl_enabled);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
bool application::stop_webserver(std::string &errstr)
|
||||
{
|
||||
m_state->webserver.stop();
|
||||
|
||||
if(!is_capture_mode())
|
||||
{
|
||||
m_state->webserver.stop();
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@ -29,8 +29,6 @@ using namespace std::placeholders;
|
||||
namespace falco {
|
||||
namespace app {
|
||||
|
||||
std::string application::s_syscall_source = falco_common::syscall_source;
|
||||
|
||||
application::run_result::run_result()
|
||||
: success(true), errstr(""), proceed(true)
|
||||
{
|
||||
@ -44,7 +42,7 @@ application::state::state()
|
||||
: restart(false),
|
||||
terminate(false),
|
||||
reopen_outputs(false),
|
||||
enabled_sources({application::s_syscall_source})
|
||||
enabled_sources({falco_common::syscall_source})
|
||||
{
|
||||
config = std::make_shared<falco_configuration>();
|
||||
outputs = std::make_shared<falco_outputs>();
|
||||
@ -130,8 +128,8 @@ bool application::run(std::string &errstr, bool &restart)
|
||||
std::bind(&application::create_signal_handlers, this),
|
||||
std::bind(&application::load_config, this),
|
||||
std::bind(&application::init_inspector, this),
|
||||
std::bind(&application::init_falco_engine, this),
|
||||
std::bind(&application::load_plugins, this),
|
||||
std::bind(&application::init_falco_engine, this),
|
||||
std::bind(&application::list_fields, this),
|
||||
std::bind(&application::list_plugins, this),
|
||||
std::bind(&application::load_rules_files, this),
|
||||
|
||||
@ -52,15 +52,12 @@ public:
|
||||
bool run(std::string &errstr, bool &restart);
|
||||
|
||||
private:
|
||||
static std::string s_syscall_source;
|
||||
|
||||
// Holds the state used and shared by the below methods that
|
||||
// actually implement the application. Declared as a
|
||||
// standalone class to allow for a bit of separation between
|
||||
// application state and instance variables, and to also defer
|
||||
// initializing this state until application::init.
|
||||
class state {
|
||||
public:
|
||||
struct state {
|
||||
state();
|
||||
virtual ~state();
|
||||
|
||||
@ -74,23 +71,15 @@ private:
|
||||
std::shared_ptr<sinsp> inspector;
|
||||
std::set<std::string> enabled_sources;
|
||||
|
||||
// The event sources that correspond to "syscall"
|
||||
// The event source index that correspond to "syscall"
|
||||
std::size_t syscall_source_idx;
|
||||
|
||||
// The event source actually used to process events in
|
||||
// process_events(). Will generally be
|
||||
// syscall_source_idx, or a plugin index if plugins
|
||||
// are loaded.
|
||||
std::size_t event_source_idx;
|
||||
|
||||
std::list<sinsp_plugin::info> plugin_infos;
|
||||
|
||||
// All filterchecks created by plugins go in this
|
||||
// list. If we ever support multiple event sources at
|
||||
// the same time, this, and the factories created in
|
||||
// init_inspector/load_plugins, will have to be a map
|
||||
// from event source to filtercheck list.
|
||||
filter_check_list plugin_filter_checks;
|
||||
std::map<std::string, filter_check_list> plugin_filter_checks;
|
||||
|
||||
std::map<string,uint64_t> required_engine_versions;
|
||||
|
||||
@ -164,11 +153,18 @@ private:
|
||||
uint64_t do_inspect(syscall_evt_drop_mgr &sdropmgr,
|
||||
uint64_t duration_to_tot_ns,
|
||||
run_result &result);
|
||||
|
||||
inline bool is_syscall_source_enabled() const
|
||||
{
|
||||
return m_state->enabled_sources.find(falco_common::syscall_source)
|
||||
!= m_state->enabled_sources.end();
|
||||
}
|
||||
|
||||
inline bool is_capture_mode() const
|
||||
{
|
||||
return !m_options.trace_filename.empty();
|
||||
}
|
||||
|
||||
// This could probably become a direct object once lua is
|
||||
// removed from falco. Currently, creating any global
|
||||
// application object results in a crash in
|
||||
// falco_common::init(), as it loads all lua modules.
|
||||
std::unique_ptr<state> m_state;
|
||||
cmdline_options m_options;
|
||||
bool m_initialized;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user