diff --git a/userspace/falco/app_actions/start_webserver.cpp b/userspace/falco/app_actions/start_webserver.cpp index 211c5f7f..2a4b7e6a 100644 --- a/userspace/falco/app_actions/start_webserver.cpp +++ b/userspace/falco/app_actions/start_webserver.cpp @@ -25,8 +25,7 @@ using namespace falco::app; application::run_result application::start_webserver() { run_result ret; - - if(m_state->config->m_webserver_enabled) + if(!is_capture_mode() && m_state->config->m_webserver_enabled) { std::string ssl_option = (m_state->config->m_webserver_ssl_enabled ? " (SSL)" : ""); falco_logger::log(LOG_INFO, "Starting internal webserver, listening on port " + to_string(m_state->config->m_webserver_listen_port) + ssl_option + "\n"); @@ -36,14 +35,15 @@ application::run_result application::start_webserver() m_state->config->m_webserver_ssl_certificate, m_state->config->m_webserver_ssl_enabled); } - return ret; } bool application::stop_webserver(std::string &errstr) { - m_state->webserver.stop(); - + if(!is_capture_mode()) + { + m_state->webserver.stop(); + } return true; } diff --git a/userspace/falco/application.cpp b/userspace/falco/application.cpp index 3d7f49be..3ae50b6e 100644 --- a/userspace/falco/application.cpp +++ b/userspace/falco/application.cpp @@ -29,8 +29,6 @@ using namespace std::placeholders; namespace falco { namespace app { -std::string application::s_syscall_source = falco_common::syscall_source; - application::run_result::run_result() : success(true), errstr(""), proceed(true) { @@ -44,7 +42,7 @@ application::state::state() : restart(false), terminate(false), reopen_outputs(false), - enabled_sources({application::s_syscall_source}) + enabled_sources({falco_common::syscall_source}) { config = std::make_shared(); outputs = std::make_shared(); @@ -130,8 +128,8 @@ bool application::run(std::string &errstr, bool &restart) std::bind(&application::create_signal_handlers, this), std::bind(&application::load_config, this), std::bind(&application::init_inspector, this), - std::bind(&application::init_falco_engine, this), std::bind(&application::load_plugins, this), + std::bind(&application::init_falco_engine, this), std::bind(&application::list_fields, this), std::bind(&application::list_plugins, this), std::bind(&application::load_rules_files, this), diff --git a/userspace/falco/application.h b/userspace/falco/application.h index 33532284..78eba729 100644 --- a/userspace/falco/application.h +++ b/userspace/falco/application.h @@ -52,15 +52,12 @@ public: bool run(std::string &errstr, bool &restart); private: - static std::string s_syscall_source; - // Holds the state used and shared by the below methods that // actually implement the application. Declared as a // standalone class to allow for a bit of separation between // application state and instance variables, and to also defer // initializing this state until application::init. - class state { - public: + struct state { state(); virtual ~state(); @@ -74,23 +71,15 @@ private: std::shared_ptr inspector; std::set enabled_sources; - // The event sources that correspond to "syscall" + // The event source index that correspond to "syscall" std::size_t syscall_source_idx; - // The event source actually used to process events in - // process_events(). Will generally be - // syscall_source_idx, or a plugin index if plugins - // are loaded. - std::size_t event_source_idx; - - std::list plugin_infos; - // All filterchecks created by plugins go in this // list. If we ever support multiple event sources at // the same time, this, and the factories created in // init_inspector/load_plugins, will have to be a map // from event source to filtercheck list. - filter_check_list plugin_filter_checks; + std::map plugin_filter_checks; std::map required_engine_versions; @@ -164,11 +153,18 @@ private: uint64_t do_inspect(syscall_evt_drop_mgr &sdropmgr, uint64_t duration_to_tot_ns, run_result &result); + + inline bool is_syscall_source_enabled() const + { + return m_state->enabled_sources.find(falco_common::syscall_source) + != m_state->enabled_sources.end(); + } + + inline bool is_capture_mode() const + { + return !m_options.trace_filename.empty(); + } - // This could probably become a direct object once lua is - // removed from falco. Currently, creating any global - // application object results in a crash in - // falco_common::init(), as it loads all lua modules. std::unique_ptr m_state; cmdline_options m_options; bool m_initialized;