github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-11 19:12:12 +00:00
Code Issues Projects Releases Wiki Activity

fix(userspace/falco): do not start webserver in capture mode.

Browse Source 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro 2022-05-13 12:56:00 +02:00 committed by poiana
parent f6dba24b81
commit 5f00cea3c9
3 changed files with 21 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
userspace/falco/app_actions/start_webserver.cpp
View File

@ -25,8 +25,7 @@ using namespace falco::app;
application::run_result application::start_webserver() application::run_result application::start_webserver()
{ {
run_result ret; run_result ret;
if(!is_capture_mode() && m_state->config->m_webserver_enabled)
if(m_state->config->m_webserver_enabled)
{ {
std::string ssl_option = (m_state->config->m_webserver_ssl_enabled ? " (SSL)" : ""); std::string ssl_option = (m_state->config->m_webserver_ssl_enabled ? " (SSL)" : "");
falco_logger::log(LOG_INFO, "Starting internal webserver, listening on port " + to_string(m_state->config->m_webserver_listen_port) + ssl_option + "\n"); falco_logger::log(LOG_INFO, "Starting internal webserver, listening on port " + to_string(m_state->config->m_webserver_listen_port) + ssl_option + "\n");
@ -36,14 +35,15 @@ application::run_result application::start_webserver()
m_state->config->m_webserver_ssl_certificate, m_state->config->m_webserver_ssl_certificate,
m_state->config->m_webserver_ssl_enabled); m_state->config->m_webserver_ssl_enabled);
} }
return ret; return ret;
} }
bool application::stop_webserver(std::string &errstr) bool application::stop_webserver(std::string &errstr)
{
if(!is_capture_mode())
{ {
m_state->webserver.stop(); m_state->webserver.stop();
}
return true; return true;
} }

6
userspace/falco/application.cpp
View File

@ -29,8 +29,6 @@ using namespace std::placeholders;
namespace falco { namespace falco {
namespace app { namespace app {
std::string application::s_syscall_source = falco_common::syscall_source;
application::run_result::run_result() application::run_result::run_result()
: success(true), errstr(""), proceed(true) : success(true), errstr(""), proceed(true)
{ {
@ -44,7 +42,7 @@ application::state::state()
: restart(false), : restart(false),
terminate(false), terminate(false),
reopen_outputs(false), reopen_outputs(false),
enabled_sources({application::s_syscall_source}) enabled_sources({falco_common::syscall_source})
{ {
config = std::make_shared<falco_configuration>(); config = std::make_shared<falco_configuration>();
outputs = std::make_shared<falco_outputs>(); outputs = std::make_shared<falco_outputs>();
@ -130,8 +128,8 @@ bool application::run(std::string &errstr, bool &restart)
std::bind(&application::create_signal_handlers, this), std::bind(&application::create_signal_handlers, this),
std::bind(&application::load_config, this), std::bind(&application::load_config, this),
std::bind(&application::init_inspector, this), std::bind(&application::init_inspector, this),
std::bind(&application::init_falco_engine, this),
std::bind(&application::load_plugins, this), std::bind(&application::load_plugins, this),
std::bind(&application::init_falco_engine, this),
std::bind(&application::list_fields, this), std::bind(&application::list_fields, this),
std::bind(&application::list_plugins, this), std::bind(&application::list_plugins, this),
std::bind(&application::load_rules_files, this), std::bind(&application::load_rules_files, this),

32
userspace/falco/application.h
View File

@ -52,15 +52,12 @@ public:
bool run(std::string &errstr, bool &restart); bool run(std::string &errstr, bool &restart);
private: private:
static std::string s_syscall_source;
// Holds the state used and shared by the below methods that // Holds the state used and shared by the below methods that
// actually implement the application. Declared as a // actually implement the application. Declared as a
// standalone class to allow for a bit of separation between // standalone class to allow for a bit of separation between
// application state and instance variables, and to also defer // application state and instance variables, and to also defer
// initializing this state until application::init. // initializing this state until application::init.
class state { struct state {
public:
state(); state();
virtual ~state(); virtual ~state();
@ -74,23 +71,15 @@ private:
std::shared_ptr<sinsp> inspector; std::shared_ptr<sinsp> inspector;
std::set<std::string> enabled_sources; std::set<std::string> enabled_sources;
// The event sources that correspond to "syscall" // The event source index that correspond to "syscall"
std::size_t syscall_source_idx; std::size_t syscall_source_idx;
// The event source actually used to process events in
// process_events(). Will generally be
// syscall_source_idx, or a plugin index if plugins
// are loaded.
std::size_t event_source_idx;
std::list<sinsp_plugin::info> plugin_infos;
// All filterchecks created by plugins go in this // All filterchecks created by plugins go in this
// list. If we ever support multiple event sources at // list. If we ever support multiple event sources at
// the same time, this, and the factories created in // the same time, this, and the factories created in
// init_inspector/load_plugins, will have to be a map // init_inspector/load_plugins, will have to be a map
// from event source to filtercheck list. // from event source to filtercheck list.
filter_check_list plugin_filter_checks; std::map<std::string, filter_check_list> plugin_filter_checks;
std::map<string,uint64_t> required_engine_versions; std::map<string,uint64_t> required_engine_versions;
@ -165,10 +154,17 @@ private:
uint64_t duration_to_tot_ns, uint64_t duration_to_tot_ns,
run_result &result); run_result &result);
// This could probably become a direct object once lua is inline bool is_syscall_source_enabled() const
// removed from falco. Currently, creating any global {
// application object results in a crash in return m_state->enabled_sources.find(falco_common::syscall_source)
// falco_common::init(), as it loads all lua modules. != m_state->enabled_sources.end();
}
inline bool is_capture_mode() const
{
return !m_options.trace_filename.empty();
}
std::unique_ptr<state> m_state; std::unique_ptr<state> m_state;
cmdline_options m_options; cmdline_options m_options;
bool m_initialized; bool m_initialized;