new(userspace/falco): select driver from config

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
This commit is contained in:
Roberto Scolaro 2023-11-06 14:46:14 +00:00 committed by poiana
parent ea2d62d56b
commit 626e609e4b
4 changed files with 22 additions and 5 deletions

View File

@ -20,6 +20,7 @@ limitations under the License.
#include <fcntl.h> #include <fcntl.h>
#include <plugin_manager.h> #include <plugin_manager.h>
#include <configuration.h>
#include "helpers.h" #include "helpers.h"
@ -52,6 +53,13 @@ falco::app::run_result falco::app::actions::open_live_inspector(
std::shared_ptr<sinsp> inspector, std::shared_ptr<sinsp> inspector,
const std::string& source) const std::string& source)
{ {
bool is_driver_mode_from_cmdline = (s.options.nodriver ||
s.is_gvisor_enabled() ||
s.options.modern_bpf ||
getenv(FALCO_BPF_ENV_VARIABLE) != NULL
);
try try
{ {
if (source != falco_common::syscall_source) /* Plugin engine */ if (source != falco_common::syscall_source) /* Plugin engine */
@ -71,7 +79,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
} }
return run_result::fatal("Can't find plugin for event source: " + source); return run_result::fatal("Can't find plugin for event source: " + source);
} }
else if (s.options.nodriver) /* nodriver engine. */ else if (s.options.nodriver || (!is_driver_mode_from_cmdline && s.config->m_driver_mode == driver_mode_type::NODRIVER)) /* nodriver engine. */
{ {
// when opening a capture with no driver, Falco will first check // when opening a capture with no driver, Falco will first check
// if a plugin is capable of generating raw events from the libscap // if a plugin is capable of generating raw events from the libscap
@ -90,18 +98,18 @@ falco::app::run_result falco::app::actions::open_live_inspector(
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with no driver\n"); falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with no driver\n");
inspector->open_nodriver(); inspector->open_nodriver();
} }
else if(s.is_gvisor_enabled()) /* gvisor engine. */ else if(s.is_gvisor_enabled() || (!is_driver_mode_from_cmdline && s.config->m_driver_mode == driver_mode_type::GVISOR)) /* gvisor engine. */
{ {
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with gVisor. Configuration path: " + s.options.gvisor_config); falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with gVisor. Configuration path: " + s.options.gvisor_config);
inspector->open_gvisor(s.options.gvisor_config, s.options.gvisor_root); inspector->open_gvisor(s.options.gvisor_config, s.options.gvisor_root);
} }
else if(s.options.modern_bpf) /* modern BPF engine. */ else if(s.options.modern_bpf || (!is_driver_mode_from_cmdline && s.config->m_driver_mode == driver_mode_type::MODERN_BPF)) /* modern BPF engine. */
{ {
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with modern BPF probe."); falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with modern BPF probe.");
falco_logger::log(falco_logger::level::INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs."); falco_logger::log(falco_logger::level::INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs.");
inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.selected_sc_set); inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.selected_sc_set);
} }
else if(getenv(FALCO_BPF_ENV_VARIABLE) != NULL) /* BPF engine. */ else if(getenv(FALCO_BPF_ENV_VARIABLE) != NULL || (!is_driver_mode_from_cmdline && s.config->m_driver_mode == driver_mode_type::BPF)) /* BPF engine. */
{ {
const char *bpf_probe_path = std::getenv(FALCO_BPF_ENV_VARIABLE); const char *bpf_probe_path = std::getenv(FALCO_BPF_ENV_VARIABLE);
char full_path[PATH_MAX]; char full_path[PATH_MAX];

View File

@ -22,6 +22,7 @@ limitations under the License.
#include <cxxopts.hpp> #include <cxxopts.hpp>
#include <fstream> #include <fstream>
#include <sys/syslog.h>
namespace falco { namespace falco {
namespace app { namespace app {
@ -149,7 +150,11 @@ bool options::parse(int argc, char **argv, std::string &errstr)
open_modes += !trace_filename.empty(); open_modes += !trace_filename.empty();
open_modes += !gvisor_config.empty(); open_modes += !gvisor_config.empty();
open_modes += modern_bpf; open_modes += modern_bpf;
open_modes += getenv("FALCO_BPF_PROBE") != NULL; if(getenv("FALCO_BPF_PROBE") != NULL)
{
falco_logger::log(LOG_WARNING, "DEPRECATION NOTICE: the FALCO_BPF_PROBE environment variable will be soon deprecated!\n");
open_modes += 1;
}
open_modes += nodriver; open_modes += nodriver;
if (open_modes > 1) if (open_modes > 1)
{ {

View File

@ -112,6 +112,8 @@ static driver_mode_type get_driver_mode(const std::string& input){
{"kmod",driver_mode_type::KMOD}, {"kmod",driver_mode_type::KMOD},
{"bpf",driver_mode_type::BPF}, {"bpf",driver_mode_type::BPF},
{"modern_bpf",driver_mode_type::MODERN_BPF}, {"modern_bpf",driver_mode_type::MODERN_BPF},
{"gvisor",driver_mode_type::GVISOR},
{"nodriver",driver_mode_type::NODRIVER},
{"custom",driver_mode_type::CUSTOM}, {"custom",driver_mode_type::CUSTOM},
}; };

View File

@ -43,6 +43,8 @@ enum class driver_mode_type : uint8_t
KMOD, KMOD,
BPF, BPF,
MODERN_BPF, MODERN_BPF,
GVISOR,
NODRIVER,
CUSTOM CUSTOM
}; };