new(cmake,userspace): port Falco to use new container plugin.

It will be shipped by default hence it is present in default config.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

userspace/falco/CMakeLists.txt

@@ -123,6 +123,7 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT MINIMAL_BUILD)
 		"${PROTOBUF_LIB}"
 		"${CARES_LIB}"
 		"${OPENSSL_LIBRARIES}"
+		"${CURL_LIBRARIES}"
 	)
 endif()
 

userspace/falco/app/actions/init_inspectors.cpp

@@ -33,51 +33,6 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>
 
 	inspector->set_buffer_format(event_buffer_format);
 
-	//
-	// Container engines
-	//
-
-	// Debug log messages
-	if(s.config->m_container_engines_mask & (1 << CT_DOCKER)) {
-		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'docker'");
-	}
-
-	if(s.config->m_container_engines_mask & (1 << CT_PODMAN)) {
-		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'podman'");
-	}
-
-	if(s.config->m_container_engines_mask &
-	   ((1 << CT_CRI) | (1 << CT_CRIO) | (1 << CT_CONTAINERD))) {
-		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'CRI'");
-	}
-
-	if(s.config->m_container_engines_mask & (1 << CT_LXC)) {
-		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'lxc'");
-	}
-
-	if(s.config->m_container_engines_mask & (1 << CT_LIBVIRT_LXC)) {
-		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'libvirt_lxc'");
-	}
-
-	if(s.config->m_container_engines_mask & (1 << CT_BPM)) {
-		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'bpm'");
-	}
-
-	// Container engines configs via falco.yaml
-	inspector->set_container_engine_mask(s.config->m_container_engines_mask);
-	for(auto& p : s.config->m_container_engines_cri_socket_paths) {
-		if(!p.empty()) {
-			inspector->add_cri_socket_path(p);
-			falco_logger::log(falco_logger::level::DEBUG,
-			                  "Enabled container runtime socket at '" + p + "' via config file");
-		}
-	}
-
-	inspector->set_cri_async(!s.config->m_container_engines_disable_cri_async);
-	if(s.config->m_container_engines_disable_cri_async) {
-		falco_logger::log(falco_logger::level::DEBUG, "Disabling async lookups for 'CRI'");
-	}
-
 	//
 	// If required, set the snaplen.
 	//

userspace/falco/configuration.cpp

@@ -96,12 +96,7 @@ falco_configuration::falco_configuration():
         m_metrics_flags(0),
         m_metrics_convert_memory_to_mb(true),
         m_metrics_include_empty_values(false),
-        m_plugins_hostinfo(true),
-        m_container_engines_mask(0),
-        m_container_engines_disable_cri_async(false),
-        m_container_engines_cri_socket_paths({"/run/containerd/containerd.sock",
-                                              "/run/crio/crio.sock",
-                                              "/run/k3s/containerd/containerd.sock"}) {
+        m_plugins_hostinfo(true) {
 	m_config_schema = nlohmann::json::parse(config_schema_string);
 }
 
@@ -699,31 +694,59 @@ void falco_configuration::load_yaml(const std::string &config_name) {
 
 	m_watch_config_files = m_config.get_scalar<bool>("watch_config_files", true);
 
-	if(m_config.get_scalar<bool>("container_engines.docker.enabled", true)) {
-		m_container_engines_mask |= (1 << CT_DOCKER);
+	load_container_config();
+}
+
+void falco_configuration::load_container_config() {
+	// Find container plugin
+	const std::string *init_cfg;
+	for(const auto &p : m_plugins) {
+		if(p.m_name == "container") {
+			// Store the point to be later overridden
+			init_cfg = &p.m_init_config;
+		}
 	}
-	if(m_config.get_scalar<bool>("container_engines.podman.enabled", true)) {
-		m_container_engines_mask |= (1 << CT_PODMAN);
+
+	if(m_config.is_defined("container_engines.docker.enabled")) {
+		const auto docker_enabled =
+		        m_config.get_scalar<bool>("container_engines.docker.enabled", true);
+		// TODO update init_cfg
 	}
-	if(m_config.get_scalar<bool>("container_engines.cri.enabled", true)) {
-		m_container_engines_mask |= ((1 << CT_CRI) | (1 << CT_CRIO) | (1 << CT_CONTAINERD));
-		m_container_engines_cri_socket_paths.clear();
-		m_config.get_sequence<std::vector<std::string>>(m_container_engines_cri_socket_paths,
-		                                                "container_engines.cri.sockets");
-		m_container_engines_disable_cri_async =
-		        m_config.get_scalar<bool>("container_engines.cri.disable-cri-async", false);
+
+	if(m_config.is_defined("container_engines.podman.enabled")) {
+		const auto podman_enabled =
+		        m_config.get_scalar<bool>("container_engines.podman.enabled", true);
+		// TODO update init_cfg
 	}
-	if(m_config.get_scalar<bool>("container_engines.lxc.enabled", true)) {
-		m_container_engines_mask |= (1 << CT_LXC);
+
+	if(m_config.is_defined("container_engines.cri.enabled")) {
+		const auto cri_enabled = m_config.get_scalar<bool>("container_engines.cri.enabled", true);
+		// TODO update init_cfg
+
+		if(cri_enabled) {
+			std::vector<std::string> cri_socket_paths;
+			m_config.get_sequence<std::vector<std::string>>(cri_socket_paths,
+			                                                "container_engines.cri.sockets");
+			auto disable_cri_async =
+			        m_config.get_scalar<bool>("container_engines.cri.disable-cri-async", false);
+			// TODO update initcfg
+		}
 	}
-	if(m_config.get_scalar<bool>("container_engines.libvirt_lxc.enabled", true)) {
-		m_container_engines_mask |= (1 << CT_LIBVIRT_LXC);
+
+	if(m_config.is_defined("container_engines.lxc.enabled")) {
+		const auto lxc_enabled = m_config.get_scalar<bool>("container_engines.lxc.enabled", true);
+		// TODO update init_cfg
 	}
-	if(m_config.get_scalar<bool>("container_engines.rocket.enabled", true)) {
-		m_container_engines_mask |= (1 << CT_RKT);
+
+	if(m_config.is_defined("container_engines.libvirt_lxc.enabled")) {
+		const auto libvirt_lxc_enabled =
+		        m_config.get_scalar<bool>("container_engines.libvirt_lxc.enabled", true);
+		// TODO update init_cfg
 	}
-	if(m_config.get_scalar<bool>("container_engines.bpm.enabled", true)) {
-		m_container_engines_mask |= (1 << CT_BPM);
+
+	if(m_config.is_defined("container_engines.bpm.enabled")) {
+		const auto bpm_enabled = m_config.get_scalar<bool>("container_engines.bpm.enabled", true);
+		// TODO update init_cfg
 	}
 }
 

userspace/falco/configuration.h

@@ -199,11 +199,6 @@ public:
 	std::vector<plugin_config> m_plugins;
 	bool m_plugins_hostinfo;
 
-	// container engines
-	uint64_t m_container_engines_mask;
-	uint64_t m_container_engines_disable_cri_async;
-	std::vector<std::string> m_container_engines_cri_socket_paths;
-
 	// Falco engine
 	engine_kind_t m_engine_mode = engine_kind_t::KMOD;
 	kmod_config m_kmod = {};
@@ -218,6 +213,7 @@ public:
 private:
 	void merge_config_files(const std::string& config_name, config_loaded_res& res);
 	void load_yaml(const std::string& config_name);
+	void load_container_config();
 	void init_logger();
 	void load_engine_config(const std::string& config_name);
 	void init_cmdline_options(const std::vector<std::string>& cmdline_options);

userspace/falco/outputs_http.h

@@ -18,6 +18,8 @@ limitations under the License.
 #pragma once
 
 #include "outputs.h"
+#include <curl/curl.h>
+#include <curl/easy.h>
 
 namespace falco {
 namespace outputs {