diff --git a/CMakeLists.txt b/CMakeLists.txt index 6db34f82..1df3a616 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -100,7 +100,10 @@ endif() # explicitly set hardening flags set(CMAKE_POSITION_INDEPENDENT_CODE ON) -set(FALCO_SECURITY_FLAGS "-Wl,-z,relro,-z,now -fstack-protector-strong") +set(FALCO_SECURITY_FLAGS "") +if(CMAKE_SYSTEM_NAME MATCHES "Linux") + set(FALCO_SECURITY_FLAGS "${FALCO_SECURITY_FLAGS} -Wl,-z,relro,-z,now -fstack-protector-strong") +endif() if(CMAKE_BUILD_TYPE STREQUAL "release") set(FALCO_SECURITY_FLAGS "${FALCO_SECURITY_FLAGS} -D_FORTIFY_SOURCE=2") endif() diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake index d0a5e3c2..1c595777 100644 --- a/cmake/modules/falcosecurity-libs.cmake +++ b/cmake/modules/falcosecurity-libs.cmake @@ -45,8 +45,10 @@ endif() set(LIBS_PACKAGE_NAME "falcosecurity") -add_definitions(-D_GNU_SOURCE) -add_definitions(-DHAS_CAPTURE) +if(CMAKE_SYSTEM_NAME MATCHES "Linux") + add_definitions(-D_GNU_SOURCE) + add_definitions(-DHAS_CAPTURE) +endif() if(MUSL_OPTIMIZED_BUILD) add_definitions(-DMUSL_OPTIMIZED) diff --git a/unit_tests/CMakeLists.txt b/unit_tests/CMakeLists.txt index 0eed2c1d..c0444a61 100644 --- a/unit_tests/CMakeLists.txt +++ b/unit_tests/CMakeLists.txt @@ -28,9 +28,17 @@ file(GLOB_RECURSE FALCO_TESTS ${CMAKE_CURRENT_SOURCE_DIR}/falco/*.cpp) set(FALCO_UNIT_TESTS_SOURCES "${ENGINE_TESTS}" - "${FALCO_TESTS}" + falco/test_configuration.cpp + falco/app/actions/test_select_event_sources.cpp ) +if (CMAKE_SYSTEM_NAME MATCHES "Linux") + list(APPEND FALCO_UNIT_TESTS_SOURCES + falco/test_atomic_signal_handler.cpp + falco/app/actions/test_configure_interesting_sets.cpp + falco/app/actions/test_configure_syscall_buffer.cpp) +endif() + set(FALCO_UNIT_TESTS_INCLUDES PRIVATE ${CMAKE_SOURCE_DIR}/userspace @@ -62,3 +70,9 @@ add_executable(falco_unit_tests ${FALCO_UNIT_TESTS_SOURCES}) target_include_directories(falco_unit_tests ${FALCO_UNIT_TESTS_INCLUDES}) target_link_libraries(falco_unit_tests ${FALCO_UNIT_TESTS_LIBRARIES}) add_dependencies(falco_unit_tests ${FALCO_UNIT_TESTS_DEPENDENCIES}) + +if (EMSCRIPTEN) + target_compile_options(falco_unit_tests PRIVATE "-sDISABLE_EXCEPTION_CATCHING=0") + target_link_options(falco_unit_tests PRIVATE "-sDISABLE_EXCEPTION_CATCHING=0") + target_link_options(falco_unit_tests PRIVATE "-sEXPORTED_FUNCTIONS=['_main','_htons','_ntohs']") +endif() diff --git a/userspace/engine/CMakeLists.txt b/userspace/engine/CMakeLists.txt index 7ee9a1b9..8995f83b 100644 --- a/userspace/engine/CMakeLists.txt +++ b/userspace/engine/CMakeLists.txt @@ -29,6 +29,10 @@ set(FALCO_ENGINE_SOURCE_FILES add_library(falco_engine STATIC ${FALCO_ENGINE_SOURCE_FILES}) +if (EMSCRIPTEN) + target_compile_options(falco_engine PRIVATE "-sDISABLE_EXCEPTION_CATCHING=0") +endif() + add_dependencies(falco_engine yamlcpp njson) if(MINIMAL_BUILD) diff --git a/userspace/engine/evttype_index_ruleset.cpp b/userspace/engine/evttype_index_ruleset.cpp index 2a1839f4..e4909a4a 100644 --- a/userspace/engine/evttype_index_ruleset.cpp +++ b/userspace/engine/evttype_index_ruleset.cpp @@ -204,7 +204,11 @@ void evttype_index_ruleset::add( wrap->filter = filter; if(rule.source == falco_common::syscall_source) { +#ifdef __linux__ wrap->sc_codes = libsinsp::filter::ast::ppm_sc_codes(condition.get()); +#else + wrap->sc_codes = { }; +#endif wrap->event_codes = libsinsp::filter::ast::ppm_event_codes(condition.get()); } else diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp index 57622b1d..6d81af58 100644 --- a/userspace/engine/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -769,7 +769,10 @@ void falco_engine::get_json_evt_types(libsinsp::filter::ast::expr* ast, { output = Json::arrayValue; auto evtcodes = libsinsp::filter::ast::ppm_event_codes(ast); + libsinsp::events::set syscodes; +#ifdef __linux__ auto syscodes = libsinsp::filter::ast::ppm_sc_codes(ast); +#endif auto syscodes_to_evt_names = libsinsp::events::sc_set_to_event_names(syscodes); auto evtcodes_to_evt_names = libsinsp::events::event_set_to_names(evtcodes, false); for (const auto& n : unordered_set_union(syscodes_to_evt_names, evtcodes_to_evt_names)) diff --git a/userspace/engine/indexed_vector.h b/userspace/engine/indexed_vector.h index de3a2c55..b4f9bac7 100644 --- a/userspace/engine/indexed_vector.h +++ b/userspace/engine/indexed_vector.h @@ -16,7 +16,6 @@ limitations under the License. #pragma once -#include #include #include #include diff --git a/userspace/falco/CMakeLists.txt b/userspace/falco/CMakeLists.txt index 98205096..6e0d6a5a 100644 --- a/userspace/falco/CMakeLists.txt +++ b/userspace/falco/CMakeLists.txt @@ -143,6 +143,10 @@ add_library( ${FALCO_SOURCES} ) +if (EMSCRIPTEN) + target_compile_options(falco_application PRIVATE "-sDISABLE_EXCEPTION_CATCHING=0") +endif() + add_dependencies(falco_application ${FALCO_DEPENDENCIES}) target_link_libraries( @@ -161,6 +165,12 @@ add_dependencies(falco falco_application ${FALCO_DEPENDENCIES}) target_link_libraries(falco falco_application ${FALCO_LIBRARIES}) target_include_directories(falco PUBLIC ${FALCO_INCLUDE_DIRECTORIES}) +if (EMSCRIPTEN) + target_compile_options(falco PRIVATE "-sDISABLE_EXCEPTION_CATCHING=0") + target_link_options(falco PRIVATE "-sDISABLE_EXCEPTION_CATCHING=0") + target_link_options(falco PRIVATE "-sEXPORTED_FUNCTIONS=['_main','_htons','_ntohs']") +endif() + if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT MINIMAL_BUILD) add_custom_command( OUTPUT diff --git a/userspace/falco/app/actions/configure_interesting_sets.cpp b/userspace/falco/app/actions/configure_interesting_sets.cpp index 9970b695..ac8ccae5 100644 --- a/userspace/falco/app/actions/configure_interesting_sets.cpp +++ b/userspace/falco/app/actions/configure_interesting_sets.cpp @@ -214,6 +214,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set

sc_codes_for_ruleset(falco_common::syscall_source); select_event_set(s, rules_sc_set); check_for_rules_unsupported_events(s, rules_sc_set); + +#endif return run_result::ok(); } diff --git a/userspace/falco/app/actions/configure_syscall_buffer_num.cpp b/userspace/falco/app/actions/configure_syscall_buffer_num.cpp index dbe8d185..b06f3bba 100644 --- a/userspace/falco/app/actions/configure_syscall_buffer_num.cpp +++ b/userspace/falco/app/actions/configure_syscall_buffer_num.cpp @@ -21,6 +21,7 @@ using namespace falco::app::actions; falco::app::run_result falco::app::actions::configure_syscall_buffer_num(falco::app::state& s) { +#ifdef __linux__ if(!s.options.modern_bpf) { return run_result::ok(); @@ -37,6 +38,6 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_num(falco:: falco_logger::log(LOG_WARNING, "you required a buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs but there are only '" + std::to_string(online_cpus) + "' online CPUs. Falco changed the config to: one buffer every '" + std::to_string(online_cpus) + "' CPUs\n"); s.config->m_cpus_for_each_syscall_buffer = online_cpus; } - +#endif return run_result::ok(); } diff --git a/userspace/falco/app/actions/configure_syscall_buffer_size.cpp b/userspace/falco/app/actions/configure_syscall_buffer_size.cpp index 6404e089..11be185f 100644 --- a/userspace/falco/app/actions/configure_syscall_buffer_size.cpp +++ b/userspace/falco/app/actions/configure_syscall_buffer_size.cpp @@ -26,6 +26,7 @@ using namespace falco::app::actions; falco::app::run_result falco::app::actions::configure_syscall_buffer_size(falco::app::state& s) { +#ifdef __linux__ /* We don't need to compute the syscall buffer dimension if we are in capture mode or if the * the syscall source is not enabled. */ @@ -71,5 +72,7 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_size(falco: s.syscall_buffer_bytes_size = chosen_size; falco_logger::log(LOG_INFO, "The chosen syscall buffer dimension is: " + std::to_string(chosen_size) + " bytes (" + std::to_string(chosen_size / (uint64_t)(1024 * 1024)) + " MBs)\n"); + +#endif // __linux__ return run_result::ok(); } diff --git a/userspace/falco/app/actions/create_signal_handlers.cpp b/userspace/falco/app/actions/create_signal_handlers.cpp index fd59d848..f68798ac 100644 --- a/userspace/falco/app/actions/create_signal_handlers.cpp +++ b/userspace/falco/app/actions/create_signal_handlers.cpp @@ -20,7 +20,9 @@ limitations under the License. #include "../app.h" #include "../signals.h" +#ifdef __linux__ #include +#endif // __linux__ using namespace falco::app; using namespace falco::app::actions; @@ -48,6 +50,7 @@ static void restart_signal_handler(int signal) bool create_handler(int sig, void (*func)(int), run_result &ret) { ret = run_result::ok(); +#ifdef __linux__ if(signal(sig, func) == SIG_ERR) { char errbuf[1024]; @@ -61,12 +64,15 @@ bool create_handler(int sig, void (*func)(int), run_result &ret) ": " + errbuf); } - +#endif return ret.success; } falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::state& s) { + auto ret = run_result::ok(); + +#ifdef __linux__ if (s.options.dry_run) { falco_logger::log(LOG_DEBUG, "Skipping signal handlers creation in dry-run\n"); @@ -84,7 +90,6 @@ falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::s falco_logger::log(LOG_WARNING, "Bundled atomics implementation is not lock-free, signal handlers may be unstable\n"); } - run_result ret; if(! create_handler(SIGINT, ::terminate_signal_handler, ret) || ! create_handler(SIGTERM, ::terminate_signal_handler, ret) || ! create_handler(SIGUSR1, ::reopen_outputs_signal_handler, ret) || @@ -146,11 +151,14 @@ falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::s { s_restarter = s.restarter; } +#endif + return ret; } falco::app::run_result falco::app::actions::unregister_signal_handlers(falco::app::state& s) { +#ifdef __linux__ if (s.options.dry_run) { falco_logger::log(LOG_DEBUG, "Skipping unregistering signal handlers in dry-run\n"); @@ -171,5 +179,7 @@ falco::app::run_result falco::app::actions::unregister_signal_handlers(falco::ap { return ret; } +#endif // __linux__ + return run_result::ok(); } diff --git a/userspace/falco/app/actions/daemonize.cpp b/userspace/falco/app/actions/daemonize.cpp index 23bfcc76..f2b82561 100644 --- a/userspace/falco/app/actions/daemonize.cpp +++ b/userspace/falco/app/actions/daemonize.cpp @@ -27,6 +27,7 @@ static bool s_daemonized = false; falco::app::run_result falco::app::actions::daemonize(falco::app::state& s) { +#ifdef __linux__ if (s.options.dry_run) { falco_logger::log(LOG_DEBUG, "Skipping daemonizing in dry-run\n"); @@ -82,6 +83,7 @@ falco::app::run_result falco::app::actions::daemonize(falco::app::state& s) s_daemonized = true; } +#endif // __linux__ return run_result::ok(); } diff --git a/userspace/falco/app/actions/init_clients.cpp b/userspace/falco/app/actions/init_clients.cpp index 471f5163..075f76b0 100644 --- a/userspace/falco/app/actions/init_clients.cpp +++ b/userspace/falco/app/actions/init_clients.cpp @@ -21,7 +21,7 @@ using namespace falco::app::actions; falco::app::run_result falco::app::actions::init_clients(falco::app::state& s) { -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) // k8s is useful only if the syscall source is enabled if (s.is_capture_mode() || !s.is_source_enabled(falco_common::syscall_source)) { diff --git a/userspace/falco/app/actions/load_config.cpp b/userspace/falco/app/actions/load_config.cpp index 52bd8794..b2701009 100644 --- a/userspace/falco/app/actions/load_config.cpp +++ b/userspace/falco/app/actions/load_config.cpp @@ -80,13 +80,15 @@ falco::app::run_result falco::app::actions::load_config(falco::app::state& s) falco::app::run_result falco::app::actions::require_config_file(falco::app::state& s) { +#ifndef __EMSCRIPTEN__ if (s.options.conf_filename.empty()) { #ifndef BUILD_TYPE_RELEASE return run_result::fatal(std::string("You must create a config file at ") + FALCO_SOURCE_CONF_FILE + ", " + FALCO_INSTALL_CONF_FILE + " or by passing -c"); -#else +#else // BUILD_TYPE_RELEASE return run_result::fatal(std::string("You must create a config file at ") + FALCO_INSTALL_CONF_FILE + " or by passing -c"); -#endif +#endif // BUILD_TYPE_RELEASE } +#endif // __EMSCRIPTEN__ return run_result::ok(); } \ No newline at end of file diff --git a/userspace/falco/app/actions/load_plugins.cpp b/userspace/falco/app/actions/load_plugins.cpp index 7550e7b4..7fb9b138 100644 --- a/userspace/falco/app/actions/load_plugins.cpp +++ b/userspace/falco/app/actions/load_plugins.cpp @@ -22,10 +22,10 @@ using namespace falco::app::actions; falco::app::run_result falco::app::actions::load_plugins(falco::app::state& s) { -#ifdef MUSL_OPTIMIZED +#if !defined(MUSL_OPTIMIZED) and !defined(__EMSCRIPTEN__) if (!s.config->m_plugins.empty()) { - return run_result::fatal("Can not load/use plugins with musl optimized build"); + return run_result::fatal("Loading plugins dynamic libraries is not supported with this Falco build"); } #endif // Initialize the set of loaded event sources. diff --git a/userspace/falco/app/actions/print_plugin_info.cpp b/userspace/falco/app/actions/print_plugin_info.cpp index f279cbea..35b5b7fa 100644 --- a/userspace/falco/app/actions/print_plugin_info.cpp +++ b/userspace/falco/app/actions/print_plugin_info.cpp @@ -24,12 +24,6 @@ using namespace falco::app::actions; falco::app::run_result falco::app::actions::print_plugin_info(falco::app::state& s) { -#ifdef MUSL_OPTIMIZED - if(!s.options.print_plugin_info.empty()) - { - return run_result::fatal("Can not load or use plugins with musl optimized build"); - } -#else // MUSL_OPTIMIZED if(!s.options.print_plugin_info.empty()) { std::unique_ptr inspector(new sinsp()); @@ -110,7 +104,6 @@ falco::app::run_result falco::app::actions::print_plugin_info(falco::app::state& } return run_result::fatal("can't find plugin and print its info: " + s.options.print_plugin_info); } -#endif // MUSL_OPTIMIZED return run_result::ok(); } \ No newline at end of file diff --git a/userspace/falco/app/actions/process_events.cpp b/userspace/falco/app/actions/process_events.cpp index dc7a56a2..7f07032a 100644 --- a/userspace/falco/app/actions/process_events.cpp +++ b/userspace/falco/app/actions/process_events.cpp @@ -30,13 +30,10 @@ limitations under the License. #include "helpers.h" #include "../options.h" #include "../signals.h" -#include "../../semaphore.h" +#include "../../falco_semaphore.h" #include "../../stats_writer.h" #include "../../falco_outputs.h" #include "../../event_drops.h" -#ifndef MINIMAL_BUILD -#include "../../webserver.h" -#endif #include diff --git a/userspace/falco/app/actions/start_grpc_server.cpp b/userspace/falco/app/actions/start_grpc_server.cpp index 75619a94..af0364bd 100644 --- a/userspace/falco/app/actions/start_grpc_server.cpp +++ b/userspace/falco/app/actions/start_grpc_server.cpp @@ -16,7 +16,7 @@ limitations under the License. #include "actions.h" -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) #include "grpc_server.h" #endif @@ -25,7 +25,7 @@ using namespace falco::app::actions; falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state& s) { -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) // gRPC server if(s.config->m_grpc_enabled) { @@ -56,7 +56,7 @@ falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state& falco::app::run_result falco::app::actions::stop_grpc_server(falco::app::state& s) { -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) if(s.config->m_grpc_enabled) { if (s.options.dry_run) diff --git a/userspace/falco/app/actions/start_webserver.cpp b/userspace/falco/app/actions/start_webserver.cpp index 5e521838..fd3083ab 100644 --- a/userspace/falco/app/actions/start_webserver.cpp +++ b/userspace/falco/app/actions/start_webserver.cpp @@ -16,7 +16,7 @@ limitations under the License. #include "actions.h" -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) #include "webserver.h" #endif @@ -25,7 +25,7 @@ using namespace falco::app::actions; falco::app::run_result falco::app::actions::start_webserver(falco::app::state& s) { -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) if(!s.is_capture_mode() && s.config->m_webserver_enabled) { if (s.options.dry_run) @@ -55,7 +55,7 @@ falco::app::run_result falco::app::actions::start_webserver(falco::app::state& s falco::app::run_result falco::app::actions::stop_webserver(falco::app::state& s) { -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) if(!s.is_capture_mode() && s.config->m_webserver_enabled) { if (s.options.dry_run) diff --git a/userspace/falco/app/options.cpp b/userspace/falco/app/options.cpp index 6964cc0f..6d67b60c 100644 --- a/userspace/falco/app/options.cpp +++ b/userspace/falco/app/options.cpp @@ -198,7 +198,7 @@ void options::define(cxxopts::Options& opts) ("modern-bpf", "Use BPF modern probe driver to instrument the kernel.", cxxopts::value(modern_bpf)->default_value("false")) #endif ("i", "Print all high volume syscalls that are ignored by default for performance reasons (i.e. without the -A flag) and exit.", cxxopts::value(print_ignored_events)->default_value("false")) -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) ("k,k8s-api", "Enable Kubernetes support by connecting to the API server specified as argument. E.g. \"http://admin:password@127.0.0.1:8080\". The API server can also be specified via the environment variable FALCO_K8S_API.", cxxopts::value(k8s_api), "") ("K,k8s-api-cert", "Use the provided files names to authenticate user and (optionally) verify the K8S API server identity. Each entry must specify full (absolute, or relative to the current directory) path to the respective file. Private key password is optional (needed only if key is password protected). CA certificate is optional. For all files, only PEM file format is supported. Specifying CA certificate only is obsoleted - when single entry is provided for this option, it will be interpreted as the name of a file containing bearer token. Note that the format of this command-line option prohibits use of files whose names contain ':' or '#' characters in the file name.", cxxopts::value(k8s_api_cert), "( | :[:])") ("k8s-node", "The node name will be used as a filter when requesting metadata of pods to the API server. Usually, this should be set to the current node on which Falco is running. If empty, no filter is set, which may have a performance penalty on large clusters.", cxxopts::value(k8s_node_name), "") @@ -207,9 +207,7 @@ void options::define(cxxopts::Options& opts) ("l", "Show the name and description of the rule with name and exit. If json_output is set to true, it prints details about the rule in JSON format", cxxopts::value(describe_rule), "") ("list", "List all defined fields. If is provided, only list those fields for the source . Current values for are \"syscall\" or any source from a configured plugin with event sourcing capability.", cxxopts::value(list_source_fields)->implicit_value(""), "") ("list-syscall-events", "List all defined system call events.", cxxopts::value(list_syscall_events)) -#ifndef MUSL_OPTIMIZED ("list-plugins", "Print info on all loaded plugins and exit.", cxxopts::value(list_plugins)->default_value("false")) -#endif ("M", "Stop collecting after reached.", cxxopts::value(duration_to_tot)->default_value("0"), "") ("markdown", "When used with --list/--list-syscall-events, print the content in Markdown format", cxxopts::value(markdown)) ("N", "When used with --list, only print field names.", cxxopts::value(names_only)->default_value("false")) diff --git a/userspace/falco/app/restart_handler.cpp b/userspace/falco/app/restart_handler.cpp index 8db70451..87f04eed 100644 --- a/userspace/falco/app/restart_handler.cpp +++ b/userspace/falco/app/restart_handler.cpp @@ -42,6 +42,7 @@ void falco::app::restart_handler::trigger() bool falco::app::restart_handler::start(std::string& err) { +#ifdef __linux__ m_inotify_fd = inotify_init(); if (m_inotify_fd < 0) { @@ -73,16 +74,19 @@ bool falco::app::restart_handler::start(std::string& err) // launch the watcher thread m_watcher = std::thread(&falco::app::restart_handler::watcher_loop, this); +#endif return true; } void falco::app::restart_handler::stop() { +#ifdef __linux__ m_stop.store(true, std::memory_order_release); if (m_watcher.joinable()) { m_watcher.join(); } +#endif } void falco::app::restart_handler::watcher_loop() noexcept diff --git a/userspace/falco/app/state.h b/userspace/falco/app/state.h index 0a4b6ec3..bf71016b 100644 --- a/userspace/falco/app/state.h +++ b/userspace/falco/app/state.h @@ -22,7 +22,7 @@ limitations under the License. #include "restart_handler.h" #include "../configuration.h" #include "../stats_writer.h" -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) #include "../grpc_server.h" #include "../webserver.h" #endif @@ -137,7 +137,7 @@ struct state // Helper responsible for watching of handling hot application restarts std::shared_ptr restarter; -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) falco::grpc::server grpc_server; std::thread grpc_server_thread; diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp index a862a707..67d779f8 100644 --- a/userspace/falco/falco_outputs.cpp +++ b/userspace/falco/falco_outputs.cpp @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) #include #endif @@ -30,7 +30,7 @@ limitations under the License. #include "outputs_program.h" #include "outputs_stdout.h" #include "outputs_syslog.h" -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) #include "outputs_http.h" #include "outputs_grpc.h" #endif @@ -98,7 +98,7 @@ void falco_outputs::add_output(falco::outputs::config oc) { oo = new falco::outputs::output_syslog(); } -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) else if(oc.name == "http") { oo = new falco::outputs::output_http(); @@ -245,7 +245,9 @@ void falco_outputs::stop_worker() watchdog wd; wd.start([&](void *) -> void { falco_logger::log(LOG_NOTICE, "output channels still blocked, discarding all remaining notifications\n"); +#ifndef __EMSCRIPTEN__ m_queue.clear(); +#endif this->push_ctrl(falco_outputs::ctrl_msg_type::CTRL_MSG_STOP); }); wd.set_timeout(m_timeout, nullptr); @@ -266,11 +268,13 @@ inline void falco_outputs::push_ctrl(ctrl_msg_type cmt) inline void falco_outputs::push(const ctrl_msg& cmsg) { +#ifndef __EMSCRIPTEN__ if (!m_queue.try_push(cmsg)) { fprintf(stderr, "Fatal error: Output queue reached maximum capacity. Exiting.\n"); exit(EXIT_FAILURE); } +#endif } // todo(leogr,leodido): this function is not supposed to throw exceptions, and with "noexcept", @@ -289,7 +293,9 @@ void falco_outputs::worker() noexcept do { // Block until a message becomes available. +#ifndef __EMSCRIPTEN__ m_queue.pop(cmsg); +#endif for(const auto o : m_outputs) { diff --git a/userspace/falco/falco_outputs.h b/userspace/falco/falco_outputs.h index c51726f9..5a95990f 100644 --- a/userspace/falco/falco_outputs.h +++ b/userspace/falco/falco_outputs.h @@ -24,7 +24,9 @@ limitations under the License. #include "falco_engine.h" #include "outputs.h" #include "formats.h" +#ifndef __EMSCRIPTEN__ #include "tbb/concurrent_queue.h" +#endif /*! \brief This class acts as the primary interface between a program and the @@ -105,9 +107,10 @@ private: ctrl_msg_type type; }; +#ifndef __EMSCRIPTEN__ typedef tbb::concurrent_bounded_queue falco_outputs_cbq; - falco_outputs_cbq m_queue; +#endif std::thread m_worker_thread; inline void push(const ctrl_msg& cmsg); diff --git a/userspace/falco/semaphore.h b/userspace/falco/falco_semaphore.h similarity index 99% rename from userspace/falco/semaphore.h rename to userspace/falco/falco_semaphore.h index 98c2fefb..f60f1e87 100644 --- a/userspace/falco/semaphore.h +++ b/userspace/falco/falco_semaphore.h @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ +#include #include #include diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp index e055d347..b6719a82 100644 --- a/userspace/falco/stats_writer.cpp +++ b/userspace/falco/stats_writer.cpp @@ -102,7 +102,9 @@ stats_writer::stats_writer( if (m_initialized) { +#ifndef __EMSCRIPTEN__ m_worker = std::thread(&stats_writer::worker, this); +#endif } } @@ -110,7 +112,9 @@ stats_writer::~stats_writer() { if (m_initialized) { +#ifndef __EMSCRIPTEN__ stop_worker(); +#endif if (!m_config->m_metrics_output_file.empty()) { m_file_output.close(); @@ -131,11 +135,13 @@ void stats_writer::stop_worker() inline void stats_writer::push(const stats_writer::msg& m) { + #ifndef __EMSCRIPTEN__ if (!m_queue.try_push(m)) { fprintf(stderr, "Fatal error: Stats queue reached maximum capacity. Exiting.\n"); exit(EXIT_FAILURE); } + #endif } void stats_writer::worker() noexcept @@ -151,7 +157,9 @@ void stats_writer::worker() noexcept while(true) { // blocks until a message becomes availables + #ifndef __EMSCRIPTEN__ m_queue.pop(m); + #endif if (m.stop) { return; @@ -247,7 +255,7 @@ void stats_writer::collector::get_metrics_output_fields_additional( const scap_agent_info* agent_info = inspector->get_agent_info(); const scap_machine_info* machine_info = inspector->get_machine_info(); -#ifndef MINIMAL_BUILD +#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) /* Resource utilization, CPU and memory usage etc. */ uint32_t nstats = 0; int32_t rc = 0; diff --git a/userspace/falco/stats_writer.h b/userspace/falco/stats_writer.h index 548554a7..42a183e7 100644 --- a/userspace/falco/stats_writer.h +++ b/userspace/falco/stats_writer.h @@ -22,7 +22,9 @@ limitations under the License. #include +#ifndef __EMSCRIPTEN__ #include "tbb/concurrent_queue.h" +#endif #include "falco_outputs.h" #include "configuration.h" @@ -143,7 +145,9 @@ private: uint64_t m_total_samples; std::thread m_worker; std::ofstream m_file_output; +#ifndef __EMSCRIPTEN__ tbb::concurrent_bounded_queue m_queue; +#endif std::shared_ptr m_outputs; std::shared_ptr m_config;