diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 67575616..237f68b9 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 /* -Copyright (C) 2023 The Falco Authors. +Copyright (C) 2025 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -97,6 +97,10 @@ falco_configuration::falco_configuration(): m_metrics_flags(0), m_metrics_convert_memory_to_mb(true), m_metrics_include_empty_values(false), + m_capture_enabled(false), + m_capture_path_prefix("/tmp/falco"), + m_capture_mode(capture_mode_t::RULES), + m_capture_default_duration_ns(5000 * 1000000LL), m_plugins_hostinfo(true) { m_config_schema = nlohmann::json::parse(config_schema_string); } @@ -637,6 +641,26 @@ void falco_configuration::load_yaml(const std::string &config_name) { m_metrics_include_empty_values = m_config.get_scalar("metrics.include_empty_values", false); + + m_capture_enabled = m_config.get_scalar("capture.enabled", false); + m_capture_path_prefix = m_config.get_scalar("capture.path_prefix", "/tmp/falco"); + // Set capture mode if not already set. + const std::unordered_map capture_mode_lut = { + {"rules", capture_mode_t::RULES}, + {"all_rules", capture_mode_t::ALL_RULES}, + }; + + auto capture_mode_str = m_config.get_scalar("capture.mode", "rules"); + if(capture_mode_lut.find(capture_mode_str) != capture_mode_lut.end()) { + m_capture_mode = capture_mode_lut.at(capture_mode_str); + } else { + throw std::logic_error("Error reading config file (" + config_name + "): capture.mode '" + + capture_mode_str + "' is not a valid mode."); + } + + // Convert to nanoseconds + m_capture_default_duration_ns = m_config.get_scalar("capture.default_duration", 5000) * 1000000LL; + m_plugins_hostinfo = m_config.get_scalar("plugins_hostinfo", true); m_config.get_sequence>(m_rules_selection, "rules"); diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index a7809361..ef9ac7a4 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 /* -Copyright (C) 2023 The Falco Authors. +Copyright (C) 2025 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -42,6 +42,8 @@ limitations under the License. enum class engine_kind_t : uint8_t { KMOD, EBPF, MODERN_EBPF, REPLAY, GVISOR, NODRIVER }; +enum class capture_mode_t : uint8_t { RULES, ALL_RULES }; + // Map that holds { config filename | validation status } for each loaded config file. typedef std::map config_loaded_res; @@ -207,6 +209,13 @@ public: std::vector m_plugins; bool m_plugins_hostinfo; + // capture configs + bool m_capture_enabled; + std::string m_capture_path_prefix; + capture_mode_t m_capture_mode = capture_mode_t::RULES; + u_int64_t m_capture_default_duration_ns; + + // Falco engine engine_kind_t m_engine_mode = engine_kind_t::KMOD; kmod_config m_kmod = {};