github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-24 08:58:52 +00:00
Code Issues Projects Releases Wiki Activity

new(userspace/falco): config parsing

Browse Source 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso 2025-07-18 13:03:28 +02:00
parent ef63df716c
commit b6730db82c
No known key found for this signature in database
GPG Key ID: 5826A20627574B83
2 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
userspace/falco/configuration.cpp
View File

@ -1,6 +1,6 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Copyright (C) 2025 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -97,6 +97,10 @@ falco_configuration::falco_configuration():
m_metrics_flags(0),
m_metrics_convert_memory_to_mb(true),
m_metrics_include_empty_values(false),
m_capture_enabled(false),
m_capture_path_prefix("/tmp/falco"),
m_capture_mode(capture_mode_t::RULES),
m_capture_default_duration_ns(5000 * 1000000LL),
m_plugins_hostinfo(true) {
m_config_schema = nlohmann::json::parse(config_schema_string);
}
@ -637,6 +641,26 @@ void falco_configuration::load_yaml(const std::string &config_name) {
m_metrics_include_empty_values =
m_config.get_scalar<bool>("metrics.include_empty_values", false);
m_capture_enabled = m_config.get_scalar<bool>("capture.enabled", false);
m_capture_path_prefix = m_config.get_scalar<std::string>("capture.path_prefix", "/tmp/falco");
// Set capture mode if not already set.
const std::unordered_map<std::string, capture_mode_t> capture_mode_lut = {
{"rules", capture_mode_t::RULES},
{"all_rules", capture_mode_t::ALL_RULES},
};
auto capture_mode_str = m_config.get_scalar<std::string>("capture.mode", "rules");
if(capture_mode_lut.find(capture_mode_str) != capture_mode_lut.end()) {
m_capture_mode = capture_mode_lut.at(capture_mode_str);
} else {
throw std::logic_error("Error reading config file (" + config_name + "): capture.mode '" +
capture_mode_str + "' is not a valid mode.");
}
// Convert to nanoseconds
m_capture_default_duration_ns = m_config.get_scalar<uint32_t>("capture.default_duration", 5000) * 1000000LL;
m_plugins_hostinfo = m_config.get_scalar<bool>("plugins_hostinfo", true);
m_config.get_sequence<std::vector<rule_selection_config>>(m_rules_selection, "rules");

11
userspace/falco/configuration.h
View File

@ -1,6 +1,6 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Copyright (C) 2025 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -42,6 +42,8 @@ limitations under the License.
enum class engine_kind_t : uint8_t { KMOD, EBPF, MODERN_EBPF, REPLAY, GVISOR, NODRIVER };
enum class capture_mode_t : uint8_t { RULES, ALL_RULES };
// Map that holds { config filename | validation status } for each loaded config file.
typedef std::map<std::string, std::string> config_loaded_res;
@ -207,6 +209,13 @@ public:
std::vector<plugin_config> m_plugins;
bool m_plugins_hostinfo;
// capture configs
bool m_capture_enabled;
std::string m_capture_path_prefix;
capture_mode_t m_capture_mode = capture_mode_t::RULES;
u_int64_t m_capture_default_duration_ns;
// Falco engine
engine_kind_t m_engine_mode = engine_kind_t::KMOD;
kmod_config m_kmod = {};