chore(userspace,unit_tests): renamed engine.replay.trace_file to engine.replay.capture_file.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

falco.yaml

@@ -326,8 +326,8 @@ engine:
     buf_size_preset: 4
     drop_failed_exit: false
   replay:
-    # path to the trace file to replay.
-    trace_file: /path/to/file.scap
+    # path to the capture file to replay.
+    capture_file: /path/to/file.scap
   gvisor:
     # A Falco-compatible configuration file can be generated with
     # '--gvisor-generate-config' and utilized for both runsc and Falco.

unit_tests/falco/app/actions/test_load_config.cpp

@@ -41,7 +41,7 @@ TEST(ActionLoadConfig, check_engine_config_is_correctly_parsed)
 	EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
 	EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
 
-	EXPECT_TRUE(s.config->m_replay.m_trace_file.empty());
+	EXPECT_TRUE(s.config->m_replay.m_capture_file.empty());
 
 	EXPECT_TRUE(s.config->m_gvisor.m_config.empty());
 	EXPECT_TRUE(s.config->m_gvisor.m_root.empty());
@@ -77,7 +77,7 @@ TEST(ActionLoadConfig, check_command_line_options_are_not_used)
 	EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
 	EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
 
-	EXPECT_TRUE(s.config->m_replay.m_trace_file.empty());
+	EXPECT_TRUE(s.config->m_replay.m_capture_file.empty());
 
 	EXPECT_TRUE(s.config->m_gvisor.m_config.empty());
 	EXPECT_TRUE(s.config->m_gvisor.m_root.empty());
@@ -112,7 +112,7 @@ TEST(ActionLoadConfig, check_kmod_with_syscall_configs)
 	EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
 	EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
 
-	EXPECT_TRUE(s.config->m_replay.m_trace_file.empty());
+	EXPECT_TRUE(s.config->m_replay.m_capture_file.empty());
 
 	EXPECT_TRUE(s.config->m_gvisor.m_config.empty());
 	EXPECT_TRUE(s.config->m_gvisor.m_root.empty());
@@ -150,7 +150,7 @@ TEST(ActionLoadConfig, check_override_command_line_modern)
 	EXPECT_EQ(s.config->m_ebpf.m_buf_size_preset, 0);
 	EXPECT_FALSE(s.config->m_ebpf.m_drop_failed_exit);
 
-	EXPECT_TRUE(s.config->m_replay.m_trace_file.empty());
+	EXPECT_TRUE(s.config->m_replay.m_capture_file.empty());
 
 	EXPECT_TRUE(s.config->m_gvisor.m_config.empty());
 	EXPECT_TRUE(s.config->m_gvisor.m_root.empty());
@@ -188,7 +188,7 @@ TEST(ActionLoadConfig, check_override_command_line_gvisor)
 	EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
 	EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
 
-	EXPECT_TRUE(s.config->m_replay.m_trace_file.empty());
+	EXPECT_TRUE(s.config->m_replay.m_capture_file.empty());
 
 	// Check that deprecated configs are populated
 	EXPECT_EQ(s.config->m_syscall_buf_size_preset, 6);

unit_tests/falco/test_configs/new_engine_config_changed.yaml

@@ -34,7 +34,7 @@ engine:
     buf_size_preset: 4
     drop_failed_exit: false
   replay:
-    trace_file: /path/to/file.scap
+    capture_file: /path/to/file.scap
   gvisor:
     config: /path/to/gvisor_config.yaml
     root: ""

unit_tests/falco/test_configs/new_engine_config_unchanged.yaml

@@ -35,7 +35,7 @@ engine:
     buf_size_preset: 4
     drop_failed_exit: false
   replay:
-    trace_file: /path/to/file.scap
+    capture_file: /path/to/file.scap
   gvisor:
     config: /path/to/gvisor_config.yaml
     root: ""

userspace/falco/app/actions/helpers_inspector.cpp

@@ -35,13 +35,13 @@ falco::app::run_result falco::app::actions::open_offline_inspector(falco::app::s
 {
 	try
 	{
-		s.offline_inspector->open_savefile(s.config->m_replay.m_trace_file);
-		falco_logger::log(falco_logger::level::INFO, "Reading system call events from file: " + s.config->m_replay.m_trace_file + "\n");
+		s.offline_inspector->open_savefile(s.config->m_replay.m_capture_file);
+		falco_logger::log(falco_logger::level::INFO, "Reading system call events from file: " + s.config->m_replay.m_capture_file + "\n");
 		return run_result::ok();
 	}
 	catch (sinsp_exception &e)
 	{
-		return run_result::fatal("Could not open trace filename " + s.config->m_replay.m_trace_file + " for reading: " + e.what());
+		return run_result::fatal("Could not open trace filename " + s.config->m_replay.m_capture_file + " for reading: " + e.what());
 	}
 }
 

userspace/falco/app/actions/load_config.cpp

@@ -46,6 +46,7 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s)
 	// use the requested driver.
 	if (getenv(FALCO_BPF_ENV_VARIABLE))
 	{
+		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the FALCO_BPF_PROBE environment variable is deprecated and will be removed in Falco 0.38!\n");
 		s.config->m_engine_mode = engine_kind_t::EBPF;
 		s.config->m_ebpf.m_probe_path = getenv(FALCO_BPF_ENV_VARIABLE);
 		s.config->m_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit;
@@ -53,6 +54,7 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s)
 	}
 	else if (s.options.modern_bpf)
 	{
+		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--modern-bpf' cmdline option is deprecated and will be removed in Falco 0.38!\n");
 		s.config->m_engine_mode = engine_kind_t::MODERN_EBPF;
 		s.config->m_modern_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit;
 		s.config->m_modern_ebpf.m_buf_size_preset = s.config->m_syscall_buf_size_preset;
@@ -60,18 +62,21 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s)
 	}
 	if (!s.options.gvisor_config.empty())
 	{
+		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-g,--gvisor-config' cmdline option is deprecated and will be removed in Falco 0.38!\n");
 		s.config->m_engine_mode =  engine_kind_t::GVISOR;
 		s.config->m_gvisor.m_config = s.options.gvisor_config;
 		s.config->m_gvisor.m_root = s.options.gvisor_root;
 	}
 	if (s.options.nodriver)
 	{
+		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--nodriver' cmdline option is deprecated and will be removed in Falco 0.38!\n");
 		s.config->m_engine_mode =  engine_kind_t::NONE;
 	}
-	if (!s.options.trace_filename.empty())
+	if (!s.options.capture_file.empty())
 	{
+		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-e' cmdline option is deprecated and will be removed in Falco 0.38!\n");
 		s.config->m_engine_mode = engine_kind_t::REPLAY;
-		s.config->m_replay.m_trace_file = s.options.trace_filename;
+		s.config->m_replay.m_capture_file = s.options.capture_file;
 	}
 	return run_result::ok();
 }

userspace/falco/app/options.cpp

@@ -144,31 +144,11 @@ bool options::parse(int argc, char **argv, std::string &errstr)
 
 	// TODO: remove for Falco 0.38 since these CLI options are deprecated.
 	int open_modes = 0;
-	if (!trace_filename.empty())
-	{
-		open_modes++;
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-e' cmdline option is deprecated and will be removed in Falco 0.38!\n");
-	}
-	if (!gvisor_config.empty())
-	{
-		open_modes++;
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-g,--gvisor-config' cmdline option is deprecated and will be removed in Falco 0.38!\n");
-	}
-	if(getenv("FALCO_BPF_PROBE") != NULL)
-	{
-		open_modes++;
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the FALCO_BPF_PROBE environment variable is deprecated and will be removed in Falco 0.38!\n");
-	}
-	if (modern_bpf)
-	{
-		open_modes++;
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--modern-bpf' cmdline option is deprecated and will be removed in Falco 0.38!\n");
-	}
-	if (nodriver)
-	{
-		open_modes++;
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--nodriver' cmdline option is deprecated and will be removed in Falco 0.38!\n");
-	}
+	open_modes += !capture_file.empty();
+	open_modes += !gvisor_config.empty();
+	open_modes += modern_bpf;
+	open_modes += getenv("FALCO_BPF_PROBE") != NULL;
+	open_modes += nodriver;
 	if (open_modes > 1)
 	{
 		errstr = std::string("You can not specify more than one of -e, -g (--gvisor-config), --modern-bpf, --nodriver, and the FALCO_BPF_PROBE env var");
@@ -201,7 +181,7 @@ void options::define(cxxopts::Options& opts)
 		("disable-source",                "Turn off a specific <event_source>. By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times, but turning off all event sources simultaneously is not permitted. This option can not be mixed with --enable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(disable_sources), "<event_source>")
 		("dry-run",                       "Run Falco without processing events. It can help check that the configuration and rules do not have any errors.", cxxopts::value(dry_run)->default_value("false"))
 		("D",                             "Turn off any rules with names having the substring <substring>. This option can be passed multiple times. It cannot be mixed with -t.", cxxopts::value(disabled_rule_substrings), "<substring>")
-		("e",                             "DEPRECATED. Reproduce the events by reading from the given <capture_file> instead of opening a live session. Only capture files in .scap format are supported.", cxxopts::value(trace_filename), "<events_file>")
+		("e",                             "DEPRECATED. Reproduce the events by reading from the given <capture_file> instead of opening a live session. Only capture files in .scap format are supported.", cxxopts::value(capture_file), "<events_file>")
 		("enable-source",                 "Enable a specific <event_source>. By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. When using this option, only the event sources specified by it will be enabled. This option can not be mixed with --disable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(enable_sources), "<event_source>")
 #ifdef HAS_GVISOR
 		("g,gvisor-config",				  "DEPRECATED. Collect 'syscall' events from gVisor using the specified <gvisor_config> file. A Falco-compatible configuration file can be generated with --gvisor-generate-config and utilized for both runsc and Falco.", cxxopts::value(gvisor_config), "<gvisor_config>")

userspace/falco/app/options.h

@@ -76,7 +76,7 @@ public:
 	bool dry_run;
 
 	// todo!: remove them in Falco 0.38.0 since they are deprecated
-	std::string trace_filename = "";
+	std::string capture_file = "";
 	std::string gvisor_config = "";
 	std::string gvisor_root = "";
 	bool modern_bpf = false;

userspace/falco/configuration.cpp

@@ -164,10 +164,10 @@ void falco_configuration::load_engine_config(const std::string& config_name, con
 		m_modern_ebpf.m_drop_failed_exit = config.get_scalar<bool>("engine.modern-ebpf.drop_failed_exit", default_drop_failed_exit);
 		break;
 	case engine_kind_t::REPLAY:
-		m_replay.m_trace_file = config.get_scalar<std::string>("engine.replay.trace_file", "");
-		if (m_replay.m_trace_file.empty())
+		m_replay.m_capture_file = config.get_scalar<std::string>("engine.replay.capture_file", "");
+		if (m_replay.m_capture_file.empty())
 		{
-			throw std::logic_error("Error reading config file (" + config_name + "): engine.kind is 'replay' but no engine.replay.trace_file specified.");
+			throw std::logic_error("Error reading config file (" + config_name + "): engine.kind is 'replay' but no engine.replay.capture_file specified.");
 		}
 		break;
 	case engine_kind_t::GVISOR:

userspace/falco/configuration.h

@@ -81,7 +81,7 @@ public:
 
 	typedef struct {
 	public:
-		std::string m_trace_file;
+		std::string m_capture_file;
 	} replay_config;
 
 	typedef struct {