From b92e0d61344d09f3bcd1f50b65664eabe13c11ce Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Wed, 22 Nov 2023 11:37:30 +0100 Subject: [PATCH] chore(userspace,unit_tests): renamed `engine.replay.trace_file` to `engine.replay.capture_file`. Signed-off-by: Federico Di Pierro --- falco.yaml | 4 +-- .../falco/app/actions/test_load_config.cpp | 10 +++--- .../new_engine_config_changed.yaml | 2 +- .../new_engine_config_unchanged.yaml | 2 +- .../falco/app/actions/helpers_inspector.cpp | 6 ++-- userspace/falco/app/actions/load_config.cpp | 9 ++++-- userspace/falco/app/options.cpp | 32 ++++--------------- userspace/falco/app/options.h | 2 +- userspace/falco/configuration.cpp | 6 ++-- userspace/falco/configuration.h | 2 +- 10 files changed, 30 insertions(+), 45 deletions(-) diff --git a/falco.yaml b/falco.yaml index 8c71bc3c..43d1cdcd 100644 --- a/falco.yaml +++ b/falco.yaml @@ -326,8 +326,8 @@ engine: buf_size_preset: 4 drop_failed_exit: false replay: - # path to the trace file to replay. - trace_file: /path/to/file.scap + # path to the capture file to replay. + capture_file: /path/to/file.scap gvisor: # A Falco-compatible configuration file can be generated with # '--gvisor-generate-config' and utilized for both runsc and Falco. diff --git a/unit_tests/falco/app/actions/test_load_config.cpp b/unit_tests/falco/app/actions/test_load_config.cpp index 0a0e78f3..51181e7f 100644 --- a/unit_tests/falco/app/actions/test_load_config.cpp +++ b/unit_tests/falco/app/actions/test_load_config.cpp @@ -41,7 +41,7 @@ TEST(ActionLoadConfig, check_engine_config_is_correctly_parsed) EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0); EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit); - EXPECT_TRUE(s.config->m_replay.m_trace_file.empty()); + EXPECT_TRUE(s.config->m_replay.m_capture_file.empty()); EXPECT_TRUE(s.config->m_gvisor.m_config.empty()); EXPECT_TRUE(s.config->m_gvisor.m_root.empty()); @@ -77,7 +77,7 @@ TEST(ActionLoadConfig, check_command_line_options_are_not_used) EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0); EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit); - EXPECT_TRUE(s.config->m_replay.m_trace_file.empty()); + EXPECT_TRUE(s.config->m_replay.m_capture_file.empty()); EXPECT_TRUE(s.config->m_gvisor.m_config.empty()); EXPECT_TRUE(s.config->m_gvisor.m_root.empty()); @@ -112,7 +112,7 @@ TEST(ActionLoadConfig, check_kmod_with_syscall_configs) EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0); EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit); - EXPECT_TRUE(s.config->m_replay.m_trace_file.empty()); + EXPECT_TRUE(s.config->m_replay.m_capture_file.empty()); EXPECT_TRUE(s.config->m_gvisor.m_config.empty()); EXPECT_TRUE(s.config->m_gvisor.m_root.empty()); @@ -150,7 +150,7 @@ TEST(ActionLoadConfig, check_override_command_line_modern) EXPECT_EQ(s.config->m_ebpf.m_buf_size_preset, 0); EXPECT_FALSE(s.config->m_ebpf.m_drop_failed_exit); - EXPECT_TRUE(s.config->m_replay.m_trace_file.empty()); + EXPECT_TRUE(s.config->m_replay.m_capture_file.empty()); EXPECT_TRUE(s.config->m_gvisor.m_config.empty()); EXPECT_TRUE(s.config->m_gvisor.m_root.empty()); @@ -188,7 +188,7 @@ TEST(ActionLoadConfig, check_override_command_line_gvisor) EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0); EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit); - EXPECT_TRUE(s.config->m_replay.m_trace_file.empty()); + EXPECT_TRUE(s.config->m_replay.m_capture_file.empty()); // Check that deprecated configs are populated EXPECT_EQ(s.config->m_syscall_buf_size_preset, 6); diff --git a/unit_tests/falco/test_configs/new_engine_config_changed.yaml b/unit_tests/falco/test_configs/new_engine_config_changed.yaml index a2287573..db10a982 100644 --- a/unit_tests/falco/test_configs/new_engine_config_changed.yaml +++ b/unit_tests/falco/test_configs/new_engine_config_changed.yaml @@ -34,7 +34,7 @@ engine: buf_size_preset: 4 drop_failed_exit: false replay: - trace_file: /path/to/file.scap + capture_file: /path/to/file.scap gvisor: config: /path/to/gvisor_config.yaml root: "" diff --git a/unit_tests/falco/test_configs/new_engine_config_unchanged.yaml b/unit_tests/falco/test_configs/new_engine_config_unchanged.yaml index f262f603..f5db54c8 100644 --- a/unit_tests/falco/test_configs/new_engine_config_unchanged.yaml +++ b/unit_tests/falco/test_configs/new_engine_config_unchanged.yaml @@ -35,7 +35,7 @@ engine: buf_size_preset: 4 drop_failed_exit: false replay: - trace_file: /path/to/file.scap + capture_file: /path/to/file.scap gvisor: config: /path/to/gvisor_config.yaml root: "" diff --git a/userspace/falco/app/actions/helpers_inspector.cpp b/userspace/falco/app/actions/helpers_inspector.cpp index 80c4113d..66cf62d0 100644 --- a/userspace/falco/app/actions/helpers_inspector.cpp +++ b/userspace/falco/app/actions/helpers_inspector.cpp @@ -35,13 +35,13 @@ falco::app::run_result falco::app::actions::open_offline_inspector(falco::app::s { try { - s.offline_inspector->open_savefile(s.config->m_replay.m_trace_file); - falco_logger::log(falco_logger::level::INFO, "Reading system call events from file: " + s.config->m_replay.m_trace_file + "\n"); + s.offline_inspector->open_savefile(s.config->m_replay.m_capture_file); + falco_logger::log(falco_logger::level::INFO, "Reading system call events from file: " + s.config->m_replay.m_capture_file + "\n"); return run_result::ok(); } catch (sinsp_exception &e) { - return run_result::fatal("Could not open trace filename " + s.config->m_replay.m_trace_file + " for reading: " + e.what()); + return run_result::fatal("Could not open trace filename " + s.config->m_replay.m_capture_file + " for reading: " + e.what()); } } diff --git a/userspace/falco/app/actions/load_config.cpp b/userspace/falco/app/actions/load_config.cpp index 464cbaa0..f76bda8f 100644 --- a/userspace/falco/app/actions/load_config.cpp +++ b/userspace/falco/app/actions/load_config.cpp @@ -46,6 +46,7 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s) // use the requested driver. if (getenv(FALCO_BPF_ENV_VARIABLE)) { + falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the FALCO_BPF_PROBE environment variable is deprecated and will be removed in Falco 0.38!\n"); s.config->m_engine_mode = engine_kind_t::EBPF; s.config->m_ebpf.m_probe_path = getenv(FALCO_BPF_ENV_VARIABLE); s.config->m_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit; @@ -53,6 +54,7 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s) } else if (s.options.modern_bpf) { + falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--modern-bpf' cmdline option is deprecated and will be removed in Falco 0.38!\n"); s.config->m_engine_mode = engine_kind_t::MODERN_EBPF; s.config->m_modern_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit; s.config->m_modern_ebpf.m_buf_size_preset = s.config->m_syscall_buf_size_preset; @@ -60,18 +62,21 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s) } if (!s.options.gvisor_config.empty()) { + falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-g,--gvisor-config' cmdline option is deprecated and will be removed in Falco 0.38!\n"); s.config->m_engine_mode = engine_kind_t::GVISOR; s.config->m_gvisor.m_config = s.options.gvisor_config; s.config->m_gvisor.m_root = s.options.gvisor_root; } if (s.options.nodriver) { + falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--nodriver' cmdline option is deprecated and will be removed in Falco 0.38!\n"); s.config->m_engine_mode = engine_kind_t::NONE; } - if (!s.options.trace_filename.empty()) + if (!s.options.capture_file.empty()) { + falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-e' cmdline option is deprecated and will be removed in Falco 0.38!\n"); s.config->m_engine_mode = engine_kind_t::REPLAY; - s.config->m_replay.m_trace_file = s.options.trace_filename; + s.config->m_replay.m_capture_file = s.options.capture_file; } return run_result::ok(); } diff --git a/userspace/falco/app/options.cpp b/userspace/falco/app/options.cpp index 9416b09b..3159fb45 100644 --- a/userspace/falco/app/options.cpp +++ b/userspace/falco/app/options.cpp @@ -144,31 +144,11 @@ bool options::parse(int argc, char **argv, std::string &errstr) // TODO: remove for Falco 0.38 since these CLI options are deprecated. int open_modes = 0; - if (!trace_filename.empty()) - { - open_modes++; - falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-e' cmdline option is deprecated and will be removed in Falco 0.38!\n"); - } - if (!gvisor_config.empty()) - { - open_modes++; - falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-g,--gvisor-config' cmdline option is deprecated and will be removed in Falco 0.38!\n"); - } - if(getenv("FALCO_BPF_PROBE") != NULL) - { - open_modes++; - falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the FALCO_BPF_PROBE environment variable is deprecated and will be removed in Falco 0.38!\n"); - } - if (modern_bpf) - { - open_modes++; - falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--modern-bpf' cmdline option is deprecated and will be removed in Falco 0.38!\n"); - } - if (nodriver) - { - open_modes++; - falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--nodriver' cmdline option is deprecated and will be removed in Falco 0.38!\n"); - } + open_modes += !capture_file.empty(); + open_modes += !gvisor_config.empty(); + open_modes += modern_bpf; + open_modes += getenv("FALCO_BPF_PROBE") != NULL; + open_modes += nodriver; if (open_modes > 1) { errstr = std::string("You can not specify more than one of -e, -g (--gvisor-config), --modern-bpf, --nodriver, and the FALCO_BPF_PROBE env var"); @@ -201,7 +181,7 @@ void options::define(cxxopts::Options& opts) ("disable-source", "Turn off a specific . By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times, but turning off all event sources simultaneously is not permitted. This option can not be mixed with --enable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(disable_sources), "") ("dry-run", "Run Falco without processing events. It can help check that the configuration and rules do not have any errors.", cxxopts::value(dry_run)->default_value("false")) ("D", "Turn off any rules with names having the substring . This option can be passed multiple times. It cannot be mixed with -t.", cxxopts::value(disabled_rule_substrings), "") - ("e", "DEPRECATED. Reproduce the events by reading from the given instead of opening a live session. Only capture files in .scap format are supported.", cxxopts::value(trace_filename), "") + ("e", "DEPRECATED. Reproduce the events by reading from the given instead of opening a live session. Only capture files in .scap format are supported.", cxxopts::value(capture_file), "") ("enable-source", "Enable a specific . By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. When using this option, only the event sources specified by it will be enabled. This option can not be mixed with --disable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(enable_sources), "") #ifdef HAS_GVISOR ("g,gvisor-config", "DEPRECATED. Collect 'syscall' events from gVisor using the specified file. A Falco-compatible configuration file can be generated with --gvisor-generate-config and utilized for both runsc and Falco.", cxxopts::value(gvisor_config), "") diff --git a/userspace/falco/app/options.h b/userspace/falco/app/options.h index cf19f15d..4a568e3d 100644 --- a/userspace/falco/app/options.h +++ b/userspace/falco/app/options.h @@ -76,7 +76,7 @@ public: bool dry_run; // todo!: remove them in Falco 0.38.0 since they are deprecated - std::string trace_filename = ""; + std::string capture_file = ""; std::string gvisor_config = ""; std::string gvisor_root = ""; bool modern_bpf = false; diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 813d0817..e2af000d 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -164,10 +164,10 @@ void falco_configuration::load_engine_config(const std::string& config_name, con m_modern_ebpf.m_drop_failed_exit = config.get_scalar("engine.modern-ebpf.drop_failed_exit", default_drop_failed_exit); break; case engine_kind_t::REPLAY: - m_replay.m_trace_file = config.get_scalar("engine.replay.trace_file", ""); - if (m_replay.m_trace_file.empty()) + m_replay.m_capture_file = config.get_scalar("engine.replay.capture_file", ""); + if (m_replay.m_capture_file.empty()) { - throw std::logic_error("Error reading config file (" + config_name + "): engine.kind is 'replay' but no engine.replay.trace_file specified."); + throw std::logic_error("Error reading config file (" + config_name + "): engine.kind is 'replay' but no engine.replay.capture_file specified."); } break; case engine_kind_t::GVISOR: diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index c72a07bf..e5fa2701 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -81,7 +81,7 @@ public: typedef struct { public: - std::string m_trace_file; + std::string m_capture_file; } replay_config; typedef struct {