feat(cli): adding -u to the usage text

Signed-off-by: Kris Nova <kris@nivenly.com>
2025-08-31 06:10:45 +00:00 · 2020-05-06 13:51:46 -07:00
parent 1af1226566
commit bc8f9a5692
1 changed files with 10 additions and 1 deletions
--- a/userspace/falco/falco.cpp
+++ b/userspace/falco/falco.cpp
@@ -158,6 +158,8 @@ static void usage()
 	   "                               This causes every single line emitted by falco to be flushed,\n"
 	   "                               which generates higher CPU usage but is useful when piping those outputs\n"
 	   "                               into another process or into a script.\n"
+	   " -u                            Flip the inspector code to parse from userspace. This can be used in conjunction with\n"
+	   "                               the ptrace(2) based capture source pdig.\n"
 	   " -V, --validate <rules_file>   Read the contents of the specified rules(s) file and exit.\n"
 	   "                               Can be specified multiple times to validate multiple files.\n"
 	   " -v                            Verbose output.\n"
@@ -1096,10 +1098,17 @@ int falco_init(int argc, char **argv)
 		}
 		else
 		{
-			open_t open_cb = [&udig](sinsp* inspector) 
+			open_t open_cb = [&udig](sinsp* inspector)
 			{
 				if(udig)
 				{
+				    // open_udig() is the underlying method used in the capture
+				    // code to parse userspace events from the kernel.
+				    //
+				    // In the case of falco we use ptrace(2) for one
+				    // of these userspace implementations. Regardless
+				    // of the implementation, the underlying method
+				    // remains the same.
 					inspector->open_udig();
 				}
 				else