mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-19 17:16:53 +00:00
cleanup: rename cpus_for_each_syscall_buffer
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
This commit is contained in:
Andrea Terzolo
poiana
parent
588a94578a
commit
be16af7fe0
25
falco.yaml
25
falco.yaml
@ -173,21 +173,28 @@ rules_file:
|
|||||||
engine:
|
engine:
|
||||||
kind: kmod
|
kind: kmod
|
||||||
kmod:
|
kmod:
|
||||||
buf_size_preset: 4 # Overridden by deprecated syscall_buf_size_preset if set
|
buf_size_preset: 4
|
||||||
drop_failed_exit: false # Overridden by deprecated syscall_drop_failed_exit if set
|
drop_failed_exit: false
|
||||||
ebpf:
|
ebpf:
|
||||||
|
# path to the elf file to load.
|
||||||
probe: /path/to/probe.o
|
probe: /path/to/probe.o
|
||||||
buf_size_preset: 4 # Overridden by deprecated syscall_buf_size_preset if set
|
buf_size_preset: 4
|
||||||
drop_failed_exit: false # Overridden by deprecated syscall_drop_failed_exit if set
|
drop_failed_exit: false
|
||||||
modern-ebpf:
|
modern-ebpf:
|
||||||
cpus_for_each_syscall_buffer: 2 # Overridden by deprecated cpus_for_each_syscall_buffer if set
|
cpus_for_each_buffer: 2 ## todo! rename it without syscall
|
||||||
buf_size_preset: 4 # Overridden by deprecated syscall_buf_size_preset if set
|
buf_size_preset: 4
|
||||||
drop_failed_exit: false # Overridden by deprecated syscall_drop_failed_exit if set
|
drop_failed_exit: false
|
||||||
replay:
|
replay:
|
||||||
|
# path to the trace file to replay.
|
||||||
trace_file: /path/to/file.scap
|
trace_file: /path/to/file.scap
|
||||||
gvisor:
|
gvisor:
|
||||||
config: /path/to/gvisor.yaml
|
# A Falco-compatible configuration file can be generated with
|
||||||
root: /gvisor/root
|
# '--gvisor-generate-config' and utilized for both runsc and Falco.
|
||||||
|
config: /path/to/gvisor_config.yaml
|
||||||
|
# Set gVisor root directory for storage of container state when used
|
||||||
|
# in conjunction with 'gvisor.config'. The 'gvisor.root' to be passed
|
||||||
|
# is the one usually passed to 'runsc --root' flag.
|
||||||
|
root: ""
|
||||||
|
|
||||||
#################
|
#################
|
||||||
# Falco plugins #
|
# Falco plugins #
|
||||||
|
|||||||
@ -39,9 +39,9 @@ TEST(ActionConfigureSyscallBufferNum, variable_number_of_CPUs)
|
|||||||
{
|
{
|
||||||
falco::app::state s;
|
falco::app::state s;
|
||||||
s.config->m_engine_mode = engine_kind_t::MODERN_EBPF;
|
s.config->m_engine_mode = engine_kind_t::MODERN_EBPF;
|
||||||
s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer = online_cpus + 1;
|
s.config->m_modern_ebpf.m_cpus_for_each_buffer = online_cpus + 1;
|
||||||
EXPECT_ACTION_OK(action(s));
|
EXPECT_ACTION_OK(action(s));
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, online_cpus);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_buffer, online_cpus);
|
||||||
}
|
}
|
||||||
|
|
||||||
// modern ebpf engine, with a valid number of CPUs
|
// modern ebpf engine, with a valid number of CPUs
|
||||||
@ -49,8 +49,8 @@ TEST(ActionConfigureSyscallBufferNum, variable_number_of_CPUs)
|
|||||||
{
|
{
|
||||||
falco::app::state s;
|
falco::app::state s;
|
||||||
s.config->m_engine_mode = engine_kind_t::MODERN_EBPF;
|
s.config->m_engine_mode = engine_kind_t::MODERN_EBPF;
|
||||||
s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer = online_cpus - 1;
|
s.config->m_modern_ebpf.m_cpus_for_each_buffer = online_cpus - 1;
|
||||||
EXPECT_ACTION_OK(action(s));
|
EXPECT_ACTION_OK(action(s));
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, online_cpus - 1);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_buffer, online_cpus - 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -39,7 +39,7 @@ TEST(ActionLoadConfig, check_engine_config_is_correctly_parsed)
|
|||||||
EXPECT_EQ(s.config->m_ebpf.m_buf_size_preset, 0);
|
EXPECT_EQ(s.config->m_ebpf.m_buf_size_preset, 0);
|
||||||
EXPECT_FALSE(s.config->m_ebpf.m_drop_failed_exit);
|
EXPECT_FALSE(s.config->m_ebpf.m_drop_failed_exit);
|
||||||
|
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, 0);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_buffer, 0);
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
|
||||||
EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
|
EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
|
||||||
|
|
||||||
@ -75,7 +75,7 @@ TEST(ActionLoadConfig, check_command_line_options_are_not_used)
|
|||||||
EXPECT_EQ(s.config->m_ebpf.m_buf_size_preset, 0);
|
EXPECT_EQ(s.config->m_ebpf.m_buf_size_preset, 0);
|
||||||
EXPECT_FALSE(s.config->m_ebpf.m_drop_failed_exit);
|
EXPECT_FALSE(s.config->m_ebpf.m_drop_failed_exit);
|
||||||
|
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, 0);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_buffer, 0);
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
|
||||||
EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
|
EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
|
||||||
|
|
||||||
@ -110,7 +110,7 @@ TEST(ActionLoadConfig, check_kmod_with_syscall_configs)
|
|||||||
EXPECT_EQ(s.config->m_ebpf.m_buf_size_preset, 0);
|
EXPECT_EQ(s.config->m_ebpf.m_buf_size_preset, 0);
|
||||||
EXPECT_FALSE(s.config->m_ebpf.m_drop_failed_exit);
|
EXPECT_FALSE(s.config->m_ebpf.m_drop_failed_exit);
|
||||||
|
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, 0);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_buffer, 0);
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
|
||||||
EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
|
EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
|
||||||
|
|
||||||
@ -139,7 +139,7 @@ TEST(ActionLoadConfig, check_override_command_line_modern)
|
|||||||
|
|
||||||
// Check that the modern ebpf engine uses the default syscall configs
|
// Check that the modern ebpf engine uses the default syscall configs
|
||||||
// and not the ones in the `engine` block
|
// and not the ones in the `engine` block
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, 3);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_buffer, 3);
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 6);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 6);
|
||||||
EXPECT_TRUE(s.config->m_modern_ebpf.m_drop_failed_exit);
|
EXPECT_TRUE(s.config->m_modern_ebpf.m_drop_failed_exit);
|
||||||
|
|
||||||
@ -186,7 +186,7 @@ TEST(ActionLoadConfig, check_override_command_line_gvisor)
|
|||||||
EXPECT_EQ(s.config->m_ebpf.m_buf_size_preset, 0);
|
EXPECT_EQ(s.config->m_ebpf.m_buf_size_preset, 0);
|
||||||
EXPECT_FALSE(s.config->m_ebpf.m_drop_failed_exit);
|
EXPECT_FALSE(s.config->m_ebpf.m_drop_failed_exit);
|
||||||
|
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, 0);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_buffer, 0);
|
||||||
EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
|
EXPECT_EQ(s.config->m_modern_ebpf.m_buf_size_preset, 0);
|
||||||
EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
|
EXPECT_FALSE(s.config->m_modern_ebpf.m_drop_failed_exit);
|
||||||
|
|
||||||
|
|||||||
@ -30,7 +30,7 @@ engine:
|
|||||||
buf_size_preset: 4
|
buf_size_preset: 4
|
||||||
drop_failed_exit: false
|
drop_failed_exit: false
|
||||||
modern-ebpf:
|
modern-ebpf:
|
||||||
cpus_for_each_syscall_buffer: 2
|
cpus_for_each_buffer: 2
|
||||||
buf_size_preset: 4
|
buf_size_preset: 4
|
||||||
drop_failed_exit: false
|
drop_failed_exit: false
|
||||||
replay:
|
replay:
|
||||||
@ -49,4 +49,4 @@ syscall_buf_size_preset: 6
|
|||||||
syscall_drop_failed_exit: true
|
syscall_drop_failed_exit: true
|
||||||
|
|
||||||
modern_bpf:
|
modern_bpf:
|
||||||
cpus_for_each_syscall_buffer: 7
|
cpus_for_each_buffer: 7
|
||||||
|
|||||||
@ -31,7 +31,7 @@ engine:
|
|||||||
buf_size_preset: 4
|
buf_size_preset: 4
|
||||||
drop_failed_exit: false
|
drop_failed_exit: false
|
||||||
modern-ebpf:
|
modern-ebpf:
|
||||||
cpus_for_each_syscall_buffer: 2
|
cpus_for_each_buffer: 2
|
||||||
buf_size_preset: 4
|
buf_size_preset: 4
|
||||||
drop_failed_exit: false
|
drop_failed_exit: false
|
||||||
replay:
|
replay:
|
||||||
@ -50,4 +50,4 @@ syscall_buf_size_preset: 6
|
|||||||
syscall_drop_failed_exit: true
|
syscall_drop_failed_exit: true
|
||||||
|
|
||||||
modern_bpf:
|
modern_bpf:
|
||||||
cpus_for_each_syscall_buffer: 3
|
cpus_for_each_buffer: 3
|
||||||
|
|||||||
@ -34,10 +34,10 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_num(falco::
|
|||||||
return run_result::fatal("cannot get the number of online CPUs from the system\n");
|
return run_result::fatal("cannot get the number of online CPUs from the system\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
if(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer > online_cpus)
|
if(s.config->m_modern_ebpf.m_cpus_for_each_buffer > online_cpus)
|
||||||
{
|
{
|
||||||
falco_logger::log(falco_logger::level::WARNING, "you required a buffer every '" + std::to_string(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer) + "' CPUs but there are only '" + std::to_string(online_cpus) + "' online CPUs. Falco changed the config to: one buffer every '" + std::to_string(online_cpus) + "' CPUs\n");
|
falco_logger::log(falco_logger::level::WARNING, "you required a buffer every '" + std::to_string(s.config->m_modern_ebpf.m_cpus_for_each_buffer) + "' CPUs but there are only '" + std::to_string(online_cpus) + "' online CPUs. Falco changed the config to: one buffer every '" + std::to_string(online_cpus) + "' CPUs\n");
|
||||||
s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer = online_cpus;
|
s.config->m_modern_ebpf.m_cpus_for_each_buffer = online_cpus;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
return run_result::ok();
|
return run_result::ok();
|
||||||
|
|||||||
@ -96,8 +96,8 @@ falco::app::run_result falco::app::actions::open_live_inspector(
|
|||||||
else if(s.is_modern_ebpf()) /* modern BPF engine. */
|
else if(s.is_modern_ebpf()) /* modern BPF engine. */
|
||||||
{
|
{
|
||||||
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with modern BPF probe.");
|
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with modern BPF probe.");
|
||||||
falco_logger::log(falco_logger::level::INFO, "One ring buffer every '" + std::to_string(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer) + "' CPUs.");
|
falco_logger::log(falco_logger::level::INFO, "One ring buffer every '" + std::to_string(s.config->m_modern_ebpf.m_cpus_for_each_buffer) + "' CPUs.");
|
||||||
inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, true, s.selected_sc_set);
|
inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_modern_ebpf.m_cpus_for_each_buffer, true, s.selected_sc_set);
|
||||||
}
|
}
|
||||||
else if(s.is_ebpf()) /* BPF engine. */
|
else if(s.is_ebpf()) /* BPF engine. */
|
||||||
{
|
{
|
||||||
|
|||||||
@ -56,7 +56,7 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s)
|
|||||||
s.config->m_engine_mode = engine_kind_t::MODERN_EBPF;
|
s.config->m_engine_mode = engine_kind_t::MODERN_EBPF;
|
||||||
s.config->m_modern_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit;
|
s.config->m_modern_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit;
|
||||||
s.config->m_modern_ebpf.m_buf_size_preset = s.config->m_syscall_buf_size_preset;
|
s.config->m_modern_ebpf.m_buf_size_preset = s.config->m_syscall_buf_size_preset;
|
||||||
s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer = s.config->m_cpus_for_each_syscall_buffer;
|
s.config->m_modern_ebpf.m_cpus_for_each_buffer = s.config->m_cpus_for_each_syscall_buffer;
|
||||||
}
|
}
|
||||||
if (!s.options.gvisor_config.empty())
|
if (!s.options.gvisor_config.empty())
|
||||||
{
|
{
|
||||||
|
|||||||
@ -159,7 +159,7 @@ void falco_configuration::load_engine_config(const std::string& config_name, con
|
|||||||
m_ebpf.m_drop_failed_exit = config.get_scalar<bool>("engine.ebpf.drop_failed_exit", default_drop_failed_exit);
|
m_ebpf.m_drop_failed_exit = config.get_scalar<bool>("engine.ebpf.drop_failed_exit", default_drop_failed_exit);
|
||||||
break;
|
break;
|
||||||
case engine_kind_t::MODERN_EBPF:
|
case engine_kind_t::MODERN_EBPF:
|
||||||
m_modern_ebpf.m_cpus_for_each_syscall_buffer = config.get_scalar<uint16_t>("engine.modern-ebpf.cpus_for_each_syscall_buffer", default_cpus_for_each_syscall_buffer);
|
m_modern_ebpf.m_cpus_for_each_buffer = config.get_scalar<uint16_t>("engine.modern-ebpf.cpus_for_each_buffer", default_cpus_for_each_syscall_buffer);
|
||||||
m_modern_ebpf.m_buf_size_preset = config.get_scalar<int16_t>("engine.modern-ebpf.buf_size_preset", default_buf_size_preset);
|
m_modern_ebpf.m_buf_size_preset = config.get_scalar<int16_t>("engine.modern-ebpf.buf_size_preset", default_buf_size_preset);
|
||||||
m_modern_ebpf.m_drop_failed_exit = config.get_scalar<bool>("engine.modern-ebpf.drop_failed_exit", default_drop_failed_exit);
|
m_modern_ebpf.m_drop_failed_exit = config.get_scalar<bool>("engine.modern-ebpf.drop_failed_exit", default_drop_failed_exit);
|
||||||
break;
|
break;
|
||||||
|
|||||||
@ -74,7 +74,7 @@ public:
|
|||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
public:
|
public:
|
||||||
uint16_t m_cpus_for_each_syscall_buffer;
|
uint16_t m_cpus_for_each_buffer;
|
||||||
int16_t m_buf_size_preset;
|
int16_t m_buf_size_preset;
|
||||||
bool m_drop_failed_exit;
|
bool m_drop_failed_exit;
|
||||||
} modern_ebpf_config;
|
} modern_ebpf_config;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user