wip: driver selection in falco.yaml

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
2025-06-24 22:02:19 +00:00 · 2023-02-06 16:29:55 +00:00 · 2023-02-06 16:29:55 +00:00 · d53fa930c2
commit d53fa930c2
parent 5dc9987877
2 changed files with 30 additions and 1 deletions
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@ -41,6 +41,7 @@ namespace fs = std::filesystem;
 static re2::RE2 ip_address_re("((^\\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\\s*$)|(^\\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?\\s*$))");

 falco_configuration::falco_configuration():
+	m_driver_mode(driver_mode_type::KMOD),
 	m_json_output(false),
 	m_json_include_output_property(true),
 	m_json_include_tags_property(true),
@ -105,8 +106,27 @@ void falco_configuration::init(const std::string& conf_filename, const std::vect
 	load_yaml(conf_filename, config);
 }

+static driver_mode_type get_driver_mode(const std::string& input){
+	// Set driver mode if not already set.
+	if( input == "bpf" )
+	{
+		return driver_mode_type::BPF;
+	}
+	else if( input == "modern_bpf" )
+	{
+		return driver_mode_type::MODERN_BPF;
+	}
+	else if( input == "custom" )
+	{
+		return driver_mode_type::CUSTOM;
+	}
+	return driver_mode_type::KMOD;
+}
+
 void falco_configuration::load_yaml(const std::string& config_name, const yaml_helper& config)
 {
+	m_driver_mode = get_driver_mode(config.get_scalar<string>("driver_mode", ""));
+
 	std::list<std::string> rules_files;

 	config.get_sequence<std::list<std::string>>(rules_files, std::string("rules_file"));
--- a/userspace/falco/configuration.h
+++ b/userspace/falco/configuration.h
@ -37,6 +37,15 @@ limitations under the License.
 #include "event_drops.h"
 #include "falco_outputs.h"

+enum class driver_mode_type : uint8_t
+{
+	INVALID = 0,
+	KMOD,
+	BPF,
+	MODERN_BPF,
+	CUSTOM
+};
+
 class falco_configuration
 {
 public:
@ -63,7 +72,7 @@ public:
 	std::list<std::string> m_loaded_rules_filenames;
 	// List of loaded rule folders
 	std::list<std::string> m_loaded_rules_folders;
-
+	driver_mode_type m_driver_mode;
 	bool m_json_output;
 	bool m_json_include_output_property;
 	bool m_json_include_tags_property;