github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-22 16:16:11 +00:00
Code Issues Projects Releases Wiki Activity

new(userspace/falco): gRPC server unix socket support

Browse Source 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
This commit is contained in:
Lorenzo Fontana 2020-05-17 01:58:40 +02:00 committed by poiana
parent 86b473e224
commit d7de45acb2
2 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
userspace/falco/grpc_server.cpp
View File

@ -103,31 +103,43 @@ void falco::grpc::server::init(std::string server_addr, int threadiness, std::st
m_private_key = private_key; m_private_key = private_key;
m_cert_chain = cert_chain; m_cert_chain = cert_chain;
m_root_certs = root_certs; m_root_certs = root_certs;
if(falco::utils::network::url_is_unix_scheme(m_server_addr))
{
init_unix_server_builder();
return;
}
init_mtls_server_builder();
} }
void falco::grpc::server::run() void falco::grpc::server::init_mtls_server_builder()
{ {
string private_key; string private_key;
string cert_chain; string cert_chain;
string root_certs; string root_certs;
falco::utils::read(m_cert_chain, cert_chain); falco::utils::read(m_cert_chain, cert_chain);
falco::utils::read(m_private_key, private_key); falco::utils::read(m_private_key, private_key);
falco::utils::read(m_root_certs, root_certs); falco::utils::read(m_root_certs, root_certs);
::grpc::SslServerCredentialsOptions::PemKeyCertPair cert_pair{private_key, cert_chain}; ::grpc::SslServerCredentialsOptions::PemKeyCertPair cert_pair{private_key, cert_chain};
::grpc::SslServerCredentialsOptions ssl_opts(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY); ::grpc::SslServerCredentialsOptions ssl_opts(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
ssl_opts.pem_root_certs = root_certs; ssl_opts.pem_root_certs = root_certs;
ssl_opts.pem_key_cert_pairs.push_back(cert_pair); ssl_opts.pem_key_cert_pairs.push_back(cert_pair);
::grpc::ServerBuilder builder; m_server_builder.AddListeningPort(m_server_addr, ::grpc::SslServerCredentials(ssl_opts));
builder.AddListeningPort(m_server_addr, ::grpc::SslServerCredentials(ssl_opts)); }
builder.RegisterService(&m_output_svc);
builder.RegisterService(&m_version_svc);
m_completion_queue = builder.AddCompletionQueue(); void falco::grpc::server::init_unix_server_builder()
m_server = builder.BuildAndStart(); {
m_server_builder.AddListeningPort(m_server_addr, ::grpc::InsecureServerCredentials());
}
void falco::grpc::server::run()
{
m_server_builder.RegisterService(&m_output_svc);
m_server_builder.RegisterService(&m_version_svc);
m_completion_queue = m_server_builder.AddCompletionQueue();
m_server = m_server_builder.BuildAndStart();
falco_logger::log(LOG_INFO, "Starting gRPC server at " + m_server_addr + "\n"); falco_logger::log(LOG_INFO, "Starting gRPC server at " + m_server_addr + "\n");
// The number of contexts is multiple of the number of threads // The number of contexts is multiple of the number of threads

3
userspace/falco/grpc_server.h
View File

@ -61,6 +61,9 @@ private:
std::unique_ptr<::grpc::Server> m_server; std::unique_ptr<::grpc::Server> m_server;
std::vector<std::thread> m_threads; std::vector<std::thread> m_threads;
::grpc::ServerBuilder m_server_builder;
void init_mtls_server_builder();
void init_unix_server_builder();
}; };
} // namespace grpc } // namespace grpc