mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-20 09:29:42 +00:00
cleanup: some renaming from bpf to ebpf
the idea is to use only the word `ebpf` in Falco Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
This commit is contained in:
Andrea Terzolo
poiana
parent
4127764129
commit
f3f56db5ca
@ -62,8 +62,8 @@
|
||||
# syscall_event_timeouts
|
||||
# syscall_event_drops
|
||||
# metrics
|
||||
# Falco driver
|
||||
# driver
|
||||
# Falco engine
|
||||
# engine
|
||||
# Falco performance tuning (advanced)
|
||||
# syscall_buf_size_preset
|
||||
# syscall_drop_failed_exit
|
||||
@ -772,7 +772,7 @@ metrics:
|
||||
include_empty_values: false
|
||||
|
||||
################
|
||||
# Falco driver #
|
||||
# Falco engine #
|
||||
################
|
||||
|
||||
# [Stable] `engine`
|
||||
@ -793,7 +793,7 @@ metrics:
|
||||
# Select the appropriate engine kind by uncommenting the corresponding line.
|
||||
# Make sure to specify only one engine kind at a time.
|
||||
# Moreover, for each engine multiple options might be available,
|
||||
# grouped under the `engine.$kind` configuration key.
|
||||
# grouped under the `engine.kind` configuration key.
|
||||
|
||||
engine:
|
||||
kind: kmod
|
||||
|
||||
@ -27,30 +27,30 @@ TEST(ActionConfigureSyscallBufferNum, variable_number_of_CPUs)
|
||||
FAIL() << "cannot get the number of online CPUs from the system\n";
|
||||
}
|
||||
|
||||
// not modern bpf engine, we do nothing
|
||||
// not modern ebpf engine, we do nothing
|
||||
{
|
||||
falco::app::state s;
|
||||
s.options.modern_bpf = false;
|
||||
EXPECT_ACTION_OK(action(s));
|
||||
}
|
||||
|
||||
// modern bpf engine, with an invalid number of CPUs
|
||||
// modern ebpf engine, with an invalid number of CPUs
|
||||
// default `m_cpus_for_each_syscall_buffer` to online CPU number
|
||||
{
|
||||
falco::app::state s;
|
||||
s.options.modern_bpf = true;
|
||||
s.config->m_modern_bpf.m_cpus_for_each_syscall_buffer = online_cpus + 1;
|
||||
s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer = online_cpus + 1;
|
||||
EXPECT_ACTION_OK(action(s));
|
||||
EXPECT_EQ(s.config->m_modern_bpf.m_cpus_for_each_syscall_buffer, online_cpus);
|
||||
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, online_cpus);
|
||||
}
|
||||
|
||||
// modern bpf engine, with an valid number of CPUs
|
||||
// modern ebpf engine, with a valid number of CPUs
|
||||
// we don't modify `m_cpus_for_each_syscall_buffer`
|
||||
{
|
||||
falco::app::state s;
|
||||
s.options.modern_bpf = true;
|
||||
s.config->m_modern_bpf.m_cpus_for_each_syscall_buffer = online_cpus - 1;
|
||||
s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer = online_cpus - 1;
|
||||
EXPECT_ACTION_OK(action(s));
|
||||
EXPECT_EQ(s.config->m_modern_bpf.m_cpus_for_each_syscall_buffer, online_cpus - 1);
|
||||
EXPECT_EQ(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, online_cpus - 1);
|
||||
}
|
||||
}
|
||||
|
||||
@ -34,10 +34,10 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_num(falco::
|
||||
return run_result::fatal("cannot get the number of online CPUs from the system\n");
|
||||
}
|
||||
|
||||
if(s.config->m_modern_bpf.m_cpus_for_each_syscall_buffer > online_cpus)
|
||||
if(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer > online_cpus)
|
||||
{
|
||||
falco_logger::log(falco_logger::level::WARNING, "you required a buffer every '" + std::to_string(s.config->m_modern_bpf.m_cpus_for_each_syscall_buffer) + "' CPUs but there are only '" + std::to_string(online_cpus) + "' online CPUs. Falco changed the config to: one buffer every '" + std::to_string(online_cpus) + "' CPUs\n");
|
||||
s.config->m_modern_bpf.m_cpus_for_each_syscall_buffer = online_cpus;
|
||||
falco_logger::log(falco_logger::level::WARNING, "you required a buffer every '" + std::to_string(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer) + "' CPUs but there are only '" + std::to_string(online_cpus) + "' online CPUs. Falco changed the config to: one buffer every '" + std::to_string(online_cpus) + "' CPUs\n");
|
||||
s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer = online_cpus;
|
||||
}
|
||||
#endif
|
||||
return run_result::ok();
|
||||
|
||||
@ -96,12 +96,12 @@ falco::app::run_result falco::app::actions::open_live_inspector(
|
||||
else if(s.config->m_engine_mode == engine_kind_t::MODERN_EBPF) /* modern BPF engine. */
|
||||
{
|
||||
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with modern BPF probe.");
|
||||
falco_logger::log(falco_logger::level::INFO, "One ring buffer every '" + std::to_string(s.config->m_modern_bpf.m_cpus_for_each_syscall_buffer) + "' CPUs.");
|
||||
inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_modern_bpf.m_cpus_for_each_syscall_buffer, true, s.selected_sc_set);
|
||||
falco_logger::log(falco_logger::level::INFO, "One ring buffer every '" + std::to_string(s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer) + "' CPUs.");
|
||||
inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_modern_ebpf.m_cpus_for_each_syscall_buffer, true, s.selected_sc_set);
|
||||
}
|
||||
else if(s.config->m_engine_mode == engine_kind_t::EBPF) /* BPF engine. */
|
||||
{
|
||||
const char *bpf_probe_path = s.config->m_bpf.m_probe_path.c_str();
|
||||
const char *bpf_probe_path = s.config->m_ebpf.m_probe_path.c_str();
|
||||
char full_path[PATH_MAX];
|
||||
/* If the path is empty try to load the probe from the default path. */
|
||||
if(strncmp(bpf_probe_path, "", 1) == 0)
|
||||
|
||||
@ -32,7 +32,7 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s)
|
||||
if (getenv(FALCO_BPF_ENV_VARIABLE))
|
||||
{
|
||||
s.config->m_engine_mode = engine_kind_t::EBPF;
|
||||
s.config->m_bpf.m_probe_path = getenv(FALCO_BPF_ENV_VARIABLE);
|
||||
s.config->m_ebpf.m_probe_path = getenv(FALCO_BPF_ENV_VARIABLE);
|
||||
}
|
||||
else if (s.options.modern_bpf)
|
||||
{
|
||||
|
||||
@ -169,10 +169,10 @@ struct state
|
||||
drop_failed = config->m_kmod.m_drop_failed_exit;
|
||||
break;
|
||||
case engine_kind_t::EBPF:
|
||||
drop_failed = config->m_bpf.m_drop_failed_exit;
|
||||
drop_failed = config->m_ebpf.m_drop_failed_exit;
|
||||
break;
|
||||
case engine_kind_t::MODERN_EBPF:
|
||||
drop_failed = config->m_modern_bpf.m_drop_failed_exit;
|
||||
drop_failed = config->m_modern_ebpf.m_drop_failed_exit;
|
||||
break;
|
||||
default:
|
||||
drop_failed = false;
|
||||
@ -189,10 +189,10 @@ struct state
|
||||
index = config->m_kmod.m_buf_size_preset;
|
||||
break;
|
||||
case engine_kind_t::EBPF:
|
||||
index = config->m_bpf.m_buf_size_preset;
|
||||
index = config->m_ebpf.m_buf_size_preset;
|
||||
break;
|
||||
case engine_kind_t::MODERN_EBPF:
|
||||
index = config->m_modern_bpf.m_buf_size_preset;
|
||||
index = config->m_modern_ebpf.m_buf_size_preset;
|
||||
break;
|
||||
default:
|
||||
// unsupported
|
||||
|
||||
@ -135,14 +135,14 @@ void falco_configuration::load_engine_config(const std::string& config_name, con
|
||||
// TODO: default value for `probe` should be $HOME/FALCO_PROBE_BPF_FILEPATH,
|
||||
// to be done once we drop the CLI option otherwise we would need to make the check twice,
|
||||
// once here, and once when we merge the CLI options in the config file.
|
||||
m_bpf.m_probe_path = config.get_scalar<std::string>("engine.ebpf.probe", "");
|
||||
m_bpf.m_buf_size_preset = config.get_scalar<int16_t>("engine.ebpf.buf_size_preset", 4);
|
||||
m_bpf.m_drop_failed_exit = config.get_scalar<bool>("engine.ebpf.drop_failed", false);
|
||||
m_ebpf.m_probe_path = config.get_scalar<std::string>("engine.ebpf.probe", "");
|
||||
m_ebpf.m_buf_size_preset = config.get_scalar<int16_t>("engine.ebpf.buf_size_preset", 4);
|
||||
m_ebpf.m_drop_failed_exit = config.get_scalar<bool>("engine.ebpf.drop_failed", false);
|
||||
break;
|
||||
case engine_kind_t::MODERN_EBPF:
|
||||
m_modern_bpf.m_cpus_for_each_syscall_buffer = config.get_scalar<uint16_t>("engine.modern-ebpf.cpus_for_each_syscall_buffer", 2);
|
||||
m_modern_bpf.m_buf_size_preset = config.get_scalar<int16_t>("engine.modern-ebpf.buf_size_preset", 4);
|
||||
m_modern_bpf.m_drop_failed_exit = config.get_scalar<bool>("engine.modern-ebpf.drop_failed", false);
|
||||
m_modern_ebpf.m_cpus_for_each_syscall_buffer = config.get_scalar<uint16_t>("engine.modern-ebpf.cpus_for_each_syscall_buffer", 2);
|
||||
m_modern_ebpf.m_buf_size_preset = config.get_scalar<int16_t>("engine.modern-ebpf.buf_size_preset", 4);
|
||||
m_modern_ebpf.m_drop_failed_exit = config.get_scalar<bool>("engine.modern-ebpf.drop_failed", false);
|
||||
break;
|
||||
case engine_kind_t::REPLAY:
|
||||
m_replay.m_trace_file = config.get_scalar<std::string>("engine.replay.trace_file", "");
|
||||
@ -429,12 +429,12 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h
|
||||
*/
|
||||
// TODO: remove in Falco 0.38 since they are deprecated.
|
||||
m_kmod.m_buf_size_preset = config.get_scalar<uint16_t>("syscall_buf_size_preset", 4);
|
||||
m_bpf.m_buf_size_preset = config.get_scalar<uint16_t>("syscall_buf_size_preset", 4);
|
||||
m_modern_bpf.m_buf_size_preset = config.get_scalar<uint16_t>("syscall_buf_size_preset", 4);
|
||||
m_modern_bpf.m_cpus_for_each_syscall_buffer = config.get_scalar<uint16_t>("modern_bpf.cpus_for_each_syscall_buffer", 2);
|
||||
m_ebpf.m_buf_size_preset = config.get_scalar<uint16_t>("syscall_buf_size_preset", 4);
|
||||
m_modern_ebpf.m_buf_size_preset = config.get_scalar<uint16_t>("syscall_buf_size_preset", 4);
|
||||
m_modern_ebpf.m_cpus_for_each_syscall_buffer = config.get_scalar<uint16_t>("modern_bpf.cpus_for_each_syscall_buffer", 2);
|
||||
m_kmod.m_drop_failed_exit = config.get_scalar<bool>("syscall_drop_failed_exit", false);
|
||||
m_bpf.m_drop_failed_exit = config.get_scalar<bool>("syscall_drop_failed_exit", false);
|
||||
m_modern_bpf.m_drop_failed_exit = config.get_scalar<bool>("syscall_drop_failed_exit", false);
|
||||
m_ebpf.m_drop_failed_exit = config.get_scalar<bool>("syscall_drop_failed_exit", false);
|
||||
m_modern_ebpf.m_drop_failed_exit = config.get_scalar<bool>("syscall_drop_failed_exit", false);
|
||||
|
||||
m_base_syscalls_custom_set.clear();
|
||||
config.get_sequence<std::unordered_set<std::string>>(m_base_syscalls_custom_set, std::string("base_syscalls.custom_set"));
|
||||
|
||||
@ -70,14 +70,14 @@ public:
|
||||
std::string m_probe_path;
|
||||
int16_t m_buf_size_preset;
|
||||
bool m_drop_failed_exit;
|
||||
} bpf_config;
|
||||
} ebpf_config;
|
||||
|
||||
typedef struct {
|
||||
public:
|
||||
uint16_t m_cpus_for_each_syscall_buffer;
|
||||
int16_t m_buf_size_preset;
|
||||
bool m_drop_failed_exit;
|
||||
} modern_bpf_config;
|
||||
} modern_ebpf_config;
|
||||
|
||||
typedef struct {
|
||||
public:
|
||||
@ -104,7 +104,6 @@ public:
|
||||
std::list<std::string> m_loaded_rules_filenames;
|
||||
// List of loaded rule folders
|
||||
std::list<std::string> m_loaded_rules_folders;
|
||||
engine_kind_t m_engine_mode;
|
||||
bool m_json_output;
|
||||
bool m_json_include_output_property;
|
||||
bool m_json_include_tags_property;
|
||||
@ -160,9 +159,11 @@ public:
|
||||
bool m_metrics_convert_memory_to_mb;
|
||||
bool m_metrics_include_empty_values;
|
||||
|
||||
// Falco engine
|
||||
engine_kind_t m_engine_mode;
|
||||
kmod_config m_kmod;
|
||||
bpf_config m_bpf;
|
||||
modern_bpf_config m_modern_bpf;
|
||||
ebpf_config m_ebpf;
|
||||
modern_ebpf_config m_modern_ebpf;
|
||||
replay_config m_replay;
|
||||
gvisor_config m_gvisor;
|
||||
std::vector<plugin_config> m_plugins;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user