diff --git a/CMakeLists.txt b/CMakeLists.txt index b0809137..730f559f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,8 +6,8 @@ if(NOT DEFINED FALCO_VERSION) set(FALCO_VERSION "0.1.1dev") endif() -if(NOT DEFINED DIR_ETC) - set(DIR_ETC "/etc") +if(NOT DEFINED FALCO_ETC_DIR) + set(FALCO_ETC_DIR "/etc") endif() if(NOT CMAKE_BUILD_TYPE) @@ -39,6 +39,7 @@ set(PACKAGE_NAME "falco") set(PROBE_VERSION "${FALCO_VERSION}") set(PROBE_NAME "sysdig-probe") set(PROBE_DEVICE_NAME "sysdig") +set(CMAKE_INSTALL_PREFIX /usr) set(CMD_MAKE make) @@ -160,11 +161,12 @@ ExternalProject_Add(luajit INSTALL_COMMAND "") set (LPEG_SRC "${PROJECT_BINARY_DIR}/lpeg-prefix/src/lpeg") +set (LPEG_LIB "${PROJECT_BINARY_DIR}/lpeg-prefix/src/lpeg/build/lpeg.a") ExternalProject_Add(lpeg DEPENDS luajit URL "http://s3.amazonaws.com/download.draios.com/dependencies/lpeg-1.0.0.tar.gz" URL_MD5 "0aec64ccd13996202ad0c099e2877ece" - BUILD_COMMAND LUA_INCLUDE=${LUAJIT_INCLUDE} "${PROJECT_SOURCE_DIR}/scripts/build-lpeg.sh" + BUILD_COMMAND LUA_INCLUDE=${LUAJIT_INCLUDE} "${PROJECT_SOURCE_DIR}/scripts/build-lpeg.sh" "${LPEG_SRC}/build" BUILD_IN_SOURCE 1 CONFIGURE_COMMAND "" INSTALL_COMMAND "") @@ -188,17 +190,19 @@ ExternalProject_Add(lyaml BUILD_COMMAND ${CMD_MAKE} BUILD_IN_SOURCE 1 CONFIGURE_COMMAND ./configure --enable-static LIBS=-L../../../libyaml-prefix/src/libyaml/src/.libs CFLAGS=-I../../../libyaml-prefix/src/libyaml/include CPPFLAGS=-I../../../libyaml-prefix/src/libyaml/include LUA_INCLUDE=-I../../../luajit-prefix/src/luajit/src LUA=../../../luajit-prefix/src/luajit/src/luajit - INSTALL_COMMAND sh -c "cp -R ${PROJECT_BINARY_DIR}/lyaml-prefix/src/lyaml/lib/* ${PROJECT_SOURCE_DIR}/userspace/falco/lua") + INSTALL_COMMAND sh -c "cp -R ${PROJECT_BINARY_DIR}/lyaml-prefix/src/lyaml/lib/* ${PROJECT_SOURCE_DIR}/userspace/engine/lua") install(FILES falco.yaml - DESTINATION "${DIR_ETC}") + DESTINATION "${FALCO_ETC_DIR}") add_subdirectory("${SYSDIG_DIR}/driver" "${PROJECT_BINARY_DIR}/driver") add_subdirectory("${SYSDIG_DIR}/userspace/libscap" "${PROJECT_BINARY_DIR}/userspace/libscap") add_subdirectory("${SYSDIG_DIR}/userspace/libsinsp" "${PROJECT_BINARY_DIR}/userspace/libsinsp") -add_subdirectory(rules) add_subdirectory(scripts) +set(FALCO_SINSP_LIBRARY sinsp) +set(FALCO_SHARE_DIR share/falco) +add_subdirectory(userspace/engine) add_subdirectory(userspace/falco) diff --git a/rules/CMakeLists.txt b/rules/CMakeLists.txt index 8e7bfb68..916f5f8f 100644 --- a/rules/CMakeLists.txt +++ b/rules/CMakeLists.txt @@ -1,3 +1,13 @@ -install(FILES falco_rules.yaml - DESTINATION "${DIR_ETC}") +if(NOT DEFINED FALCO_ETC_DIR) + set(FALCO_ETC_DIR "/etc") +endif() + +if(DEFINED FALCO_COMPONENT) +install(FILES falco_rules.yaml + COMPONENT "${FALCO_COMPONENT}" + DESTINATION "${FALCO_ETC_DIR}") +else() +install(FILES falco_rules.yaml + DESTINATION "${FALCO_ETC_DIR}") +endif() diff --git a/scripts/build-lpeg.sh b/scripts/build-lpeg.sh index 6a8db3fd..ba77159f 100755 --- a/scripts/build-lpeg.sh +++ b/scripts/build-lpeg.sh @@ -1,17 +1,29 @@ -#!/bin/sh +#!/bin/bash -gcc -O2 -fPIC -I$LUA_INCLUDE -c lpcap.c -o lpcap.o -gcc -O2 -fPIC -I$LUA_INCLUDE -c lpcode.c -o lpcode.o -gcc -O2 -fPIC -I$LUA_INCLUDE -c lpprint.c -o lpprint.o -gcc -O2 -fPIC -I$LUA_INCLUDE -c lptree.c -o lptree.o -gcc -O2 -fPIC -I$LUA_INCLUDE -c lpvm.c -o lpvm.o +set -ex + +PREFIX=$1 + +if [ -z $PREFIX ]; then + PREFIX=. +fi + +mkdir -p $PREFIX + +gcc -O2 -fPIC -I$LUA_INCLUDE -c lpcap.c -o $PREFIX/lpcap.o +gcc -O2 -fPIC -I$LUA_INCLUDE -c lpcode.c -o $PREFIX/lpcode.o +gcc -O2 -fPIC -I$LUA_INCLUDE -c lpprint.c -o $PREFIX/lpprint.o +gcc -O2 -fPIC -I$LUA_INCLUDE -c lptree.c -o $PREFIX/lptree.o +gcc -O2 -fPIC -I$LUA_INCLUDE -c lpvm.c -o $PREFIX/lpvm.o # For building lpeg.so, which we don't need now that we're statically linking lpeg.a into falco #gcc -shared -o lpeg.so -L/usr/local/lib lpcap.o lpcode.o lpprint.o lptree.o lpvm.o #gcc -shared -o lpeg.so -L/usr/local/lib lpcap.o lpcode.o lpprint.o lptree.o lpvm.o +pushd $PREFIX /usr/bin/ar cr lpeg.a lpcap.o lpcode.o lpprint.o lptree.o lpvm.o /usr/bin/ranlib lpeg.a +popd chmod ug+w re.lua diff --git a/userspace/engine/CMakeLists.txt b/userspace/engine/CMakeLists.txt new file mode 100644 index 00000000..dfc85495 --- /dev/null +++ b/userspace/engine/CMakeLists.txt @@ -0,0 +1,31 @@ +include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp/third-party/jsoncpp") +include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libscap") +include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp") +include_directories("${PROJECT_BINARY_DIR}/userspace/engine") +include_directories("${LUAJIT_INCLUDE}") + +add_library(falco_engine STATIC rules.cpp falco_common.cpp falco_engine.cpp) + +target_include_directories(falco_engine PUBLIC + "${LUAJIT_INCLUDE}") + +target_link_libraries(falco_engine + "${FALCO_SINSP_LIBRARY}" + "${LPEG_LIB}" + "${LYAML_LIB}" + "${LIBYAML_LIB}") + +configure_file(config_falco_engine.h.in config_falco_engine.h) + +if(DEFINED FALCO_COMPONENT) +install(DIRECTORY lua + DESTINATION "${FALCO_SHARE_DIR}" + COMPONENT "${FALCO_COMPONENT}" + FILES_MATCHING PATTERN *.lua) +else() +install(DIRECTORY lua + DESTINATION "${FALCO_SHARE_DIR}" + FILES_MATCHING PATTERN *.lua) +endif() + +add_subdirectory("${PROJECT_SOURCE_DIR}/../falco/rules" "${PROJECT_BINARY_DIR}/rules") diff --git a/userspace/engine/config_falco_engine.h.in b/userspace/engine/config_falco_engine.h.in new file mode 100644 index 00000000..a0481911 --- /dev/null +++ b/userspace/engine/config_falco_engine.h.in @@ -0,0 +1,4 @@ +#pragma once + +#define FALCO_ENGINE_LUA_DIR "${CMAKE_INSTALL_PREFIX}/${FALCO_SHARE_DIR}/lua/" +#define FALCO_ENGINE_SOURCE_LUA_DIR "${PROJECT_SOURCE_DIR}/../falco/userspace/engine/lua/" diff --git a/userspace/falco/falco_common.cpp b/userspace/engine/falco_common.cpp similarity index 84% rename from userspace/falco/falco_common.cpp rename to userspace/engine/falco_common.cpp index 47874180..1e2361ec 100644 --- a/userspace/falco/falco_common.cpp +++ b/userspace/engine/falco_common.cpp @@ -1,6 +1,6 @@ #include -#include "config_falco.h" +#include "config_falco_engine.h" #include "falco_common.h" falco_common::falco_common() @@ -22,24 +22,24 @@ void falco_common::set_inspector(sinsp *inspector) m_inspector = inspector; } -void falco_common::init(string &lua_main_filename) +void falco_common::init(const char *lua_main_filename, const char *source_dir) { ifstream is; - string lua_dir = FALCO_LUA_DIR; + string lua_dir = FALCO_ENGINE_LUA_DIR; string lua_main_path = lua_dir + lua_main_filename; is.open(lua_main_path); if (!is.is_open()) { - lua_dir = FALCO_SOURCE_LUA_DIR; + lua_dir = source_dir; lua_main_path = lua_dir + lua_main_filename; is.open(lua_main_path); if (!is.is_open()) { throw falco_exception("Could not find Falco Lua entrypoint (tried " + - string(FALCO_LUA_DIR) + lua_main_filename + ", " + - string(FALCO_SOURCE_LUA_DIR) + lua_main_filename + ")"); + string(FALCO_ENGINE_LUA_DIR) + lua_main_filename + ", " + + string(source_dir) + lua_main_filename + ")"); } } diff --git a/userspace/falco/falco_common.h b/userspace/engine/falco_common.h similarity index 93% rename from userspace/falco/falco_common.h rename to userspace/engine/falco_common.h index b3c49e06..d08a274d 100644 --- a/userspace/falco/falco_common.h +++ b/userspace/engine/falco_common.h @@ -52,7 +52,7 @@ public: falco_common(); virtual ~falco_common(); - void init(std::string &lua_main_filename); + void init(const char *lua_main_filename, const char *source_dir); void set_inspector(sinsp *inspector); diff --git a/userspace/falco/falco_engine.cpp b/userspace/engine/falco_engine.cpp similarity index 95% rename from userspace/falco/falco_engine.cpp rename to userspace/engine/falco_engine.cpp index f144721e..c4dcb771 100644 --- a/userspace/falco/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -2,6 +2,7 @@ #include #include "falco_engine.h" +#include "config_falco_engine.h" extern "C" { #include "lpeg.h" @@ -17,11 +18,12 @@ string lua_print_stats = "print_stats"; using namespace std; falco_engine::falco_engine() + : m_rules(NULL) { luaopen_lpeg(m_ls); luaopen_yaml(m_ls); - falco_common::init(m_lua_main_filename); + falco_common::init(m_lua_main_filename.c_str(), FALCO_ENGINE_SOURCE_LUA_DIR); falco_rules::init(m_ls); } diff --git a/userspace/falco/falco_engine.h b/userspace/engine/falco_engine.h similarity index 98% rename from userspace/falco/falco_engine.h rename to userspace/engine/falco_engine.h index 63675af9..38661a06 100644 --- a/userspace/falco/falco_engine.h +++ b/userspace/engine/falco_engine.h @@ -7,7 +7,6 @@ #include "rules.h" -#include "config_falco.h" #include "falco_common.h" // diff --git a/userspace/falco/lpeg.h b/userspace/engine/lpeg.h similarity index 100% rename from userspace/falco/lpeg.h rename to userspace/engine/lpeg.h diff --git a/userspace/falco/lua/README.md b/userspace/engine/lua/README.md similarity index 100% rename from userspace/falco/lua/README.md rename to userspace/engine/lua/README.md diff --git a/userspace/falco/lua/compiler.lua b/userspace/engine/lua/compiler.lua similarity index 100% rename from userspace/falco/lua/compiler.lua rename to userspace/engine/lua/compiler.lua diff --git a/userspace/falco/lua/parser-smoke.sh b/userspace/engine/lua/parser-smoke.sh similarity index 100% rename from userspace/falco/lua/parser-smoke.sh rename to userspace/engine/lua/parser-smoke.sh diff --git a/userspace/falco/lua/parser.lua b/userspace/engine/lua/parser.lua similarity index 100% rename from userspace/falco/lua/parser.lua rename to userspace/engine/lua/parser.lua diff --git a/userspace/falco/lua/rule_loader.lua b/userspace/engine/lua/rule_loader.lua similarity index 100% rename from userspace/falco/lua/rule_loader.lua rename to userspace/engine/lua/rule_loader.lua diff --git a/userspace/falco/lyaml.h b/userspace/engine/lyaml.h similarity index 100% rename from userspace/falco/lyaml.h rename to userspace/engine/lyaml.h diff --git a/userspace/falco/rules.cpp b/userspace/engine/rules.cpp similarity index 100% rename from userspace/falco/rules.cpp rename to userspace/engine/rules.cpp diff --git a/userspace/falco/rules.h b/userspace/engine/rules.h similarity index 100% rename from userspace/falco/rules.h rename to userspace/engine/rules.h diff --git a/userspace/falco/CMakeLists.txt b/userspace/falco/CMakeLists.txt index 510c0b54..9111bcfa 100644 --- a/userspace/falco/CMakeLists.txt +++ b/userspace/falco/CMakeLists.txt @@ -3,17 +3,16 @@ include_directories("${LUAJIT_INCLUDE}") include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libscap") include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp") +include_directories("${PROJECT_SOURCE_DIR}/userspace/engine") include_directories("${PROJECT_BINARY_DIR}/userspace/falco") include_directories("${CURL_INCLUDE_DIR}") include_directories("${YAMLCPP_INCLUDE_DIR}") include_directories("${DRAIOS_DEPENDENCIES_DIR}/yaml-${DRAIOS_YAML_VERSION}/target/include") -add_executable(falco configuration.cpp formats.cpp rules.cpp logger.cpp falco_common.cpp falco_engine.cpp falco_outputs.cpp falco.cpp) +add_executable(falco configuration.cpp formats.cpp logger.cpp falco_outputs.cpp falco.cpp) -target_link_libraries(falco sinsp) +target_link_libraries(falco falco_engine sinsp) target_link_libraries(falco - "${LPEG_SRC}/lpeg.a" - "${LYAML_LIB}" "${LIBYAML_LIB}" "${YAMLCPP_LIB}") diff --git a/userspace/falco/config_falco.h.in b/userspace/falco/config_falco.h.in index 0f0ab124..a977dbb0 100644 --- a/userspace/falco/config_falco.h.in +++ b/userspace/falco/config_falco.h.in @@ -2,7 +2,7 @@ #define FALCO_VERSION "${FALCO_VERSION}" -#define FALCO_LUA_DIR "/usr/share/falco/lua/" +#define FALCO_LUA_DIR "${CMAKE_INSTALL_PREFIX}/${FALCO_SHARE_DIR}/lua/" #define FALCO_SOURCE_DIR "${PROJECT_SOURCE_DIR}" #define FALCO_SOURCE_CONF_FILE "${PROJECT_SOURCE_DIR}/falco.yaml" #define FALCO_INSTALL_CONF_FILE "/etc/falco.yaml" diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp index 8359c2a2..e7ebc1b2 100644 --- a/userspace/falco/falco.cpp +++ b/userspace/falco/falco.cpp @@ -14,6 +14,7 @@ #include "configuration.h" #include "falco_engine.h" +#include "config_falco.h" bool g_terminate = false; // diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp index 7929f1c1..d16cbdda 100644 --- a/userspace/falco/falco_outputs.cpp +++ b/userspace/falco/falco_outputs.cpp @@ -1,6 +1,9 @@ #include "falco_outputs.h" +#include "config_falco.h" + + #include "formats.h" #include "logger.h" @@ -24,7 +27,7 @@ void falco_outputs::init(bool json_output) throw falco_exception("No inspector provided"); } - falco_common::init(m_lua_main_filename); + falco_common::init(m_lua_main_filename.c_str(), FALCO_SOURCE_LUA_DIR); falco_formats::init(m_inspector, m_ls, json_output); diff --git a/userspace/falco/falco_outputs.h b/userspace/falco/falco_outputs.h index 938dbb94..28da94d6 100644 --- a/userspace/falco/falco_outputs.h +++ b/userspace/falco/falco_outputs.h @@ -1,7 +1,5 @@ #pragma once -#include "config_falco.h" - #include "falco_common.h" //