Move falco engine to its own library.

Move the c++ and lua code implementing falco engine/falco common to its
own directory userspace/engine. It's compiled as a static library
libfalco_engine.a, and has its own CMakeLists.txt so it can be included
by other projects.

The engine's CMakeLists.txt has a add_subdirectory for the falco rules
directory, so including the engine also builds the rules.

The variables you need to set to use the engine's CMakeLists.txt are:

- CMAKE_INSTALL_PREFIX: the root directory below which everything is
  installed.
- FALCO_ETC_DIR: where to install the rules file.
- FALCO_SHARE_DIR: where to install lua code, relative to the
- install/package root.
- LUAJIT_INCLUDE: where to find header files for lua.
- FALCO_SINSP_LIBRARY: the library containing sinsp code. It will be
- considered a dependency of the engine.
- LPEG_LIB/LYAML_LIB/LIBYAML_LIB: locations for third-party libraries.
- FALCO_COMPONENT: if set, will be included as a part of any install()
  commands.

Instead of specifying /usr/share/falco in config_falco_*.h.in, use
CMAKE_INSTALL_PREFIX and FALCO_SHARE_DIR.

The lua code for the engine has also moved, so the two lua source
directories (userspace/engine/lua and userspace/falco/lua) need to be
available separately via falco_common, so make it an argument to
falco_common::init.

As a part of making it easy to include in another project, also clean up
LPEG build/defs. Modify build-lpeg to add a PREFIX argument to allow for
object files/libraries being in an alternate location, and when building
lpeg, put object files in a build/ subdirectory.

userspace/engine/CMakeLists.txt

@@ -0,0 +1,31 @@
+include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp/third-party/jsoncpp")
+include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libscap")
+include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp")
+include_directories("${PROJECT_BINARY_DIR}/userspace/engine")
+include_directories("${LUAJIT_INCLUDE}")
+
+add_library(falco_engine STATIC rules.cpp falco_common.cpp falco_engine.cpp)
+
+target_include_directories(falco_engine PUBLIC
+  "${LUAJIT_INCLUDE}")
+
+target_link_libraries(falco_engine
+  "${FALCO_SINSP_LIBRARY}"
+  "${LPEG_LIB}"
+  "${LYAML_LIB}"
+  "${LIBYAML_LIB}")
+
+configure_file(config_falco_engine.h.in config_falco_engine.h)
+
+if(DEFINED FALCO_COMPONENT)
+install(DIRECTORY lua
+	DESTINATION "${FALCO_SHARE_DIR}"
+	COMPONENT "${FALCO_COMPONENT}"
+	FILES_MATCHING PATTERN *.lua)
+else()
+install(DIRECTORY lua
+	DESTINATION "${FALCO_SHARE_DIR}"
+	FILES_MATCHING PATTERN *.lua)
+endif()
+
+add_subdirectory("${PROJECT_SOURCE_DIR}/../falco/rules" "${PROJECT_BINARY_DIR}/rules")

userspace/engine/config_falco_engine.h.in

@@ -0,0 +1,4 @@
+#pragma once
+
+#define FALCO_ENGINE_LUA_DIR "${CMAKE_INSTALL_PREFIX}/${FALCO_SHARE_DIR}/lua/"
+#define FALCO_ENGINE_SOURCE_LUA_DIR "${PROJECT_SOURCE_DIR}/../falco/userspace/engine/lua/"

userspace/engine/falco_common.cpp

@@ -1,6 +1,6 @@
 #include <fstream>
 
-#include "config_falco.h"
+#include "config_falco_engine.h"
 #include "falco_common.h"
 
 falco_common::falco_common()
@@ -22,24 +22,24 @@ void falco_common::set_inspector(sinsp *inspector)
 	m_inspector = inspector;
 }
 
-void falco_common::init(string &lua_main_filename)
+void falco_common::init(const char *lua_main_filename, const char *source_dir)
 {
 	ifstream is;
-	string lua_dir = FALCO_LUA_DIR;
+	string lua_dir = FALCO_ENGINE_LUA_DIR;
 	string lua_main_path = lua_dir + lua_main_filename;
 
 	is.open(lua_main_path);
 	if (!is.is_open())
 	{
-		lua_dir = FALCO_SOURCE_LUA_DIR;
+		lua_dir = source_dir;
 		lua_main_path = lua_dir + lua_main_filename;
 
 		is.open(lua_main_path);
 		if (!is.is_open())
 		{
 			throw falco_exception("Could not find Falco Lua entrypoint (tried " +
-					      string(FALCO_LUA_DIR) + lua_main_filename + ", " +
-					      string(FALCO_SOURCE_LUA_DIR) + lua_main_filename + ")");
+					      string(FALCO_ENGINE_LUA_DIR) + lua_main_filename + ", " +
+					      string(source_dir) + lua_main_filename + ")");
 		}
 	}
 

userspace/engine/falco_common.h

@@ -52,7 +52,7 @@ public:
 	falco_common();
 	virtual ~falco_common();
 
-	void init(std::string &lua_main_filename);
+	void init(const char *lua_main_filename, const char *source_dir);
 
 	void set_inspector(sinsp *inspector);
 

userspace/engine/falco_engine.cpp

@@ -2,6 +2,7 @@
 #include <fstream>
 
 #include "falco_engine.h"
+#include "config_falco_engine.h"
 
 extern "C" {
 #include "lpeg.h"
@@ -17,11 +18,12 @@ string lua_print_stats = "print_stats";
 using namespace std;
 
 falco_engine::falco_engine()
+	: m_rules(NULL)
 {
 	luaopen_lpeg(m_ls);
 	luaopen_yaml(m_ls);
 
-	falco_common::init(m_lua_main_filename);
+	falco_common::init(m_lua_main_filename.c_str(), FALCO_ENGINE_SOURCE_LUA_DIR);
 	falco_rules::init(m_ls);
 }
 

userspace/engine/falco_engine.h

@@ -7,7 +7,6 @@
 
 #include "rules.h"
 
-#include "config_falco.h"
 #include "falco_common.h"
 
 //

userspace/falco/CMakeLists.txt

@@ -3,17 +3,16 @@ include_directories("${LUAJIT_INCLUDE}")
 
 include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libscap")
 include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp")
+include_directories("${PROJECT_SOURCE_DIR}/userspace/engine")
 include_directories("${PROJECT_BINARY_DIR}/userspace/falco")
 include_directories("${CURL_INCLUDE_DIR}")
 include_directories("${YAMLCPP_INCLUDE_DIR}")
 include_directories("${DRAIOS_DEPENDENCIES_DIR}/yaml-${DRAIOS_YAML_VERSION}/target/include")
 
-add_executable(falco configuration.cpp formats.cpp rules.cpp logger.cpp falco_common.cpp falco_engine.cpp falco_outputs.cpp falco.cpp)
+add_executable(falco configuration.cpp formats.cpp logger.cpp falco_outputs.cpp falco.cpp)
 
-target_link_libraries(falco sinsp)
+target_link_libraries(falco falco_engine sinsp)
 target_link_libraries(falco
-	"${LPEG_SRC}/lpeg.a"
-	"${LYAML_LIB}"
         "${LIBYAML_LIB}"
 	"${YAMLCPP_LIB}")
 

userspace/falco/config_falco.h.in

@@ -2,7 +2,7 @@
 
 #define FALCO_VERSION "${FALCO_VERSION}"
 
-#define FALCO_LUA_DIR "/usr/share/falco/lua/"
+#define FALCO_LUA_DIR "${CMAKE_INSTALL_PREFIX}/${FALCO_SHARE_DIR}/lua/"
 #define FALCO_SOURCE_DIR "${PROJECT_SOURCE_DIR}"
 #define FALCO_SOURCE_CONF_FILE "${PROJECT_SOURCE_DIR}/falco.yaml"
 #define FALCO_INSTALL_CONF_FILE "/etc/falco.yaml"

userspace/falco/falco.cpp

@@ -14,6 +14,7 @@
 
 #include "configuration.h"
 #include "falco_engine.h"
+#include "config_falco.h"
 
 bool g_terminate = false;
 //

userspace/falco/falco_outputs.cpp

@@ -1,6 +1,9 @@
 
 #include "falco_outputs.h"
 
+#include "config_falco.h"
+
+
 #include "formats.h"
 #include "logger.h"
 
@@ -24,7 +27,7 @@ void falco_outputs::init(bool json_output)
 		throw falco_exception("No inspector provided");
 	}
 
-	falco_common::init(m_lua_main_filename);
+	falco_common::init(m_lua_main_filename.c_str(), FALCO_SOURCE_LUA_DIR);
 
 	falco_formats::init(m_inspector, m_ls, json_output);
 

userspace/falco/falco_outputs.h

@@ -1,7 +1,5 @@
 #pragma once
 
-#include "config_falco.h"
-
 #include "falco_common.h"
 
 //