falco

mirror of https://github.com/falcosecurity/falco.git synced 2026-03-18 18:58:41 +00:00

Author	SHA1	Message	Date
Mark Stemm	acf5c4ce5f	fix(engine): save syscall source only when processing events The optimization in https://github.com/falcosecurity/falco/pull/2210 had a bug when the engine uses multiple sources at the same time--m_syscall_source is a pointer to an entry in the indexed vector m_sources, but if add_source is called multiple times, the vector is resized, which copies the structs but invalidates any pointer to the vector entries. So instead of caching m_syscall_source in add_source(), cache it in process_events(). m_sources won't change once processing events starts. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2022-10-27 18:23:25 +02:00
Yarden Shoham	4a4fa2592b	fix(plugins): trim whitespace in `open_params` `open_params` is read from the falco YAML configuration file and parsed using Go's URL. For example: `c349be6e84/plugins/k8saudit/pkg/k8saudit/source.go (L41-L42)` Go's URL parser does not handle whitespace, so if a user defines the `open_params` in the falco configuration file as follows ```yaml open_params: > /file/path ``` the parser returns an error. To avoid this, we now trim this parameter so no whitespace will be left for Go's URL parser to error out on. For reference see #2262. Signed-off-by: Yarden Shoham <hrsi88@gmail.com>	2022-10-21 19:12:58 +02:00
Jason Dellaluce	10fe9fd84b	fix(userspace/falco): avoid using CPU when main thread waits for parallel event sources Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-14 13:12:22 +02:00
Jason Dellaluce	3d7677ce5b	update(userspace/falco): create struct for sync parallel event sources parallelization Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-14 13:12:22 +02:00
Jason Dellaluce	0fd765f7c3	new(userspace/falco): add simple semaphre implementation Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-14 13:12:22 +02:00
Jason Dellaluce	cca90b2f80	update(userspace/falco): move on from deprecated libs API for printing event list Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-13 17:00:18 +02:00
Jason Dellaluce	6c873418ce	chore(userspace/falco): improve the CLI options helper Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-13 15:39:18 +02:00
Jason Dellaluce	f12531a153	chore(userspace/falco): log cli options with debug level Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-13 15:39:18 +02:00
Jason Dellaluce	9d8f130f47	fix(userspace/falco): make sure validation summary is populated even when json output is requested Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-12 14:03:20 +02:00
Jason Dellaluce	9ee0298c4d	fix(userspace/engine): avoid macro/list used checks if we encounter an error Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-12 14:03:20 +02:00
Jason Dellaluce	7da30ca661	chore(userspace/falco): make logging optional when terminating, restarting, and reopening outputs Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-12 13:14:20 +02:00
Jason Dellaluce	57b26530b6	update(userspace) fix cppcheck warnings Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-12 12:07:20 +02:00
Jason Dellaluce	3629c4dc4a	update(userspace): solve cppcheck performance suggestions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-12 12:07:20 +02:00
Jason Dellaluce	5e531870a9	fix(userspace/engine): fix unit test segfault Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-12 11:17:20 +02:00
Jason Dellaluce	f684e144be	chore(userspace/falco): polish ignored event warning message Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-12 11:17:20 +02:00
Jason Dellaluce	a4218a4b4f	fix(userspace/falco): print right list in ignored events warning Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-12 11:17:20 +02:00
Jason Dellaluce	48fbe0801d	fix(userspace/falco): print right list of ignored events when in simple cons mode Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-12 11:17:20 +02:00
Jason Dellaluce	c47492ab6d	update(userspace/falco): populate list of interesting event types in app state Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-12 11:17:20 +02:00
Jason Dellaluce	4cb556aed2	update(userspace/engine): use sinsp api to access event table information Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-12 11:17:20 +02:00
Jason Dellaluce	5f2bc6a2d3	fix(userspace/falco): properly handle termination at source opening failures Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	88c7202fdc	fix(userspace/falco): check conditions in right order Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	a98a1b2c4c	fix(userspace/falco/falco): allow output reopening to happen multiple times Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	77857a7236	fix(userspace/falco): solve warning Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	e011b3b5e5	chore(userspace/falco): fix typo Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	fd4d521a5f	fix(userspace/falco): make multi-source termination condition more stable Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	3f3386cfe0	fix(userspace/falco): make signal handlers safe with multi-threading Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	11160f8463	fix(userspace): safely check string bounded access Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 11:23:15 +02:00
Jason Dellaluce	3c02b40a21	chore(userspace/falco): make log message termination consistent Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 21:27:06 +02:00
Jason Dellaluce	e85a8c914f	chore(userspace/falco): move enabled sources list printout when capture is opened Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 21:27:06 +02:00
Jason Dellaluce	21c2b1f472	update(userspace/falco): use unordered_set where possible for faster lookups Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 21:27:06 +02:00
Jason Dellaluce	909f6d0961	chore(userspace/falco): make log messages formatting more consistent Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 21:27:06 +02:00
Jason Dellaluce	83a83a5853	update(userspace): pass string as const refs when possible Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 21:27:06 +02:00
Jason Dellaluce	b4ea2f4da2	fix(userspace/falco): stabilize termination signal handler Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 18:21:05 +02:00
Jason Dellaluce	59ba2f9aab	fix(userspace/falco): properly terminate threads Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 18:21:05 +02:00
Federico Di Pierro	e68151eb07	chore(test,userspace/falco): fixed tests after libs bump. Moreover, try to create grpc socket folder path only if grpc is actually enabled. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-10-05 19:38:21 +02:00
Andrea Terzolo	ec7ddbbaf8	chore: bump libs/driver to pre-release tag Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-10-05 19:38:21 +02:00
Jason Dellaluce	663c1d073a	fix(userspace/falco): check plugin requirements when validating rule files Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-05 13:21:20 +02:00
Jason Dellaluce	bbb821fb8e	refactor(userspace/falco): move rules plugin requirements check in an internal funcion Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-05 13:21:20 +02:00
Jason Dellaluce	5781c53ddc	fix(userspace): add explicit constructors and initializations Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-03 13:04:15 +02:00
Andrea Terzolo	545b58ee14	update(open_inspector): use variable buffer dim in modern bpf Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-28 18:55:06 +02:00
Andrea Terzolo	8d8e7622e1	update(cmd_line): put modern bpf to `false` Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-28 18:55:06 +02:00
Andrea Terzolo	fd097e94d7	new(cmdline): add support for modern BPF probe Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-28 18:55:06 +02:00
Luca Guerra	6634c896b7	fix(falco): print container info and gvisor info in the same way Signed-off-by: Luca Guerra <luca@guerra.sh>	2022-09-28 12:45:04 +02:00
Andrea Terzolo	3aa9267b48	fix(syscall_buffer): set dimension if page size not available Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-27 10:47:59 +02:00
Andrea Terzolo	725714726d	update(configuration): define `m_syscall_buf_size_preset` as `uint16_t` improve also some logs for `m_syscall_buf_size_preset` configuration errors Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it> Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:47:59 +02:00
Andrea Terzolo	c9fa585801	update: address some review comments Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it> Co-authored-by: Leonardo Grasso <me@leonardograsso.com> Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2022-09-27 10:47:59 +02:00
Andrea Terzolo	90e4634a79	update(syscall_buffer_size): don't crash in case of `getpagesize` error Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it> Co-authored-by: Federico Di Pierro <nierro92@gmail.com>	2022-09-27 10:47:59 +02:00
Andrea Terzolo	b0b2f05eb5	new: configure syscall buffer dimension from Falco Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-27 10:47:59 +02:00
Jason Dellaluce	8aea0935c9	chore(userspace/engine): remove unused var Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	9c240198a0	refactor(userspace/engine): refactor falco_engine with new loader defs Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00

1 2 3 4 5 ...

991 Commits