- Bump default falcosecurity/libs to latest main (8f6b914) with
transformer_list_expr and field_transformer_expr (values) support
- Add visit(transformer_list_expr*) to filter_details_resolver and
filter_macro_resolver visitors
- Fix field_transformer_expr handling to use e->values instead of e->value
Signed-off-by: irozzo-1A <iacopo@sysdig.com>
Add comprehensive support for gperftools CPU profiler to enable performance
profiling of Falco. This commit introduces:
- New CMake options:
* USE_GPERFTOOLS: Enable gperftools CPU profiler support (default: OFF)
* USE_FRAME_POINTER: Enable frame pointers for accurate profiling (default: OFF)
- Automatic frame pointer enabling: When USE_GPERFTOOLS is enabled, frame
pointers are automatically enabled to ensure accurate stack traces in
profiling output.
- Support for both system and bundled gperftools:
* System gperftools: Automatically detected via find_path/find_library
* Bundled gperftools: Built from source (version 2.15) when
USE_BUNDLED_GPERFTOOLS is enabled
- Enhanced stack trace support: Automatically detects and enables libunwind
when available for better stack traces, falling back to frame pointers
otherwise.
- Proper library linking: Uses --whole-archive linker flags to ensure
profiler initialization code is linked even when ProfilerStart() is not
called directly, enabling CPUPROFILE environment variable support.
- Compile-time detection: Adds HAS_GPERFTOOLS preprocessor definition
for conditional compilation.
The profiler can be activated at runtime by setting the CPUPROFILE
environment variable to a file path where profiling data should be written.
Usage:
cmake -DUSE_GPERFTOOLS=ON ..
make
CPUPROFILE=/tmp/falco.prof ./falco
Signed-off-by: irozzo-1A <iacopo@sysdig.com>
Falco 0.43.0 deprecated the gRPC output and server supports. Drop
their supports as well as any reference to them.
BREAKING CHANGE: drop gRPC output and server support
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Falco 0.43.0 deprecated the gVisor engine support. Drop its support as
well as any reference to it.
BREAKING CHANGE: drop gVisor engine support
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Starting from Falco 0.40, the `falco --help` output incorrectly showed
the source config path (e.g., /home/runner/work/falco/falco/falco.yaml)
in release packages. This path was intended only for local development.
The issue was introduced when RelWithDebInfo build type support was
added (commit 6bf33ffd). The existing code checked for BUILD_TYPE_RELEASE
to determine release behavior, but RelWithDebInfo builds defined
BUILD_TYPE_RELWITHDEBINFO instead, causing them to fall into the
debug code path.
This fix introduces BUILD_TYPE_DEBUG and changes the conditionals to
enable dev features only when CMAKE_BUILD_TYPE is explicitly "debug".
Both Release and RelWithDebInfo builds now correctly show only
/etc/falco/falco.yaml.
Fixes the regression introduced in 0.40.0
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
The previously used driver version was already the `9.1.0+driver`:
simply replace the commit SHA with the release name.
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
distributions such as SLES. The cmake file for c-ares sets
'CARES_LIB' destination directory to '${CARES_SRC}/lib' but when the
bundled c-ares is compiled it produces a binary which is placed in
the '${CARES_SRC}/lib64' directory.
This is due to the fact that the bundled c-ares expands
${CMAKE_INSTALL_LIBDIR} to 'lib64' and not to 'lib' which is
expected by 'CARES_LIB'.
The fix is to enforce the building process of the bundled c-ares
to place the produced binary in 'lib'.
Signed-off-by: Tero Kauppinen <tero.kauppinen@est.tech>
