Skip to content

update(libsinsp)!: merge all the opening methods into just one #540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
poiana merged 22 commits into from
Aug 26, 2022
Merged

update(libsinsp)!: merge all the opening methods into just one #540

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
08c4527
update(libscap): refactor of `scap_open` args
Andreagit97 Aug 6, 2022
eaf7024
update(bpf-engine): adapt bpf engine to the new scap_open args
Andreagit97 Aug 6, 2022
10f9049
update(gvisor-engine): adapt gvisor engine to the new scap_open args
Andreagit97 Aug 6, 2022
da8ad0a
update(modern-bpf-engine): adapt modern_bpf engine to the new scap_op…
Andreagit97 Aug 6, 2022
cfa33ae
update(kmod-engine): adapt kmod engine to the new scap_open args
Andreagit97 Aug 6, 2022
74c9985
update(savefile-engine): adapt savefile engine to the new scap_open args
Andreagit97 Aug 6, 2022
95cb451
update(plugin-engine): adapt plugin engine to the new scap_open args
Andreagit97 Aug 6, 2022
603ef4f
update(test-input-engine): adapt test-input engine to the new scap_op…
Andreagit97 Aug 6, 2022
ab19747
update(udig-engine): adapt udig engine to the new scap_open args
Andreagit97 Aug 6, 2022
4a86b1f
refactor(noop-engine): use `SCAP_SUCCESS` in noop engine
Andreagit97 Aug 6, 2022
eadf529
update(scap-examples): adapt scap examples to the new scap_open args
Andreagit97 Aug 6, 2022
1c3e2d0
update(libsinsp): create dedicated open methods for every engine
Andreagit97 Aug 6, 2022
8c77c30
cleanup(libsinsp): remove unused setting `SCAP_TIMEOUT_MS`
Andreagit97 Aug 6, 2022
3e2a9a4
update(sinsp-example): update sinsp example to the new scap_open args
Andreagit97 Aug 6, 2022
26dfd12
fix(bpf-engine): fix a typo in the minimal build code
Andreagit97 Aug 6, 2022
2c500f2
cleanup(libscap): remove unused definitions
Andreagit97 Aug 9, 2022
23037f3
update: use opaque pointers instead of unions
Andreagit97 Aug 10, 2022
04811fa
update: use `strings` instead of `enums`
Andreagit97 Aug 10, 2022
ac63424
update(savefile-engine): adapt the savefile engine to latest libs master
Andreagit97 Aug 11, 2022
1ee2193
update(libsinsp)!: `set_input_plugin` becomes a private method used b…
Andreagit97 Aug 11, 2022
ea60817
update(modern_bpf): rename build option to `BUILD_LIBSCAP_MODERN_BPF`
Andreagit97 Aug 11, 2022
fdade85
cleanup(sinsp-example): remove duplicated definitions
Andreagit97 Aug 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ jobs:
- name: Build scap-open 🏗️
run: |
mkdir -p build
cd build && cmake -DUSE_BUNDLED_DEPS=ON -DUSE_MODERN_BPF=ON -DBUILD_MODERN_BPF_TEST=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../
cd build && cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_MODERN_BPF_TEST=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../
make scap-open

- name: Run scap-open 🏎️
Expand Down Expand Up @@ -176,7 +176,7 @@ jobs:
git config --global --add safe.directory ${{ github.workspace }}
.github/install-deps.sh
mkdir -p build
cd build && cmake -DUSE_BUNDLED_DEPS=OFF -DUSE_MODERN_BPF=ON -DBUILD_MODERN_BPF_TEST=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../
cd build && cmake -DUSE_BUNDLED_DEPS=OFF -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_MODERN_BPF_TEST=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../
make scap-open
make bpf_test

Expand Down Expand Up @@ -205,6 +205,6 @@ jobs:
git config --global --add safe.directory ${{ github.workspace }}
.github/install-deps.sh
mkdir -p build
cd build && cmake -DUSE_BUNDLED_DEPS=OFF -DUSE_MODERN_BPF=ON -DBUILD_MODERN_BPF_TEST=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../
cd build && cmake -DUSE_BUNDLED_DEPS=OFF -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_MODERN_BPF_TEST=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../
make scap-open
make bpf_test
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ To build the modern eBPF probe, you need:

Then, issue:
```bash
cmake -DUSE_BUNDLED_DEPS=ON -DUSE_MODERN_BPF=ON -DBUILD_LIBSCAP_GVISOR=OFF ..
cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_LIBSCAP_GVISOR=OFF ..
make ProbeSkeleton
```

Expand Down
1 change: 1 addition & 0 deletions cmake/modules/libscap.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
if(NOT HAVE_LIBSCAP)
set(HAVE_LIBSCAP On)

# This should be renamed in `LIBS_DIR` not `LIBSCAP_DIR`
if(NOT LIBSCAP_DIR)
get_filename_component(LIBSCAP_DIR ${CMAKE_CURRENT_LIST_DIR}/../.. ABSOLUTE)
endif()
Expand Down
4 changes: 2 additions & 2 deletions driver/modern_bpf/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,9 @@ endif()
# Get modern probe include.
set(MODERN_PROBE_INCLUDE ${CMAKE_CURRENT_SOURCE_DIR})

# Note here we use the source directory since we want to avoid conflicts between the `bpf` folder inside
# Note here we use the libs root directory since we want to avoid conflicts between the `bpf` folder inside
# `driver` and the `libbpf` includes.
set(PPM_INCLUDE ${CMAKE_SOURCE_DIR})
set(PPM_INCLUDE ${LIBSCAP_DIR})

## Set CLANG FLAGS
set(CLANG_FLAGS "")
Expand Down
2 changes: 1 addition & 1 deletion test/modern_bpf/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ set(MODERN_BPF_TEST_SOURCES
set(MODERN_BPF_TEST_INCLUDE
PRIVATE
"${GTEST_INCLUDE}"
"${CMAKE_SOURCE_DIR}/driver/"
"${LIBSCAP_DIR}/driver/"
)

set(MODERN_BPF_TEST_LINK_LIBRARIES
Expand Down
2 changes: 1 addition & 1 deletion test/modern_bpf/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
To build the modern BPF probe tests:

```bash
cmake -DUSE_MODERN_BPF=ON -DBUILD_MODERN_BPF_TEST=ON -DMODERN_BPF_DEBUG_MODE=ON ..
cmake -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_MODERN_BPF_TEST=ON -DMODERN_BPF_DEBUG_MODE=ON ..
make bpf_test
```

Expand Down
6 changes: 3 additions & 3 deletions userspace/libpman/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ set(PMAN_PRIVATE_INCLUDES
"${ZLIB_INCLUDES}"
"${LIBBPF_INCLUDE}"
"${SKEL_DIR}"
"${CMAKE_SOURCE_DIR}/driver/" ## ppm_enum and tables
"${CMAKE_SOURCE_DIR}/userspace/libscap" ## scap-stats struct
"${CMAKE_SOURCE_DIR}/driver/modern_bpf/" ## bpf-shared structs
"${LIBSCAP_DIR}/driver/" ## ppm_enum and tables
"${LIBSCAP_DIR}/userspace/libscap" ## scap-stats struct
"${LIBSCAP_DIR}/driver/modern_bpf/" ## bpf-shared structs
)

set(PMAN_PUBLIC_INCLUDES
Expand Down
22 changes: 3 additions & 19 deletions userspace/libscap/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,7 @@ include_directories("${CMAKE_CURRENT_SOURCE_DIR}/../../common")

option(USE_BUNDLED_DEPS "Enable bundled dependencies instead of using the system ones" ON)

option(USE_MODERN_BPF "Enable modern bpf probe" OFF)

## we need to move this here until we don't enable the modern bpf probe from
## the `scap-open-args`
if(USE_MODERN_BPF)
add_definitions(-DHAS_ENGINE_MODERN_BPF)
endif()
option(BUILD_LIBSCAP_MODERN_BPF "Enable modern bpf probe" OFF)

if(NOT MSVC)
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
Expand Down Expand Up @@ -54,18 +48,7 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")

string(REPLACE "-" "_" SCAP_KERNEL_MODULE_NAME "${DRIVER_NAME}")
add_definitions(-DSCAP_KERNEL_MODULE_NAME="${SCAP_KERNEL_MODULE_NAME}")

if(NOT DEFINED SCAP_PROBE_BPF_FILEPATH)
# note that the home folder is prepended by scap at runtime
set(SCAP_PROBE_BPF_FILEPATH ".${DRIVER_NAME}/${DRIVER_NAME}-bpf.o")
endif()
add_definitions(-DSCAP_PROBE_BPF_FILEPATH="${SCAP_PROBE_BPF_FILEPATH}")
endif()

if(NOT DEFINED SCAP_BPF_PROBE_ENV_VAR_NAME)
set(SCAP_BPF_PROBE_ENV_VAR_NAME "BPF_PROBE")
endif()
add_definitions(-DSCAP_BPF_PROBE_ENV_VAR_NAME="${SCAP_BPF_PROBE_ENV_VAR_NAME}")

if(NOT DEFINED SCAP_HOST_ROOT_ENV_VAR_NAME)
set(SCAP_HOST_ROOT_ENV_VAR_NAME "HOST_ROOT")
Expand Down Expand Up @@ -219,7 +202,8 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
add_subdirectory(engine/kmod)
target_link_libraries(scap scap_engine_kmod)

if(USE_MODERN_BPF)
if(BUILD_LIBSCAP_MODERN_BPF)
add_definitions(-DHAS_ENGINE_MODERN_BPF)
add_subdirectory(engine/modern_bpf)
target_link_libraries(scap scap_engine_modern_bpf)
endif()
Expand Down
2 changes: 1 addition & 1 deletion userspace/libscap/engine/bpf/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
include_directories(${LIBSCAP_INCLUDE_DIRS} ../noop)
add_library(scap_engine_bpf scap_bpf.c bpf_public.c)
add_library(scap_engine_bpf scap_bpf.c)
if(NOT MINIMAL_BUILD)
target_link_libraries(scap_engine_bpf scap_event_schema scap_engine_util elf)
endif()
17 changes: 12 additions & 5 deletions userspace/libscap/engine/bpf/bpf_public.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,9 @@
/*
Copyright (C) 2022 The Falco Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Expand All @@ -16,11 +13,21 @@ limitations under the License.

#pragma once

#include <stdint.h>

#define BPF_ENGINE "bpf"
#define BPF_ENGINE_LEN 4

#ifdef __cplusplus
extern "C" {
extern "C"
{
#endif

const char *scap_get_bpf_probe_from_env();
struct scap_bpf_engine_params
{
uint64_t single_buffer_dim; ///< dim of a single shared buffer. Usually, we have one buffer for every online CPU.
Copy link
Contributor

@incertum incertum Aug 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left comments in falcosecurity/falco#2164.
Therefore only posting a small cross-reference here: Trusting end user input typically is terrifying especially for such an important parameter. How about brainstorming on what a sanitization logic could look like? Could even include correcting the value to the nearest mathematically correct value? CC @gnosek

Copy link
Member Author

@Andreagit97 Andreagit97 Aug 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, absolutely we need to check that these values are correct. As I said in Falco if we use the number of pages we probably need to check only that is a positive value and that it is a power of 2. The sanitization logic is a good idea, not sure if defaulting it to the nearest value or using the default value since the provided one is not correct 🤔

This PR just introduces this field in the scap-open args, I will allow the driver to use it in another one, so probably i will put the checks in that PR, BTW having a clear idea on how to proceed from the beginning seems reasonable to me!

P.S @gnosek @FedeDP do you remember if also for the kmod we need a buffer dimension that is a power of 2?

Copy link
Contributor

@gnosek gnosek Aug 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically the only requirement I'm aware of is that it needs to be mmapped back-to-back twice without gaps, so it must be a multiple of page size (usually 4K, up to 16 or 64? on some arches). Same goes for udig, BTW.

Copy link
Contributor

@incertum incertum Aug 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to know, thanks @gnosek! @Andreagit97 could see how correcting to nearest correct value can indeed terribly backfire. Suggested hard-coding an array of 10-12 values to choose from in the other PR. That way nothing should go wrong in the sanitization check and it will be simple.

Copy link
Member Author

@Andreagit97 Andreagit97 Aug 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uhm I do not completely agree with a fixed array because otherwise every time someone wants to try a new dimension we have to open a new pull request, and we lose in flexibility, maybe upper/lower bound checks are enough 🤔 BTW I will move this conversation on the Falco PR, the implementation/validation of variable size buffers will take place in another PR here we have introduced only the argument and since this PR it's quite blocking I wouldn't stop all the flow for this reason, WDYT?

const char* bpf_probe; ///< The path to the BPF probe object file.
};

#ifdef __cplusplus
};
Expand Down
64 changes: 13 additions & 51 deletions userspace/libscap/engine/bpf/scap_bpf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ limitations under the License.
#include <dirent.h>

#include "bpf.h"
#include "bpf_public.h"
#include "engine_handle.h"
#include "scap.h"
#include "scap-int.h"
Expand Down Expand Up @@ -86,45 +85,9 @@ struct bpf_map_data {
struct bpf_map_def def;
};

static const char* resolve_bpf_probe(const char *bpf_probe, char *buf)
Copy link
Member Author

@Andreagit97 Andreagit97 Aug 6, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We receive the bpf path directly from the client, so we don't need anymore this :)

Copy link
Contributor

@gnosek gnosek Aug 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment just below describes why we haven't done that in the first place :)

Your change forces every consumer to do BPF probe discovery on their own. On the other hand, it might actually be good anyway ;) BTW, does this let us drop the env var #define (I don't remember the name) and SCAP_BPF_PROBE_FILEPATH? If so, let's kill them both with fire ;)

Copy link
Member Author

@Andreagit97 Andreagit97 Aug 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this probably was born as a last attempt to open something, the problem is that some consumers like Falco use this workaround as the only way to open the probe and this is really strange IMHO 🤔 On the other side with this new approach is the consumer that decides the engine and which params it must have so we cannot rely anymore on this kind of approach :/
And yes, definitely i forgot them, thank you!

Copy link
Contributor

@gnosek gnosek Aug 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, this is the reason I added the match method to the vtable (each engine can look into the scap_open_args and decide if it can support them). The bpf engine tries to resolve the probe in its match method to support the current API (I'm not touching the sinsp<->scap API in my series even though I'd love to).

The method isn't used yet (in the submitted/merged PRs) but the end result would be:

struct scap_vtable* find_engine(struct scap_open_args *args)
{
    for(i=0; i<ARRAY_SIZE(known_engines); ++i) {
        if(known_engines[i]->match(args)) {
            return known_engines[i];
        }
    }
    return NULL; // no suitable engine found
}

and the rest of libscap should be completely engine-agnostic (modulo the known_engines array which is a weak point of the design)

Copy link
Member Author

@Andreagit97 Andreagit97 Aug 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uhm I understood, that seems a smart approach but since we are changing the sinsp interface we can solve the problem at the root. This seems the right time to perform this change since we are quite far from the libs tag and the consumers can have the right time to change the interface 🤔

Copy link
Contributor

@gnosek gnosek Aug 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. I'm not touching sinsp (my PRs are big enough as is) but if you're willing to open that can of worms, go ahead :)

But my request if you do change the sinsp API would be to submit a PR to Falco at a similar time, so that consumers have at least something to base their changes on.

Copy link
Member Author

@Andreagit97 Andreagit97 Aug 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ahahah yeah for sure, if we agree on that I can open a PR in Falco even before this one is merged :)

static bool match(scap_open_args* oargs)
{
//
// While in theory we could always rely on the scap caller to properly
// set a BPF probe from the environment variable, it's in practice easier
// to do one more check here in scap so we don't have to repeat the logic
// in all the possible users of the libraries
//
if(!bpf_probe)
{
bpf_probe = scap_get_bpf_probe_from_env();
}

if(!bpf_probe)
{
return NULL;
}

if(strlen(bpf_probe) != 0)
{
strlcpy(buf, bpf_probe, SCAP_MAX_PATH_SIZE);
return buf;
}

const char *home = getenv("HOME");
if(!home)
{
return NULL;
}

snprintf(buf, SCAP_MAX_PATH_SIZE, "%s/%s", home, SCAP_PROBE_BPF_FILEPATH);
return buf;
}

static bool match(scap_open_args* open_args)
{
char bpf_probe_buf[SCAP_MAX_PATH_SIZE];

return !open_args->udig && resolve_bpf_probe(open_args->bpf_probe, bpf_probe_buf);
return strncmp(oargs->engine_name, BPF_ENGINE, BPF_ENGINE_LEN) == 0;
}

static struct bpf_engine* alloc_handle(scap_t* main_handle, char* lasterr_ptr)
Expand Down Expand Up @@ -1757,43 +1720,43 @@ static int32_t configure(struct scap_engine_handle engine, enum scap_setting set
return scap_bpf_set_statsd_port(engine, arg1);
default:
{
char msg[256];
char msg[SCAP_LASTERR_SIZE];
snprintf(msg, sizeof(msg), "Unsupported setting %d (args %lu, %lu)", setting, arg1, arg2);
return unsupported_config(engine, msg);
}
}
}

static int32_t init(scap_t* handle, scap_open_args *open_args)
static int32_t init(scap_t* handle, scap_open_args *oargs)
{
int32_t rc;
char bpf_probe_buf[SCAP_MAX_PATH_SIZE];
const char* bpf_probe;
char buf[SCAP_LASTERR_SIZE];
int32_t rc = 0;
char bpf_probe_buf[SCAP_MAX_PATH_SIZE] = {0};
char error[SCAP_LASTERR_SIZE] = {0};
struct scap_engine_handle engine = handle->m_engine;
struct scap_bpf_engine_params *params = oargs->engine_params;
strlcpy(bpf_probe_buf, params->bpf_probe, SCAP_MAX_PATH_SIZE);

bpf_probe = resolve_bpf_probe(open_args->bpf_probe, bpf_probe_buf);
//
// Find out how many devices we have to open, which equals to the number of CPUs
//
ssize_t num_cpus = sysconf(_SC_NPROCESSORS_ONLN);
if(num_cpus == -1)
{
snprintf(engine.m_handle->m_lasterr, SCAP_LASTERR_SIZE, "_SC_NPROCESSORS_ONLN: %s", scap_strerror_r(buf, errno));
snprintf(engine.m_handle->m_lasterr, SCAP_LASTERR_SIZE, "_SC_NPROCESSORS_ONLN: %s", scap_strerror_r(error, errno));
return SCAP_FAILURE;
}

engine.m_handle->m_ncpus = num_cpus;

fill_syscalls_of_interest(&open_args->ppm_sc_of_interest, &engine.m_handle->m_syscalls_of_interest);
fill_syscalls_of_interest(&oargs->ppm_sc_of_interest, &engine.m_handle->m_syscalls_of_interest);

rc = devset_init(&engine.m_handle->m_dev_set, num_cpus, engine.m_handle->m_lasterr);
if(rc != SCAP_SUCCESS)
{
return rc;
}

rc = scap_bpf_load(engine.m_handle, bpf_probe, &handle->m_api_version, &handle->m_schema_version);
rc = scap_bpf_load(engine.m_handle, bpf_probe_buf, &handle->m_api_version, &handle->m_schema_version);
if(rc != SCAP_SUCCESS)
{
return rc;
Expand Down Expand Up @@ -1855,7 +1818,7 @@ const struct scap_vtable scap_bpf_engine = {

#else // MINIMAL_BUILD

static int32_t init(scap_t* handle, scap_open_args *open_args)
static int32_t init(scap_t* handle, scap_open_args *oargs)
{
strlcpy(handle->m_lasterr, "The eBPF probe driver is not supported when using a minimal build", SCAP_LASTERR_SIZE);
return SCAP_NOT_SUPPORTED;
Expand Down Expand Up @@ -1885,4 +1848,3 @@ const struct scap_vtable scap_bpf_engine = {
.getpid_global = noop_getpid_global,
};
#endif // MINIMAL_BUILD

9 changes: 5 additions & 4 deletions userspace/libscap/engine/gvisor/gvisor.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,11 @@ static SCAP_HANDLE_T *gvisor_alloc_handle(scap_t* main_handle, char *lasterr_ptr
return new scap_gvisor::engine(lasterr_ptr);
}

static int32_t gvisor_init(scap_t* main_handle, scap_open_args* open_args)
static int32_t gvisor_init(scap_t* main_handle, scap_open_args* oargs)
{
scap_gvisor::engine *gv = main_handle->m_engine.m_handle;
return gv->init(open_args->gvisor_config_path, open_args->gvisor_root_path);
struct scap_gvisor_engine_params *params = (struct scap_gvisor_engine_params *)oargs->engine_params;
return gv->init(params->gvisor_config_path, params->gvisor_root_path);
}

static void gvisor_free_handle(struct scap_engine_handle engine)
Expand Down Expand Up @@ -76,9 +77,9 @@ static int32_t gvisor_next(struct scap_engine_handle engine, scap_evt **pevent,
return engine.m_handle->next(pevent, pcpuid);
}

static bool gvisor_match(scap_open_args* open_args)
static bool gvisor_match(scap_open_args* oargs)
Copy link
Contributor

@FedeDP FedeDP Aug 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need such a match API when we can just strncmp ?
Perhaps it is better to change the match API to just engine_name and let scap call
strcmp(oargs->engine_name, handle->engine_name()) == 0
?

{
return open_args->gvisor_config_path != NULL;
return strncmp(oargs->engine_name, GVISOR_ENGINE, GVISOR_ENGINE_LEN) == 0;
}

static int32_t gvisor_configure(struct scap_engine_handle engine, enum scap_setting setting, unsigned long arg1, unsigned long arg2)
Expand Down
32 changes: 32 additions & 0 deletions userspace/libscap/engine/gvisor/gvisor_public.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
/*
Copyright (C) 2022 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#pragma once

#define GVISOR_ENGINE "gvisor"
#define GVISOR_ENGINE_LEN 7

#ifdef __cplusplus
extern "C"
{
#endif

struct scap_gvisor_engine_params
{
const char* gvisor_root_path; ///< When using gvisor, the root path used by runsc commands
const char* gvisor_config_path; ///< When using gvisor, the path to the configuration file
};

#ifdef __cplusplus
};
#endif
33 changes: 33 additions & 0 deletions userspace/libscap/engine/kmod/kmod_public.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
/*
Copyright (C) 2022 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#pragma once

#include <stdint.h>

#define KMOD_ENGINE "kmod"
#define KMOD_ENGINE_LEN 5

#ifdef __cplusplus
extern "C"
{
#endif

struct scap_kmod_engine_params
{
uint64_t single_buffer_dim; ///< dim of a single shared buffer. Usually, we have one buffer for every online CPU.
};

#ifdef __cplusplus
};
#endif
Loading