Falco bridge+falcodump: Various fixes
Fix building with Visual C++ and recent versions of falco-libs.
This commit is contained in:
parent
574fc0e1a6
commit
3588090b2a
|
@ -22,7 +22,7 @@
|
||||||
# SINSP_DLL - (Windows) Name of the libsinsp and libscap DLLs
|
# SINSP_DLL - (Windows) Name of the libsinsp and libscap DLLs
|
||||||
|
|
||||||
include( FindWSWinLibs )
|
include( FindWSWinLibs )
|
||||||
FindWSWinLibs( "libsinsp-.*" "SINSP_HINTS" )
|
FindWSWinLibs( "libfalcosecurity-.*" SINSP_HINTS )
|
||||||
|
|
||||||
include(CMakeDependentOption)
|
include(CMakeDependentOption)
|
||||||
|
|
||||||
|
@ -31,17 +31,21 @@ if( NOT USE_REPOSITORY)
|
||||||
pkg_check_modules(SINSP libsinsp)
|
pkg_check_modules(SINSP libsinsp)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
# Include both legacy (#include <sinsp.h>) and current (#include <libsinsp/sinsp.h>) paths for now.
|
||||||
if(NOT SINSP_FOUND)
|
if(NOT SINSP_FOUND)
|
||||||
# pkg_check_modules didn't work, so look for ourselves.
|
# pkg_check_modules didn't work, so look for ourselves.
|
||||||
find_path(SINSP_INCLUDE_DIRS
|
find_path(_sinsp_include_dirs NO_CACHE
|
||||||
NAMES sinsp.h
|
NAMES libsinsp/sinsp.h
|
||||||
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
||||||
PATH_SUFFIXES falcosecurity/userspace/libsinsp
|
PATH_SUFFIXES falcosecurity/userspace
|
||||||
/usr/include
|
/usr/include
|
||||||
/usr/local/include
|
/usr/local/include
|
||||||
)
|
)
|
||||||
|
if(_sinsp_include_dirs)
|
||||||
|
list(APPEND _sinsp_include_dirs ${_sinsp_include_dirs}/libsinsp)
|
||||||
|
endif()
|
||||||
|
|
||||||
find_path(_scap_include_dir
|
find_path(_scap_include_dir NO_CACHE
|
||||||
NAMES scap.h
|
NAMES scap.h
|
||||||
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
||||||
PATH_SUFFIXES falcosecurity/userspace/libscap
|
PATH_SUFFIXES falcosecurity/userspace/libscap
|
||||||
|
@ -49,11 +53,11 @@ if(NOT SINSP_FOUND)
|
||||||
/usr/local/include
|
/usr/local/include
|
||||||
)
|
)
|
||||||
if(_scap_include_dir)
|
if(_scap_include_dir)
|
||||||
list(APPEND SINSP_INCLUDE_DIRS _scap_include_dir)
|
list(APPEND _sinsp_include_dirs ${_scap_include_dir})
|
||||||
endif()
|
endif()
|
||||||
unset(_scap_include_dir)
|
unset(_scap_include_dir)
|
||||||
|
|
||||||
find_library(SINSP_LINK_LIBRARIES
|
find_library(_sinsp_link_libs NO_CACHE
|
||||||
NAMES sinsp
|
NAMES sinsp
|
||||||
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
||||||
PATHS falcosecurity
|
PATHS falcosecurity
|
||||||
|
@ -63,21 +67,18 @@ if(NOT SINSP_FOUND)
|
||||||
|
|
||||||
set(_scap_libs
|
set(_scap_libs
|
||||||
scap
|
scap
|
||||||
scap_engine_util
|
|
||||||
scap_event_schema
|
|
||||||
driver_event_schema
|
|
||||||
scap_engine_bpf
|
|
||||||
scap_engine_gvisor
|
|
||||||
scap_engine_kmod
|
|
||||||
scap_engine_nodriver
|
scap_engine_nodriver
|
||||||
scap_engine_noop
|
scap_engine_noop
|
||||||
scap_engine_savefile
|
scap_engine_savefile
|
||||||
scap_engine_source_plugin
|
scap_engine_source_plugin
|
||||||
scap_engine_udig
|
scap_engine_test_input
|
||||||
|
scap_error
|
||||||
|
scap_event_schema
|
||||||
|
scap_platform_util
|
||||||
)
|
)
|
||||||
|
|
||||||
foreach(_scap_lib ${_scap_libs})
|
foreach(_scap_lib ${_scap_libs})
|
||||||
find_library(_lib
|
find_library(_lib NO_CACHE
|
||||||
NAMES ${_scap_lib}
|
NAMES ${_scap_lib}
|
||||||
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
||||||
PATHS falcosecurity
|
PATHS falcosecurity
|
||||||
|
@ -85,58 +86,108 @@ if(NOT SINSP_FOUND)
|
||||||
/usr/local/lib
|
/usr/local/lib
|
||||||
)
|
)
|
||||||
if (_lib)
|
if (_lib)
|
||||||
list(APPEND SINSP_LINK_LIBRARIES ${_lib})
|
list(APPEND _sinsp_link_libs ${_lib})
|
||||||
|
unset(_lib)
|
||||||
endif()
|
endif()
|
||||||
endforeach()
|
endforeach()
|
||||||
unset(_scap_libs)
|
unset(_scap_libs)
|
||||||
unset(_scap_lib)
|
unset(_scap_lib)
|
||||||
unset(_lib)
|
|
||||||
if(SINSP_INCLUDE_DIRS AND JSONCPP_LIBRARY)
|
|
||||||
set(SINSP_FOUND 1)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
find_path(JSONCPP_INCLUDE_DIR
|
find_path(_jsoncpp_include_dir NO_CACHE
|
||||||
NAMES json/json.h
|
NAMES json/json.h
|
||||||
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
||||||
PATH_SUFFIXES jsoncpp
|
PATH_SUFFIXES falcosecurity jsoncpp
|
||||||
|
PATHS
|
||||||
/usr/include
|
/usr/include
|
||||||
/usr/local/include
|
/usr/local/include
|
||||||
)
|
)
|
||||||
if (JSON_INCLUDE_DIR)
|
if (_jsoncpp_include_dir)
|
||||||
list(APPEND SINSP_INCLUDE_DIRS ${JSONCPP_INCLUDE_DIR})
|
list(APPEND _sinsp_include_dirs ${_jsoncpp_include_dir})
|
||||||
|
unset(_jsoncpp_include_dir)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
find_library(JSONCPP_LIBRARY
|
find_library(_jsoncpp_lib NO_CACHE
|
||||||
NAMES jsoncpp
|
NAMES jsoncpp
|
||||||
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib" "${SINSP_HINTS}/lib/falcosecurity"
|
||||||
PATHS
|
PATHS
|
||||||
/usr/lib
|
/usr/lib
|
||||||
/usr/local/lib
|
/usr/local/lib
|
||||||
)
|
)
|
||||||
if (JSONCPP_LIBRARY)
|
if (_jsoncpp_lib)
|
||||||
list(APPEND JSONCPP_LIBRARY ${JSONCPP_LIBRARY})
|
list(APPEND _sinsp_link_libs ${_jsoncpp_lib})
|
||||||
|
unset(_jsoncpp_lib)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
find_path(TBB_INCLUDE_DIR
|
find_library(_re2_lib NO_CACHE
|
||||||
|
NAMES re2
|
||||||
|
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib" "${SINSP_HINTS}/lib/falcosecurity"
|
||||||
|
PATHS
|
||||||
|
/usr/lib
|
||||||
|
/usr/local/lib
|
||||||
|
)
|
||||||
|
if (_re2_lib)
|
||||||
|
list(APPEND _sinsp_link_libs ${_re2_lib})
|
||||||
|
unset(_re2_lib)
|
||||||
|
endif()
|
||||||
|
|
||||||
|
find_path(_tbb_include_dir NO_CACHE
|
||||||
NAMES tbb/tbb.h
|
NAMES tbb/tbb.h
|
||||||
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
||||||
|
PATHS
|
||||||
/usr/include
|
/usr/include
|
||||||
/usr/local/include
|
/usr/local/include
|
||||||
)
|
)
|
||||||
if (TBB_INCLUDE_DIR)
|
if (_tbb_include_dir)
|
||||||
list(APPEND SINSP_INCLUDE_DIRS ${TBB_INCLUDE_DIR})
|
list(APPEND _sinsp_include_dirs ${_tbb_include_dir})
|
||||||
|
unset(_tbb_include_dir)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
find_library(TBB_LIBRARY
|
find_library(_tbb_lib NO_CACHE
|
||||||
NAMES tbb
|
NAMES tbb tbb12
|
||||||
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib" "${SINSP_HINTS}/lib/falcosecurity"
|
||||||
PATHS
|
PATHS
|
||||||
/usr/lib
|
/usr/lib
|
||||||
/usr/local/lib
|
/usr/local/lib
|
||||||
)
|
)
|
||||||
if (TBB_LIBRARY)
|
if (_tbb_lib)
|
||||||
list(APPEND JSONCPP_LIBRARY ${TBB_LIBRARY})
|
list(APPEND _sinsp_link_libs ${_tbb_lib})
|
||||||
|
unset(_tbb_lib)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
# This is terrible, but libsinsp/libscap doesn't support dynamic linking on Windows (yet).
|
||||||
|
find_path(_zlib_include_dir NO_CACHE
|
||||||
|
NAMES zlib/zlib.h
|
||||||
|
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
||||||
|
PATHS
|
||||||
|
/usr/include
|
||||||
|
/usr/local/include
|
||||||
|
)
|
||||||
|
if (_zlib_include_dir)
|
||||||
|
list(APPEND _sinsp_include_dirs ${_zlib_include_dir})
|
||||||
|
unset(_zlib_include_dir)
|
||||||
|
endif()
|
||||||
|
|
||||||
|
find_library(_zlib_lib NO_CACHE
|
||||||
|
NAMES zlib
|
||||||
|
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib" "${SINSP_HINTS}/lib/falcosecurity"
|
||||||
|
PATHS
|
||||||
|
/usr/lib
|
||||||
|
/usr/local/lib
|
||||||
|
)
|
||||||
|
if (_zlib_lib)
|
||||||
|
list(APPEND _sinsp_link_libs ${_zlib_lib})
|
||||||
|
unset(_zlib_lib)
|
||||||
|
endif()
|
||||||
|
|
||||||
|
if(_sinsp_include_dirs AND _sinsp_link_libs)
|
||||||
|
list(REMOVE_DUPLICATES _sinsp_include_dirs)
|
||||||
|
set(SINSP_INCLUDE_DIRS ${_sinsp_include_dirs} CACHE PATH "Paths to libsinsp and libscap headers")
|
||||||
|
set(SINSP_LINK_LIBRARIES ${_sinsp_link_libs} CACHE PATH "Paths to libsinsp, libscap, etc.")
|
||||||
|
set(SINSP_FOUND 1)
|
||||||
|
unset(_sinsp_include_dirs)
|
||||||
|
unset(_sinsp_link_libs)
|
||||||
|
endif()
|
||||||
|
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
# As https://cmake.org/cmake/help/latest/command/link_directories.html
|
# As https://cmake.org/cmake/help/latest/command/link_directories.html
|
||||||
|
|
|
@ -82,9 +82,7 @@ macro(set_extcap_executable_properties _executable)
|
||||||
endmacro()
|
endmacro()
|
||||||
|
|
||||||
macro(set_extlog_executable_properties _executable)
|
macro(set_extlog_executable_properties _executable)
|
||||||
set_target_properties(${_executable} PROPERTIES
|
set_extcap_executable_properties(${_executable})
|
||||||
RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/run/extcap
|
|
||||||
)
|
|
||||||
if(ENABLE_APPLICATION_BUNDLE)
|
if(ENABLE_APPLICATION_BUNDLE)
|
||||||
if(NOT CMAKE_CFG_INTDIR STREQUAL ".")
|
if(NOT CMAKE_CFG_INTDIR STREQUAL ".")
|
||||||
# Xcode
|
# Xcode
|
||||||
|
@ -364,13 +362,10 @@ if(BUILD_falcodump AND SINSP_FOUND)
|
||||||
add_executable(falcodump ${falcodump_FILES})
|
add_executable(falcodump ${falcodump_FILES})
|
||||||
set_extlog_executable_properties(falcodump)
|
set_extlog_executable_properties(falcodump)
|
||||||
target_link_libraries(falcodump ${falcodump_LIBS})
|
target_link_libraries(falcodump ${falcodump_LIBS})
|
||||||
target_include_directories(falcodump SYSTEM PRIVATE ${SINSP_INCLUDE_DIRS})
|
target_include_directories(falcodump SYSTEM PRIVATE ${SINSP_INCLUDE_DIRS} ${ZLIB_INCLUDE_DIR})
|
||||||
install(TARGETS falcodump RUNTIME DESTINATION ${EXTCAP_INSTALL_LIBDIR})
|
install(TARGETS falcodump RUNTIME DESTINATION ${EXTCAP_INSTALL_LIBDIR})
|
||||||
add_dependencies(extcaps falcodump)
|
add_dependencies(extcaps falcodump)
|
||||||
|
|
||||||
# XXX Hack; We need to fix this in falcosecurity-libs.
|
|
||||||
target_compile_definitions(falcodump PRIVATE HAVE_STRLCPY=1)
|
|
||||||
|
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
|
@ -49,6 +49,7 @@ target_compile_definitions(falco-bridge PRIVATE
|
||||||
|
|
||||||
target_include_directories(falco-bridge SYSTEM PRIVATE
|
target_include_directories(falco-bridge SYSTEM PRIVATE
|
||||||
${SINSP_INCLUDE_DIRS}
|
${SINSP_INCLUDE_DIRS}
|
||||||
|
${ZLIB_INCLUDE_DIR}
|
||||||
)
|
)
|
||||||
|
|
||||||
target_link_libraries(falco-bridge
|
target_link_libraries(falco-bridge
|
||||||
|
|
|
@ -889,8 +889,8 @@ dissect_sinsp_enriched(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void
|
||||||
return tvb_captured_length(tvb);
|
return tvb_captured_length(tvb);
|
||||||
}
|
}
|
||||||
|
|
||||||
proto_tree *parent_trees[NUM_SINSP_SYSCALL_CATEGORIES] = {};
|
proto_tree *parent_trees[NUM_SINSP_SYSCALL_CATEGORIES] = {0};
|
||||||
proto_tree *lineage_trees[N_PROC_LINEAGE_ENTRIES] = {};
|
proto_tree *lineage_trees[N_PROC_LINEAGE_ENTRIES] = {0};
|
||||||
bool is_io_write = false;
|
bool is_io_write = false;
|
||||||
const char* io_buffer = NULL;
|
const char* io_buffer = NULL;
|
||||||
uint32_t io_buffer_len = 0;
|
uint32_t io_buffer_len = 0;
|
||||||
|
|
|
@ -46,7 +46,7 @@ typedef struct sinsp_source_info_t {
|
||||||
std::vector<const filter_check_info *> syscall_filter_checks;
|
std::vector<const filter_check_info *> syscall_filter_checks;
|
||||||
std::vector<const filtercheck_field_info *> syscall_filter_fields;
|
std::vector<const filtercheck_field_info *> syscall_filter_fields;
|
||||||
std::vector<gen_event_filter_check *> syscall_event_filter_checks; // Same size as syscall_filter_fields
|
std::vector<gen_event_filter_check *> syscall_event_filter_checks; // Same size as syscall_filter_fields
|
||||||
std::vector<const sinsp_syscall_category_e> field_to_category; // Same size as syscall_filter_fields
|
std::vector<sinsp_syscall_category_e> field_to_category; // Same size as syscall_filter_fields
|
||||||
sinsp_evt *evt;
|
sinsp_evt *evt;
|
||||||
uint8_t *evt_storage;
|
uint8_t *evt_storage;
|
||||||
size_t evt_storage_size;
|
size_t evt_storage_size;
|
||||||
|
|
Loading…
Reference in New Issue