Falco Bridge: Update to match falcosecurity-libs 0.8.0.
Update sinsp-span to use the current Falco libs APIs. Update the FindSinsp CMake module to use pkg-config.
This commit is contained in:
parent
08feb35af0
commit
ec1986cb97
|
@ -1,3 +1,7 @@
|
||||||
[FindAsciidoctor.cmake]
|
[FindAsciidoctor.cmake]
|
||||||
indent_style = space
|
indent_style = space
|
||||||
indent_size = 4
|
indent_size = 4
|
||||||
|
|
||||||
|
[FindSinsp.cmake]
|
||||||
|
indent_style = space
|
||||||
|
indent_size = 2
|
||||||
|
|
|
@ -1,132 +1,160 @@
|
||||||
#
|
#
|
||||||
# - Find libsinsp
|
# - Find libsinsp and libscap
|
||||||
# Find libsinsp and libscap includes and libraries
|
# Find libsinsp and libscap includes and libraries.
|
||||||
# Adapted from FindZSTD.cmake.
|
# Adapted from FindZSTD.cmake.
|
||||||
#
|
#
|
||||||
# SINSP_INCLUDE_DIRS - Where to find sinsp.h, scap.h, etc.
|
# This module will look for libsinsp and libscap using pkg-config. If that
|
||||||
# SINSP_LIBRARIES - List of libraries when using libsinsp.
|
# fails, it will search ${SINSP_INCLUDEDIR} and ${SINSP_HINTS}/include
|
||||||
# SINSP_PLUGINS - List of plugins.
|
# for the libsinsp and libscap include directory and ${SINSP_LIBDIR} and
|
||||||
# SINSP_FOUND - True if libsinsp found.
|
# ${SINSP_HINTS}/lib for the libsinsp and libscap libraries.
|
||||||
# SINSP_DLL_DIR - (Windows) Path to the libsinsp and libscap DLLs
|
#
|
||||||
# SINSP_DLL - (Windows) Name of the libsinsp and libscap DLLs
|
# It will set the following variables:
|
||||||
|
#
|
||||||
|
# SINSP_FOUND - True if libsinsp found.
|
||||||
|
# SINSP_INCLUDE_DIRS - Where to find sinsp.h, scap.h, etc.
|
||||||
|
# SINSP_LINK_LIBRARIES - List of libraries when using libsinsp.
|
||||||
|
# SINSP_PLUGINS - List of plugins.
|
||||||
|
|
||||||
|
# To do:
|
||||||
|
# SINSP_DLL_DIR - (Windows) Path to the libsinsp and libscap DLLs
|
||||||
|
# SINSP_DLL - (Windows) Name of the libsinsp and libscap DLLs
|
||||||
|
|
||||||
include( FindWSWinLibs )
|
include( FindWSWinLibs )
|
||||||
FindWSWinLibs( "libsinsp-.*" "SINSP_HINTS" )
|
FindWSWinLibs( "libsinsp-.*" "SINSP_HINTS" )
|
||||||
|
|
||||||
if( NOT WIN32)
|
if( NOT WIN32)
|
||||||
find_package(PkgConfig)
|
find_package(PkgConfig)
|
||||||
pkg_search_module(Sinsp libsinsp)
|
pkg_check_modules(SINSP libsinsp)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
find_path(SINSP_INCLUDE_DIR
|
if(NOT SINSP_FOUND)
|
||||||
NAMES sinsp.h
|
# pkg_check_modules didn't work, so look for ourselves.
|
||||||
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
find_path(SINSP_INCLUDE_DIRS
|
||||||
PATH_SUFFIXES userspace/libsinsp
|
NAMES sinsp.h
|
||||||
/usr/include
|
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
||||||
/usr/local/include
|
PATH_SUFFIXES falcosecurity/userspace/libsinsp
|
||||||
)
|
/usr/include
|
||||||
|
/usr/local/include
|
||||||
|
)
|
||||||
|
|
||||||
find_path(SCAP_INCLUDE_DIR
|
find_path(_scap_include_dir
|
||||||
NAMES scap.h
|
NAMES scap.h
|
||||||
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
||||||
PATH_SUFFIXES userspace/libscap
|
PATH_SUFFIXES falcosecurity/userspace/libscap
|
||||||
/usr/include
|
/usr/include
|
||||||
/usr/local/include
|
/usr/local/include
|
||||||
)
|
)
|
||||||
|
if(_scap_include_dir)
|
||||||
|
list(APPEND SINSP_INCLUDE_DIRS _scap_include_dir)
|
||||||
|
endif()
|
||||||
|
unset(_scap_include_dir)
|
||||||
|
|
||||||
|
find_library(SINSP_LINK_LIBRARIES
|
||||||
|
NAMES sinsp
|
||||||
|
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
||||||
|
PATHS falcosecurity
|
||||||
|
/usr/lib
|
||||||
|
/usr/local/lib
|
||||||
|
)
|
||||||
|
|
||||||
|
set(_scap_libs
|
||||||
|
scap
|
||||||
|
scap_engine_util
|
||||||
|
scap_event_schema
|
||||||
|
driver_event_schema
|
||||||
|
scap_engine_bpf
|
||||||
|
scap_engine_gvisor
|
||||||
|
scap_engine_kmod
|
||||||
|
scap_engine_nodriver
|
||||||
|
scap_engine_noop
|
||||||
|
scap_engine_savefile
|
||||||
|
scap_engine_source_plugin
|
||||||
|
scap_engine_udig
|
||||||
|
)
|
||||||
|
|
||||||
|
foreach(_scap_lib ${_scap_libs})
|
||||||
|
find_library(_lib
|
||||||
|
NAMES ${_scap_lib}
|
||||||
|
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
||||||
|
PATHS falcosecurity
|
||||||
|
/usr/lib
|
||||||
|
/usr/local/lib
|
||||||
|
)
|
||||||
|
if (_lib)
|
||||||
|
list(APPEND SINSP_LINK_LIBRARIES ${_lib})
|
||||||
|
endif()
|
||||||
|
endforeach()
|
||||||
|
unset(_scap_libs)
|
||||||
|
unset(_scap_lib)
|
||||||
|
unset(_lib)
|
||||||
|
if(SINSP_INCLUDE_DIRS AND JSONCPP_LIBRARY)
|
||||||
|
set(SINSP_FOUND 1)
|
||||||
|
endif()
|
||||||
|
|
||||||
|
find_path(JSONCPP_INCLUDE_DIR
|
||||||
|
NAMES json/json.h
|
||||||
|
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
||||||
|
PATH_SUFFIXES jsoncpp
|
||||||
|
/usr/include
|
||||||
|
/usr/local/include
|
||||||
|
)
|
||||||
|
if (JSON_INCLUDE_DIR)
|
||||||
|
list(APPEND SINSP_INCLUDE_DIRS ${JSONCPP_INCLUDE_DIR})
|
||||||
|
endif()
|
||||||
|
|
||||||
|
find_library(JSONCPP_LIBRARY
|
||||||
|
NAMES jsoncpp
|
||||||
|
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
||||||
|
PATHS
|
||||||
|
/usr/lib
|
||||||
|
/usr/local/lib
|
||||||
|
)
|
||||||
|
if (JSONCPP_LIBRARY)
|
||||||
|
list(APPEND JSONCPP_LIBRARY ${JSONCPP_LIBRARY})
|
||||||
|
endif()
|
||||||
|
|
||||||
|
find_path(TBB_INCLUDE_DIR
|
||||||
|
NAMES tbb/tbb.h
|
||||||
|
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
||||||
|
/usr/include
|
||||||
|
/usr/local/include
|
||||||
|
)
|
||||||
|
if (TBB_INCLUDE_DIR)
|
||||||
|
list(APPEND SINSP_INCLUDE_DIRS ${TBB_INCLUDE_DIR})
|
||||||
|
endif()
|
||||||
|
|
||||||
|
find_library(TBB_LIBRARY
|
||||||
|
NAMES tbb
|
||||||
|
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
||||||
|
PATHS
|
||||||
|
/usr/lib
|
||||||
|
/usr/local/lib
|
||||||
|
)
|
||||||
|
if (TBB_LIBRARY)
|
||||||
|
list(APPEND JSONCPP_LIBRARY ${TBB_LIBRARY})
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
|
||||||
find_path(SINSP_PLUGIN_DIR
|
find_path(SINSP_PLUGIN_DIR
|
||||||
NAMES registry.yaml
|
NAMES registry.yaml
|
||||||
HINTS "${SINSP_PLUGINDIR}"
|
HINTS "${SINSP_PLUGINDIR}"
|
||||||
)
|
)
|
||||||
|
|
||||||
# https://github.com/falcosecurity/libs doesn't yet have any official releases
|
# As https://cmake.org/cmake/help/latest/command/link_directories.html
|
||||||
# or tags. Add RelWithDebInfo to our sinsp and scap path suffixes so that we
|
# says, "Prefer to pass full absolute paths to libraries where possible,
|
||||||
# can find what we need in a local build.
|
# since this ensures the correct library will always be linked," so use
|
||||||
find_library(SINSP_LIBRARY
|
# SINSP_LINK_LIBRARIES instead of SINSP_LIBRARIES
|
||||||
NAMES sinsp
|
# XXX SINSP_VERSION will require peeking for a #define or something similar.
|
||||||
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
|
||||||
PATH_SUFFIXES libsinsp libsinsp/RelWithDebInfo
|
|
||||||
PATHS
|
|
||||||
/usr/lib
|
|
||||||
/usr/local/lib
|
|
||||||
)
|
|
||||||
|
|
||||||
find_library(SCAP_LIBRARY
|
|
||||||
NAMES scap
|
|
||||||
HINTS "${SINSP_LIBDIR}" "${SINSP_HINTS}/lib"
|
|
||||||
PATH_SUFFIXES libscap libscap/RelWithDebInfo
|
|
||||||
PATHS
|
|
||||||
/usr/lib
|
|
||||||
/usr/local/lib
|
|
||||||
)
|
|
||||||
|
|
||||||
find_path(JSON_INCLUDE_DIR
|
|
||||||
NAMES json/json.h
|
|
||||||
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
|
||||||
PATH_SUFFIXES userspace/libsinsp/third-party/jsoncpp
|
|
||||||
/usr/include
|
|
||||||
/usr/include/jsoncpp
|
|
||||||
/usr/local/include
|
|
||||||
)
|
|
||||||
|
|
||||||
find_library(JSONCPP_LIBRARY
|
|
||||||
NAMES jsoncpp
|
|
||||||
HINTS "${SINSP_LIBDIR}" "${SCAP_HINTS}/lib"
|
|
||||||
PATHS
|
|
||||||
/usr/lib
|
|
||||||
/usr/local/lib
|
|
||||||
)
|
|
||||||
|
|
||||||
find_path(TBB_INCLUDE_DIR
|
|
||||||
NAMES tbb/tbb.h
|
|
||||||
HINTS "${SINSP_INCLUDEDIR}" "${SINSP_HINTS}/include"
|
|
||||||
/usr/include
|
|
||||||
/usr/local/include
|
|
||||||
)
|
|
||||||
|
|
||||||
find_library(TBB_LIBRARY
|
|
||||||
NAMES tbb
|
|
||||||
HINTS "${SINSP_LIBDIR}" "${SCAP_HINTS}/lib"
|
|
||||||
PATHS
|
|
||||||
/usr/lib
|
|
||||||
/usr/local/lib
|
|
||||||
)
|
|
||||||
|
|
||||||
# if( SINSP_INCLUDE_DIR AND SCAP_INCLUDE_DIR AND SINSP_LIBRARY AND SCAP_LIBRARY )
|
|
||||||
# file(STRINGS ${SINSP_INCLUDE_DIR}/sinsp.h SINSP_VERSION_MAJOR
|
|
||||||
# REGEX "#define[ ]+SINSP_VERSION_MAJOR[ ]+[0-9]+")
|
|
||||||
# string(REGEX MATCH "[0-9]+" SINSP_VERSION_MAJOR ${SINSP_VERSION_MAJOR})
|
|
||||||
# file(STRINGS ${SINSP_INCLUDE_DIR}/sinsp.h SINSP_VERSION_MINOR
|
|
||||||
# REGEX "#define[ ]+SINSP_VERSION_MINOR[ ]+[0-9]+")
|
|
||||||
# string(REGEX MATCH "[0-9]+" SINSP_VERSION_MINOR ${SINSP_VERSION_MINOR})
|
|
||||||
# file(STRINGS ${SINSP_INCLUDE_DIR}/sinsp.h SINSP_VERSION_RELEASE
|
|
||||||
# REGEX "#define[ ]+SINSP_VERSION_RELEASE[ ]+[0-9]+")
|
|
||||||
# string(REGEX MATCH "[0-9]+" SINSP_VERSION_RELEASE ${SINSP_VERSION_RELEASE})
|
|
||||||
# set(SINSP_VERSION ${SINSP_VERSION_MAJOR}.${SINSP_VERSION_MINOR}.${SINSP_VERSION_RELEASE})
|
|
||||||
# endif()
|
|
||||||
|
|
||||||
include(FindPackageHandleStandardArgs)
|
include(FindPackageHandleStandardArgs)
|
||||||
find_package_handle_standard_args(Sinsp
|
find_package_handle_standard_args(Sinsp
|
||||||
REQUIRED_VARS
|
REQUIRED_VARS
|
||||||
SINSP_LIBRARY SINSP_INCLUDE_DIR
|
SINSP_INCLUDE_DIRS
|
||||||
SCAP_LIBRARY SCAP_INCLUDE_DIR
|
SINSP_LINK_LIBRARIES
|
||||||
JSON_INCLUDE_DIR
|
|
||||||
SINSP_PLUGIN_DIR
|
SINSP_PLUGIN_DIR
|
||||||
# VERSION_VAR SINSP_VERSION
|
# VERSION_VAR SINSP_VERSION
|
||||||
)
|
)
|
||||||
|
|
||||||
if( SINSP_FOUND )
|
if(SINSP_FOUND)
|
||||||
set(SINSP_INCLUDE_DIRS ${SINSP_INCLUDE_DIR} ${SCAP_INCLUDE_DIR} ${JSON_INCLUDE_DIR})
|
|
||||||
if(TBB_INCLUDE_DIR)
|
|
||||||
list(APPEND SINSP_INCLUDE_DIRS ${TBB_INCLUDE_DIR})
|
|
||||||
endif()
|
|
||||||
set(SINSP_LIBRARIES ${SINSP_LIBRARY} ${SCAP_LIBRARY})
|
|
||||||
if (JSONCPP_LIBRARY)
|
|
||||||
list(APPEND SINSP_LIBRARIES ${JSONCPP_LIBRARY})
|
|
||||||
endif()
|
|
||||||
if (TBB_LIBRARY)
|
|
||||||
list(APPEND SINSP_LIBRARIES ${TBB_LIBRARY})
|
|
||||||
endif()
|
|
||||||
if (WIN32)
|
if (WIN32)
|
||||||
set(SINSP_PLUGINS ${SINSP_PLUGIN_DIR}/plugins/cloudtrail/cloudtrail.dll)
|
set(SINSP_PLUGINS ${SINSP_PLUGIN_DIR}/plugins/cloudtrail/cloudtrail.dll)
|
||||||
else()
|
else()
|
||||||
|
@ -146,9 +174,9 @@ if( SINSP_FOUND )
|
||||||
# mark_as_advanced( SINSP_DLL_DIR SINSP_DLL )
|
# mark_as_advanced( SINSP_DLL_DIR SINSP_DLL )
|
||||||
# endif()
|
# endif()
|
||||||
else()
|
else()
|
||||||
set( SINSP_INCLUDE_DIRS )
|
set(SINSP_INCLUDE_DIRS)
|
||||||
set( SINSP_LIBRARIES )
|
set(SINSP_LINK_LIBRARIES)
|
||||||
set( SINSP_PLUGINS )
|
set(SINSP_PLUGINS)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
mark_as_advanced( SINSP_LIBRARIES SINSP_INCLUDE_DIRS SINSP_PLUGINS )
|
mark_as_advanced(SINSP_INCLUDE_DIRS SINSP_LINK_LIBRARIES SINSP_PLUGINS)
|
||||||
|
|
|
@ -52,7 +52,7 @@ target_include_directories(falco-bridge SYSTEM PRIVATE
|
||||||
|
|
||||||
target_link_libraries(falco-bridge
|
target_link_libraries(falco-bridge
|
||||||
epan
|
epan
|
||||||
${SINSP_LIBRARIES}
|
${SINSP_LINK_LIBRARIES}
|
||||||
)
|
)
|
||||||
|
|
||||||
install_plugin(falco-bridge epan)
|
install_plugin(falco-bridge epan)
|
||||||
|
|
|
@ -65,7 +65,7 @@ create_sinsp_source(sinsp_span_t *sinsp_span, const char* libname, sinsp_source_
|
||||||
sinsp_source_info_t *ssi = new sinsp_source_info_t();
|
sinsp_source_info_t *ssi = new sinsp_source_info_t();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
sinsp_plugin *sp = sinsp_span->inspector.register_plugin(libname, "{}").get();
|
sinsp_plugin *sp = sinsp_span->inspector.register_plugin(libname).get();
|
||||||
if (sp->caps() & CAP_EXTRACTION) {
|
if (sp->caps() & CAP_EXTRACTION) {
|
||||||
ssi->source = dynamic_cast<sinsp_plugin *>(sp);
|
ssi->source = dynamic_cast<sinsp_plugin *>(sp);
|
||||||
} else {
|
} else {
|
||||||
|
@ -75,6 +75,11 @@ create_sinsp_source(sinsp_span_t *sinsp_span, const char* libname, sinsp_source_
|
||||||
err_str = g_strdup_printf("Caught sinsp exception %s", e.what());
|
err_str = g_strdup_printf("Caught sinsp exception %s", e.what());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
std::string init_err;
|
||||||
|
if (!ssi->source->init("{}", init_err)) {
|
||||||
|
err_str = g_strdup_printf("Unable to initialize %s: %s", libname, init_err.c_str());
|
||||||
|
}
|
||||||
|
|
||||||
if (err_str) {
|
if (err_str) {
|
||||||
delete ssi;
|
delete ssi;
|
||||||
return err_str;
|
return err_str;
|
||||||
|
@ -91,11 +96,6 @@ uint32_t get_sinsp_source_id(sinsp_source_info_t *ssi)
|
||||||
return ssi->source->id();
|
return ssi->source->id();
|
||||||
}
|
}
|
||||||
|
|
||||||
bool init_sinsp_source(sinsp_source_info_t *ssi, const char *config)
|
|
||||||
{
|
|
||||||
return ssi->source->init(config);
|
|
||||||
}
|
|
||||||
|
|
||||||
const char *get_sinsp_source_last_error(sinsp_source_info_t *ssi)
|
const char *get_sinsp_source_last_error(sinsp_source_info_t *ssi)
|
||||||
{
|
{
|
||||||
if (ssi->last_error) {
|
if (ssi->last_error) {
|
||||||
|
|
|
@ -65,7 +65,6 @@ char *create_sinsp_source(sinsp_span_t *sinsp_span, const char* libname, sinsp_s
|
||||||
// Extractor plugin routines.
|
// Extractor plugin routines.
|
||||||
// These roughly match common_plugin_info
|
// These roughly match common_plugin_info
|
||||||
uint32_t get_sinsp_source_id(sinsp_source_info_t *ssi);
|
uint32_t get_sinsp_source_id(sinsp_source_info_t *ssi);
|
||||||
bool init_sinsp_source(sinsp_source_info_t *ssi, const char *config);
|
|
||||||
const char *get_sinsp_source_last_error(sinsp_source_info_t *ssi);
|
const char *get_sinsp_source_last_error(sinsp_source_info_t *ssi);
|
||||||
const char *get_sinsp_source_name(sinsp_source_info_t *ssi);
|
const char *get_sinsp_source_name(sinsp_source_info_t *ssi);
|
||||||
const char* get_sinsp_source_description(sinsp_source_info_t *ssi);
|
const char* get_sinsp_source_description(sinsp_source_info_t *ssi);
|
||||||
|
|
Loading…
Reference in New Issue