Skip to content

Commit

Permalink
new(falco): add buffer_format_base64
Browse files Browse the repository at this point in the history 
Signed-off-by: Luca Guerra <luca@guerra.sh>
  • Loading branch information
@LucaGuerra
LucaGuerra committed Sep 30, 2024
1 parent 17e6145 commit c346f97
Show file tree
Hide file tree
Showing 6 changed files with 18 additions and 3 deletions.
7 changes: 7 additions & 0 deletions falco.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -492,6 +492,13 @@ plugins:
# the /etc/localtime configuration.
time_format_iso_8601: false

# [Incubating] `buffer_format_base64`
#
# When enabled, Falco will output data buffer with base64 encoding. This is useful
# for encoding binary data that needs to be used over media designed to consume
# this format.
buffer_format_base64: false

# [Stable] `priority`
#
# Any rule with a priority level more severe than or equal to the specified
Expand Down
7 changes: 6 additions & 1 deletion userspace/falco/app/actions/init_inspectors.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,12 @@ using namespace falco::app;
using namespace falco::app::actions;

static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp> inspector) {
inspector->set_buffer_format(s.options.event_buffer_format);
sinsp_evt::param_fmt event_buffer_format = sinsp_evt::PF_NORMAL;
if(s.options.print_base64 || s.config->m_buffer_format_base64) {
event_buffer_format = sinsp_evt::PF_BASE64;
}

inspector->set_buffer_format(event_buffer_format);

//
// Container engines
Expand Down
2 changes: 1 addition & 1 deletion userspace/falco/app/options.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ bool options::parse(int argc, char **argv, std::string &errstr) {
}

if(m_cmdline_parsed.count("b") > 0) {
event_buffer_format = sinsp_evt::PF_BASE64;
print_base64 = true;
}

if(m_cmdline_parsed.count("r") > 0) {
Expand Down
2 changes: 1 addition & 1 deletion userspace/falco/app/options.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ class options {
bool print_rule_schema = false;
std::string conf_filename;
bool all_events = false;
sinsp_evt::param_fmt event_buffer_format = sinsp_evt::PF_NORMAL;
bool print_base64 = false;
std::vector<std::string> cri_socket_paths;
bool disable_cri_async = false;
std::vector<std::string> disable_sources;
Expand Down
2 changes: 2 additions & 0 deletions userspace/falco/configuration.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ falco_configuration::falco_configuration():
m_buffered_outputs(false),
m_outputs_queue_capacity(DEFAULT_OUTPUTS_QUEUE_CAPACITY_UNBOUNDED_MAX_LONG_VALUE),
m_time_format_iso_8601(false),
m_buffer_format_base64(false),
m_output_timeout(2000),
m_grpc_enabled(false),
m_grpc_threadiness(0),
Expand Down Expand Up @@ -489,6 +490,7 @@ void falco_configuration::load_yaml(const std::string &config_name) {
}

m_time_format_iso_8601 = m_config.get_scalar<bool>("time_format_iso_8601", false);
m_buffer_format_base64 = m_config.get_scalar<bool>("buffer_format_base64", false);

m_webserver_enabled = m_config.get_scalar<bool>("webserver.enabled", false);
m_webserver_config.m_threadiness = m_config.get_scalar<uint32_t>("webserver.threadiness", 0);
Expand Down
1 change: 1 addition & 0 deletions userspace/falco/configuration.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@ class falco_configuration {
bool m_buffered_outputs;
size_t m_outputs_queue_capacity;
bool m_time_format_iso_8601;
bool m_buffer_format_base64;
uint32_t m_output_timeout;

bool m_grpc_enabled;
Expand Down

0 comments on commit c346f97

Please sign in to comment.