new(userspace/falco): select driver from config

Signed-off-by: Roberto Scolaro <[email protected]>

userspace/falco/app/actions/helpers_inspector.cpp

@@ -20,6 +20,7 @@ limitations under the License.
 #include <fcntl.h>
 
 #include <plugin_manager.h>
+#include <configuration.h>
 
 #include "helpers.h"
 
@@ -52,6 +53,13 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 		std::shared_ptr<sinsp> inspector,
 		const std::string& source)
 {
+
+	bool is_driver_mode_from_cmdline = (s.options.nodriver ||
+				    s.is_gvisor_enabled() ||
+					s.options.modern_bpf ||
+					getenv(FALCO_BPF_ENV_VARIABLE) != NULL
+	);
+
 	try
 	{
 		if (source != falco_common::syscall_source) /* Plugin engine */
@@ -71,7 +79,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 			}
 			return run_result::fatal("Can't find plugin for event source: " + source);
 		}
-		else if (s.options.nodriver) /* nodriver engine. */
+		else if (s.options.nodriver || (!is_driver_mode_from_cmdline && s.config->m_driver_mode == driver_mode_type::NODRIVER)) /* nodriver engine. */
 		{
 			// when opening a capture with no driver, Falco will first check
 			// if a plugin is capable of generating raw events from the libscap
@@ -90,18 +98,18 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 			falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with no driver\n");
 			inspector->open_nodriver();
 		}
-		else if(s.is_gvisor_enabled()) /* gvisor engine. */
+		else if(s.is_gvisor_enabled() || (!is_driver_mode_from_cmdline && s.config->m_driver_mode == driver_mode_type::GVISOR)) /* gvisor engine. */
 		{
 			falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with gVisor. Configuration path: " + s.options.gvisor_config);
 			inspector->open_gvisor(s.options.gvisor_config, s.options.gvisor_root);
 		}
-		else if(s.options.modern_bpf) /* modern BPF engine. */
+		else if(s.options.modern_bpf || (!is_driver_mode_from_cmdline && s.config->m_driver_mode == driver_mode_type::MODERN_BPF)) /* modern BPF engine. */
 		{
 			falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with modern BPF probe.");
 			falco_logger::log(falco_logger::level::INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) +  "' CPUs.");
 			inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.selected_sc_set);
 		}
-		else if(getenv(FALCO_BPF_ENV_VARIABLE) != NULL) /* BPF engine. */
+		else if(getenv(FALCO_BPF_ENV_VARIABLE) != NULL || (!is_driver_mode_from_cmdline && s.config->m_driver_mode == driver_mode_type::BPF)) /* BPF engine. */
 		{
 			const char *bpf_probe_path = std::getenv(FALCO_BPF_ENV_VARIABLE);
 			char full_path[PATH_MAX];

userspace/falco/app/options.cpp

@@ -22,6 +22,7 @@ limitations under the License.
 #include <cxxopts.hpp>
 
 #include <fstream>
+#include <sys/syslog.h>
 
 namespace falco {
 namespace app {
@@ -149,7 +150,11 @@ bool options::parse(int argc, char **argv, std::string &errstr)
 	open_modes += !trace_filename.empty();
 	open_modes += !gvisor_config.empty();
 	open_modes += modern_bpf;
-	open_modes += getenv("FALCO_BPF_PROBE") != NULL;
+	if(getenv("FALCO_BPF_PROBE") != NULL)
+	{
+		falco_logger::log(LOG_WARNING, "DEPRECATION NOTICE: the FALCO_BPF_PROBE environment variable will be soon deprecated!\n");
+		open_modes += 1;
+	}
 	open_modes += nodriver;
 	if (open_modes > 1)
 	{

userspace/falco/configuration.cpp

@@ -116,6 +116,8 @@ static driver_mode_type get_driver_mode(const std::string& input){
 		{"kmod",driver_mode_type::KMOD},
 		{"bpf",driver_mode_type::BPF},
 		{"modern_bpf",driver_mode_type::MODERN_BPF},
+		{"gvisor",driver_mode_type::GVISOR},
+		{"nodriver",driver_mode_type::NODRIVER},
 		{"custom",driver_mode_type::CUSTOM},
 	};
 

userspace/falco/configuration.h

@@ -43,6 +43,8 @@ enum class driver_mode_type : uint8_t
 	KMOD,
 	BPF,
 	MODERN_BPF,
+	GVISOR,
+	NODRIVER,
 	CUSTOM
 };