update(test): add new logging function for scap_open and tests

Signed-off-by: Andrea Terzolo <[email protected]>
falcosecurity · Nov 8, 2023 · 3f767c9 · 3f767c9
1 parent 0f1459c
commit 3f767c9
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 12 deletions.
diff --git a/test/drivers/start_tests.cpp b/test/drivers/start_tests.cpp
@@ -10,6 +10,7 @@
 
 /* We support only these arguments */
 #define HELP_OPTION "help"
+#define VERBOSE_OPTION "verbose"
 #define KMOD_OPTION "kmod"
 #define BPF_OPTION "bpf"
 #define MODERN_BPF_OPTION "modern-bpf"
@@ -19,6 +20,7 @@
 #define KMOD_NAME "scap"
 
 scap_t* event_test::s_scap_handle = NULL;
+static enum falcosecurity_log_severity severity_level = FALCOSECURITY_LOG_SEV_WARNING;
 
 int remove_kmod()
 {
@@ -86,6 +88,22 @@ void abort_if_already_configured(const struct scap_vtable* vtable)
 	}
 }
 
+void test_open_log_fn(const char* component, const char* msg, const enum falcosecurity_log_severity sev)
+{
+	if(sev <= severity_level)
+	{
+		if(component!= NULL)
+		{
+			printf("%s: %s", component, msg);
+		}
+		else
+		{
+			// libbpf logs have no components
+			printf("%s", msg);
+		}
+	}
+}
+
 void print_message(std::string msg)
 {
 	std::cout << std::endl;
@@ -106,6 +124,7 @@ Overview: The goal of this binary is to run tests against one of our drivers.
   -m, --modern-bpf        Run tests against the modern bpf probe.
   -b, --bpf <path>        Run tests against the bpf probe. Default path is `./driver/bpf/probe.o`.
   -d, --buffer-dim <dim>  Change the dimension of shared buffers between userspace and kernel. You must specify the dimension in bytes.
+  -v, --verbose <level>   Print all available logs. Default level is WARNING (4).
   -h, --help              This page.
 )";
 	std::cout << usage << std::endl;
@@ -120,11 +139,17 @@ int open_engine(int argc, char** argv)
 		{KMOD_OPTION, optional_argument, 0, 'k'},
 		{BUFFER_OPTION, required_argument, 0, 'd'},
 		{HELP_OPTION, no_argument, 0, 'h'},
+		{VERBOSE_OPTION, required_argument, 0, 'v'},
 		{0, 0, 0, 0}};
 
+	// They should live until we call 'scap_open'
+	struct scap_modern_bpf_engine_params modern_bpf_params = {0};
+	struct scap_bpf_engine_params bpf_params = {0};
+	struct scap_kmod_engine_params kmod_params = {0};
 	int ret = 0;
 	const struct scap_vtable* vtable = nullptr;
 	scap_open_args oargs = {};
+	oargs.log_fn = test_open_log_fn;
 	unsigned long buffer_bytes_dim = DEFAULT_DRIVER_BUFFER_BYTES_DIM;
 	std::string kmod_path;
 
@@ -148,16 +173,14 @@ int open_engine(int argc, char** argv)
 	int op = 0;
 	int long_index = 0;
 	while((op = getopt_long(argc, argv,
-				"b::mk::d:h",
+				"b::mk::d:hv:",
 				long_options, &long_index)) != -1)
 	{
 		switch(op)
 		{
 		case 'b':
 #ifdef HAS_ENGINE_BPF
 		{
-			struct scap_bpf_engine_params bpf_params = {0};
-
 			abort_if_already_configured(vtable);
 			vtable = &scap_bpf_engine;
 			bpf_params.buffer_bytes_dim = buffer_bytes_dim;
@@ -191,8 +214,6 @@ int open_engine(int argc, char** argv)
 		case 'm':
 #ifdef HAS_ENGINE_MODERN_BPF
 		{
-			struct scap_modern_bpf_engine_params modern_bpf_params = {0};
-
 			abort_if_already_configured(vtable);
 			vtable = &scap_modern_bpf_engine;
 			modern_bpf_params.buffer_bytes_dim = buffer_bytes_dim;
@@ -208,8 +229,6 @@ int open_engine(int argc, char** argv)
 		case 'k':
 #ifdef HAS_ENGINE_KMOD
 		{
-			struct scap_kmod_engine_params kmod_params = {0};
-
 			abort_if_already_configured(vtable);
 			vtable = &scap_kmod_engine;
 			kmod_params.buffer_bytes_dim = buffer_bytes_dim;
@@ -240,15 +259,32 @@ int open_engine(int argc, char** argv)
 			break;
 
 		case 'd':
+			if(vtable != nullptr)
+			{
+				std::cerr << "The buffer dim '" << BUFFER_OPTION << "' must be chosen before opening the engine" << std::endl;
+				return EXIT_FAILURE;
+			}
 			buffer_bytes_dim = strtoul(optarg, NULL, 10);
 			break;
 
 		case 'h':
 			print_menu_and_exit();
 			break;
 
-		default:
+		case 'v':
+			{
+				unsigned long level = strtoul(optarg, NULL, 10);
+				if(level < FALCOSECURITY_LOG_SEV_FATAL || level > FALCOSECURITY_LOG_SEV_TRACE)
+				{
+					std::cerr << "Invalid logging level. Valid range is '" << std::to_string(FALCOSECURITY_LOG_SEV_FATAL) <<"' <= lev <= '" << std::to_string(FALCOSECURITY_LOG_SEV_TRACE) << "'" << std::endl;
+					return EXIT_FAILURE;
+				}
+				severity_level = (enum falcosecurity_log_severity)level;
+			}
 			break;
+
+		default:
+			return EXIT_FAILURE;
 		}
 	}
 	std::cout << "* Using buffer dim: " << buffer_bytes_dim << std::endl;

diff --git a/userspace/libscap/examples/01-open/scap_open.c b/userspace/libscap/examples/01-open/scap_open.c
@@ -43,6 +43,7 @@ limitations under the License.
 #define CPUS_FOR_EACH_BUFFER_MODE "--cpus_for_buf"
 #define ALL_AVAILABLE_CPUS_MODE "--available_cpus"
 #define DROP_FAILED "--drop-failed"
+#define VERBOSE_OPTION "--verbose"
 
 /* PRINT */
 #define PRINT_SYSCALLS_OPTION "--print_syscalls"
@@ -52,17 +53,18 @@ extern const struct ppm_event_info g_event_info[PPM_EVENT_MAX];
 extern const struct syscall_evt_pair g_syscall_table[SYSCALL_TABLE_SIZE];
 
 /* Engine params */
-static struct scap_bpf_engine_params bpf_params;
-static struct scap_kmod_engine_params kmod_params;
-static struct scap_modern_bpf_engine_params modern_bpf_params;
-static struct scap_savefile_engine_params savefile_params;
+static struct scap_bpf_engine_params bpf_params = {};
+static struct scap_kmod_engine_params kmod_params = {};
+static struct scap_modern_bpf_engine_params modern_bpf_params = {};
+static struct scap_savefile_engine_params savefile_params = {};
 
 /* Configuration variables set through CLI. */
 static uint64_t num_events = UINT64_MAX; /* max number of events to catch. */
 static int evt_type = -1;		  /* event type to print. */
 static bool ppm_sc_is_set = 0;
 static unsigned long buffer_bytes_dim = DEFAULT_DRIVER_BUFFER_BYTES_DIM;
 static bool drop_failed = false;
+static enum falcosecurity_log_severity severity_level = FALCOSECURITY_LOG_SEV_WARNING;
 
 static int simple_set[] = {
 	PPM_SC_ACCEPT,
@@ -542,6 +544,7 @@ void print_help()
 	printf("'%s <cpus_for_each_buffer>': allocate a ring buffer for every `cpus_for_each_buffer` CPUs.\n", CPUS_FOR_EACH_BUFFER_MODE);
 	printf("'%s': allocate ring buffers for all available CPUs. Default: allocate ring buffers for online CPUs only.\n", ALL_AVAILABLE_CPUS_MODE);
 	printf("'%s': instrument drivers to drop failed syscalls (exit) events.\n", DROP_FAILED);
+	printf("'%s <level>': print all available logs. Default level is WARNING (4)\n", VERBOSE_OPTION);
 	printf("\n------> PRINT OPTIONS\n");
 	printf("'%s': print all supported syscalls with different sources and configurations.\n", PRINT_SYSCALLS_OPTION);
 	printf("'%s': print this menu.\n", PRINT_HELP_OPTION);
@@ -759,6 +762,21 @@ void parse_CLI_options(int argc, char** argv)
 			drop_failed = true;
 		}
 
+		if(!strcmp(argv[i], VERBOSE_OPTION))
+		{
+			if(!(i + 1 < argc))
+			{
+				printf("\nYou need to specify also the logging level! Bye!\n");
+				exit(EXIT_FAILURE);
+			}
+			unsigned long level = strtoul(argv[++i], NULL, 10);
+			if(level < FALCOSECURITY_LOG_SEV_FATAL || level > FALCOSECURITY_LOG_SEV_TRACE)
+			{
+				printf("\nInvalid log level! Bye!\n");
+				exit(EXIT_FAILURE);
+			}
+			severity_level = (enum falcosecurity_log_severity)level;
+		}
 
 		/*=============================== CONFIGURATIONS ===========================*/
 
@@ -876,6 +894,22 @@ static void signal_callback(int signal)
 	exit(EXIT_SUCCESS);
 }
 
+void scap_open_log_fn(const char* component, const char* msg, const enum falcosecurity_log_severity sev)
+{
+	if(sev <= severity_level)
+	{
+		if(component!= NULL)
+		{
+			printf("%s: %s", component, msg);
+		}
+		else
+		{
+			// libbpf logs have no components
+			printf("%s", msg);
+		}
+	}
+}
+
 int main(int argc, char** argv)
 {
 	char error[SCAP_LASTERR_SIZE] = {0};
@@ -899,6 +933,7 @@ int main(int argc, char** argv)
 
 	enable_sc_and_print();
 
+	oargs.log_fn = scap_open_log_fn;
 	g_h = scap_open(&oargs, vtable, error, &res);
 	if(g_h == NULL || res != SCAP_SUCCESS)
 	{