diff --git a/test/drivers/start_tests.cpp b/test/drivers/start_tests.cpp index 68a98b619a..c10ffa15c0 100644 --- a/test/drivers/start_tests.cpp +++ b/test/drivers/start_tests.cpp @@ -10,6 +10,7 @@ /* We support only these arguments */ #define HELP_OPTION "help" +#define VERBOSE_OPTION "verbose" #define KMOD_OPTION "kmod" #define BPF_OPTION "bpf" #define MODERN_BPF_OPTION "modern-bpf" @@ -19,6 +20,7 @@ #define KMOD_NAME "scap" scap_t* event_test::s_scap_handle = NULL; +static enum falcosecurity_log_severity severity_level = FALCOSECURITY_LOG_SEV_WARNING; int remove_kmod() { @@ -86,6 +88,22 @@ void abort_if_already_configured(const struct scap_vtable* vtable) } } +void test_open_log_fn(const char* component, const char* msg, const enum falcosecurity_log_severity sev) +{ + if(sev <= severity_level) + { + if(component!= NULL) + { + printf("%s: %s", component, msg); + } + else + { + // libbpf logs have no components + printf("%s", msg); + } + } +} + void print_message(std::string msg) { std::cout << std::endl; @@ -106,6 +124,7 @@ Overview: The goal of this binary is to run tests against one of our drivers. -m, --modern-bpf Run tests against the modern bpf probe. -b, --bpf Run tests against the bpf probe. Default path is `./driver/bpf/probe.o`. -d, --buffer-dim Change the dimension of shared buffers between userspace and kernel. You must specify the dimension in bytes. + -v, --verbose Print all available logs. Default level is WARNING (4). -h, --help This page. )"; std::cout << usage << std::endl; @@ -120,11 +139,17 @@ int open_engine(int argc, char** argv) {KMOD_OPTION, optional_argument, 0, 'k'}, {BUFFER_OPTION, required_argument, 0, 'd'}, {HELP_OPTION, no_argument, 0, 'h'}, + {VERBOSE_OPTION, required_argument, 0, 'v'}, {0, 0, 0, 0}}; + // They should live until we call 'scap_open' + struct scap_modern_bpf_engine_params modern_bpf_params = {0}; + struct scap_bpf_engine_params bpf_params = {0}; + struct scap_kmod_engine_params kmod_params = {0}; int ret = 0; const struct scap_vtable* vtable = nullptr; scap_open_args oargs = {}; + oargs.log_fn = test_open_log_fn; unsigned long buffer_bytes_dim = DEFAULT_DRIVER_BUFFER_BYTES_DIM; std::string kmod_path; @@ -148,7 +173,7 @@ int open_engine(int argc, char** argv) int op = 0; int long_index = 0; while((op = getopt_long(argc, argv, - "b::mk::d:h", + "b::mk::d:hv:", long_options, &long_index)) != -1) { switch(op) @@ -156,8 +181,6 @@ int open_engine(int argc, char** argv) case 'b': #ifdef HAS_ENGINE_BPF { - struct scap_bpf_engine_params bpf_params = {0}; - abort_if_already_configured(vtable); vtable = &scap_bpf_engine; bpf_params.buffer_bytes_dim = buffer_bytes_dim; @@ -191,8 +214,6 @@ int open_engine(int argc, char** argv) case 'm': #ifdef HAS_ENGINE_MODERN_BPF { - struct scap_modern_bpf_engine_params modern_bpf_params = {0}; - abort_if_already_configured(vtable); vtable = &scap_modern_bpf_engine; modern_bpf_params.buffer_bytes_dim = buffer_bytes_dim; @@ -208,8 +229,6 @@ int open_engine(int argc, char** argv) case 'k': #ifdef HAS_ENGINE_KMOD { - struct scap_kmod_engine_params kmod_params = {0}; - abort_if_already_configured(vtable); vtable = &scap_kmod_engine; kmod_params.buffer_bytes_dim = buffer_bytes_dim; @@ -240,6 +259,11 @@ int open_engine(int argc, char** argv) break; case 'd': + if(vtable != nullptr) + { + std::cerr << "The buffer dim '" << BUFFER_OPTION << "' must be chosen before opening the engine" << std::endl; + return EXIT_FAILURE; + } buffer_bytes_dim = strtoul(optarg, NULL, 10); break; @@ -247,8 +271,20 @@ int open_engine(int argc, char** argv) print_menu_and_exit(); break; - default: + case 'v': + { + unsigned long level = strtoul(optarg, NULL, 10); + if(level < FALCOSECURITY_LOG_SEV_FATAL || level > FALCOSECURITY_LOG_SEV_TRACE) + { + std::cerr << "Invalid logging level. Valid range is '" << std::to_string(FALCOSECURITY_LOG_SEV_FATAL) <<"' <= lev <= '" << std::to_string(FALCOSECURITY_LOG_SEV_TRACE) << "'" << std::endl; + return EXIT_FAILURE; + } + severity_level = (enum falcosecurity_log_severity)level; + } break; + + default: + return EXIT_FAILURE; } } std::cout << "* Using buffer dim: " << buffer_bytes_dim << std::endl; diff --git a/userspace/libscap/examples/01-open/scap_open.c b/userspace/libscap/examples/01-open/scap_open.c index d5ecd52912..8b71764a1d 100644 --- a/userspace/libscap/examples/01-open/scap_open.c +++ b/userspace/libscap/examples/01-open/scap_open.c @@ -43,6 +43,7 @@ limitations under the License. #define CPUS_FOR_EACH_BUFFER_MODE "--cpus_for_buf" #define ALL_AVAILABLE_CPUS_MODE "--available_cpus" #define DROP_FAILED "--drop-failed" +#define VERBOSE_OPTION "--verbose" /* PRINT */ #define PRINT_SYSCALLS_OPTION "--print_syscalls" @@ -52,10 +53,10 @@ extern const struct ppm_event_info g_event_info[PPM_EVENT_MAX]; extern const struct syscall_evt_pair g_syscall_table[SYSCALL_TABLE_SIZE]; /* Engine params */ -static struct scap_bpf_engine_params bpf_params; -static struct scap_kmod_engine_params kmod_params; -static struct scap_modern_bpf_engine_params modern_bpf_params; -static struct scap_savefile_engine_params savefile_params; +static struct scap_bpf_engine_params bpf_params = {}; +static struct scap_kmod_engine_params kmod_params = {}; +static struct scap_modern_bpf_engine_params modern_bpf_params = {}; +static struct scap_savefile_engine_params savefile_params = {}; /* Configuration variables set through CLI. */ static uint64_t num_events = UINT64_MAX; /* max number of events to catch. */ @@ -63,6 +64,7 @@ static int evt_type = -1; /* event type to print. */ static bool ppm_sc_is_set = 0; static unsigned long buffer_bytes_dim = DEFAULT_DRIVER_BUFFER_BYTES_DIM; static bool drop_failed = false; +static enum falcosecurity_log_severity severity_level = FALCOSECURITY_LOG_SEV_WARNING; static int simple_set[] = { PPM_SC_ACCEPT, @@ -542,6 +544,7 @@ void print_help() printf("'%s ': allocate a ring buffer for every `cpus_for_each_buffer` CPUs.\n", CPUS_FOR_EACH_BUFFER_MODE); printf("'%s': allocate ring buffers for all available CPUs. Default: allocate ring buffers for online CPUs only.\n", ALL_AVAILABLE_CPUS_MODE); printf("'%s': instrument drivers to drop failed syscalls (exit) events.\n", DROP_FAILED); + printf("'%s ': print all available logs. Default level is WARNING (4)\n", VERBOSE_OPTION); printf("\n------> PRINT OPTIONS\n"); printf("'%s': print all supported syscalls with different sources and configurations.\n", PRINT_SYSCALLS_OPTION); printf("'%s': print this menu.\n", PRINT_HELP_OPTION); @@ -759,6 +762,21 @@ void parse_CLI_options(int argc, char** argv) drop_failed = true; } + if(!strcmp(argv[i], VERBOSE_OPTION)) + { + if(!(i + 1 < argc)) + { + printf("\nYou need to specify also the logging level! Bye!\n"); + exit(EXIT_FAILURE); + } + unsigned long level = strtoul(argv[++i], NULL, 10); + if(level < FALCOSECURITY_LOG_SEV_FATAL || level > FALCOSECURITY_LOG_SEV_TRACE) + { + printf("\nInvalid log level! Bye!\n"); + exit(EXIT_FAILURE); + } + severity_level = (enum falcosecurity_log_severity)level; + } /*=============================== CONFIGURATIONS ===========================*/ @@ -876,6 +894,22 @@ static void signal_callback(int signal) exit(EXIT_SUCCESS); } +void scap_open_log_fn(const char* component, const char* msg, const enum falcosecurity_log_severity sev) +{ + if(sev <= severity_level) + { + if(component!= NULL) + { + printf("%s: %s", component, msg); + } + else + { + // libbpf logs have no components + printf("%s", msg); + } + } +} + int main(int argc, char** argv) { char error[SCAP_LASTERR_SIZE] = {0}; @@ -899,6 +933,7 @@ int main(int argc, char** argv) enable_sc_and_print(); + oargs.log_fn = scap_open_log_fn; g_h = scap_open(&oargs, vtable, error, &res); if(g_h == NULL || res != SCAP_SUCCESS) {