Skip to content

Commit

Permalink
new(falco): add falco_libs.snaplen option
Browse files Browse the repository at this point in the history
Signed-off-by: Luca Guerra <luca@guerra.sh>
  • Loading branch information
LucaGuerra committed Oct 1, 2024
1 parent 6997c96 commit fbf140f
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 1 deletion.
7 changes: 7 additions & 0 deletions falco.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1259,8 +1259,15 @@ base_syscalls:
# `metrics.state_counters_enabled` to measure how the internal state handling is performing,
# and the fields called `n_drops_full_threadtable` or `n_store_evts_drops` will inform you
# if you should increase this value for optimal performance.
#
# `syscall_snaplen`
#
# Set how many bytes are collected of each I/O buffer for 'syscall' events.
# Use this option with caution since it can have a strong performance impact.
#
falco_libs:
thread_table_size: 262144
syscall_snaplen: 80

# [Incubating] `container_engines`
#
Expand Down
6 changes: 5 additions & 1 deletion userspace/falco/app/actions/init_inspectors.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,12 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>
}

//
// If required, set the snaplen
// If required, set the snaplen.
// In case both config and CLI options are specified, CLI takes precedence.
//
if(s.config->m_falco_libs_snaplen != 0) {
inspector->set_snaplen(s.config->m_falco_libs_snaplen);
}
if(s.options.snaplen != 0) {
inspector->set_snaplen(s.options.snaplen);
}
Expand Down
3 changes: 3 additions & 0 deletions userspace/falco/config_json_schema.h
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,9 @@ const char config_schema_string[] = LONG_STRING_CONST(
"properties": {
"thread_table_size": {
"type": "integer"
},
"snaplen": {
"type": "integer"
}
},
"minProperties": 1,
Expand Down
4 changes: 4 additions & 0 deletions userspace/falco/configuration.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ falco_configuration::falco_configuration():
m_syscall_evt_simulate_drops(false),
m_syscall_evt_timeout_max_consecutives(1000),
m_falco_libs_thread_table_size(DEFAULT_FALCO_LIBS_THREAD_TABLE_SIZE),
m_falco_libs_snaplen(0),
m_base_syscalls_repair(false),
m_metrics_enabled(false),
m_metrics_interval_str("5000"),
Expand Down Expand Up @@ -569,6 +570,9 @@ void falco_configuration::load_yaml(const std::string &config_name) {
m_config.get_scalar<std::uint32_t>("falco_libs.thread_table_size",
DEFAULT_FALCO_LIBS_THREAD_TABLE_SIZE);

// if falco_libs.snaplen is not set we'll let libs configure it
m_falco_libs_snaplen = m_config.get_scalar<std::uint64_t>("falco_libs.snaplen", 0);

m_base_syscalls_custom_set.clear();
m_config.get_sequence<std::unordered_set<std::string>>(m_base_syscalls_custom_set,
std::string("base_syscalls.custom_set"));
Expand Down
1 change: 1 addition & 0 deletions userspace/falco/configuration.h
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,7 @@ class falco_configuration {
uint32_t m_syscall_evt_timeout_max_consecutives;

uint32_t m_falco_libs_thread_table_size;
uint64_t m_falco_libs_snaplen;

// User supplied base_syscalls, overrides any Falco state engine enforcement.
std::unordered_set<std::string> m_base_syscalls_custom_set;
Expand Down

0 comments on commit fbf140f

Please sign in to comment.