cleanup(configuration): cleanup deprecated code

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>

userspace/falco/app/actions/load_config.cpp

@@ -17,123 +17,13 @@ limitations under the License.
 
 #include "actions.h"
 #include "falco_utils.h"
-// USED just to include some shared macros, remove this include in Falco 0.38.0
-#include "configuration.h"
-
-/* DEPRECATED: we will remove it in Falco 0.38. */
-#define FALCO_BPF_ENV_VARIABLE "FALCO_BPF_PROBE"
 
 using namespace falco::app;
 using namespace falco::app::actions;
 
 // applies legacy/in-deprecation options to the current state
 static falco::app::run_result apply_deprecated_options(const falco::app::state& s)
 {
-	// Check that at most one command line option is provided
-	int open_modes = 0;
-	open_modes += !s.options.capture_file.empty();
-	open_modes += !s.options.gvisor_config.empty();
-	open_modes += s.options.modern_bpf;
-	open_modes += getenv(FALCO_BPF_ENV_VARIABLE) != NULL;
-	open_modes += s.options.nodriver;
-	if(open_modes > 1)
-	{
-		return run_result::fatal("You can not specify more than one of -e, -g (--gvisor-config), --modern-bpf, --nodriver, and the FALCO_BPF_PROBE env var");
-	}
-
-	// Please note: is not possible to mix command line options and configs to obtain a configuration
-	// we need to use only one method. For example, is not possible to set the gvisor-config through
-	// the command line and the gvisor-root through the config file. For this reason, if we detect
-	// at least one change in the default config we don't allow to use the command line options.
-	if(s.config->m_changes_in_engine_config)
-	{
-		// If a command line option is specified, print a warning because it will be ignored
-		if(open_modes == 1)
-		{
-			falco_logger::log(falco_logger::level::WARNING,
-				  "Since the new 'engine' config key is being used, deprecated CLI options "
-				  "[-e,-g,--gvisor-config,--nodriver,--modern-bpf] and 'FALCO_BPF_PROBE' environment variable will be ignored.\n");
-		}
-
-		// If these configs are specified, print a warning because they will be ignored
-		if(s.config->m_syscall_drop_failed_exit != DEFAULT_DROP_FAILED_EXIT)
-		{
-			falco_logger::log(falco_logger::level::WARNING,
-				  "Since the new 'engine' config key is being used, deprecated config 'syscall_drop_failed_exit' will be ignored.\n");
-		}
-		if(s.config->m_syscall_buf_size_preset != DEFAULT_BUF_SIZE_PRESET)
-		{
-			falco_logger::log(falco_logger::level::WARNING,
-				  "Since the new 'engine' config key is being used, deprecated config 'syscall_buf_size_preset' will be ignored.\n");
-		}
-		if(s.config->m_cpus_for_each_syscall_buffer != DEFAULT_CPUS_FOR_EACH_SYSCALL_BUFFER)
-		{
-			falco_logger::log(falco_logger::level::WARNING,
-				  "Since the new 'engine' config key is being used, deprecated config 'modern_bpf.cpus_for_each_syscall_buffer' will be ignored.\n");
-		}
-		return run_result::ok(); 
-	}
-
-	// These warnings are similar to the ones above, but in this case, the configs are not ignored
-	// they are just deprecated
-	if(s.config->m_syscall_drop_failed_exit != DEFAULT_DROP_FAILED_EXIT)
-	{
-		falco_logger::log(falco_logger::level::WARNING,
-				"DEPRECATION NOTICE: 'syscall_drop_failed_exit' config is deprecated and will be removed in Falco 0.38! Use 'engine.<driver>.drop_failed_exit' config instead\n");
-	}
-	if(s.config->m_syscall_buf_size_preset != DEFAULT_BUF_SIZE_PRESET)
-	{
-		falco_logger::log(falco_logger::level::WARNING,
-				"DEPRECATION NOTICE: 'syscall_buf_size_preset' config is deprecated and will be removed in Falco 0.38! Use 'engine.<driver>.buf_size_preset' config instead\n");
-	}
-	if(s.config->m_cpus_for_each_syscall_buffer != DEFAULT_CPUS_FOR_EACH_SYSCALL_BUFFER)
-	{
-		falco_logger::log(falco_logger::level::WARNING,
-				"DEPRECATION NOTICE: 'modern_bpf.cpus_for_each_syscall_buffer' config is deprecated and will be removed in Falco 0.38! Use 'engine.modern_ebpf.cpus_for_each_buffer' config instead\n");
-	}
-
-	// Replace the kmod default values in case the engine was open with the kmod.
-	// We don't have a command line option to open the kmod so we have to always enforce the
-	// default values.
-	s.config->m_kmod.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit;
-	s.config->m_kmod.m_buf_size_preset = s.config->m_syscall_buf_size_preset;
-
-	// If overridden from CLI options (soon to be removed),
-	// use the requested driver.
-	if (getenv(FALCO_BPF_ENV_VARIABLE))
-	{
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the 'FALCO_BPF_PROBE' environment variable is deprecated and will be removed in Falco 0.38! Set 'engine.kind: ebpf' and use 'engine.ebpf' config instead in falco.yaml\n");
-		s.config->m_engine_mode = engine_kind_t::EBPF;
-		s.config->m_ebpf.m_probe_path = getenv(FALCO_BPF_ENV_VARIABLE);
-		s.config->m_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit;
-		s.config->m_ebpf.m_buf_size_preset = s.config->m_syscall_buf_size_preset;
-	}
-	else if (s.options.modern_bpf)
-	{
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--modern-bpf' command line option is deprecated and will be removed in Falco 0.38! Set 'engine.kind: modern_ebpf' and use 'engine.modern_ebpf' config instead in falco.yaml\n");
-		s.config->m_engine_mode = engine_kind_t::MODERN_EBPF;
-		s.config->m_modern_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit;
-		s.config->m_modern_ebpf.m_buf_size_preset = s.config->m_syscall_buf_size_preset;
-		s.config->m_modern_ebpf.m_cpus_for_each_buffer = s.config->m_cpus_for_each_syscall_buffer;
-	}
-	if (!s.options.gvisor_config.empty())
-	{
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-g,--gvisor-config' command line option is deprecated and will be removed in Falco 0.38! Set 'engine.kind: gvisor' and use 'engine.gvisor' config instead in falco.yaml\n");
-		s.config->m_engine_mode =  engine_kind_t::GVISOR;
-		s.config->m_gvisor.m_config = s.options.gvisor_config;
-		s.config->m_gvisor.m_root = s.options.gvisor_root;
-	}
-	if (s.options.nodriver)
-	{
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--nodriver' command line option is deprecated and will be removed in Falco 0.38! Set 'engine.kind: nodriver' instead in falco.yaml\n");
-		s.config->m_engine_mode =  engine_kind_t::NODRIVER;
-	}
-	if (!s.options.capture_file.empty())
-	{
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-e' command line option is deprecated and will be removed in Falco 0.38! Set 'engine.kind: replay' and use 'engine.replay' config instead in falco.yaml\n");
-		s.config->m_engine_mode = engine_kind_t::REPLAY;
-		s.config->m_replay.m_capture_file = s.options.capture_file;
-	}
 	return run_result::ok();
 }
 

userspace/falco/app/options.cpp

@@ -169,15 +169,9 @@ void options::define(cxxopts::Options& opts)
 		("disable-source",                "Turn off a specific <event_source>. By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times, but turning off all event sources simultaneously is not permitted. This option can not be mixed with --enable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(disable_sources), "<event_source>")
 		("dry-run",                       "Run Falco without processing events. It can help check that the configuration and rules do not have any errors.", cxxopts::value(dry_run)->default_value("false"))
 		("D",                             "Turn off any rules with names having the substring <substring>. This option can be passed multiple times. It cannot be mixed with -t.", cxxopts::value(disabled_rule_substrings), "<substring>")
-		("e",                             "DEPRECATED. Reproduce the events by reading from the given <capture_file> instead of opening a live session. Only capture files in .scap format are supported.", cxxopts::value(capture_file), "<events_file>")
 		("enable-source",                 "Enable a specific <event_source>. By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. When using this option, only the event sources specified by it will be enabled. This option can not be mixed with --disable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(enable_sources), "<event_source>")
 #ifdef HAS_GVISOR
-		("g,gvisor-config",				  "DEPRECATED. Collect 'syscall' events from gVisor using the specified <gvisor_config> file. A Falco-compatible configuration file can be generated with --gvisor-generate-config and utilized for both runsc and Falco.", cxxopts::value(gvisor_config), "<gvisor_config>")
 		("gvisor-generate-config",		  "Generate a configuration file that can be used for gVisor and exit. See --gvisor-config for more details.", cxxopts::value<std::string>(gvisor_generate_config_with_socket)->implicit_value("/run/falco/gvisor.sock"), "<socket_path>")
-		("gvisor-root",					  "DEPRECATED. Set gVisor root directory for storage of container state when used in conjunction with --gvisor-config. The <gvisor_root> to be passed is the one usually passed to runsc --root flag.", cxxopts::value(gvisor_root), "<gvisor_root>")
-#endif
-#ifdef HAS_MODERN_BPF
-		("modern-bpf",				  "DEPRECATED. Use the BPF modern probe driver to instrument the kernel and observe 'syscall' events.", cxxopts::value(modern_bpf)->default_value("false"))
 #endif
 		("i",                             "Print those events that are ignored by default for performance reasons and exit. See -A for more details.", cxxopts::value(print_ignored_events)->default_value("false"))
 		("L",                             "Show the name and description of all rules and exit. If json_output is set to true, it prints details about all rules, macros, and lists in JSON format.", cxxopts::value(describe_all_rules)->default_value("false"))
@@ -188,7 +182,6 @@ void options::define(cxxopts::Options& opts)
 		("M",                             "Stop Falco execution after <num_seconds> are passed.", cxxopts::value(duration_to_tot)->default_value("0"), "<num_seconds>")
 		("markdown",                      "Print output in Markdown format when used in conjunction with --list or --list-events options. It has no effect when used with other options.", cxxopts::value<bool>(markdown))
 		("N",                             "Only print field names when used in conjunction with the --list option. It has no effect when used with other options.", cxxopts::value(names_only)->default_value("false"))
-		("nodriver",                      "DEPRECATED. Do not use a driver to instrument the kernel. If a loaded plugin has event-sourcing capability and can produce system events, it will be used for event collection. Otherwise, no event will be collected.", cxxopts::value(nodriver)->default_value("false"))
 		("o,option",                      "Set the value of option <opt> to <val>. Overrides values in the configuration file. <opt> can be identified using its location in the configuration file using dot notation. Elements of list entries can be accessed via square brackets [].\n    E.g. base.id = val\n         base.subvalue.subvalue2 = val\n         base.list[1]=val", cxxopts::value(cmdline_config_options), "<opt>=<val>")
 		("plugin-info",                   "Print info for the plugin specified by <plugin_name> and exit.\nThis includes all descriptive information like name and author, along with the\nschema format for the init configuration and a list of suggested open parameters.\n<plugin_name> can be the plugin's name or its configured 'library_path'.", cxxopts::value(print_plugin_info), "<plugin_name>")
 		("p,print",                       "Print (or replace) additional information in the rule's output.\nUse -pc or -pcontainer to append container details.\nUse -pk or -pkubernetes to add both container and Kubernetes details.\nIf using gVisor, choose -pcg or -pkg variants (or -pcontainer-gvisor and -pkubernetes-gvisor, respectively).\nIf a rule's output contains %container.info, it will be replaced with the corresponding details. Otherwise, these details will be directly appended to the rule's output.\nAlternatively, use -p <output_format> for a custom format. In this case, the given <output_format> will be appended to the rule's output without any replacement.", cxxopts::value(print_additional), "<output_format>")

userspace/falco/app/options.h

@@ -76,14 +76,6 @@ class options {
 	bool print_page_size;
 	bool dry_run;
 
-	// todo!: remove them in Falco 0.38.0 since they are deprecated
-	std::string capture_file = "";
-	std::string gvisor_config = "";
-	std::string gvisor_root = "";
-	bool modern_bpf = false;
-	bool nodriver = false;
-
-
 	bool parse(int argc, char **argv, std::string &errstr);
 
 	const std::string& usage();

userspace/falco/configuration.cpp

@@ -40,6 +40,10 @@ namespace fs = std::filesystem;
 // Reference: https://digitalfortress.tech/tips/top-15-commonly-used-regex/
 static re2::RE2 ip_address_re("((^\\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\\s*$)|(^\\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?\\s*$))");
 
+#define DEFAULT_BUF_SIZE_PRESET 4
+#define DEFAULT_CPUS_FOR_EACH_SYSCALL_BUFFER 2
+#define DEFAULT_DROP_FAILED_EXIT false
+
 falco_configuration::falco_configuration():
 	m_json_output(false),
 	m_json_include_output_property(true),
@@ -122,27 +126,11 @@ void falco_configuration::load_engine_config(const std::string& config_name, con
 		throw std::logic_error("Error reading config file (" + config_name + "): engine.kind '"+ driver_mode_str + "' is not a valid kind.");
 	}
 
-	// Catch deprecated values from the config, to use them with the command line if needed
-	m_syscall_buf_size_preset = config.get_scalar<int16_t>("syscall_buf_size_preset", DEFAULT_BUF_SIZE_PRESET);
-	m_cpus_for_each_syscall_buffer = config.get_scalar<uint16_t>("modern_bpf.cpus_for_each_syscall_buffer", DEFAULT_CPUS_FOR_EACH_SYSCALL_BUFFER);
-	m_syscall_drop_failed_exit = config.get_scalar<bool>("syscall_drop_failed_exit", DEFAULT_DROP_FAILED_EXIT);
-
 	switch (m_engine_mode)
 	{
 	case engine_kind_t::KMOD:
 		m_kmod.m_buf_size_preset = config.get_scalar<int16_t>("engine.kmod.buf_size_preset", DEFAULT_BUF_SIZE_PRESET);
 		m_kmod.m_drop_failed_exit = config.get_scalar<bool>("engine.kmod.drop_failed_exit", DEFAULT_DROP_FAILED_EXIT);
-
-		if(m_kmod.m_buf_size_preset == DEFAULT_BUF_SIZE_PRESET && m_kmod.m_drop_failed_exit==DEFAULT_DROP_FAILED_EXIT)
-		{
-			// This could happen in 2 cases:
-			// 1. The user doesn't use the new config (it could also have commented it)
-			// 2. The user uses the new config unchanged.
-			// In these 2 cases the users are allowed to use the command line arguments to open an engine
-			m_changes_in_engine_config = false;
-			return;
-		}
-
 		break;
 	case engine_kind_t::EBPF:
 		// TODO: default value for `probe` should be $HOME/FALCO_PROBE_BPF_FILEPATH,
@@ -176,11 +164,6 @@ void falco_configuration::load_engine_config(const std::string& config_name, con
 	default:
 		break;
 	}
-
-	// If we arrive here it means we have at least one change in the `engine` config.
-	// Please note that `load_config` could be called more than one time during initialization
-	// so the last time wins, the load config phase should be idempotent
-	m_changes_in_engine_config = true;
 }
 
 void falco_configuration::load_yaml(const std::string& config_name, const yaml_helper& config)

userspace/falco/configuration.h

@@ -37,11 +37,6 @@ limitations under the License.
 #include "event_drops.h"
 #include "falco_outputs.h"
 
-// todo!: remove them in Falco 0.38.0
-#define DEFAULT_BUF_SIZE_PRESET 4
-#define DEFAULT_CPUS_FOR_EACH_SYSCALL_BUFFER 2
-#define DEFAULT_DROP_FAILED_EXIT false
-
 enum class engine_kind_t : uint8_t
 {
 	KMOD,
@@ -164,15 +159,6 @@ class falco_configuration
 	replay_config m_replay = {};
 	gvisor_config m_gvisor = {};
 
-	// todo!: to remove in Falco 0.38.0
-	// used to keep track if the `engine` config is used.
-	bool m_changes_in_engine_config = false;
-	// Index corresponding to the syscall buffer dimension.
-	uint16_t m_syscall_buf_size_preset = DEFAULT_BUF_SIZE_PRESET;
-	// Number of CPUs associated with a single ring buffer.
-	uint16_t m_cpus_for_each_syscall_buffer = DEFAULT_CPUS_FOR_EACH_SYSCALL_BUFFER;
-	bool m_syscall_drop_failed_exit = DEFAULT_DROP_FAILED_EXIT;
-
 private:
 	void load_yaml(const std::string& config_name, const yaml_helper& config);