Remove all mentions of Sysdig and Falco in our codebase

collector/CMakeLists.txt

@@ -62,29 +62,7 @@ add_definitions("-DINTERESTING_SUBSYS=\"perf_event\", \"cpu\", \"cpuset\", \"mem
 
 add_definitions(-DASSERT_TO_LOG)
 
-file(GLOB COLLECTOR_LIB_SRC_FILES ${PROJECT_SOURCE_DIR}/lib/*.cpp)
-add_library(collector_lib ${DRIVER_HEADERS} ${COLLECTOR_LIB_SRC_FILES})
-add_dependencies(collector_lib sinsp)
-target_link_libraries(collector_lib sinsp)
-target_link_libraries(collector_lib stdc++fs) # This is needed for GCC-8 to link against the filesystem library
-target_link_libraries(collector_lib cap-ng)
-target_link_libraries(collector_lib uuid)
-target_link_libraries(collector_lib libgrpc++.a libgrpc.a libgpr.a libupb.a libabsl_bad_optional_access.a libabsl_base.a libabsl_log_severity.a libabsl_spinlock_wait.a libabsl_str_format_internal.a libabsl_strings.a libabsl_strings_internal.a libabsl_throw_delegate.a libabsl_int128.a libabsl_raw_logging_internal.a libaddress_sorting.a)
-target_link_libraries(collector_lib civetweb-cpp civetweb)
-
-target_link_libraries(collector_lib rox-proto)
-
-if(DEFINED ENV{WITH_RHEL_RPMS})
-	target_link_libraries(collector_lib protobuf cares)
-else()
-	target_link_libraries(collector_lib libprotobuf.a libcares.a)
-endif()
-
-if(NOT DISABLE_PROFILING)
-	target_link_libraries(collector_lib profiler tcmalloc)
-endif()
-
-target_link_libraries(collector_lib z ssl crypto CURL::libcurl bpf)
+add_subdirectory(lib)
 
 add_executable(collector collector.cpp)
 target_link_libraries(collector collector_lib)

collector/lib/CMakeLists.txt

@@ -0,0 +1,62 @@
+set(COLLECTOR_LIB_SRC_FILES
+    NetworkConnection.cpp
+    CollectorConfig.cpp
+    CollectorArgs.cpp
+    SignalServiceClient.cpp
+    RateLimit.cpp
+    Process.cpp
+    ProtoUtil.cpp
+    Logging.cpp
+    HostInfo.cpp
+    ProfilerHandler.cpp
+    GetStatus.cpp
+    FileDownloader.cpp
+    AbortHandler.cpp
+    ProcfsScraper.cpp
+    EventNames.cpp
+    CollectorService.cpp
+    NetworkSignalHandler.cpp
+    CollectionMethod.cpp
+    GRPCUtil.cpp
+    NetworkStatusNotifier.cpp
+    NRadix.cpp
+    GRPC.cpp
+    GetKernelObject.cpp
+    HostHeuristics.cpp
+    DriverCandidates.cpp
+    CollectorStatsExporter.cpp
+    SelfCheckHandler.cpp
+    CollectorStats.cpp
+    ConnTracker.cpp
+    StoppableThread.cpp
+    Utility.cpp
+    ProcessSignalHandler.cpp
+    ProcessSignalFormatter.cpp
+    NetworkConnectionInfoServiceComm.cpp
+    SelfChecks.cpp
+    LogLevel.cpp
+    system-inspector/Service.cpp
+    system-inspector/EventExtractor.cpp
+)
+add_library(collector_lib ${DRIVER_HEADERS} ${COLLECTOR_LIB_SRC_FILES})
+add_dependencies(collector_lib sinsp)
+target_link_libraries(collector_lib sinsp)
+target_link_libraries(collector_lib stdc++fs) # This is needed for GCC-8 to link against the filesystem library
+target_link_libraries(collector_lib cap-ng)
+target_link_libraries(collector_lib uuid)
+target_link_libraries(collector_lib libgrpc++.a libgrpc.a libgpr.a libupb.a libabsl_bad_optional_access.a libabsl_base.a libabsl_log_severity.a libabsl_spinlock_wait.a libabsl_str_format_internal.a libabsl_strings.a libabsl_strings_internal.a libabsl_throw_delegate.a libabsl_int128.a libabsl_raw_logging_internal.a libaddress_sorting.a)
+target_link_libraries(collector_lib civetweb-cpp civetweb)
+
+target_link_libraries(collector_lib rox-proto)
+
+if(DEFINED ENV{WITH_RHEL_RPMS})
+    target_link_libraries(collector_lib protobuf cares)
+else()
+    target_link_libraries(collector_lib libprotobuf.a libcares.a)
+endif()
+
+if(NOT DISABLE_PROFILING)
+    target_link_libraries(collector_lib profiler tcmalloc)
+endif()
+
+target_link_libraries(collector_lib z ssl crypto CURL::libcurl bpf)

collector/lib/CollectorService.cpp

@@ -17,9 +17,9 @@ extern "C" {
 #include "LogLevel.h"
 #include "NetworkStatusNotifier.h"
 #include "ProfilerHandler.h"
-#include "SysdigService.h"
 #include "Utility.h"
 #include "prometheus/exposer.h"
+#include "system-inspector/Service.h"
 
 extern unsigned char g_bpf_drop_syscalls[];  // defined in libscap
 
@@ -40,7 +40,7 @@ void CollectorService::RunForever() {
 
   std::shared_ptr<ConnectionTracker> conn_tracker;
 
-  GetStatus getStatus(config_.Hostname(), &sysdig_);
+  GetStatus getStatus(config_.Hostname(), &system_inspector_);
 
   std::shared_ptr<prometheus::Registry> registry = std::make_shared<prometheus::Registry>();
 
@@ -54,7 +54,7 @@ void CollectorService::RunForever() {
   prometheus::Exposer exposer("9090");
   exposer.RegisterCollectable(registry);
 
-  CollectorStatsExporter exporter(registry, &config_, &sysdig_);
+  CollectorStatsExporter exporter(registry, &config_, &system_inspector_);
 
   std::unique_ptr<NetworkStatusNotifier> net_status_notifier;
 
@@ -75,7 +75,7 @@ void CollectorService::RunForever() {
     // up and use stdout instead.
     std::shared_ptr<ProcessStore> process_store;
     if (config_.IsProcessesListeningOnPortsEnabled()) {
-      process_store = std::make_shared<ProcessStore>(&sysdig_);
+      process_store = std::make_shared<ProcessStore>(&system_inspector_);
     }
     std::shared_ptr<IConnScraper> conn_scraper = std::make_shared<ConnScraper>(config_.HostProc(), process_store);
     conn_tracker = std::make_shared<ConnectionTracker>();
@@ -99,12 +99,12 @@ void CollectorService::RunForever() {
     CLOG(FATAL) << "Unable to start collector stats exporter";
   }
 
-  sysdig_.Init(config_, conn_tracker);
-  sysdig_.Start();
+  system_inspector_.Init(config_, conn_tracker);
+  system_inspector_.Start();
 
   ControlValue cv;
   while ((cv = control_->load(std::memory_order_relaxed)) != STOP_COLLECTOR) {
-    sysdig_.Run(*control_);
+    system_inspector_.Run(*control_);
     CLOG(DEBUG) << "Interrupted collector!";
   }
 
@@ -117,15 +117,15 @@ void CollectorService::RunForever() {
   CLOG(INFO) << "Shutting down collector.";
 
   if (net_status_notifier) net_status_notifier->Stop();
-  // Shut down these first since they access the sysdig object.
+  // Shut down these first since they access the system inspector object.
   exporter.stop();
   server.close();
 
-  sysdig_.CleanUp();
+  system_inspector_.CleanUp();
 }
 
 bool CollectorService::InitKernel(const DriverCandidate& candidate) {
-  return sysdig_.InitKernel(config_, candidate);
+  return system_inspector_.InitKernel(config_, candidate);
 }
 
 bool CollectorService::WaitForGRPCServer() {

collector/lib/CollectorService.h

@@ -7,11 +7,11 @@
 #include "CollectorStats.h"
 #include "Control.h"
 #include "DriverCandidates.h"
-#include "SysdigService.h"
+#include "system-inspector/Service.h"
 
 namespace collector {
 
-class SysdigService;
+class Service;
 
 class CollectorService {
  public:
@@ -29,7 +29,7 @@ class CollectorService {
   std::atomic<ControlValue>* control_;
   const std::atomic<int>& signum_;
 
-  SysdigService sysdig_;
+  system_inspector::Service system_inspector_;
 };
 
 bool SetupKernelDriver(CollectorService& collector, const std::string& GRPCServer, const CollectorConfig& config);

collector/lib/CollectorStatsExporter.cpp

@@ -7,10 +7,10 @@
 #include "Containers.h"
 #include "EventNames.h"
 #include "Logging.h"
-#include "SysdigService.h"
 #include "Utility.h"
 #include "prometheus/gauge.h"
 #include "prometheus/summary.h"
+#include "system-inspector/Service.h"
 
 namespace collector {
 
@@ -58,10 +58,10 @@ class CollectorConnectionStatsPrometheus : public CollectorConnectionStats<T> {
   }
 };
 
-CollectorStatsExporter::CollectorStatsExporter(std::shared_ptr<prometheus::Registry> registry, const CollectorConfig* config, SysdigService* sysdig)
+CollectorStatsExporter::CollectorStatsExporter(std::shared_ptr<prometheus::Registry> registry, const CollectorConfig* config, system_inspector::Service* si)
     : registry_(std::move(registry)),
       config_(config),
-      sysdig_(sysdig),
+      system_inspector_(si),
       connections_total_reporter_(std::make_shared<CollectorConnectionStatsPrometheus<unsigned int>>(
           registry_,
           "rox_connections_total",
@@ -206,8 +206,8 @@ void CollectorStatsExporter::run() {
   }
 
   while (thread_.Pause(std::chrono::seconds(5))) {
-    SysdigStats stats;
-    if (!sysdig_->GetStats(&stats)) {
+    system_inspector::Stats stats;
+    if (!system_inspector_->GetStats(&stats)) {
       continue;
     }
 

collector/lib/CollectorStatsExporter.h

@@ -6,14 +6,14 @@
 #include "CollectorConfig.h"
 #include "CollectorStats.h"
 #include "StoppableThread.h"
-#include "SysdigService.h"
 #include "prometheus/registry.h"
+#include "system-inspector/Service.h"
 
 namespace collector {
 
 class CollectorStatsExporter {
  public:
-  CollectorStatsExporter(std::shared_ptr<prometheus::Registry> registry, const CollectorConfig* config, SysdigService* sysdig);
+  CollectorStatsExporter(std::shared_ptr<prometheus::Registry> registry, const CollectorConfig* config, system_inspector::Service* si);
 
   bool start();
   void run();
@@ -25,7 +25,7 @@ class CollectorStatsExporter {
  private:
   std::shared_ptr<prometheus::Registry> registry_;
   const CollectorConfig* config_;
-  SysdigService* sysdig_;
+  system_inspector::Service* system_inspector_;
   std::shared_ptr<CollectorConnectionStats<unsigned int>> connections_total_reporter_;
   std::shared_ptr<CollectorConnectionStats<float>> connections_rate_reporter_;
   StoppableThread thread_;

collector/lib/Control.h

@@ -4,9 +4,8 @@
 namespace collector {
 
 enum ControlValue {
-  RUN = 0,           // Keep running
-  INTERRUPT_SYSDIG,  // Stop running sysdig, but resume collector operation (e.g., for chisel update)
-  STOP_COLLECTOR,    // Stop the collector (e.g., SIGINT or SIGTERM received).
+  RUN = 0,         // Keep running
+  STOP_COLLECTOR,  // Stop the collector (e.g., SIGINT or SIGTERM received).
 };
 
 }

collector/lib/DriverCandidates.cpp

@@ -5,15 +5,15 @@
 #include <string_view>
 
 #include "HostInfo.h"
-#include "SysdigService.h"
 #include "Utility.h"
+#include "system-inspector/Service.h"
 
 namespace collector {
 
 namespace {
 
 std::string driverFullName(const std::string& shortName) {
-  return std::string{SysdigService::kProbeName} + "-" + shortName + ".o";
+  return std::string{system_inspector::Service::kProbeName} + "-" + shortName + ".o";
 }
 
 // Retrieves the ubuntu backport version from the host kernel's release

collector/lib/GetKernelObject.cpp

@@ -14,8 +14,8 @@ extern "C" {
 #include "FileDownloader.h"
 #include "FileSystem.h"
 #include "Logging.h"
-#include "SysdigService.h"
 #include "Utility.h"
+#include "system-inspector/Service.h"
 
 namespace collector {
 
@@ -177,7 +177,7 @@ bool GetKernelObject(const std::string& hostname, const Json::Value& tls_config,
 
   std::string expected_path = candidate.GetPath() + "/" + candidate.GetName();
   std::string expected_path_compressed = expected_path + ".gz";
-  std::string module_path = candidate.GetCollectionMethod() == CollectionMethod::EBPF ? SysdigService::kProbePath : SysdigService::kModulePath;
+  std::string module_path = candidate.GetCollectionMethod() == CollectionMethod::EBPF ? system_inspector::Service::kProbePath : system_inspector::Service::kModulePath;
   struct stat sb;
 
   // first check for an existing compressed kernel object in the

collector/lib/GetStatus.cpp

@@ -11,8 +11,8 @@ bool GetStatus::handleGet(CivetServer* server, struct mg_connection* conn) {
 
   Json::Value status(Json::objectValue);
 
-  SysdigStats stats;
-  bool ready = sysdig_->GetStats(&stats);
+  system_inspector::Stats stats;
+  bool ready = system_inspector_->GetStats(&stats);
 
   if (ready) {
     status["status"] = "ok";

collector/lib/GetStatus.h

@@ -4,19 +4,19 @@
 #include <string>
 
 #include "CivetServer.h"
-#include "Sysdig.h"
+#include "system-inspector/SystemInspector.h"
 
 namespace collector {
 
 class GetStatus : public CivetHandler {
  public:
-  GetStatus(std::string node_name, const Sysdig* sysdig)
-      : node_name_(std::move(node_name)), sysdig_(sysdig) {}
+  GetStatus(std::string node_name, const system_inspector::SystemInspector* si)
+      : node_name_(std::move(node_name)), system_inspector_(si) {}
   bool handleGet(CivetServer* server, struct mg_connection* conn);
 
  private:
   std::string node_name_;
-  const Sysdig* sysdig_;
+  const system_inspector::SystemInspector* system_inspector_;
 };
 
 } /* namespace collector */

collector/lib/KernelDriver.h

@@ -14,8 +14,8 @@ extern "C" {
 #include "EventNames.h"
 #include "FileSystem.h"
 #include "Logging.h"
-#include "SysdigService.h"
 #include "Utility.h"
+#include "system-inspector/Service.h"
 
 extern const struct syscall_evt_pair g_syscall_table[];  // defined in libscap
 static const unsigned long DRIVER_BUFFER_DIM = 16UL * 1024UL * 1024UL;
@@ -63,17 +63,17 @@ class KernelDriverEBPF : public IKernelDriver {
   KernelDriverEBPF() = default;
 
   bool Setup(const CollectorConfig& config, sinsp& inspector) override {
-    FDHandle fd = FDHandle(open(SysdigService::kProbePath, O_RDONLY));
+    FDHandle fd = FDHandle(open(system_inspector::Service::kProbePath, O_RDONLY));
     if (!fd.valid()) {
-      CLOG(ERROR) << "Cannot open eBPF probe at " << SysdigService::kProbePath;
+      CLOG(ERROR) << "Cannot open eBPF probe at " << system_inspector::Service::kProbePath;
       return false;
     }
 
     /* Get only necessary tracepoints. */
     std::unordered_set<ppm_sc_code> ppm_sc = GetSyscallList(config);
 
     try {
-      inspector.open_bpf(SysdigService::kProbePath,
+      inspector.open_bpf(system_inspector::Service::kProbePath,
                          config.GetSinspBufferSize(),
                          ppm_sc);
     } catch (const sinsp_exception& ex) {

collector/lib/NetworkSignalHandler.cpp

@@ -51,7 +51,7 @@ std::optional<Connection> NetworkSignalHandler::GetConnection(sinsp_evt* evt) {
   // With collect_connection_status_ set, we can prevent reporting of asynchronous
   // connections which fail.
   if (collect_connection_status_) {
-    // note: connection status tracking enablement is managed in SysdigService
+    // note: connection status tracking enablement is managed in system_inspector::Service
     if (fd_info->is_socket_failed()) {
       // connect() failed or getsockopt(SO_ERROR) returned a failure
       return std::nullopt;