Skip to content

Diagrams to visually learn Falco and its eBPF probe

Notifications You must be signed in to change notification settings

leodido/falco-diagrams

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

falco-diagrams

Diagrams to visually explain Falco

Diagrams are done with Mermaid.

Since I believe a picture is worth a thousand words, even more when trying to explain complicated stuff as Falco and its eBPF driver are... Here we are!

This repo also provides tooling for automating the making of these diagrams:

a GiHub action to automatically generate, commit, and push Falco diagrams to the output/ directory.

But since I didn't like so much the quality of the resulting diagram images, I created a simple in-place mermaid editor that you can use to:

  1. draw diagrams with a custom Falco theme
  2. download them as PNG images with a good resolution

I've already created some of them for my talks and decks in the past, so you can find them in the themed/ directory. Enjoy them!

Disclaimer: it's possible that you'll find some of these diagrams and illustrations (and many others) in the upcoming Falco Cookbook. Grab it until it's hot!

falco starts sinsp scap scap open scap open internals
scap open live int scap bpf load initial setup scap bpf load probe elf loading
scap bpf load populate routing syscall table scap bpf load populate event table and fillers table scap bpf load events per cpu
scap bpf load settings falco event loop falco event loop with queue
falco grpc server on falco grpc server spawning threads falco grpc server thread processing
falco grpc server bidirectional handling falco grpc server stream handling falco poiana bot workflow

Contribute a diagram

It's simple!

Just create a .md file containing some Mermaid syntax in the input/ directory. Something like:

sequenceDiagram
  autonumber
  falco->>sinsp: new()
  sinsp-->>falco: inspector
  falco->>sinsp: open()
  Note over sinsp: open_live_common(..., SCAP_MODE_LIVE)
  sinsp->>scap: scap_open()
  Note over scap: REF: SCAP OPEN
  scap-->>sinsp: scap_t
  sinsp->>sinsp: init
  sinsp-->>falco: void
Loading

This repo's tooling will do the rest for you and you'll obtain in a minute the resulting diagram in the output/ directory.

Notice that also the input file will be edited by the tooling by inserting into it the diagram image just generated.

TODOs

  • Make the in-place editor work also on other browsers other than Google Chrome
  • Create a real in-place editor with a text-area or similar
    • At the moment, you need to copy the diagram source in the HTML and re-open it
  • Publish the editor
  • Fix the GitHub action compiling the Mermaid diagrams
    • Sizing of the resulting image

Analytics

About

Diagrams to visually learn Falco and its eBPF probe

Topics

Resources

Stars

Watchers

Forks

Sponsor this project