chore!: drop legacy eBPF probe build support

Example_configs.md

@@ -7,7 +7,6 @@ kernelrelease: 4.19.91-26.al7.x86_64
 target: alinux
 output:
     module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko
-    probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o
 driverversion: master
 ```
 
@@ -18,7 +17,6 @@ kernelrelease: 5.10.84-10.4.al8.x86_64
 target: alinux
 output:
     module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko
-    probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o
 driverversion: master
 ```
 
@@ -29,7 +27,6 @@ kernelrelease: 5.14.0-162.12.1.el9_1.x86_64
 target: almalinux
 output:
     module: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.ko
-    probe: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.o
 driverversion: master
 ```
 
@@ -50,7 +47,6 @@ kernelrelease: 4.14.171-136.231.amzn2.x86_64
 target: amazonlinux2
 output:
     module: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.ko
-    probe: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.o
 driverversion: master
 ```
 
@@ -61,13 +57,12 @@ kernelrelease: 5.10.96-90.460.amzn2022.x86_64
 target: amazonlinux2022
 output:
     module: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.ko
-    probe: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.o
 driverversion: master
 ```
 
 ## archlinux
 
-Example configuration file to build both the Kernel module and eBPF probe for Archlinux.
+Example configuration file to build both the Kernel module for Archlinux.
 Note: archlinux target uses the [Arch Linux Archive](https://wiki.archlinux.org/title/Arch_Linux_Archive) to fetch
 all ever supported kernel releases.
 For arm64, it uses an user-provided mirror, as no official mirror is available: http://tardis.tiny-vps.com/aarm/.
@@ -79,7 +74,6 @@ kernelrelease: 6.0.6.arch1-1
 target: arch
 output:
   module: /tmp/falco-arch.ko
-  probe: /tmp/falco-arch.o
 driverversion: master
 builderimage: ${ARCH_BUILD_IMAGE_HERE}
 ```
@@ -119,14 +113,13 @@ driverversion: master
 
 ## debian
 
-Example configuration file to build both the Kernel module and eBPF probe for Debian.
+Example configuration file to build both the Kernel module for Debian.
 
 ```yaml
 kernelrelease: 4.19.0-6-amd64
 kernelversion: 1
 output:
   module: /tmp/falco-debian.ko
-  probe: /tmp/falco-debian.o
 target: debian
 driverversion: master
 ```
@@ -144,7 +137,7 @@ driverversion: master
 
 ## flatcar
 
-Example configuration file to build both the Kernel module and eBPF probe for Flatcar.
+Example configuration file to build both the Kernel module for Flatcar.
 The Flatcar release version needs to be provided in the `kernelrelease` field instead of the kernel version;
 moreover, kernelconfigdata must be provided.
 
@@ -153,21 +146,19 @@ kernelrelease: 3185.0.0
 target: flatcar
 output:
   module: /tmp/falco-flatcar-3185.0.0.ko
-  probe: /tmp/falco-flatcar-3185.0.0.o
 driverversion: master
 kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t...
 ```
 
 ## minikube
-Example configuration file to build both the Kernel module and eBPF probe for Minikube.
+Example configuration file to build both the Kernel module for Minikube.
 ```yaml
 kernelversion: 1_1.26.0
 kernelrelease: 5.10.57
 target: minikube
 architecture: amd64
 output:
   module: /tmp/falco_minikube_5.10.57_1_1.26.0.ko
-  probe: /tmp/falco_minikube_5.10.57_1_1.26.0.o
 kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t...
 ```
 
@@ -221,7 +212,6 @@ kernelrelease: 4.18.0-372.9.1.el8.x86_64
 target: redhat
 output:
   module: /tmp/falco-redhat8.ko
-  probe: /tmp/falco-redhat8.o
 driverversion: master
 builderimage: redhat/ubi8:rhel8_driverkit
 ```
@@ -254,7 +244,6 @@ kernelrelease: 5.14.0-70.13.1.el9_0.x86_64
 target: redhat
 output:
   module: /tmp/falco-redhat9.ko
-  probe: /tmp/falco-redhat9.o
 driverversion: master
 builderimage: docker.io/redhat/ubi9:rhel9_driverkit
 ```
@@ -300,50 +289,46 @@ kernelrelease: 5.14.0-162.18.1.el9_1.x86_64
 target: rocky
 output:
     module: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.ko
-    probe: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.o
 driverversion: master
 ```
 
 ## ubuntu
-Example configuration file to build both the Kernel module and eBPF probe for Ubuntu (works with any flavor!).
+Example configuration file to build both the Kernel module for Ubuntu (works with any flavor!).
 
 ```yaml
 kernelrelease: 5.0.0-1021-aws-5.0
 kernelversion: 24~18.04.1
 target: ubuntu
 output:
   module: /tmp/falco-ubuntu-generic.ko
-  probe: /tmp/falco-ubuntu-generic.o
 driverversion: master
 ```
 
 ## ubuntu-aws
 
-Example configuration file to build both the Kernel module and eBPF probe for Ubuntu AWS.
+Example configuration file to build both the Kernel module for Ubuntu AWS.
 
 ```yaml
 kernelrelease: 4.15.0-1057-aws
 kernelversion: 59
 target: ubuntu-aws
 output:
   module: /tmp/falco-ubuntu-aws.ko
-  probe: /tmp/falco-ubuntu-aws.o
 driverversion: master
 ```
 
 > **NOTE:** ubuntu-aws exists to retain backward compatibility only,
 > and should not be used in new configs.
 
 ## ubuntu-generic
-Example configuration file to build both the Kernel module and eBPF probe for Ubuntu generic.
+Example configuration file to build both the Kernel module for Ubuntu generic.
 
 ```yaml
 kernelrelease: 4.15.0-72-generic
 kernelversion: 81
 target: ubuntu-generic
 output:
   module: /tmp/falco-ubuntu-generic.ko
-  probe: /tmp/falco-ubuntu-generic.o
 driverversion: master
 ```
 
@@ -362,7 +347,6 @@ kernelversion: 1
 target: vanilla
 output:
   module: /tmp/falco-vanilla.ko
-  probe: /tmp/falco-vanilla.o
 driverversion: 0de226085cc4603c45ebb6883ca4cacae0bd25b2
 ```
 

README.md

@@ -7,7 +7,7 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/falcosecurity/driverkit?style=for-the-badge)](https://goreportcard.com/report/github.com/falcosecurity/driverkit)
 [![Docker pulls](https://img.shields.io/docker/pulls/falcosecurity/driverkit?style=for-the-badge)](https://hub.docker.com/r/falcosecurity/driverkit)
 
-A command line tool that can be used to build the [Falco](https://github.com/falcosecurity/falco) kernel module and eBPF probe.
+A command line tool that can be used to build the [Falco](https://github.com/falcosecurity/falco) kernel module.
 
 ## Glossary
 
@@ -85,7 +85,6 @@ kernelversion: 59
 target: ubuntu-aws
 output:
   module: /tmp/falco-ubuntu-aws.ko
-  probe: /tmp/falco-ubuntu-aws.o
 driverversion: master
 ```
 

cmd/cli_test.go

@@ -130,7 +130,6 @@ var tests = []testCase{
 			"ubuntu-aws",
 			"--output-module",
 			"/tmp/falco-ubuntu-aws.ko",
-			"--output-probe",
 			"/tmp/falco-ubuntu-aws.o",
 			"--loglevel",
 			"debug",
@@ -144,7 +143,6 @@ var tests = []testCase{
 		env: map[string]string{
 			"DRIVERKIT_KERNELVERSION": "59",
 			"DRIVERKIT_OUTPUT_MODULE": "/tmp/falco-ubuntu-aws.ko",
-			"DRIVERKIT_OUTPUT_PROBE":  "/tmp/falco-ubuntu-aws.o",
 		},
 		args: []string{
 			"docker",

cmd/docker.go

@@ -16,6 +16,7 @@ package cmd
 
 import (
 	"bytes"
+
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder"
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
 	"github.com/spf13/cobra"
@@ -26,7 +27,7 @@ import (
 func NewDockerCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
 	dockerCmd := &cobra.Command{
 		Use:   "docker",
-		Short: "Build Falco kernel modules and eBPF probes against a docker daemon.",
+		Short: "Build Falco kernel modules against a docker daemon.",
 		RunE: func(c *cobra.Command, args []string) error {
 			configOpts.Printer.Logger.Info("starting build",
 				configOpts.Printer.Logger.Args("processor", c.Name()))

cmd/kubernetes.go

@@ -31,7 +31,7 @@ import (
 func NewKubernetesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
 	kubernetesCmd := &cobra.Command{
 		Use:     "kubernetes",
-		Short:   "Build Falco kernel modules and eBPF probes against a Kubernetes cluster.",
+		Short:   "Build Falco kernel modules against a Kubernetes cluster.",
 		Aliases: []string{"k8s"},
 	}
 

cmd/kubernetes_in_cluster.go

@@ -29,7 +29,7 @@ import (
 func NewKubernetesInClusterCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
 	kubernetesInClusterCmd := &cobra.Command{
 		Use:     "kubernetes-in-cluster",
-		Short:   "Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.",
+		Short:   "Build Falco kernel modules against a Kubernetes cluster inside a Kubernetes cluster.",
 		Aliases: []string{"k8s-ic"},
 	}
 

cmd/local.go

@@ -20,7 +20,7 @@ func NewLocalCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pf
 	opts := localCmdOptions{}
 	localCmd := &cobra.Command{
 		Use:   "local",
-		Short: "Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.",
+		Short: "Build Falco kernel modules in local env with local kernel sources and gcc/clang.",
 		RunE: func(c *cobra.Command, args []string) error {
 			configOpts.Printer.Logger.Info("starting build",
 				configOpts.Printer.Logger.Args("processor", c.Name()))

cmd/root.go

@@ -49,7 +49,6 @@ func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, roo
 		}
 		nested := map[string]string{ // handle nested options in config file
 			"output-module": "output.module",
-			"output-probe":  "output.probe",
 		}
 		rootCommand.c.Flags().VisitAll(func(f *pflag.Flag) {
 			if name := f.Name; !skip[name] {
@@ -109,7 +108,7 @@ type RootCmd struct {
 func NewRootCmd(configOpts *ConfigOptions, rootOpts *RootOptions) *RootCmd {
 	rootCmd := &cobra.Command{
 		Use:                   "driverkit",
-		Short:                 "A command line tool to build Falco kernel modules and eBPF probes.",
+		Short:                 "A command line tool to build Falco kernel modules.",
 		ValidArgs:             validProcessors,
 		ArgAliases:            aliasProcessors,
 		Args:                  cobra.OnlyValidArgs,

cmd/root_options.go

@@ -16,27 +16,27 @@ package cmd
 
 import (
 	"errors"
-	"github.com/falcosecurity/falcoctl/pkg/output"
-	"github.com/spf13/pflag"
 	"os"
 	"runtime"
 	"strings"
 
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"github.com/spf13/pflag"
+
 	"github.com/creasty/defaults"
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 	"github.com/falcosecurity/driverkit/validate"
 	"github.com/go-playground/validator/v10"
 )
 
-// OutputOptions wraps the two drivers that driverkit builds.
+// OutputOptions wraps the driver that driverkit builds.
 type OutputOptions struct {
-	Module string `validate:"required_without=Probe,filepath,omitempty,endswith=.ko" name:"output module path"`
-	Probe  string `validate:"required_without=Module,filepath,omitempty,endswith=.o" name:"output probe path"`
+	Module string `validate:"required,filepath,omitempty,endswith=.ko" name:"output module path"`
 }
 
 func (oo *OutputOptions) HasOutputs() bool {
-	return oo.Module != "" || oo.Probe != ""
+	return oo.Module != ""
 }
 
 type RepoOptions struct {
@@ -90,25 +90,24 @@ func (ro *RootOptions) Validate() []error {
 		errors.As(err, &errs)
 		errArr := []error{}
 		for _, e := range errs {
-			// Translate each error one at a time
+			// Translate each error one at a time.
 			errArr = append(errArr, errors.New(e.Translate(validate.T)))
 		}
 		return errArr
 	}
 
-	// check that the kernel versions supports at least one of probe and module
+	// check that the kernel versions supports the module.
 	kr := kernelrelease.FromString(ro.KernelRelease)
 	kr.Architecture = kernelrelease.Architecture(ro.Architecture)
-	if !kr.SupportsModule() && !kr.SupportsProbe() {
-		return []error{errors.New("both module and probe are not supported by given options")}
+	if !kr.SupportsModule() {
+		return []error{errors.New("module is not supported by given options")}
 	}
 
 	return nil
 }
 
 func (ro *RootOptions) AddFlags(flags *pflag.FlagSet, targets []string) {
 	flags.StringVar(&ro.Output.Module, "output-module", ro.Output.Module, "filepath where to save the resulting kernel module")
-	flags.StringVar(&ro.Output.Probe, "output-probe", ro.Output.Probe, "filepath where to save the resulting eBPF probe")
 	flags.StringVar(&ro.Architecture, "architecture", runtime.GOARCH, "target architecture for the built driver, one of "+kernelrelease.SupportedArchs.String())
 	flags.StringVar(&ro.DriverVersion, "driverversion", ro.DriverVersion, "driver version as a git commit hash or as a git tag")
 	flags.StringVar(&ro.KernelVersion, "kernelversion", ro.KernelVersion, "kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v'")
@@ -117,7 +116,7 @@ func (ro *RootOptions) AddFlags(flags *pflag.FlagSet, targets []string) {
 	flags.StringVar(&ro.KernelConfigData, "kernelconfigdata", ro.KernelConfigData, "base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc")
 	flags.StringVar(&ro.ModuleDeviceName, "moduledevicename", ro.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)")
 	flags.StringVar(&ro.ModuleDriverName, "moduledrivername", ro.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod")
-	flags.StringVar(&ro.BuilderImage, "builderimage", ro.BuilderImage, "docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.")
+	flags.StringVar(&ro.BuilderImage, "builderimage", ro.BuilderImage, "docker image to be used to build the kernel module. If not provided, an automatically selected image will be used.")
 	flags.StringSliceVar(&ro.BuilderRepos, "builderrepo", ro.BuilderRepos, "list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'.")
 	flags.StringVar(&ro.GCCVersion, "gccversion", ro.GCCVersion, "enforce a specific gcc version for the build")
 
@@ -139,7 +138,6 @@ func (ro *RootOptions) Log(printer *output.Printer) {
 	printer.Logger.Debug("running with options",
 		printer.Logger.Args(
 			"output-module", ro.Output.Module,
-			"output-probe", ro.Output.Probe,
 			"driverversion", ro.DriverVersion,
 			"kernelrelease", ro.KernelRelease,
 			"kernelversion", ro.KernelVersion,
@@ -165,7 +163,6 @@ func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
 		Architecture:      ro.Architecture,
 		KernelConfigData:  kernelConfigData,
 		ModuleFilePath:    ro.Output.Module,
-		ProbeFilePath:     ro.Output.Probe,
 		ModuleDriverName:  ro.ModuleDriverName,
 		ModuleDeviceName:  ro.ModuleDeviceName,
 		GCCVersion:        ro.GCCVersion,
@@ -209,11 +206,6 @@ func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
 		printer.Logger.Warn("skipping build attempt of module for unsupported kernel release",
 			printer.Logger.Args("kernelrelease", kr.String()))
 	}
-	if len(build.ProbeFilePath) > 0 && !kr.SupportsProbe() {
-		build.ProbeFilePath = ""
-		printer.Logger.Warn("skipping build attempt of probe for unsupported kernel release",
-			printer.Logger.Args("kernelrelease", kr.String()))
-	}
 	return build
 }
 

cmd/testdata/configs/1.yaml

@@ -3,5 +3,4 @@ kernelversion: 59
 target: ubuntu-aws
 output:
     module: /tmp/falco-ubuntu-aws.ko
-    probe: /tmp/falco-ubuntu-aws.o
 driverversion: master

cmd/testdata/configs/2.yaml

@@ -7,5 +7,4 @@ kernelurls: [
 target: ubuntu-aws
 output:
     module: /tmp/falco-ubuntu-aws.ko
-    probe: /tmp/falco-ubuntu-aws.o
 driverversion: master

cmd/testdata/docker-from-config-debug.txt

@@ -1,7 +1,6 @@
 INFO  using config file file: testdata/configs/1.yaml
 DEBUG running with options
     ├ output-module: /tmp/falco-ubuntu-aws.ko
-    ├ output-probe: /tmp/falco-ubuntu-aws.o
     ├ driverversion: master
     ├ kernelrelease: 4.15.0-1057-aws
     ├ kernelversion: 59