chore!: drop legacy eBPF probe build support

Falco 0.43.0 deprecated legacy eBPF probe, and the support will
be removed soon in the next libs release. Drop support for building
it.

BREAKING CHANGE: drop support for building the legacy eBPF probe

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

Author: ekoops

Example_configs.md

@@ -7,7 +7,6 @@ kernelrelease: 4.19.91-26.al7.x86_64
 target: alinux
 output:
     module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko
-    probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o
 driverversion: master
 ```
 
@@ -18,7 +17,6 @@ kernelrelease: 5.10.84-10.4.al8.x86_64
 target: alinux
 output:
     module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko
-    probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o
 driverversion: master
 ```
 
@@ -29,7 +27,6 @@ kernelrelease: 5.14.0-162.12.1.el9_1.x86_64
 target: almalinux
 output:
     module: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.ko
-    probe: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.o
 driverversion: master
 ```
 
@@ -50,7 +47,6 @@ kernelrelease: 4.14.171-136.231.amzn2.x86_64
 target: amazonlinux2
 output:
     module: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.ko
-    probe: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.o
 driverversion: master
 ```
 
@@ -61,13 +57,12 @@ kernelrelease: 5.10.96-90.460.amzn2022.x86_64
 target: amazonlinux2022
 output:
     module: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.ko
-    probe: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.o
 driverversion: master
 ```
 
 ## archlinux
 
-Example configuration file to build both the Kernel module and eBPF probe for Archlinux.
+Example configuration file to build both the Kernel module for Archlinux.
 Note: archlinux target uses the [Arch Linux Archive](https://wiki.archlinux.org/title/Arch_Linux_Archive) to fetch
 all ever supported kernel releases.
 For arm64, it uses an user-provided mirror, as no official mirror is available: http://tardis.tiny-vps.com/aarm/.
@@ -79,7 +74,6 @@ kernelrelease: 6.0.6.arch1-1
 target: arch
 output:
   module: /tmp/falco-arch.ko
-  probe: /tmp/falco-arch.o
 driverversion: master
 builderimage: ${ARCH_BUILD_IMAGE_HERE}
 ```
@@ -119,14 +113,13 @@ driverversion: master
 
 ## debian
 
-Example configuration file to build both the Kernel module and eBPF probe for Debian.
+Example configuration file to build both the Kernel module for Debian.
 
 ```yaml
 kernelrelease: 4.19.0-6-amd64
 kernelversion: 1
 output:
   module: /tmp/falco-debian.ko
-  probe: /tmp/falco-debian.o
 target: debian
 driverversion: master
 ```
@@ -144,7 +137,7 @@ driverversion: master
 
 ## flatcar
 
-Example configuration file to build both the Kernel module and eBPF probe for Flatcar.
+Example configuration file to build both the Kernel module for Flatcar.
 The Flatcar release version needs to be provided in the `kernelrelease` field instead of the kernel version;
 moreover, kernelconfigdata must be provided.
 
@@ -153,21 +146,19 @@ kernelrelease: 3185.0.0
 target: flatcar
 output:
   module: /tmp/falco-flatcar-3185.0.0.ko
-  probe: /tmp/falco-flatcar-3185.0.0.o
 driverversion: master
 kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t...
 ```
 
 ## minikube
-Example configuration file to build both the Kernel module and eBPF probe for Minikube.
+Example configuration file to build both the Kernel module for Minikube.
 ```yaml
 kernelversion: 1_1.26.0
 kernelrelease: 5.10.57
 target: minikube
 architecture: amd64
 output:
   module: /tmp/falco_minikube_5.10.57_1_1.26.0.ko
-  probe: /tmp/falco_minikube_5.10.57_1_1.26.0.o
 kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t...
 ```
 
@@ -221,7 +212,6 @@ kernelrelease: 4.18.0-372.9.1.el8.x86_64
 target: redhat
 output:
   module: /tmp/falco-redhat8.ko
-  probe: /tmp/falco-redhat8.o
 driverversion: master
 builderimage: redhat/ubi8:rhel8_driverkit
 ```
@@ -254,7 +244,6 @@ kernelrelease: 5.14.0-70.13.1.el9_0.x86_64
 target: redhat
 output:
   module: /tmp/falco-redhat9.ko
-  probe: /tmp/falco-redhat9.o
 driverversion: master
 builderimage: docker.io/redhat/ubi9:rhel9_driverkit
 ```
@@ -300,50 +289,46 @@ kernelrelease: 5.14.0-162.18.1.el9_1.x86_64
 target: rocky
 output:
     module: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.ko
-    probe: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.o
 driverversion: master
 ```
 
 ## ubuntu
-Example configuration file to build both the Kernel module and eBPF probe for Ubuntu (works with any flavor!).
+Example configuration file to build both the Kernel module for Ubuntu (works with any flavor!).
 
 ```yaml
 kernelrelease: 5.0.0-1021-aws-5.0
 kernelversion: 24~18.04.1
 target: ubuntu
 output:
   module: /tmp/falco-ubuntu-generic.ko
-  probe: /tmp/falco-ubuntu-generic.o
 driverversion: master
 ```
 
 ## ubuntu-aws
 
-Example configuration file to build both the Kernel module and eBPF probe for Ubuntu AWS.
+Example configuration file to build both the Kernel module for Ubuntu AWS.
 
 ```yaml
 kernelrelease: 4.15.0-1057-aws
 kernelversion: 59
 target: ubuntu-aws
 output:
   module: /tmp/falco-ubuntu-aws.ko
-  probe: /tmp/falco-ubuntu-aws.o
 driverversion: master
 ```
 
 > **NOTE:** ubuntu-aws exists to retain backward compatibility only,
 > and should not be used in new configs.
 
 ## ubuntu-generic
-Example configuration file to build both the Kernel module and eBPF probe for Ubuntu generic.
+Example configuration file to build both the Kernel module for Ubuntu generic.
 
 ```yaml
 kernelrelease: 4.15.0-72-generic
 kernelversion: 81
 target: ubuntu-generic
 output:
   module: /tmp/falco-ubuntu-generic.ko
-  probe: /tmp/falco-ubuntu-generic.o
 driverversion: master
 ```
 
@@ -362,7 +347,6 @@ kernelversion: 1
 target: vanilla
 output:
   module: /tmp/falco-vanilla.ko
-  probe: /tmp/falco-vanilla.o
 driverversion: 0de226085cc4603c45ebb6883ca4cacae0bd25b2
 ```
 

README.md

@@ -7,7 +7,7 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/falcosecurity/driverkit?style=for-the-badge)](https://goreportcard.com/report/github.com/falcosecurity/driverkit)
 [![Docker pulls](https://img.shields.io/docker/pulls/falcosecurity/driverkit?style=for-the-badge)](https://hub.docker.com/r/falcosecurity/driverkit)
 
-A command line tool that can be used to build the [Falco](https://github.com/falcosecurity/falco) kernel module and eBPF probe.
+A command line tool that can be used to build the [Falco](https://github.com/falcosecurity/falco) kernel module.
 
 ## Glossary
 
@@ -85,7 +85,6 @@ kernelversion: 59
 target: ubuntu-aws
 output:
   module: /tmp/falco-ubuntu-aws.ko
-  probe: /tmp/falco-ubuntu-aws.o
 driverversion: master
 ```
 

cmd/cli_test.go

@@ -130,7 +130,6 @@ var tests = []testCase{
 			"ubuntu-aws",
 			"--output-module",
 			"/tmp/falco-ubuntu-aws.ko",
-			"--output-probe",
 			"/tmp/falco-ubuntu-aws.o",
 			"--loglevel",
 			"debug",
@@ -144,7 +143,6 @@ var tests = []testCase{
 		env: map[string]string{
 			"DRIVERKIT_KERNELVERSION": "59",
 			"DRIVERKIT_OUTPUT_MODULE": "/tmp/falco-ubuntu-aws.ko",
-			"DRIVERKIT_OUTPUT_PROBE":  "/tmp/falco-ubuntu-aws.o",
 		},
 		args: []string{
 			"docker",

cmd/docker.go

@@ -16,6 +16,7 @@ package cmd
 
 import (
 	"bytes"
+
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder"
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
 	"github.com/spf13/cobra"
@@ -26,7 +27,7 @@ import (
 func NewDockerCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
 	dockerCmd := &cobra.Command{
 		Use:   "docker",
-		Short: "Build Falco kernel modules and eBPF probes against a docker daemon.",
+		Short: "Build Falco kernel modules against a docker daemon.",
 		RunE: func(c *cobra.Command, args []string) error {
 			configOpts.Printer.Logger.Info("starting build",
 				configOpts.Printer.Logger.Args("processor", c.Name()))

cmd/kubernetes.go

@@ -31,7 +31,7 @@ import (
 func NewKubernetesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
 	kubernetesCmd := &cobra.Command{
 		Use:     "kubernetes",
-		Short:   "Build Falco kernel modules and eBPF probes against a Kubernetes cluster.",
+		Short:   "Build Falco kernel modules against a Kubernetes cluster.",
 		Aliases: []string{"k8s"},
 	}
 

cmd/kubernetes_in_cluster.go

@@ -29,7 +29,7 @@ import (
 func NewKubernetesInClusterCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
 	kubernetesInClusterCmd := &cobra.Command{
 		Use:     "kubernetes-in-cluster",
-		Short:   "Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.",
+		Short:   "Build Falco kernel modules against a Kubernetes cluster inside a Kubernetes cluster.",
 		Aliases: []string{"k8s-ic"},
 	}
 

cmd/local.go

@@ -20,7 +20,7 @@ func NewLocalCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pf
 	opts := localCmdOptions{}
 	localCmd := &cobra.Command{
 		Use:   "local",
-		Short: "Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.",
+		Short: "Build Falco kernel modules in local env with local kernel sources and gcc/clang.",
 		RunE: func(c *cobra.Command, args []string) error {
 			configOpts.Printer.Logger.Info("starting build",
 				configOpts.Printer.Logger.Args("processor", c.Name()))

cmd/root.go

@@ -49,7 +49,6 @@ func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, roo
 		}
 		nested := map[string]string{ // handle nested options in config file
 			"output-module": "output.module",
-			"output-probe":  "output.probe",
 		}
 		rootCommand.c.Flags().VisitAll(func(f *pflag.Flag) {
 			if name := f.Name; !skip[name] {
@@ -109,7 +108,7 @@ type RootCmd struct {
 func NewRootCmd(configOpts *ConfigOptions, rootOpts *RootOptions) *RootCmd {
 	rootCmd := &cobra.Command{
 		Use:                   "driverkit",
-		Short:                 "A command line tool to build Falco kernel modules and eBPF probes.",
+		Short:                 "A command line tool to build Falco kernel modules.",
 		ValidArgs:             validProcessors,
 		ArgAliases:            aliasProcessors,
 		Args:                  cobra.OnlyValidArgs,

cmd/root_options.go

@@ -16,27 +16,27 @@ package cmd
 
 import (
 	"errors"
-	"github.com/falcosecurity/falcoctl/pkg/output"
-	"github.com/spf13/pflag"
 	"os"
 	"runtime"
 	"strings"
 
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"github.com/spf13/pflag"
+
 	"github.com/creasty/defaults"
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 	"github.com/falcosecurity/driverkit/validate"
 	"github.com/go-playground/validator/v10"
 )
 
-// OutputOptions wraps the two drivers that driverkit builds.
+// OutputOptions wraps the driver that driverkit builds.
 type OutputOptions struct {
-	Module string `validate:"required_without=Probe,filepath,omitempty,endswith=.ko" name:"output module path"`
-	Probe  string `validate:"required_without=Module,filepath,omitempty,endswith=.o" name:"output probe path"`
+	Module string `validate:"required,filepath,omitempty,endswith=.ko" name:"output module path"`
 }
 
 func (oo *OutputOptions) HasOutputs() bool {
-	return oo.Module != "" || oo.Probe != ""
+	return oo.Module != ""
 }
 
 type RepoOptions struct {
@@ -90,25 +90,24 @@ func (ro *RootOptions) Validate() []error {
 		errors.As(err, &errs)
 		errArr := []error{}
 		for _, e := range errs {
-			// Translate each error one at a time
+			// Translate each error one at a time.
 			errArr = append(errArr, errors.New(e.Translate(validate.T)))
 		}
 		return errArr
 	}
 
-	// check that the kernel versions supports at least one of probe and module
+	// check that the kernel versions supports the module.
 	kr := kernelrelease.FromString(ro.KernelRelease)
 	kr.Architecture = kernelrelease.Architecture(ro.Architecture)
-	if !kr.SupportsModule() && !kr.SupportsProbe() {
-		return []error{errors.New("both module and probe are not supported by given options")}
+	if !kr.SupportsModule() {
+		return []error{errors.New("module is not supported by given options")}
 	}
 
 	return nil
 }
 
 func (ro *RootOptions) AddFlags(flags *pflag.FlagSet, targets []string) {
 	flags.StringVar(&ro.Output.Module, "output-module", ro.Output.Module, "filepath where to save the resulting kernel module")
-	flags.StringVar(&ro.Output.Probe, "output-probe", ro.Output.Probe, "filepath where to save the resulting eBPF probe")
 	flags.StringVar(&ro.Architecture, "architecture", runtime.GOARCH, "target architecture for the built driver, one of "+kernelrelease.SupportedArchs.String())
 	flags.StringVar(&ro.DriverVersion, "driverversion", ro.DriverVersion, "driver version as a git commit hash or as a git tag")
 	flags.StringVar(&ro.KernelVersion, "kernelversion", ro.KernelVersion, "kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v'")
@@ -117,7 +116,7 @@ func (ro *RootOptions) AddFlags(flags *pflag.FlagSet, targets []string) {
 	flags.StringVar(&ro.KernelConfigData, "kernelconfigdata", ro.KernelConfigData, "base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc")
 	flags.StringVar(&ro.ModuleDeviceName, "moduledevicename", ro.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)")
 	flags.StringVar(&ro.ModuleDriverName, "moduledrivername", ro.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod")
-	flags.StringVar(&ro.BuilderImage, "builderimage", ro.BuilderImage, "docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.")
+	flags.StringVar(&ro.BuilderImage, "builderimage", ro.BuilderImage, "docker image to be used to build the kernel module. If not provided, an automatically selected image will be used.")
 	flags.StringSliceVar(&ro.BuilderRepos, "builderrepo", ro.BuilderRepos, "list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'.")
 	flags.StringVar(&ro.GCCVersion, "gccversion", ro.GCCVersion, "enforce a specific gcc version for the build")
 
@@ -139,7 +138,6 @@ func (ro *RootOptions) Log(printer *output.Printer) {
 	printer.Logger.Debug("running with options",
 		printer.Logger.Args(
 			"output-module", ro.Output.Module,
-			"output-probe", ro.Output.Probe,
 			"driverversion", ro.DriverVersion,
 			"kernelrelease", ro.KernelRelease,
 			"kernelversion", ro.KernelVersion,
@@ -165,7 +163,6 @@ func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
 		Architecture:      ro.Architecture,
 		KernelConfigData:  kernelConfigData,
 		ModuleFilePath:    ro.Output.Module,
-		ProbeFilePath:     ro.Output.Probe,
 		ModuleDriverName:  ro.ModuleDriverName,
 		ModuleDeviceName:  ro.ModuleDeviceName,
 		GCCVersion:        ro.GCCVersion,
@@ -209,11 +206,6 @@ func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
 		printer.Logger.Warn("skipping build attempt of module for unsupported kernel release",
 			printer.Logger.Args("kernelrelease", kr.String()))
 	}
-	if len(build.ProbeFilePath) > 0 && !kr.SupportsProbe() {
-		build.ProbeFilePath = ""
-		printer.Logger.Warn("skipping build attempt of probe for unsupported kernel release",
-			printer.Logger.Args("kernelrelease", kr.String()))
-	}
 	return build
 }
 

cmd/testdata/configs/1.yaml

@@ -3,5 +3,4 @@ kernelversion: 59
 target: ubuntu-aws
 output:
     module: /tmp/falco-ubuntu-aws.ko
-    probe: /tmp/falco-ubuntu-aws.o
 driverversion: master