mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-04 02:16:46 +00:00
Inline find_source() as it can be called in the event path
Inline find_source as it can be called in the event processing path. Also take the cached variant that assigns/uses m_syscall_source_idx and put it in find_source() instead of process_event(). Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This commit is contained in:
parent
70ce7b936b
commit
07d7b9a57a
@ -79,26 +79,6 @@ sinsp_version falco_engine::engine_version()
|
||||
return sinsp_version(FALCO_ENGINE_VERSION);
|
||||
}
|
||||
|
||||
const falco_source* falco_engine::find_source(const std::string& name) const
|
||||
{
|
||||
auto ret = m_sources.at(name);
|
||||
if(!ret)
|
||||
{
|
||||
throw falco_exception("Unknown event source " + name);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
const falco_source* falco_engine::find_source(std::size_t index) const
|
||||
{
|
||||
auto ret = m_sources.at(index);
|
||||
if(!ret)
|
||||
{
|
||||
throw falco_exception("Unknown event source index " + std::to_string(index));
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Return a key that uniquely represents a field class.
|
||||
// For now, we assume name + shortdesc is unique.
|
||||
static std::string fieldclass_key(const gen_event_filter_factory::filter_fieldclass_info &fld_info)
|
||||
@ -422,21 +402,7 @@ std::unique_ptr<std::vector<falco_engine::rule_result>> falco_engine::process_ev
|
||||
// source_idx, which means that at any time each filter_ruleset will only
|
||||
// be accessed by a single thread.
|
||||
|
||||
const falco_source *source;
|
||||
|
||||
if(source_idx == m_syscall_source_idx)
|
||||
{
|
||||
if(m_syscall_source == NULL)
|
||||
{
|
||||
m_syscall_source = find_source(m_syscall_source_idx);
|
||||
}
|
||||
|
||||
source = m_syscall_source;
|
||||
}
|
||||
else
|
||||
{
|
||||
source = find_source(source_idx);
|
||||
}
|
||||
const falco_source *source = find_source(source_idx);
|
||||
|
||||
if(should_drop_evt() || !source)
|
||||
{
|
||||
|
@ -305,8 +305,44 @@ private:
|
||||
|
||||
indexed_vector<falco_source> m_sources;
|
||||
|
||||
const falco_source* find_source(std::size_t index) const;
|
||||
const falco_source* find_source(const std::string& name) const;
|
||||
inline const falco_source* find_source(std::size_t index)
|
||||
{
|
||||
const falco_source *source;
|
||||
|
||||
if(index == m_syscall_source_idx)
|
||||
{
|
||||
if(m_syscall_source == NULL)
|
||||
{
|
||||
m_syscall_source = m_sources.at(m_syscall_source_idx);
|
||||
if(!m_syscall_source)
|
||||
{
|
||||
throw falco_exception("Unknown event source index " + std::to_string(index));
|
||||
}
|
||||
}
|
||||
|
||||
source = m_syscall_source;
|
||||
}
|
||||
else
|
||||
{
|
||||
source = m_sources.at(index);
|
||||
if(!source)
|
||||
{
|
||||
throw falco_exception("Unknown event source index " + std::to_string(index));
|
||||
}
|
||||
}
|
||||
|
||||
return source;
|
||||
}
|
||||
|
||||
inline const falco_source* find_source(const std::string& name) const
|
||||
{
|
||||
auto ret = m_sources.at(name);
|
||||
if(!ret)
|
||||
{
|
||||
throw falco_exception("Unknown event source " + name);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
// To allow the engine to be extremely fast for syscalls (can
|
||||
// be > 1M events/sec), we save the syscall source/source_idx
|
||||
|
Loading…
Reference in New Issue
Block a user