From 2caadd1af523ffd93585b919a6827153550d4a88 Mon Sep 17 00:00:00 2001 From: Jason Dellaluce Date: Tue, 28 Jun 2022 12:14:16 +0000 Subject: [PATCH] refactor(userspace/falco): add action for printing syscall events Signed-off-by: Jason Dellaluce --- userspace/falco/CMakeLists.txt | 1 + userspace/falco/app_actions/list_fields.cpp | 7 ---- .../app_actions/print_syscall_events.cpp | 34 +++++++++++++++++++ userspace/falco/application.h | 1 + 4 files changed, 36 insertions(+), 7 deletions(-) create mode 100644 userspace/falco/app_actions/print_syscall_events.cpp diff --git a/userspace/falco/CMakeLists.txt b/userspace/falco/CMakeLists.txt index 4d12a467..cdd6fe03 100644 --- a/userspace/falco/CMakeLists.txt +++ b/userspace/falco/CMakeLists.txt @@ -35,6 +35,7 @@ set( app_actions/print_ignored_events.cpp app_actions/print_plugin_info.cpp app_actions/print_support.cpp + app_actions/print_syscall_events.cpp app_actions/print_version.cpp app_actions/start_grpc_server.cpp app_actions/start_webserver.cpp diff --git a/userspace/falco/app_actions/list_fields.cpp b/userspace/falco/app_actions/list_fields.cpp index 8666b0a7..173fe467 100644 --- a/userspace/falco/app_actions/list_fields.cpp +++ b/userspace/falco/app_actions/list_fields.cpp @@ -33,12 +33,5 @@ application::run_result application::list_fields() return run_result::exit(); } - if(m_options.list_syscall_events) - { - // We know this function doesn't hold into the raw pointer value - list_events(m_state->inspector.get(), m_options.markdown); - return run_result::exit(); - } - return run_result::ok(); } diff --git a/userspace/falco/app_actions/print_syscall_events.cpp b/userspace/falco/app_actions/print_syscall_events.cpp new file mode 100644 index 00000000..863fdb13 --- /dev/null +++ b/userspace/falco/app_actions/print_syscall_events.cpp @@ -0,0 +1,34 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include "application.h" + +#include + +using namespace falco::app; + +application::run_result application::print_syscall_events() +{ + if(m_options.list_syscall_events) + { + // We know this function doesn't hold into the raw pointer value + std::unique_ptr inspector(new sinsp()); + list_events(inspector.get(), m_options.markdown); + return run_result::exit(); + } + + return run_result::ok(); +} diff --git a/userspace/falco/application.h b/userspace/falco/application.h index e6584be9..22b06cb1 100644 --- a/userspace/falco/application.h +++ b/userspace/falco/application.h @@ -197,6 +197,7 @@ private: run_result print_ignored_events(); run_result print_plugin_info(); run_result print_support(); + run_result print_syscall_events(); run_result print_version(); run_result process_events(); #ifndef MINIMAL_BUILD