From 4774e92bc2ee9d5bc27ed53a4ee40d9ca7a1427c Mon Sep 17 00:00:00 2001 From: Leonardo Di Donato Date: Fri, 19 Mar 2021 12:44:57 +0000 Subject: [PATCH] refactor(userspace/falco): refactor the enum of drop actions into an enum class Signed-off-by: Leonardo Di Donato --- userspace/falco/event_drops.h | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/userspace/falco/event_drops.h b/userspace/falco/event_drops.h index c02a64e6..06aa7e43 100644 --- a/userspace/falco/event_drops.h +++ b/userspace/falco/event_drops.h @@ -1,5 +1,5 @@ /* -Copyright (C) 2019 The Falco Authors. +Copyright (C) 2021 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -23,25 +23,28 @@ limitations under the License. #include "logger.h" #include "falco_outputs.h" +// The possible actions that this class can take upon +// detecting a syscall event drop. +enum class syscall_evt_drop_action : uint8_t +{ + IGNORE = 0, + LOG, + ALERT, + EXIT +}; + +using syscall_evt_drop_actions = std::set; + class syscall_evt_drop_mgr { public: - // The possible actions that this class can take upon - // detecting a syscall event drop. - enum action - { - ACT_IGNORE = 0, - ACT_LOG, - ACT_ALERT, - ACT_EXIT, - }; - syscall_evt_drop_mgr(); virtual ~syscall_evt_drop_mgr(); void init(sinsp *inspector, falco_outputs *outputs, - std::set &actions, + syscall_evt_drop_actions &actions, + double threshold, double rate, double max_tokens, bool simulate_drops); @@ -63,9 +66,10 @@ protected: uint64_t m_num_actions; sinsp *m_inspector; falco_outputs *m_outputs; - std::set m_actions; + syscall_evt_drop_actions m_actions; token_bucket m_bucket; uint64_t m_next_check_ts; scap_stats m_last_stats; bool m_simulate_drops; + double m_threshold; };