github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-19 17:14:26 +00:00
Code Issues Projects Releases Wiki Activity

update: start/stop capture inside do_inspect

Browse Source 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
This commit is contained in:
Andrea Terzolo
2022-11-29 10:59:01 +01:00
committed by poiana
parent 87371492c5
commit 55deb452d8
1 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
userspace/falco/app_actions/process_events.cpp
View File

@@ -50,8 +50,8 @@ application::run_result application::do_inspect(
uint64_t duration_to_tot_ns, uint64_t duration_to_tot_ns,
uint64_t &num_evts) uint64_t &num_evts)
{ {
int32_t rc; int32_t rc = 0;
sinsp_evt* ev; sinsp_evt* ev = NULL;
stats_writer::collector stats_collector(statsw); stats_writer::collector stats_collector(statsw);
uint64_t duration_start = 0; uint64_t duration_start = 0;
uint32_t timeouts_since_last_success_or_msg = 0; uint32_t timeouts_since_last_success_or_msg = 0;
@@ -91,6 +91,11 @@ application::run_result application::do_inspect(
m_state->config->m_syscall_evt_simulate_drops); m_state->config->m_syscall_evt_simulate_drops);
} }
//
// Start capture
//
inspector->start_capture();
// //
// Loop through the events // Loop through the events
// //
@@ -153,6 +158,7 @@ application::run_result application::do_inspect(
// //
// Event read error. // Event read error.
// //
inspector->stop_capture();
return run_result::fatal(inspector->getlasterr()); return run_result::fatal(inspector->getlasterr());
} }
@@ -197,6 +203,7 @@ application::run_result application::do_inspect(
if(check_drops_and_timeouts && !sdropmgr.process_event(inspector, ev)) if(check_drops_and_timeouts && !sdropmgr.process_event(inspector, ev))
{ {
inspector->stop_capture();
return run_result::fatal("Drop manager internal error"); return run_result::fatal("Drop manager internal error");
} }
@@ -221,6 +228,11 @@ application::run_result application::do_inspect(
num_evts++; num_evts++;
} }
//
// Stop capture
//
inspector->stop_capture();
return run_result::ok(); return run_result::ok();
} }
@@ -231,7 +243,6 @@ void application::process_inspector_events(
application::source_sync_context* sync, application::source_sync_context* sync,
application::run_result* res) noexcept application::run_result* res) noexcept
{ {
inspector->start_capture();
try try
{ {
double duration; double duration;
@@ -277,7 +288,7 @@ void application::process_inspector_events(
{ {
*res = run_result::fatal(e.what()); *res = run_result::fatal(e.what());
} }
inspector->stop_capture();
if (sync) if (sync)
{ {
sync->finish(); sync->finish();