github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-05 16:50:34 +00:00
Code Issues Projects Releases Wiki Activity

perf: avoid stack allocation and make use of switch to select behavior on rule matching strategy

Browse Source 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
This commit is contained in:
Lorenzo Susini
2023-08-08 10:52:11 +00:00
committed by poiana
parent 1705c0dab3
commit 6acd924c50
2 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
userspace/engine/falco_engine.cpp
View File

@@ -388,21 +388,28 @@ std::unique_ptr<std::vector<falco_engine::rule_result>> falco_engine::process_ev
return nullptr;
}
if (m_rule_matching == falco_common::rule_matching::ALL)
switch (m_rule_matching)
{
case falco_common::rule_matching::ALL:
if (source->m_rules.size() > 0)
{
source->m_rules.clear();
}
if (!source->ruleset->run(ev, source->m_rules, ruleset_id))
{
return nullptr;
}
}
else if (m_rule_matching == falco_common::rule_matching::FIRST)
{
falco_rule rule;
if (!source->ruleset->run(ev, rule, ruleset_id))
break;
case falco_common::rule_matching::FIRST:
if (source->m_rules.size() != 1)
{
source->m_rules.resize(1);
}
if (!source->ruleset->run(ev, source->m_rules[0], ruleset_id))
{
return nullptr;
}
source->m_rules.push_back(rule);
break;
}
auto res = std::make_unique<std::vector<falco_engine::rule_result>>();
@@ -420,10 +427,6 @@ std::unique_ptr<std::vector<falco_engine::rule_result>> falco_engine::process_ev
res->push_back(rule_result);
}
if (source->m_rules.size() > 0)
{
source->m_rules.clear();
}
return res;
}