Add ability to clear loaded rules.

Add the ability to clear the set of loaded rules from lua. It simply recreates the sinsp_evttype_filter instance m_evttype_filter, which is now a unique_ptr.
2025-09-08 10:09:40 +00:00 · 2016-12-28 15:06:46 -08:00
parent 3cbf641ded
commit 767f2d5bb4
4 changed files with 36 additions and 4 deletions
--- a/userspace/engine/falco_engine.h
+++ b/userspace/engine/falco_engine.h
@@ -19,6 +19,7 @@ along with falco.  If not, see <http://www.gnu.org/licenses/>.
 #pragma once

 #include <string>
+#include <memory>

 #include "sinsp.h"
 #include "filter.h"
@@ -84,6 +85,9 @@ public:
 				list<uint32_t> &evttypes,
 				sinsp_filter* filter);

+	// Clear all existing filters.
+	void clear_filters();
+
 	//
 	// Set the sampling ratio, which can affect which events are
 	// matched against the set of rules.
@@ -116,7 +120,7 @@ private:
 	inline bool should_drop_evt();

 	falco_rules *m_rules;
-        sinsp_evttype_filter m_evttype_filter;
+	std::unique_ptr<sinsp_evttype_filter> m_evttype_filter;

 	//
 	// Here's how the sampling ratio and multiplier influence