github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-16 15:51:55 +00:00
Code Issues Projects Releases Wiki Activity

fix(userspace/falco): substitute syscall_evt_drop_action::IGNORE with DISREGARD

Browse Source 
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
This commit is contained in:
Roberto Scolaro 2023-10-24 20:06:42 +00:00 committed by poiana
parent fb0d757bfe
commit e5e5416ade
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
userspace/falco/configuration.cpp
View File

@ -313,11 +313,11 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h
{
if(act == "ignore")
{
m_syscall_evt_drop_actions.insert(syscall_evt_drop_action::IGNORE);
m_syscall_evt_drop_actions.insert(syscall_evt_drop_action::DISREGARD);
}
else if(act == "log")
{
if(m_syscall_evt_drop_actions.count(syscall_evt_drop_action::IGNORE))
if(m_syscall_evt_drop_actions.count(syscall_evt_drop_action::DISREGARD))
{
throw std::logic_error("Error reading config file (" + config_name + "): syscall event drop action \"" + act + "\" does not make sense with the \"ignore\" action");
}
@ -325,7 +325,7 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h
}
else if(act == "alert")
{
if(m_syscall_evt_drop_actions.count(syscall_evt_drop_action::IGNORE))
if(m_syscall_evt_drop_actions.count(syscall_evt_drop_action::DISREGARD))
{
throw std::logic_error("Error reading config file (" + config_name + "): syscall event drop action \"" + act + "\" does not make sense with the \"ignore\" action");
}
@ -343,7 +343,7 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h
if(m_syscall_evt_drop_actions.empty())
{
m_syscall_evt_drop_actions.insert(syscall_evt_drop_action::IGNORE);
m_syscall_evt_drop_actions.insert(syscall_evt_drop_action::DISREGARD);
}
m_syscall_evt_drop_threshold = config.get_scalar<double>("syscall_event_drops.threshold", .1);

2
userspace/falco/event_drops.cpp
View File

@ -149,7 +149,7 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now, scap_stats &delta, bool
{
switch(act)
{
case syscall_evt_drop_action::IGNORE:
case syscall_evt_drop_action::DISREGARD:
return true;
case syscall_evt_drop_action::LOG:

2
userspace/falco/event_drops.h
View File

@ -29,7 +29,7 @@ limitations under the License.
// detecting a syscall event drop.
enum class syscall_evt_drop_action : uint8_t
{
IGNORE = 0,
DISREGARD = 0,
LOG,
ALERT,
EXIT