From e5e5416ade50dbc20171aaeae8a82e8046f43207 Mon Sep 17 00:00:00 2001 From: Roberto Scolaro Date: Tue, 24 Oct 2023 20:06:42 +0000 Subject: [PATCH] fix(userspace/falco): substitute syscall_evt_drop_action::IGNORE with DISREGARD Signed-off-by: Roberto Scolaro --- userspace/falco/configuration.cpp | 8 ++++---- userspace/falco/event_drops.cpp | 2 +- userspace/falco/event_drops.h | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 64f02620..48f29b60 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -313,11 +313,11 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h { if(act == "ignore") { - m_syscall_evt_drop_actions.insert(syscall_evt_drop_action::IGNORE); + m_syscall_evt_drop_actions.insert(syscall_evt_drop_action::DISREGARD); } else if(act == "log") { - if(m_syscall_evt_drop_actions.count(syscall_evt_drop_action::IGNORE)) + if(m_syscall_evt_drop_actions.count(syscall_evt_drop_action::DISREGARD)) { throw std::logic_error("Error reading config file (" + config_name + "): syscall event drop action \"" + act + "\" does not make sense with the \"ignore\" action"); } @@ -325,7 +325,7 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h } else if(act == "alert") { - if(m_syscall_evt_drop_actions.count(syscall_evt_drop_action::IGNORE)) + if(m_syscall_evt_drop_actions.count(syscall_evt_drop_action::DISREGARD)) { throw std::logic_error("Error reading config file (" + config_name + "): syscall event drop action \"" + act + "\" does not make sense with the \"ignore\" action"); } @@ -343,7 +343,7 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h if(m_syscall_evt_drop_actions.empty()) { - m_syscall_evt_drop_actions.insert(syscall_evt_drop_action::IGNORE); + m_syscall_evt_drop_actions.insert(syscall_evt_drop_action::DISREGARD); } m_syscall_evt_drop_threshold = config.get_scalar("syscall_event_drops.threshold", .1); diff --git a/userspace/falco/event_drops.cpp b/userspace/falco/event_drops.cpp index 7d66156f..f26f77f1 100644 --- a/userspace/falco/event_drops.cpp +++ b/userspace/falco/event_drops.cpp @@ -149,7 +149,7 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now, scap_stats &delta, bool { switch(act) { - case syscall_evt_drop_action::IGNORE: + case syscall_evt_drop_action::DISREGARD: return true; case syscall_evt_drop_action::LOG: diff --git a/userspace/falco/event_drops.h b/userspace/falco/event_drops.h index 31255bc0..2b27ffc8 100644 --- a/userspace/falco/event_drops.h +++ b/userspace/falco/event_drops.h @@ -29,7 +29,7 @@ limitations under the License. // detecting a syscall event drop. enum class syscall_evt_drop_action : uint8_t { - IGNORE = 0, + DISREGARD = 0, LOG, ALERT, EXIT