fix(userspace/falco): fix actions taken when events are dropped

User can configure a list of actions that are taken when Falco
detects a threshold exceeding value in drop statistics.

However, the logic that handles the list of configured actions
is designed to process only a single action; it takes only the
first action of the list. This approach has the problem that the
order of the actions comes as the deciding factor in choosing
which action is taken in case there are more than one action.

This fix enables Falco to process all actions on the list.

Signed-off-by: Tero Kauppinen <tero.kauppinen@est.tech>

userspace/falco/event_drops.cpp

@@ -138,15 +138,16 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now,
 	std::string rule = "Falco internal: syscall event drop";
 	std::string msg =
 	        rule + ". " + std::to_string(delta.n_drops) + " system calls dropped in last second.";
+	bool ret = true;
 
 	for(auto &act : m_actions) {
 		switch(act) {
 		case syscall_evt_drop_action::DISREGARD:
-			return true;
+			continue;
 
 		case syscall_evt_drop_action::LOG:
 			falco_logger::log(falco_logger::level::DEBUG, std::move(msg));
-			return true;
+			continue;
 
 		case syscall_evt_drop_action::ALERT: {
 			nlohmann::json output_fields;
@@ -199,19 +200,20 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now,
 			                               kernel instrumentation). */
 			output_fields["ebpf_enabled"] = std::to_string(bpf_enabled);
 			m_outputs->handle_msg(now, falco_common::PRIORITY_DEBUG, msg, rule, output_fields);
-			return true;
+			continue;
 		}
 		case syscall_evt_drop_action::EXIT:
 			falco_logger::log(falco_logger::level::CRIT, std::move(msg));
 			falco_logger::log(falco_logger::level::CRIT, "Exiting.");
-			return false;
+			ret = false;
+			continue;
 
 		default:
 			falco_logger::log(falco_logger::level::ERR,
 			                  "Ignoring unknown action " + std::to_string(int(act)));
-			return true;
+			continue;
 		}
 	}
 
-	return true;
+	return ret;
 }