Now that custom rules loading implementations (and related, custom
rulesets) can be swapped into falco in a customizable way, there is
some functionality in evttype_index_ruleset that could be used by
other rulesets, specifically the part that segregates filters by
ruleset and enables/disables filters based on name substring + tags.
To allow for this, create a new base class indexable_ruleset that
takes a generic filter_wrapper object that can return a name, tags,
and sc/event codes, and segregates the filters by ruleset. It also
optionally segregates filters by event type.
The main interfaces are:
- an implementation of filter_wrapper to provide a name/tags/event
codes.
- add_wrapper(), which provides a filter_wrapper to the
indexable_ruleset.
- run_wrappers(), which must be implemented by the derived class and
is called for event processing.
Most of the methods required by filter_ruleset are implemented by
indexable_ruleset and do not need to be implemented by the derived
class.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
