github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-20 09:29:42 +00:00
Code Issues Projects Releases Wiki Activity
4,906 Commits 119 Branches 173 Tags 104 MiB
new/add_mimalloc
Commit Graph

12 Commits

Author SHA1 Message Date
Poiana
50b98b30e5 chore(falco): apply code formatting 
Signed-off-by: Poiana <poiana.bot@gmail.com>
 2024-09-30 13:25:31 +02:00
Jason Dellaluce
f18ea1e8b7 update(userspace/engine): support tranformers in exception fields 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Jason Dellaluce
b515f0a079 refactor(usersapace): adapt to changes libs 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-02-23 11:39:07 +01:00
Jason Dellaluce
4cffcedba1 refactor: remove refs to gen_event class family 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-02-06 10:25:53 +01:00
Leonardo Grasso
fe50ac22ee update: add SPDX license identifier 
See https://github.com/falcosecurity/evolution/issues/318

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-09-21 13:21:47 +02:00
Lorenzo Susini
1705c0dab3 update(userspace/engine): allow the engine to match and handle multiple rules while processing events 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-08-09 13:36:39 +02:00
Mark Stemm
356a4a0749 Also copy ruleset when copying falco source 
In the copy constructor and assignment operator for falco_source, also
copy the ruleset along with factories/name.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-12-01 17:07:52 +01:00
Jason Dellaluce
5781c53ddc fix(userspace): add explicit constructors and initializations 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-10-03 13:04:15 +02:00
Mark Stemm
2d5fc0b647 Use the same falco_rule struct for every call to filter_ruleset 
Instead of using a falco_rule struct on the stack, use a single value
inside the falco_source struct. It's mutable as find_source returns a
const struct.

At very high event volumes (> 1M syscalls/second), even the tiny time
it takes to create/destroy the struct starts to add up, and this
switch has some small cpu savings.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-09-16 12:50:39 +02:00
Jason Dellaluce
13d70b65ae update(userspace/engine): rename ruleset.h in filter_ruleset.h 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2022-05-25 09:16:45 +02:00
Jason Dellaluce
0abd7eaa28 refactor(userspace/engine): refactor engine interface and internals 
This updates the engine to comply and work properly with the newly-introduced
interface design.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-05-25 09:16:45 +02:00
Jason Dellaluce
f41f51f736 refactor(userspace/engine): update falco engine to use new ruleset interface and have one ruleset for each source 
This also fixes a couple of bugs. With the current implementation, the multi-ruleset feature is broken with multiple sources.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-05-25 09:16:45 +02:00