mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-22 03:49:36 +00:00
047f12d0f6
Instead of iterating over the entire list of filters and doing pattern matches against each defined filter, perform table lookups. For filters that take arguments e.g. proc.aname[3] or evt.arg.xxx, split the filtercheck string on bracket/dot and check the values against a table. There are now two tables of defined filters: defined_arg_filters and defined_noarg_filters. Each filter is put into a table depending on whether the filter takes an argument or not. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>