diff --git a/userspace/falco/event_drops.cpp b/userspace/falco/event_drops.cpp index 43625e80b79..ef4bf12163c 100644 --- a/userspace/falco/event_drops.cpp +++ b/userspace/falco/event_drops.cpp @@ -142,18 +142,16 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now, scap_stats &delta, bool std::string rule = "Falco internal: syscall event drop"; std::string msg = rule + ". " + std::to_string(delta.n_drops) + " system calls dropped in last second."; - bool should_exit = false; - for(auto &act : m_actions) { switch(act) { case syscall_evt_drop_action::IGNORE: - break; + return true; case syscall_evt_drop_action::LOG: - falco_logger::log(LOG_DEBUG, msg); - break; + falco_logger::log(LOG_DEBUG, std::move(msg)); + return true; case syscall_evt_drop_action::ALERT: { @@ -189,24 +187,18 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now, scap_stats &delta, bool output_fields["n_drops_bug"] = std::to_string(delta.n_drops_bug); /* Number of kernel side bug drops (invalid condition in the kernel instrumentation). */ output_fields["ebpf_enabled"] = std::to_string(bpf_enabled); m_outputs->handle_msg(now, falco_common::PRIORITY_DEBUG, msg, rule, output_fields); - break; + return true; } case syscall_evt_drop_action::EXIT: - should_exit = true; - break; + falco_logger::log(LOG_CRIT, std::move(msg)); + falco_logger::log(LOG_CRIT, "Exiting."); + return false; default: falco_logger::log(LOG_ERR, "Ignoring unknown action " + std::to_string(int(act))); - break; + return true; } } - if(should_exit) - { - falco_logger::log(LOG_CRIT, msg); - falco_logger::log(LOG_CRIT, "Exiting."); - return false; - } - return true; } diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp index d758261e943..6ce7d35164d 100644 --- a/userspace/falco/falco.cpp +++ b/userspace/falco/falco.cpp @@ -23,10 +23,8 @@ limitations under the License. #include "logger.h" #include "banned.h" // This raises a compilation error when certain functions are used -static void display_fatal_err(const string &msg) +static void display_fatal_err(const string &&msg) { - falco_logger::log(LOG_ERR, msg); - /** * If stderr logging is not enabled, also log to stderr. When * daemonized this will simply write to /dev/null. @@ -35,6 +33,8 @@ static void display_fatal_err(const string &msg) { std::cerr << msg; } + + falco_logger::log(LOG_ERR, std::move(msg)); } // diff --git a/userspace/falco/grpc_server.cpp b/userspace/falco/grpc_server.cpp index c064f553f16..c18b02e1020 100644 --- a/userspace/falco/grpc_server.cpp +++ b/userspace/falco/grpc_server.cpp @@ -72,7 +72,7 @@ static void gpr_log_dispatcher_func(gpr_log_func_args* args) string copy = "grpc: "; copy.append(args->message); copy.push_back('\n'); - falco_logger::log(priority, copy); + falco_logger::log(priority, std::move(copy)); } void falco::grpc::server::thread_process(int thread_index) diff --git a/userspace/falco/logger.cpp b/userspace/falco/logger.cpp index cde42fd7c20..9d55181cdcf 100644 --- a/userspace/falco/logger.cpp +++ b/userspace/falco/logger.cpp @@ -134,7 +134,7 @@ void falco_logger::set_sinsp_logging(bool enable, const std::string& severity, c bool falco_logger::log_stderr = true; bool falco_logger::log_syslog = true; -void falco_logger::log(int priority, const string msg) +void falco_logger::log(int priority, const string&& msg) { if(priority > falco_logger::level) diff --git a/userspace/falco/logger.h b/userspace/falco/logger.h index c4870917584..db9011a5eac 100644 --- a/userspace/falco/logger.h +++ b/userspace/falco/logger.h @@ -30,7 +30,7 @@ class falco_logger static void set_sinsp_logging(bool enable, const std::string& severity, const std::string& prefix); - static void log(int priority, const string msg); + static void log(int priority, const string&& msg); static int level; static bool log_stderr;