further improvements outputs impl.

userspace/engine/formats.cpp

@@ -1,5 +1,5 @@
 /*
-Copyright (C) 2019 The Falco Authors.
+Copyright (C) 2020 The Falco Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

userspace/engine/formats.h

@@ -1,5 +1,5 @@
 /*
-Copyright (C) 2019 The Falco Authors.
+Copyright (C) 2020 The Falco Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

userspace/falco/event_drops.cpp

@@ -1,5 +1,5 @@
 /*
-Copyright (C) 2019 The Falco Authors.
+Copyright (C) 2020 The Falco Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@ limitations under the License.
 */
 
 #include "event_drops.h"
+#include "falco_common.h"
 #include "banned.h" // This raises a compilation error when certain functions are used
 
 syscall_evt_drop_mgr::syscall_evt_drop_mgr():
@@ -137,7 +138,7 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now, scap_stats &delta, bool
 
 		case ACT_ALERT:
 			m_outputs->handle_msg(now,
-					      falco_outputs::PRIORITY_CRITICAL,
+					      falco_common::PRIORITY_CRITICAL,
 					      msg,
 					      rule,
 					      output_fields);

userspace/falco/falco.cpp

@@ -1,5 +1,5 @@
 /*
-Copyright (C) 2019 The Falco Authors.
+Copyright (C) 2020 The Falco Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -762,8 +762,7 @@ int falco_init(int argc, char **argv)
 			}
 		}
 
-		outputs = new falco_outputs(engine);
-		outputs->set_inspector(inspector);
+		outputs = new falco_outputs();
 
 		// Some combinations of arguments are not allowed.
 		if (daemon && pidfilename == "") {

userspace/falco/falco_outputs.cpp

@@ -1,5 +1,5 @@
 /*
-Copyright (C) 2019 The Falco Authors.
+Copyright (C) 2020 The Falco Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -38,8 +38,7 @@ limitations under the License.
 
 using namespace std;
 
-falco_outputs::falco_outputs(falco_engine *engine):
-	m_falco_engine(engine),
+falco_outputs::falco_outputs():
 	m_initialized(false),
 	m_buffered(true),
 	m_json_output(false),
@@ -64,12 +63,6 @@ void falco_outputs::init(bool json_output,
 			 uint32_t rate, uint32_t max_burst, bool buffered,
 			 bool time_format_iso_8601, string hostname)
 {
-	// The engine must have been given an inspector by now.
-	if(!m_inspector)
-	{
-		throw falco_exception("No inspector provided");
-	}
-
 	m_json_output = json_output;
 
 	// Note that falco_formats is already initialized by the engine,
@@ -123,7 +116,7 @@ void falco_outputs::add_output(falco::outputs::config oc)
 		throw falco_exception("Output not supported: " + oc.name);
 	}
 
-	oo->init(oc, m_buffered, m_time_format_iso_8601, m_hostname);
+	oo->init(oc, m_buffered, m_hostname);
 	m_outputs.push_back(oo);
 }
 

userspace/falco/falco_outputs.h

@@ -1,5 +1,5 @@
 /*
-Copyright (C) 2019 The Falco Authors.
+Copyright (C) 2020 The Falco Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -31,10 +31,10 @@ limitations under the License.
 // falco output engine. The falco rules engine is implemented by a
 // separate class falco_engine.
 //
-class falco_outputs : public falco_common
+class falco_outputs
 {
 public:
-	falco_outputs(falco_engine *engine);
+	falco_outputs();
 	virtual ~falco_outputs();
 
 	void init(bool json_output,
@@ -61,8 +61,6 @@ class falco_outputs : public falco_common
 	void reopen_outputs();
 
 private:
-	falco_engine *m_falco_engine;
-
 	bool m_initialized;
 
 	std::vector<falco::outputs::abstract_output *> m_outputs;

userspace/falco/outputs_queue.h → userspace/falco/grpc_queue.h

@@ -1,5 +1,5 @@
 /*
-Copyright (C) 2019 The Falco Authors
+Copyright (C) 2020 The Falco Authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -21,9 +21,9 @@ limitations under the License.
 
 namespace falco
 {
-namespace outputs
+namespace grpc
 {
-typedef tbb::concurrent_queue<response> response_cq;
+typedef tbb::concurrent_queue<outputs::response> response_cq;
 
 class queue
 {
@@ -34,12 +34,12 @@ class queue
 		return instance;
 	}
 
-	bool try_pop(response& res)
+	bool try_pop(outputs::response& res)
 	{
 		return m_queue.try_pop(res);
 	}
 
-	void push(response& res)
+	void push(outputs::response& res)
 	{
 		m_queue.push(res);
 	}
@@ -56,5 +56,5 @@ class queue
 	queue(queue const&) = delete;
 	void operator=(queue const&) = delete;
 };
-} // namespace outputs
+} // namespace grpc
 } // namespace falco

userspace/falco/grpc_server_impl.cpp

@@ -1,5 +1,5 @@
 /*
-Copyright (C) 2019 The Falco Authors
+Copyright (C) 2020 The Falco Authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -16,7 +16,7 @@ limitations under the License.
 
 #include "config_falco.h"
 #include "grpc_server_impl.h"
-#include "outputs_queue.h"
+#include "grpc_queue.h"
 #include "logger.h"
 #include "banned.h" // This raises a compilation error when certain functions are used
 
@@ -44,7 +44,7 @@ void falco::grpc::server_impl::get(const stream_context& ctx, const outputs::req
 	// m_status == stream_context::STREAMING?
 	// todo(leodido) > set m_stream
 
-	ctx.m_has_more = outputs::queue::get().try_pop(res);
+	ctx.m_has_more = queue::get().try_pop(res);
 }
 
 void falco::grpc::server_impl::sub(const bidi_context& ctx, const outputs::request& req, outputs::response& res)
@@ -61,7 +61,7 @@ void falco::grpc::server_impl::sub(const bidi_context& ctx, const outputs::reque
 	// m_status == stream_context::STREAMING?
 	// todo(leodido) > set m_stream
 
-	ctx.m_has_more = outputs::queue::get().try_pop(res);
+	ctx.m_has_more = queue::get().try_pop(res);
 }
 
 void falco::grpc::server_impl::version(const context& ctx, const version::request&, version::response& res)

userspace/falco/logger.cpp

@@ -1,5 +1,5 @@
 /*
-Copyright (C) 2019 The Falco Authors.
+Copyright (C) 2020 The Falco Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

userspace/falco/logger.h

@@ -1,5 +1,5 @@
 /*
-Copyright (C) 2019 The Falco Authors.
+Copyright (C) 2020 The Falco Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

userspace/falco/outputs.h

@@ -45,13 +45,10 @@ struct config
 class abstract_output
 {
 public:
-	void init(config oc, bool buffered,
-		  bool time_format_iso_8601, std::string hostname)
+	void init(config oc, bool buffered, std::string hostname)
 	{
-
 		m_oc = oc;
 		m_buffered = buffered;
-		m_time_format_iso_8601 = time_format_iso_8601;
 		m_hostname = hostname;
 	}
 
@@ -69,7 +66,6 @@ class abstract_output
 protected:
 	config m_oc;
 	bool m_buffered;
-	bool m_time_format_iso_8601;
 	std::string m_hostname;
 };
 

userspace/falco/outputs_grpc.cpp

@@ -16,7 +16,7 @@ limitations under the License.
 
 #include <google/protobuf/util/time_util.h>
 #include "outputs_grpc.h"
-#include "outputs_queue.h"
+#include "grpc_queue.h"
 #include "falco_common.h"
 #include "formats.h"
 #include "banned.h" // This raises a compilation error when certain functions are used
@@ -67,7 +67,7 @@ void falco::outputs::output_grpc::output_event(gen_event *evt, std::string &rule
 	auto host = grpc_res.mutable_hostname();
 	*host = m_hostname;
 
-	falco::outputs::queue::get().push(grpc_res);
+	falco::grpc::queue::get().push(grpc_res);
 }
 
 void falco::outputs::output_grpc::output_msg(falco_common::priority_type priority, std::string &msg)