Open jasondellaluce opened 1 year ago
poiana
commented
1 year ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
poiana
commented
1 year ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
poiana
commented
1 year ago Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Provide feedback via https://github.com/falcosecurity/community. /close
poiana
commented
1 year ago @poiana: Closing this issue.
jasondellaluce
commented
1 year ago /reopen
/remove-lifecycle rotten
poiana
commented
1 year ago @jasondellaluce: Reopened this issue.
Andreagit97
commented
1 year ago /remove-lifecycle rotten
poiana
commented
9 months ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Andreagit97
commented
9 months ago /remove-lifecycle stale
poiana
commented
6 months ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Andreagit97
commented
6 months ago /remove-lifecycle stale
poiana
commented
3 months ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Andreagit97
commented
3 months ago /remove-lifecycle stale
poiana
commented
1 week ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Motivation
The plugin API receives events as input from the libraries for the event parsing and field extraction capabilities. For the specific use case of matching the source of a given event, or the name of a given async event, we are forced to string-based checks. Although not super common, this is of course suboptimal for performance.
Feature
Find a way for plugins to receive a numeric identifier for the event source and the async event name at every event input. The numeric identifier should be deterministic for plugin developers and known at compile-time in order to be effective, just like we do for the field ID during field extraction.
For event sources and async events this is not trivial, because the owning inspector is the only component that has full knowledge about the ones available at runtime. Passing the ID assigned by an inspector to a plugin is still suboptimal, because such numeric identifier can't be known at compile-time by plugin developers. An alternative is to make the inspector respect the numeric orders that plugins define through symbols like
get_extract_event_sources, however that introduces many degrees of ambiguity and complexity as well.Alternatives
Leave things as is, the use case is not so common or at least not so frequent in the event loop hot path.