falco_event/types/primitive/
newtypes.rs

1use crate::fields::{FromBytes, FromBytesError, ToBytes};
2use std::fmt::{Debug, Formatter, LowerHex};
3
4macro_rules! default_debug {
5    ($name:ident) => {
6        impl Debug for $name {
7            fn fmt(&self, fmt: &mut std::fmt::Formatter) -> std::fmt::Result {
8                Debug::fmt(&self.0, fmt)
9            }
10        }
11    };
12}
13
14macro_rules! newtype {
15    ($(#[$attr:meta])* $name:ident($repr:ty)) => {
16        $(#[$attr])*
17        #[derive(Default, PartialEq, Eq, PartialOrd, Ord, Clone, Copy, Hash)]
18        pub struct $name(pub $repr);
19
20        impl FromBytes<'_> for $name {
21            #[inline]
22            fn from_bytes(buf: &mut &[u8]) -> Result<Self, FromBytesError>
23            where
24                Self: Sized,
25            {
26                Ok(Self(FromBytes::from_bytes(buf)?))
27            }
28        }
29
30        impl ToBytes for $name {
31            #[inline]
32            fn binary_size(&self) -> usize {
33                self.0.binary_size()
34            }
35
36            #[inline]
37            fn write<W: std::io::Write>(&self, writer: W) -> std::io::Result<()> {
38                self.0.write(writer)
39            }
40
41            #[inline]
42            fn default_repr() -> impl ToBytes {
43                <$repr>::default_repr()
44            }
45        }
46    };
47}
48
49newtype!(
50    /// Syscall result
51    SyscallResult(i64)
52);
53
54impl Debug for SyscallResult {
55    #[cfg(target_os = "linux")]
56    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
57        if self.0 < 0 {
58            let errno = nix::errno::Errno::from_raw(-self.0 as i32);
59            if errno == nix::errno::Errno::UnknownErrno {
60                // always format errors as decimal
61                write!(f, "{}", self.0)
62            } else {
63                write!(f, "{}({:?})", self.0, errno)
64            }
65        } else {
66            Debug::fmt(&self.0, f)
67        }
68    }
69
70    // not on Linux, we don't have the Linux errnos without maintaining the list ourselves
71    #[cfg(not(target_os = "linux"))]
72    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
73        if self.0 < 0 {
74            // always format errors as decimal
75            write!(f, "{}", self.0)
76        } else {
77            Debug::fmt(&self.0, f)
78        }
79    }
80}
81
82impl LowerHex for SyscallResult {
83    #[cfg(target_os = "linux")]
84    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
85        if self.0 < 0 {
86            let errno = nix::errno::Errno::from_raw(-self.0 as i32);
87            if errno == nix::errno::Errno::UnknownErrno {
88                // always format errors as decimal
89                write!(f, "{}", self.0)
90            } else {
91                write!(f, "{}({:?})", self.0, errno)
92            }
93        } else {
94            LowerHex::fmt(&self.0, f)
95        }
96    }
97
98    // not on Linux, we don't have the Linux errnos without maintaining the list ourselves
99    #[cfg(not(target_os = "linux"))]
100    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
101        if self.0 < 0 {
102            // always format errors as decimal
103            write!(f, "{}", self.0)
104        } else {
105            LowerHex::fmt(&self.0, f)
106        }
107    }
108}
109
110#[cfg(test)]
111mod syscall_result_tests {
112    use crate::types::SyscallResult;
113
114    #[test]
115    #[cfg(target_os = "linux")]
116    fn test_fmt_syscall_result() {
117        assert_eq!(format!("{:?}", SyscallResult(0)), "0");
118        assert_eq!(format!("{:?}", SyscallResult(1024)), "1024");
119        assert_eq!(format!("{:?}", SyscallResult(-2)), "-2(ENOENT)");
120        assert_eq!(format!("{:?}", SyscallResult(-28)), "-28(ENOSPC)");
121        assert_eq!(format!("{:?}", SyscallResult(-1024)), "-1024");
122
123        assert_eq!(format!("{:#x}", SyscallResult(0)), "0x0");
124        assert_eq!(format!("{:#x}", SyscallResult(1024)), "0x400");
125        assert_eq!(format!("{:#x}", SyscallResult(-2)), "-2(ENOENT)");
126        assert_eq!(format!("{:#x}", SyscallResult(-28)), "-28(ENOSPC)");
127        assert_eq!(format!("{:#x}", SyscallResult(-1024)), "-1024");
128    }
129
130    #[test]
131    #[cfg(not(target_os = "linux"))]
132    fn test_fmt_syscall_result() {
133        assert_eq!(format!("{:?}", SyscallResult(0)), "0");
134        assert_eq!(format!("{:?}", SyscallResult(1024)), "1024");
135        assert_eq!(format!("{:?}", SyscallResult(-2)), "-2");
136        assert_eq!(format!("{:?}", SyscallResult(-28)), "-28");
137        assert_eq!(format!("{:?}", SyscallResult(-1024)), "-1024");
138
139        assert_eq!(format!("{:#x}", SyscallResult(0)), "0x0");
140        assert_eq!(format!("{:#x}", SyscallResult(1024)), "0x400");
141        assert_eq!(format!("{:#x}", SyscallResult(-2)), "-2");
142        assert_eq!(format!("{:#x}", SyscallResult(-28)), "-28");
143        assert_eq!(format!("{:#x}", SyscallResult(-1024)), "-1024");
144    }
145}
146
147newtype!(
148    /// A system call number
149    SyscallId(u16)
150);
151default_debug!(SyscallId);
152
153newtype!(
154    /// A signal number
155    SigType(u8)
156);
157
158impl Debug for SigType {
159    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
160        Debug::fmt(&self.0, f)?;
161
162        #[cfg(target_os = "linux")]
163        {
164            let sig = nix::sys::signal::Signal::try_from(self.0 as i32);
165            if let Ok(sig) = sig {
166                write!(f, "({sig:?})")?;
167            }
168        }
169
170        Ok(())
171    }
172}
173
174#[cfg(test)]
175mod sig_tests {
176    use crate::types::SigType;
177
178    #[test]
179    #[cfg(target_os = "linux")]
180    fn test_sig_fmt() {
181        let formatted = format!("{:?}", SigType(1));
182        assert_eq!(formatted, "1(SIGHUP)");
183    }
184
185    #[test]
186    #[cfg(not(target_os = "linux"))]
187    fn test_sig_fmt() {
188        let formatted = format!("{:?}", SigType(1));
189        assert_eq!(formatted, "1");
190    }
191}
192
193newtype!(
194    /// File descriptor
195    Fd(i64)
196);
197
198impl Debug for Fd {
199    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
200        if self.0 == -100 {
201            f.write_str("AT_FDCWD")
202        } else {
203            Debug::fmt(&self.0, f)
204        }
205    }
206}
207
208#[cfg(test)]
209mod fd_tests {
210    use crate::types::Fd;
211
212    #[test]
213    fn test_fd_fmt() {
214        assert_eq!(format!("{:?}", Fd(10)), "10");
215        assert_eq!(format!("{:?}", Fd(-100)), "AT_FDCWD");
216    }
217}
218
219newtype!(
220    /// Process or thread id
221    Pid(i64)
222);
223default_debug!(Pid);
224
225newtype!(
226    /// User id
227    Uid(u32)
228);
229default_debug!(Uid);
230
231newtype!(
232    /// Group id
233    Gid(u32)
234);
235default_debug!(Gid);
236
237newtype!(
238    /// Signal set (bitmask of signals, only the lower 32 bits are used)
239    SigSet(u32)
240);
241
242impl SigSet {
243    /// Iterate over all signals in this set
244    #[inline]
245    pub fn iter(&self) -> impl Iterator<Item = SigType> + use<> {
246        let mask = self.0;
247        (0..32u8)
248            .filter(move |sig| mask & (1u32 << sig) != 0)
249            .map(SigType)
250    }
251}
252
253impl Debug for SigSet {
254    fn fmt(&self, fmt: &mut Formatter<'_>) -> std::fmt::Result {
255        write!(fmt, "{:#2x}", self.0)?;
256        if self.0 != 0 {
257            let mut first = true;
258            for sig in self.iter() {
259                if first {
260                    write!(fmt, "(")?;
261                    first = false;
262                } else {
263                    write!(fmt, ",")?;
264                }
265                write!(fmt, "{sig:?}")?;
266            }
267            write!(fmt, ")")?;
268        }
269
270        Ok(())
271    }
272}
273
274#[cfg(test)]
275mod sigset_tests {
276    use crate::types::SigSet;
277
278    #[test]
279    #[cfg(target_os = "linux")]
280    fn test_sigset() {
281        let signals = (1 << 2) | // SIGINT
282            (1 << 9); // SIGKILL
283
284        let formatted = format!("{:?}", SigSet(signals));
285        assert_eq!(formatted, "0x204(2(SIGINT),9(SIGKILL))");
286    }
287
288    #[test]
289    #[cfg(not(target_os = "linux"))]
290    fn test_sigset() {
291        let signals = (1 << 2) | // SIGINT
292            (1 << 9); // SIGKILL
293
294        let formatted = format!("{:?}", SigSet(signals));
295        assert_eq!(formatted, "0x204(2,9)");
296    }
297}
298
299newtype!(
300    /// IP port number
301    ///
302    /// This looks unused
303    Port(u16)
304);
305default_debug!(Port);
306
307newtype!(
308    /// Layer 4 protocol (tcp/udp)
309    ///
310    /// This looks unused
311    #[allow(unused)]
312    L4Proto(u8)
313);
314default_debug!(L4Proto);
315
316newtype!(
317    /// Socket family (`PPM_AF_*`)
318    ///
319    /// This looks unused
320    #[derive(Debug)]
321    SockFamily(u8)
322);
323
324newtype!(
325    /// Boolean value (0/1)
326    ///
327    /// This looks unused
328    Bool(u32)
329);
330
331impl Debug for Bool {
332    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
333        match self.0 {
334            0 => f.write_str("false"),
335            1 => f.write_str("true"),
336            n => write!(f, "true({n})"),
337        }
338    }
339}
340
341#[cfg(test)]
342mod bool_tests {
343    use crate::types::Bool;
344
345    #[test]
346    fn test_bool() {
347        assert_eq!(format!("{:?}", Bool(0)), "false");
348        assert_eq!(format!("{:?}", Bool(1)), "true");
349        assert_eq!(format!("{:?}", Bool(10)), "true(10)");
350    }
351}