falco_event/types/primitive/
newtypes.rs

1use crate::fields::{FromBytes, FromBytesError, ToBytes};
2use std::fmt::{Debug, Formatter, LowerHex};
3
4macro_rules! default_debug {
5    ($name:ident) => {
6        impl Debug for $name {
7            fn fmt(&self, fmt: &mut std::fmt::Formatter) -> std::fmt::Result {
8                Debug::fmt(&self.0, fmt)
9            }
10        }
11    };
12}
13
14macro_rules! newtype {
15    ($(#[$attr:meta])* $name:ident($repr:ty)) => {
16        $(#[$attr])*
17        #[derive(Default, PartialEq, Eq, PartialOrd, Ord, Clone, Copy, Hash)]
18        pub struct $name(pub $repr);
19
20        impl FromBytes<'_> for $name {
21            #[inline]
22            fn from_bytes(buf: &mut &[u8]) -> Result<Self, FromBytesError>
23            where
24                Self: Sized,
25            {
26                Ok(Self(FromBytes::from_bytes(buf)?))
27            }
28        }
29
30        impl ToBytes for $name {
31            #[inline]
32            fn binary_size(&self) -> usize {
33                self.0.binary_size()
34            }
35
36            #[inline]
37            fn write<W: std::io::Write>(&self, writer: W) -> std::io::Result<()> {
38                self.0.write(writer)
39            }
40
41            #[inline]
42            fn default_repr() -> impl ToBytes {
43                <$repr>::default_repr()
44            }
45        }
46    };
47}
48
49newtype!(
50    /// Syscall result
51    SyscallResult(i64)
52);
53
54impl Debug for SyscallResult {
55    #[cfg(target_os = "linux")]
56    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
57        if self.0 < 0 {
58            let errno = nix::errno::Errno::from_raw(-self.0 as i32);
59            if errno == nix::errno::Errno::UnknownErrno {
60                // always format errors as decimal
61                write!(f, "{}", self.0)
62            } else {
63                write!(f, "{}({:?})", self.0, errno)
64            }
65        } else {
66            Debug::fmt(&self.0, f)
67        }
68    }
69
70    // not on Linux, we don't have the Linux errnos without maintaining the list ourselves
71    #[cfg(not(target_os = "linux"))]
72    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
73        if self.0 < 0 {
74            // always format errors as decimal
75            write!(f, "{}", self.0)
76        } else {
77            Debug::fmt(&self.0, f)
78        }
79    }
80}
81
82impl LowerHex for SyscallResult {
83    #[cfg(target_os = "linux")]
84    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
85        if self.0 < 0 {
86            let errno = nix::errno::Errno::from_raw(-self.0 as i32);
87            if errno == nix::errno::Errno::UnknownErrno {
88                // always format errors as decimal
89                write!(f, "{}", self.0)
90            } else {
91                write!(f, "{}({:?})", self.0, errno)
92            }
93        } else {
94            LowerHex::fmt(&self.0, f)
95        }
96    }
97
98    // not on Linux, we don't have the Linux errnos without maintaining the list ourselves
99    #[cfg(not(target_os = "linux"))]
100    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
101        if self.0 < 0 {
102            // always format errors as decimal
103            write!(f, "{}", self.0)
104        } else {
105            LowerHex::fmt(&self.0, f)
106        }
107    }
108}
109
110#[cfg(test)]
111mod syscall_result_tests {
112    use crate::types::SyscallResult;
113
114    #[test]
115    #[cfg(target_os = "linux")]
116    fn test_fmt_syscall_result() {
117        assert_eq!(format!("{:?}", SyscallResult(0)), "0");
118        assert_eq!(format!("{:?}", SyscallResult(1024)), "1024");
119        assert_eq!(format!("{:?}", SyscallResult(-2)), "-2(ENOENT)");
120        assert_eq!(format!("{:?}", SyscallResult(-28)), "-28(ENOSPC)");
121        assert_eq!(format!("{:?}", SyscallResult(-1024)), "-1024");
122
123        assert_eq!(format!("{:#x}", SyscallResult(0)), "0x0");
124        assert_eq!(format!("{:#x}", SyscallResult(1024)), "0x400");
125        assert_eq!(format!("{:#x}", SyscallResult(-2)), "-2(ENOENT)");
126        assert_eq!(format!("{:#x}", SyscallResult(-28)), "-28(ENOSPC)");
127        assert_eq!(format!("{:#x}", SyscallResult(-1024)), "-1024");
128    }
129
130    #[test]
131    #[cfg(not(target_os = "linux"))]
132    fn test_fmt_syscall_result() {
133        assert_eq!(format!("{:?}", SyscallResult(0)), "0");
134        assert_eq!(format!("{:?}", SyscallResult(1024)), "1024");
135        assert_eq!(format!("{:?}", SyscallResult(-2)), "-2");
136        assert_eq!(format!("{:?}", SyscallResult(-28)), "-28");
137        assert_eq!(format!("{:?}", SyscallResult(-1024)), "-1024");
138
139        assert_eq!(format!("{:#x}", SyscallResult(0)), "0x0");
140        assert_eq!(format!("{:#x}", SyscallResult(1024)), "0x400");
141        assert_eq!(format!("{:#x}", SyscallResult(-2)), "-2");
142        assert_eq!(format!("{:#x}", SyscallResult(-28)), "-28");
143        assert_eq!(format!("{:#x}", SyscallResult(-1024)), "-1024");
144    }
145}
146
147newtype!(
148    /// A system call number
149    SyscallId(u16)
150);
151default_debug!(SyscallId);
152
153newtype!(
154    /// A signal number
155    SigType(u8)
156);
157
158impl Debug for SigType {
159    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
160        Debug::fmt(&self.0, f)?;
161
162        #[cfg(target_os = "linux")]
163        {
164            let sig = nix::sys::signal::Signal::try_from(self.0 as i32);
165            if let Ok(sig) = sig {
166                write!(f, "({sig:?})")?;
167            }
168        }
169
170        Ok(())
171    }
172}
173
174#[cfg(test)]
175mod sig_tests {
176    use crate::types::SigType;
177
178    #[test]
179    #[cfg(target_os = "linux")]
180    fn test_sig_fmt() {
181        let formatted = format!("{:?}", SigType(1));
182        assert_eq!(formatted, "1(SIGHUP)");
183    }
184
185    #[test]
186    #[cfg(not(target_os = "linux"))]
187    fn test_sig_fmt() {
188        let formatted = format!("{:?}", SigType(1));
189        assert_eq!(formatted, "1");
190    }
191}
192
193newtype!(
194    /// File descriptor
195    Fd(i64)
196);
197
198impl Debug for Fd {
199    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
200        if self.0 == -100 {
201            f.write_str("AT_FDCWD")
202        } else {
203            Debug::fmt(&self.0, f)
204        }
205    }
206}
207
208#[cfg(test)]
209mod fd_tests {
210    use crate::types::Fd;
211
212    #[test]
213    fn test_fd_fmt() {
214        assert_eq!(format!("{:?}", Fd(10)), "10");
215        assert_eq!(format!("{:?}", Fd(-100)), "AT_FDCWD");
216    }
217}
218
219newtype!(
220    /// Process or thread id
221    Pid(i64)
222);
223default_debug!(Pid);
224
225newtype!(
226    /// User id
227    Uid(u32)
228);
229default_debug!(Uid);
230
231newtype!(
232    /// Group id
233    Gid(u32)
234);
235default_debug!(Gid);
236
237newtype!(
238    /// Signal set (bitmask of signals, only the lower 32 bits are used)
239    SigSet(u32)
240);
241
242impl SigSet {
243    /// Iterate over all signals in this set
244    pub fn iter(&self) -> impl Iterator<Item = SigType> + use<> {
245        let mask = self.0;
246        (0..32u8)
247            .filter(move |sig| mask & (1u32 << sig) != 0)
248            .map(SigType)
249    }
250}
251
252impl Debug for SigSet {
253    fn fmt(&self, fmt: &mut Formatter<'_>) -> std::fmt::Result {
254        write!(fmt, "{:#2x}", self.0)?;
255        if self.0 != 0 {
256            let mut first = true;
257            for sig in self.iter() {
258                if first {
259                    write!(fmt, "(")?;
260                    first = false;
261                } else {
262                    write!(fmt, ",")?;
263                }
264                write!(fmt, "{sig:?}")?;
265            }
266            write!(fmt, ")")?;
267        }
268
269        Ok(())
270    }
271}
272
273#[cfg(test)]
274mod sigset_tests {
275    use crate::types::SigSet;
276
277    #[test]
278    #[cfg(target_os = "linux")]
279    fn test_sigset() {
280        let signals = (1 << 2) | // SIGINT
281            (1 << 9); // SIGKILL
282
283        let formatted = format!("{:?}", SigSet(signals));
284        assert_eq!(formatted, "0x204(2(SIGINT),9(SIGKILL))");
285    }
286
287    #[test]
288    #[cfg(not(target_os = "linux"))]
289    fn test_sigset() {
290        let signals = (1 << 2) | // SIGINT
291            (1 << 9); // SIGKILL
292
293        let formatted = format!("{:?}", SigSet(signals));
294        assert_eq!(formatted, "0x204(2,9)");
295    }
296}
297
298newtype!(
299    /// IP port number
300    ///
301    /// This looks unused
302    Port(u16)
303);
304default_debug!(Port);
305
306newtype!(
307    /// Layer 4 protocol (tcp/udp)
308    ///
309    /// This looks unused
310    L4Proto(u8)
311);
312default_debug!(L4Proto);
313
314newtype!(
315    /// Socket family (`PPM_AF_*`)
316    ///
317    /// This looks unused
318    #[derive(Debug)]
319    SockFamily(u8)
320);
321
322newtype!(
323    /// Boolean value (0/1)
324    ///
325    /// This looks unused
326    Bool(u32)
327);
328
329impl Debug for Bool {
330    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
331        match self.0 {
332            0 => f.write_str("false"),
333            1 => f.write_str("true"),
334            n => write!(f, "true({n})"),
335        }
336    }
337}
338
339#[cfg(test)]
340mod bool_tests {
341    use crate::types::Bool;
342
343    #[test]
344    fn test_bool() {
345        assert_eq!(format!("{:?}", Bool(0)), "false");
346        assert_eq!(format!("{:?}", Bool(1)), "true");
347        assert_eq!(format!("{:?}", Bool(10)), "true(10)");
348    }
349}