update(cmake,userspace): bumped to libs master.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

userspace/falco/app/actions/configure_interesting_sets.cpp

@@ -159,16 +159,6 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
 	}
 }
 
-static void select_kernel_tracepoint_set(falco::app::state& s)
-{
-	/* Kernel tracepoints activation
-	 * Activate all tracepoints except `sched_switch` tracepoint since it
-	 * is highly noisy and not so useful
-	 * for our state/events enrichment. */
-	s.selected_tp_set = libsinsp::events::sinsp_state_tp_set();
-	s.selected_tp_set.remove(ppm_tp_code::SCHED_SWITCH);
-}
-
 falco::app::run_result falco::app::actions::configure_interesting_sets(falco::app::state& s)
 {
 	if (s.engine == nullptr || s.config == nullptr)
@@ -177,8 +167,7 @@ falco::app::run_result falco::app::actions::configure_interesting_sets(falco::ap
 	}
 
 	s.selected_sc_set.clear();
-	s.selected_tp_set.clear();
-	
+
 	/* note: the set of events is the richest source of truth about
 	 * the events generable by an inspector, because they also carry information
 	 * about events that are old, unused, internal, and so on. As such, the
@@ -190,6 +179,5 @@ falco::app::run_result falco::app::actions::configure_interesting_sets(falco::ap
 	auto rules_sc_set = s.engine->sc_codes_for_ruleset(falco_common::syscall_source);
 	select_event_set(s, rules_sc_set);
 	check_for_rules_unsupported_events(s, rules_sc_set);
-	select_kernel_tracepoint_set(s);
 	return run_result::ok();
 }

userspace/falco/app/actions/helpers_inspector.cpp

@@ -81,7 +81,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 		{
 			falco_logger::log(LOG_INFO, "Opening capture with modern BPF probe.");
 			falco_logger::log(LOG_INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) +  "' CPUs.");
-			inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.selected_sc_set, s.selected_tp_set);
+			inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.selected_sc_set);
 		}
 		else if(getenv(FALCO_BPF_ENV_VARIABLE) != NULL) /* BPF engine. */
 		{
@@ -99,14 +99,14 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 				bpf_probe_path = full_path;
 			}
 			falco_logger::log(LOG_INFO, "Opening capture with BPF probe. BPF probe path: " + std::string(bpf_probe_path));
-			inspector->open_bpf(bpf_probe_path, s.syscall_buffer_bytes_size, s.selected_sc_set, s.selected_tp_set);
+			inspector->open_bpf(bpf_probe_path, s.syscall_buffer_bytes_size, s.selected_sc_set);
 		}
 		else /* Kernel module (default). */
 		{
 			try
 			{
 				falco_logger::log(LOG_INFO, "Opening capture with Kernel module");
-				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set, s.selected_tp_set);
+				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set);
 			}
 			catch(sinsp_exception &e)
 			{
@@ -116,7 +116,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 				{
 					falco_logger::log(LOG_ERR, "Unable to load the driver\n");
 				}
-				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set, s.selected_tp_set);
+				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set);
 			}
 		}
 	}

userspace/falco/app/state.h

@@ -67,7 +67,6 @@ struct state
         source_infos(),
         plugin_configs(),
         selected_sc_set(),
-        selected_tp_set(),
         syscall_buffer_bytes_size(DEFAULT_DRIVER_BUFFER_BYTES_DIM)
     {
         config = std::make_shared<falco_configuration>();
@@ -121,9 +120,6 @@ struct state
     // Set of syscalls we want the driver to capture
     libsinsp::events::set<ppm_sc_code> selected_sc_set;
 
-    // Set of tracepoints we want the driver to capture
-    libsinsp::events::set<ppm_tp_code> selected_tp_set;
-
     // Dimension of the syscall buffer in bytes.
     uint64_t syscall_buffer_bytes_size;