update(cmake,userspace): bumped to libs master.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2025-06-29 08:07:24 +00:00 · 2023-03-21 14:33:59 +01:00 · 2023-03-21 14:33:59 +01:00 · 17b170b4f9
commit 17b170b4f9
parent e4d575b10d
5 changed files with 9 additions and 25 deletions
--- a/cmake/modules/driver.cmake
+++ b/cmake/modules/driver.cmake
@ -26,8 +26,8 @@ else()
  # In case you want to test against another driver version (or branch, or commit) just pass the variable -
  # ie., `cmake -DDRIVER_VERSION=dev ..`
  if(NOT DRIVER_VERSION)
-    set(DRIVER_VERSION "6ca2fc1fa9a9f5482dc92468a0a6e3404ae46723")
+    set(DRIVER_VERSION "6c11056815b9eff787c69f9b2188a2ae503533c9")
-    set(DRIVER_CHECKSUM "SHA256=4d390bdde2c061491cb73d5703a2e0db7bd681a4738b4a9e50252fff3628dd29")
+    set(DRIVER_CHECKSUM "SHA256=e0d671e09993c5f402054aab70858af5fe372eec201d4e1744c0a01d2959b750")
  endif()
  # cd /path/to/build && cmake /path/to/source
--- a/cmake/modules/falcosecurity-libs.cmake
+++ b/cmake/modules/falcosecurity-libs.cmake
@ -27,8 +27,8 @@ else()
  # In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable -
  # ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..`
  if(NOT FALCOSECURITY_LIBS_VERSION)
-    set(FALCOSECURITY_LIBS_VERSION "6ca2fc1fa9a9f5482dc92468a0a6e3404ae46723")
+    set(FALCOSECURITY_LIBS_VERSION "6c11056815b9eff787c69f9b2188a2ae503533c9")
-    set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=4d390bdde2c061491cb73d5703a2e0db7bd681a4738b4a9e50252fff3628dd29")
+    set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=e0d671e09993c5f402054aab70858af5fe372eec201d4e1744c0a01d2959b750")
  endif()
  # cd /path/to/build && cmake /path/to/source
--- a/userspace/falco/app/actions/configure_interesting_sets.cpp
+++ b/userspace/falco/app/actions/configure_interesting_sets.cpp
@ -159,16 +159,6 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
 	}
 }
 static void select_kernel_tracepoint_set(falco::app::state& s)
 {
 	/* Kernel tracepoints activation
 	 * Activate all tracepoints except `sched_switch` tracepoint since it
 	 * is highly noisy and not so useful
 	 * for our state/events enrichment. */
 	s.selected_tp_set = libsinsp::events::sinsp_state_tp_set();
 	s.selected_tp_set.remove(ppm_tp_code::SCHED_SWITCH);
 }
 falco::app::run_result falco::app::actions::configure_interesting_sets(falco::app::state& s)
 {
 	if (s.engine == nullptr || s.config == nullptr)
@ -177,8 +167,7 @@ falco::app::run_result falco::app::actions::configure_interesting_sets(falco::ap
 	}
 	s.selected_sc_set.clear();
-	s.selected_tp_set.clear();
+
 	/* note: the set of events is the richest source of truth about
 	 * the events generable by an inspector, because they also carry information
 	 * about events that are old, unused, internal, and so on. As such, the
@ -190,6 +179,5 @@ falco::app::run_result falco::app::actions::configure_interesting_sets(falco::ap
 	auto rules_sc_set = s.engine->sc_codes_for_ruleset(falco_common::syscall_source);
 	select_event_set(s, rules_sc_set);
 	check_for_rules_unsupported_events(s, rules_sc_set);
 	select_kernel_tracepoint_set(s);
 	return run_result::ok();
 }
--- a/userspace/falco/app/actions/helpers_inspector.cpp
+++ b/userspace/falco/app/actions/helpers_inspector.cpp
@ -81,7 +81,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 		{
 			falco_logger::log(LOG_INFO, "Opening capture with modern BPF probe.");
 			falco_logger::log(LOG_INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) +  "' CPUs.");
-			inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.selected_sc_set, s.selected_tp_set);
+			inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.selected_sc_set);
 		}
 		else if(getenv(FALCO_BPF_ENV_VARIABLE) != NULL) /* BPF engine. */
 		{
@ -99,14 +99,14 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 				bpf_probe_path = full_path;
 			}
 			falco_logger::log(LOG_INFO, "Opening capture with BPF probe. BPF probe path: " + std::string(bpf_probe_path));
-			inspector->open_bpf(bpf_probe_path, s.syscall_buffer_bytes_size, s.selected_sc_set, s.selected_tp_set);
+			inspector->open_bpf(bpf_probe_path, s.syscall_buffer_bytes_size, s.selected_sc_set);
 		}
 		else /* Kernel module (default). */
 		{
 			try
 			{
 				falco_logger::log(LOG_INFO, "Opening capture with Kernel module");
-				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set, s.selected_tp_set);
+				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set);
 			}
 			catch(sinsp_exception &e)
 			{
@ -116,7 +116,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 				{
 					falco_logger::log(LOG_ERR, "Unable to load the driver\n");
 				}
-				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set, s.selected_tp_set);
+				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set);
 			}
 		}
 	}
--- a/userspace/falco/app/state.h
+++ b/userspace/falco/app/state.h
@ -67,7 +67,6 @@ struct state
        source_infos(),
        plugin_configs(),
        selected_sc_set(),
        selected_tp_set(),
        syscall_buffer_bytes_size(DEFAULT_DRIVER_BUFFER_BYTES_DIM)
    {
        config = std::make_shared<falco_configuration>();
@ -121,9 +120,6 @@ struct state
    // Set of syscalls we want the driver to capture
    libsinsp::events::set<ppm_sc_code> selected_sc_set;
    // Set of tracepoints we want the driver to capture
    libsinsp::events::set<ppm_tp_code> selected_tp_set;
    // Dimension of the syscall buffer in bytes.
    uint64_t syscall_buffer_bytes_size;