github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-05 02:47:05 +00:00
Code Issues Projects Releases Wiki Activity

update(userspace/engine): use sinsp api to access event table information

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce 2022-10-11 14:15:34 +00:00 committed by poiana
parent 7da3041cb3
commit 4cb556aed2
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
userspace/engine/filter_evttype_resolver.cpp
View File

@ -19,8 +19,6 @@ limitations under the License.
using namespace libsinsp::filter;
extern sinsp_evttables g_infotables;
static bool is_evttype_operator(const std::string& op)
{
return op == "==" || op == "=" || op == "!=" || op == "in";
@ -32,7 +30,6 @@ size_t falco_event_types::get_ppm_event_max()
return PPM_EVENT_MAX;
}
void filter_evttype_resolver::visitor::inversion(falco_event_types& types)
{
falco_event_types all_types;
@ -47,12 +44,12 @@ void filter_evttype_resolver::visitor::evttypes(const std::string& evtname, falc
{
// Fill in from 2 to PPM_EVENT_MAX-1. 0 and 1 are excluded as
// those are PPM_GENERIC_E/PPME_GENERIC_X
const struct ppm_event_info* etable = g_infotables.m_event_info;
static sinsp s_inspector;
const auto etable = s_inspector.get_event_info_tables()->m_event_info;
for(uint16_t i = 2; i < PPM_EVENT_MAX; i++)
{
// Skip unused events or events not matching the requested evtname
if(!(etable[i].flags & EF_UNUSED)
&& (evtname.empty() || std::string(etable[i].name) == evtname))
if(!sinsp::is_unused_event(i) && (evtname.empty() || std::string(etable[i].name) == evtname))
{
out.insert(i);
}