github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-30 21:10:01 +00:00
Code Issues Projects Releases Wiki Activity

fix(engine): index old version of events in rulesets

Browse Source 
Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce 2022-08-03 12:55:30 +00:00 committed by poiana
parent 577ba5904b
commit a46cbcffe8
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
userspace/engine/filter_evttype_resolver.cpp
View File

@ -48,9 +48,8 @@ void filter_evttype_resolver::visitor::evttypes(string evtname, set<uint16_t>& o
const struct ppm_event_info* etable = g_infotables.m_event_info;
for(uint16_t i = 2; i < PPM_EVENT_MAX; i++)
{
// Skip "old" event versions, unused events, or events not matching
// the requested evtname
if(!(etable[i].flags & (EF_OLD_VERSION | EF_UNUSED))
// Skip unused events or events not matching the requested evtname
if(!(etable[i].flags & EF_UNUSED)
&& (evtname.empty() || string(etable[i].name) == evtname))
{
out.insert(i);