From e7d76ca7227a01c3662427f866142084ba3de130 Mon Sep 17 00:00:00 2001
From: Jason Dellaluce <jasondellaluce@gmail.com>
Date: Fri, 17 Feb 2023 11:21:01 +0000
Subject: [PATCH] refactor(userspace/falco): use new event definitions in app
 state

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
---
 userspace/falco/app/actions/helpers_inspector.cpp |  8 ++++----
 userspace/falco/app/state.h                       | 11 ++++++-----
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/userspace/falco/app/actions/helpers_inspector.cpp b/userspace/falco/app/actions/helpers_inspector.cpp
index 04db949d..11fded2c 100644
--- a/userspace/falco/app/actions/helpers_inspector.cpp
+++ b/userspace/falco/app/actions/helpers_inspector.cpp
@@ -81,7 +81,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 		{
 			falco_logger::log(LOG_INFO, "Opening capture with modern BPF probe.");
 			falco_logger::log(LOG_INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) +  "' CPUs.");
-			inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.ppm_sc_of_interest, s.tp_of_interest);
+			inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.selected_sc_set, s.selected_tp_set);
 		}
 		else if(getenv(FALCO_BPF_ENV_VARIABLE) != NULL) /* BPF engine. */
 		{
@@ -99,14 +99,14 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 				bpf_probe_path = full_path;
 			}
 			falco_logger::log(LOG_INFO, "Opening capture with BPF probe. BPF probe path: " + std::string(bpf_probe_path));
-			inspector->open_bpf(bpf_probe_path, s.syscall_buffer_bytes_size, s.ppm_sc_of_interest, s.tp_of_interest);
+			inspector->open_bpf(bpf_probe_path, s.syscall_buffer_bytes_size, s.selected_sc_set, s.selected_tp_set);
 		}
 		else /* Kernel module (default). */
 		{
 			try
 			{
 				falco_logger::log(LOG_INFO, "Opening capture with Kernel module");
-				inspector->open_kmod(s.syscall_buffer_bytes_size, s.ppm_sc_of_interest, s.tp_of_interest);
+				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set, s.selected_tp_set);
 			}
 			catch(sinsp_exception &e)
 			{
@@ -116,7 +116,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 				{
 					falco_logger::log(LOG_ERR, "Unable to load the driver\n");
 				}
-				inspector->open_kmod(s.syscall_buffer_bytes_size, s.ppm_sc_of_interest, s.tp_of_interest);
+				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set, s.selected_tp_set);
 			}
 		}
 	}
diff --git a/userspace/falco/app/state.h b/userspace/falco/app/state.h
index 39f4cb8b..7f79028a 100644
--- a/userspace/falco/app/state.h
+++ b/userspace/falco/app/state.h
@@ -63,8 +63,9 @@ struct state
         enabled_sources(),
         source_infos(),
         plugin_configs(),
-        ppm_sc_of_interest(),
-        tp_of_interest(),
+        selected_event_set(),
+        selected_sc_set(),
+        selected_tp_set(),
         syscall_buffer_bytes_size(DEFAULT_DRIVER_BUFFER_BYTES_DIM)
     {
         config = std::make_shared<falco_configuration>();
@@ -106,13 +107,13 @@ struct state
     indexed_vector<falco_configuration::plugin_config> plugin_configs;
 
     // Set of events we want the driver to capture
-    std::unordered_set<uint32_t> ppm_event_info_of_interest;
+    libsinsp::events::set<ppm_event_code> selected_event_set;
 
     // Set of syscalls we want the driver to capture
-    std::unordered_set<uint32_t> ppm_sc_of_interest;
+    libsinsp::events::set<ppm_sc_code> selected_sc_set;
 
     // Set of tracepoints we want the driver to capture
-    std::unordered_set<uint32_t> tp_of_interest;
+    libsinsp::events::set<ppm_tp_code> selected_tp_set;
 
     // Dimension of the syscall buffer in bytes.
     uint64_t syscall_buffer_bytes_size;