mirror of
https://github.com/falcosecurity/falco.git
synced 2026-01-17 07:57:15 +00:00
044a7c153e
Modify rulesets to not keep track of the event types for a given set filter. Instead, using the changes in https://github.com/falcosecurity/libs/pull/74 event types are returned directly by the filter. Within each ruleset, there's a vector that maps from event number to set of filters that are related to that event number. There's also a general set of filters for all event types. run() both indexes into the per-event vector as well as iterate over the all event types set. Also, used shared_ptr instead of direct pointers, which matches the updated interface used by lua_parser. This simplifies the bookkeeping a bit (no more delete when removing rulesets). Given these changes, there's no need for a separate falco_sinsp_ruleset class any longer, so remove it. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
5.3 KiB
5.3 KiB