github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-10 18:42:33 +00:00
Code Issues Projects Releases Wiki Activity

cleanup(userspace/falco): minor adjustments to stats writer and rebase correction

Browse Source 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby 2023-11-18 04:57:05 +00:00 committed by poiana
parent 9cb4c09500
commit 3e4566e5af
1 changed files with 76 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
userspace/falco/stats_writer.cpp
View File

@ -15,7 +15,9 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
#ifndef _WIN32
#include <sys/time.h> #include <sys/time.h>
#endif
#include <ctime> #include <ctime>
#include <csignal> #include <csignal>
#include <nlohmann/json.hpp> #include <nlohmann/json.hpp>
@ -33,7 +35,11 @@ limitations under the License.
// overflows here. Threads calling stats_writer::handle() will just // overflows here. Threads calling stats_writer::handle() will just
// check that this value changed since their last observation. // check that this value changed since their last observation.
static std::atomic<stats_writer::ticker_t> s_timer((stats_writer::ticker_t) 0); static std::atomic<stats_writer::ticker_t> s_timer((stats_writer::ticker_t) 0);
#if !defined(__APPLE__) && !defined(_WIN32)
static timer_t s_timerid; static timer_t s_timerid;
#else
static uint16_t s_timerid;
#endif
// note: Workaround for older GLIBC versions (< 2.35), where calling timer_delete() // note: Workaround for older GLIBC versions (< 2.35), where calling timer_delete()
// with an invalid timer ID not returned by timer_create() causes a segfault because of // with an invalid timer ID not returned by timer_create() causes a segfault because of
// a bug in GLIBC (https://sourceware.org/bugzilla/show_bug.cgi?id=28257). // a bug in GLIBC (https://sourceware.org/bugzilla/show_bug.cgi?id=28257).
@ -46,6 +52,37 @@ static void timer_handler(int signum)
s_timer.fetch_add(1, std::memory_order_relaxed); s_timer.fetch_add(1, std::memory_order_relaxed);
} }
#if defined(_WIN32)
bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err)
{
return true;
}
#endif
#if defined(__APPLE__)
bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err)
{
struct sigaction handler = {};
memset (&handler, 0, sizeof(handler));
handler.sa_handler = &timer_handler;
if (sigaction(SIGALRM, &handler, NULL) == -1)
{
err = std::string("Could not set up signal handler for periodic timer: ") + strerror(errno);
return false;
}
struct sigevent sev = {};
/* Create the timer */
sev.sigev_notify = SIGEV_SIGNAL;
sev.sigev_signo = SIGALRM;
sev.sigev_value.sival_ptr = &s_timerid;
return true;
}
#endif
#if defined(EMSCRIPTEN)
bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err) bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err)
{ {
struct itimerspec timer = {}; struct itimerspec timer = {};
@ -58,13 +95,40 @@ bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err)
err = std::string("Could not set up signal handler for periodic timer: ") + strerror(errno); err = std::string("Could not set up signal handler for periodic timer: ") + strerror(errno);
return false; return false;
} }
struct sigevent sev = {};
/* Create the timer */
sev.sigev_notify = SIGEV_SIGNAL;
sev.sigev_signo = SIGALRM;
sev.sigev_value.sival_ptr = &s_timerid;
timer.it_value.tv_sec = interval_msec / 1000;
timer.it_value.tv_nsec = (interval_msec % 1000) * 1000 * 1000;
timer.it_interval = timer.it_value;
return true;
}
#endif
#if defined(__linux__)
bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err)
{
struct itimerspec timer = {};
struct sigaction handler = {};
memset (&handler, 0, sizeof(handler));
handler.sa_handler = &timer_handler;
if (sigaction(SIGALRM, &handler, NULL) == -1)
{
err = std::string("Could not set up signal handler for periodic timer: ") + strerror(errno);
return false;
}
struct sigevent sev = {}; struct sigevent sev = {};
/* Create the timer */ /* Create the timer */
sev.sigev_notify = SIGEV_SIGNAL; sev.sigev_notify = SIGEV_SIGNAL;
sev.sigev_signo = SIGALRM; sev.sigev_signo = SIGALRM;
sev.sigev_value.sival_ptr = &s_timerid; sev.sigev_value.sival_ptr = &s_timerid;
#ifndef __EMSCRIPTEN__
// delete any previously set timer // delete any previously set timer
if (s_timerid_exists) if (s_timerid_exists)
{ {
@ -83,20 +147,19 @@ bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err)
} }
s_timerid_exists = true; s_timerid_exists = true;
#endif
timer.it_value.tv_sec = interval_msec / 1000; timer.it_value.tv_sec = interval_msec / 1000;
timer.it_value.tv_nsec = (interval_msec % 1000) * 1000 * 1000; timer.it_value.tv_nsec = (interval_msec % 1000) * 1000 * 1000;
timer.it_interval = timer.it_value; timer.it_interval = timer.it_value;
#ifndef __EMSCRIPTEN__
if (timer_settime(s_timerid, 0, &timer, NULL) == -1) if (timer_settime(s_timerid, 0, &timer, NULL) == -1)
{ {
err = std::string("Could not set up periodic timer: ") + strerror(errno); err = std::string("Could not set up periodic timer: ") + strerror(errno);
return false; return false;
} }
#endif
return true; return true;
} }
#endif
stats_writer::ticker_t stats_writer::get_ticker() stats_writer::ticker_t stats_writer::get_ticker()
{ {
@ -151,7 +214,7 @@ stats_writer::~stats_writer()
m_file_output.close(); m_file_output.close();
} }
// delete timerID and reset timer // delete timerID and reset timer
#ifndef __EMSCRIPTEN__ #ifdef __linux__
if (s_timerid_exists) if (s_timerid_exists)
{ {
timer_delete(s_timerid); timer_delete(s_timerid);
@ -232,7 +295,7 @@ void stats_writer::worker() noexcept
} }
catch(const std::exception &e) catch(const std::exception &e)
{ {
falco_logger::log(LOG_ERR, "stats_writer (worker): " + std::string(e.what()) + "\n"); falco_logger::log(falco_logger::level::ERR, "stats_writer (worker): " + std::string(e.what()) + "\n");
} }
} }
} }
@ -280,7 +343,7 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
if (m_last_num_evts != 0 && stats_snapshot_time_delta_sec > 0) if (m_last_num_evts != 0 && stats_snapshot_time_delta_sec > 0)
{ {
/* Successfully processed userspace event rate. */ /* Successfully processed userspace event rate. */
output_fields["falco.evts_rate_sec"] = (double)((num_evts - m_last_num_evts) / (double)stats_snapshot_time_delta_sec); output_fields["falco.evts_rate_sec"] = std::round((double)((num_evts - m_last_num_evts) / (double)stats_snapshot_time_delta_sec) * 10.0) / 10.0; // round to 1 decimal
} }
output_fields["falco.num_evts"] = num_evts; output_fields["falco.num_evts"] = num_evts;
output_fields["falco.num_evts_prev"] = m_last_num_evts; output_fields["falco.num_evts_prev"] = m_last_num_evts;
@ -293,7 +356,6 @@ void stats_writer::collector::get_metrics_output_fields_additional(
double stats_snapshot_time_delta_sec, const std::string& src) double stats_snapshot_time_delta_sec, const std::string& src)
{ {
const scap_agent_info* agent_info = inspector->get_agent_info(); const scap_agent_info* agent_info = inspector->get_agent_info();
const scap_machine_info* machine_info = inspector->get_machine_info();
#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) #if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
uint32_t nstats = 0; uint32_t nstats = 0;
@ -380,10 +442,9 @@ void stats_writer::collector::get_metrics_output_fields_additional(
{ {
flags &= ~PPM_SCAP_STATS_LIBBPF_STATS; flags &= ~PPM_SCAP_STATS_LIBBPF_STATS;
} }
if (!(machine_info->flags & PPM_BPF_STATS_ENABLED))
{ // Note: ENGINE_FLAG_BPF_STATS_ENABLED check has been moved to libs, that is, when libbpf stats is not enabled
flags &= ~PPM_SCAP_STATS_LIBBPF_STATS; // in the kernel settings we won't collect them even if the end user enabled the libbpf stats option
}
const scap_stats_v2* scap_stats_v2_snapshot = inspector->get_capture_stats_v2(flags, &nstats, &rc); const scap_stats_v2* scap_stats_v2_snapshot = inspector->get_capture_stats_v2(flags, &nstats, &rc);
if (scap_stats_v2_snapshot && nstats > 0 && rc == 0) if (scap_stats_v2_snapshot && nstats > 0 && rc == 0)
@ -416,7 +477,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
if (n_evts_delta != 0 && stats_snapshot_time_delta_sec > 0) if (n_evts_delta != 0 && stats_snapshot_time_delta_sec > 0)
{ {
/* n_evts is total number of kernel side events. */ /* n_evts is total number of kernel side events. */
output_fields["scap.evts_rate_sec"] = (double)(n_evts_delta / stats_snapshot_time_delta_sec); output_fields["scap.evts_rate_sec"] = std::round((double)(n_evts_delta / stats_snapshot_time_delta_sec) * 10.0) / 10.0; // round to 1 decimal
} }
else else
{ {
@ -434,7 +495,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
if (n_drops_delta != 0 && stats_snapshot_time_delta_sec > 0) if (n_drops_delta != 0 && stats_snapshot_time_delta_sec > 0)
{ {
/* n_drops is total number of kernel side event drops. */ /* n_drops is total number of kernel side event drops. */
output_fields["scap.evts_drop_rate_sec"] = (double)(n_drops_delta / stats_snapshot_time_delta_sec); output_fields["scap.evts_drop_rate_sec"] = std::round((double)(n_drops_delta / stats_snapshot_time_delta_sec) * 10.0) / 10.0; // round to 1 decimal
} }
else else
{ {