From 5ba94a36bd715fddb03a68130c6ac1255fa36e33 Mon Sep 17 00:00:00 2001
From: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Date: Mon, 23 Sep 2024 12:33:20 +0200
Subject: [PATCH] fix(falco_metrics): remove ifinfo_json stat/metric

Using JSON as value prevents any meaningful aggregation for the stats.
Splitting these information into multiple labels can drastically
increase the number of dimensions, as the number of interfaces and
addresses can be high in some environment. Moreover, these information
are not currently refreshed, even if they can frequently change. Given
these reasons, remove ifinfo_json from stats and metrics.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
---
 userspace/falco/falco_metrics.cpp | 33 -------------------------------
 userspace/falco/stats_writer.cpp  | 33 -------------------------------
 userspace/falco/stats_writer.h    |  1 -
 3 files changed, 67 deletions(-)

diff --git a/userspace/falco/falco_metrics.cpp b/userspace/falco/falco_metrics.cpp
index 7ff70364..a053de06 100644
--- a/userspace/falco/falco_metrics.cpp
+++ b/userspace/falco/falco_metrics.cpp
@@ -111,39 +111,6 @@ std::string falco_metrics::to_text(const falco::app::state& state)
 			prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("sha256_config_files", "falcosecurity", "falco", {{"file_name", fs_path.filename()}, {"sha256", item.second}});
 		}
 
-		static std::string ifinfo_json_escaped;
-		auto ipv4list = inspector->get_ifaddr_list().get_ipv4_list();
-		auto ipv6list = inspector->get_ifaddr_list().get_ipv6_list();
-		nlohmann::json ipv4_json;
-		nlohmann::json ipv6_json;
-		if(ipv4list)
-		{
-			for (const auto& item : *ipv4list)
-			{
-				if(item.m_name == "lo")
-				{
-					continue;
-				}
-				ipv4_json[item.m_name] = item.addr_to_string();
-			}
-		}
-
-		if(ipv6list)
-		{
-			for (const auto& item : *ipv6list)
-			{
-				if(item.m_name == "lo")
-				{
-					continue;
-				}
-				ipv6_json[item.m_name] = item.addr_to_string();
-			}
-		}
-		nlohmann::json ifinfo_json;
-		ifinfo_json["ipv4"] = ipv4_json;
-		ifinfo_json["ipv6"] = ipv6_json;
-		ifinfo_json_escaped = ifinfo_json.dump();
-		prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("host_ifinfo_json", "falcosecurity", "falco", {{"host_ifinfo_json", ifinfo_json_escaped}});
 #endif
 
 		for (const std::string& source: inspector->event_sources())
diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp
index 851f46ea..fac1b768 100644
--- a/userspace/falco/stats_writer.cpp
+++ b/userspace/falco/stats_writer.cpp
@@ -358,39 +358,6 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
 		output_fields[metric_name_file_sha256] = item.second;
 	}
 
-	auto ipv4list = inspector->get_ifaddr_list().get_ipv4_list();
-	auto ipv6list = inspector->get_ifaddr_list().get_ipv6_list();
-	nlohmann::json ipv4_json;
-	nlohmann::json ipv6_json;
-	if(ipv4list)
-	{
-		for (const auto& item : *ipv4list)
-		{
-			if(item.m_name == "lo")
-			{
-				continue;
-			}
-			ipv4_json[item.m_name] = item.addr_to_string();
-		}
-	}
-
-	if(ipv6list)
-	{
-		for (const auto& item : *ipv6list)
-		{
-			if(item.m_name == "lo")
-			{
-				continue;
-			}
-			ipv6_json[item.m_name] = item.addr_to_string();
-		}
-	}
-	nlohmann::json ifinfo_json;
-	ifinfo_json["ipv4"] = ipv4_json;
-	ifinfo_json["ipv6"] = ipv6_json;
-	m_ifinfo_json_escaped = ifinfo_json.dump();
-	output_fields["falco.host_ifinfo_json"] = m_ifinfo_json_escaped;
-
 #endif
 	output_fields["evt.source"] = src;
 	for (size_t i = 0; i < sizeof(all_driver_engines) / sizeof(const char*); i++)
diff --git a/userspace/falco/stats_writer.h b/userspace/falco/stats_writer.h
index f85f509b..b25ed4dd 100644
--- a/userspace/falco/stats_writer.h
+++ b/userspace/falco/stats_writer.h
@@ -80,7 +80,6 @@ public:
 		uint64_t m_last_n_evts = 0;
 		uint64_t m_last_n_drops = 0;
 		uint64_t m_last_num_evts = 0;
-		std::string m_ifinfo_json_escaped;
 	};
 
 	stats_writer(const stats_writer&) = delete;