github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-25 14:22:15 +00:00
Code Issues Projects Releases Wiki Activity

chore(userspace/falco): make re2 patterns statically lived.

Browse Source 
Moreover, rename `falco_metrics::` methods to better expose
they return prometheus metrics.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
This commit is contained in:
Federico Di Pierro 2025-05-28 09:05:01 +02:00 committed by poiana
parent bac052f5d2
commit a7433e032b
3 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
userspace/falco/falco_metrics.cpp
View File

@ -70,9 +70,9 @@ namespace fs = std::filesystem;
https://prometheus.io/docs/instrumenting/exposition_formats/#text-based-format https://prometheus.io/docs/instrumenting/exposition_formats/#text-based-format
*/ */
const std::string falco_metrics::content_type = "text/plain; version=0.0.4"; const std::string falco_metrics::content_type_prometheus = "text/plain; version=0.0.4";
std::string falco_metrics::falco_to_text( std::string falco_metrics::falco_to_text_prometheus(
const falco::app::state& state, const falco::app::state& state,
libs::metrics::prometheus_metrics_converter& prometheus_metrics_converter, libs::metrics::prometheus_metrics_converter& prometheus_metrics_converter,
std::vector<metrics_v2>& additional_wrapper_metrics) { std::vector<metrics_v2>& additional_wrapper_metrics) {
@ -169,7 +169,7 @@ std::string falco_metrics::falco_to_text(
METRIC_VALUE_TYPE_U64, METRIC_VALUE_TYPE_U64,
METRIC_VALUE_UNIT_COUNT, METRIC_VALUE_UNIT_COUNT,
METRIC_VALUE_METRIC_TYPE_MONOTONIC, METRIC_VALUE_METRIC_TYPE_MONOTONIC,
rules_by_id[i]->load()); count);
prometheus_metrics_converter.convert_metric_to_unit_convention(metric); prometheus_metrics_converter.convert_metric_to_unit_convention(metric);
std::map<std::string, std::string> const_labels = { std::map<std::string, std::string> const_labels = {
{"rule_name", rule->name}, {"rule_name", rule->name},
@ -224,7 +224,7 @@ std::string falco_metrics::falco_to_text(
return prometheus_text; return prometheus_text;
} }
std::string falco_metrics::sources_to_text( std::string falco_metrics::sources_to_text_prometheus(
const falco::app::state& state, const falco::app::state& state,
libs::metrics::prometheus_metrics_converter& prometheus_metrics_converter, libs::metrics::prometheus_metrics_converter& prometheus_metrics_converter,
std::vector<metrics_v2>& additional_wrapper_metrics) { std::vector<metrics_v2>& additional_wrapper_metrics) {
@ -234,6 +234,9 @@ std::string falco_metrics::sources_to_text(
SOURCE_PLUGIN_ENGINE, SOURCE_PLUGIN_ENGINE,
NODRIVER_ENGINE, NODRIVER_ENGINE,
GVISOR_ENGINE}; GVISOR_ENGINE};
static re2::RE2 drops_buffer_pattern("n_drops_buffer_([^_]+(?:_[^_]+)*)_(enter|exit)$");
static re2::RE2 cpu_pattern("(\\d+)");
std::string prometheus_text; std::string prometheus_text;
bool agent_info_written = false; bool agent_info_written = false;
bool machine_info_written = false; bool machine_info_written = false;
@ -315,10 +318,9 @@ std::string falco_metrics::sources_to_text(
strncmp(metric.name, "n_drops_cpu", 11) == 0) // prefix match strncmp(metric.name, "n_drops_cpu", 11) == 0) // prefix match
{ {
std::string name_str(metric.name); std::string name_str(metric.name);
re2::RE2 pattern("(\\d+)");
std::string cpu_number; std::string cpu_number;
if(re2::RE2::PartialMatch(name_str, pattern, &cpu_number)) { if(re2::RE2::PartialMatch(name_str, cpu_pattern, &cpu_number)) {
re2::RE2::GlobalReplace(&name_str, pattern, ""); re2::RE2::GlobalReplace(&name_str, cpu_pattern, "");
// possible double __ will be sanitized within libs // possible double __ will be sanitized within libs
auto metric_new = libs::metrics::libsinsp_metrics::new_metric( auto metric_new = libs::metrics::libsinsp_metrics::new_metric(
name_str.c_str(), name_str.c_str(),
@ -352,11 +354,10 @@ std::string falco_metrics::sources_to_text(
continue; continue;
} else if(strncmp(metric.name, "n_drops_buffer", 14) == 0) // prefix match } else if(strncmp(metric.name, "n_drops_buffer", 14) == 0) // prefix match
{ {
re2::RE2 pattern("n_drops_buffer_([^_]+(?:_[^_]+)*)_(enter|exit)$");
std::string drop; std::string drop;
std::string dir; std::string dir;
std::string name_str(metric.name); std::string name_str(metric.name);
if(re2::RE2::FullMatch(name_str, pattern, &drop, &dir)) { if(re2::RE2::FullMatch(name_str, drops_buffer_pattern, &drop, &dir)) {
auto metric_new = libs::metrics::libsinsp_metrics::new_metric( auto metric_new = libs::metrics::libsinsp_metrics::new_metric(
"n_drops_buffer", "n_drops_buffer",
METRICS_V2_KERNEL_COUNTERS, METRICS_V2_KERNEL_COUNTERS,
@ -470,18 +471,20 @@ std::string falco_metrics::sources_to_text(
The current implementation returns a Prometheus exposition formatted string. The current implementation returns a Prometheus exposition formatted string.
*/ */
std::string falco_metrics::to_text(const falco::app::state& state) { std::string falco_metrics::to_text_prometheus(const falco::app::state& state) {
libs::metrics::prometheus_metrics_converter prometheus_metrics_converter; libs::metrics::prometheus_metrics_converter prometheus_metrics_converter;
std::string prometheus_text; std::string prometheus_text;
std::vector<metrics_v2> additional_wrapper_metrics; std::vector<metrics_v2> additional_wrapper_metrics;
// Falco global metrics, once // Falco global metrics, once
prometheus_text += prometheus_text += falco_to_text_prometheus(state,
falco_to_text(state, prometheus_metrics_converter, additional_wrapper_metrics); prometheus_metrics_converter,
additional_wrapper_metrics);
// Metrics for each source // Metrics for each source
prometheus_text += prometheus_text += sources_to_text_prometheus(state,
sources_to_text(state, prometheus_metrics_converter, additional_wrapper_metrics); prometheus_metrics_converter,
additional_wrapper_metrics);
for(auto metric : additional_wrapper_metrics) { for(auto metric : additional_wrapper_metrics) {
prometheus_metrics_converter.convert_metric_to_unit_convention(metric); prometheus_metrics_converter.convert_metric_to_unit_convention(metric);

8
userspace/falco/falco_metrics.h
View File

@ -26,15 +26,15 @@ struct state;
class falco_metrics { class falco_metrics {
public: public:
static const std::string content_type; static const std::string content_type_prometheus;
static std::string to_text(const falco::app::state& state); static std::string to_text_prometheus(const falco::app::state& state);
private: private:
static std::string falco_to_text( static std::string falco_to_text_prometheus(
const falco::app::state& state, const falco::app::state& state,
libs::metrics::prometheus_metrics_converter& prometheus_metrics_converter, libs::metrics::prometheus_metrics_converter& prometheus_metrics_converter,
std::vector<metrics_v2>& additional_wrapper_metrics); std::vector<metrics_v2>& additional_wrapper_metrics);
static std::string sources_to_text( static std::string sources_to_text_prometheus(
const falco::app::state& state, const falco::app::state& state,
libs::metrics::prometheus_metrics_converter& prometheus_metrics_converter, libs::metrics::prometheus_metrics_converter& prometheus_metrics_converter,
std::vector<metrics_v2>& additional_wrapper_metrics); std::vector<metrics_v2>& additional_wrapper_metrics);

3
userspace/falco/webserver.cpp
View File

@ -60,7 +60,8 @@ void falco_webserver::start(const falco::app::state &state,
if(state.config->m_metrics_enabled && webserver_config.m_prometheus_metrics_enabled) { if(state.config->m_metrics_enabled && webserver_config.m_prometheus_metrics_enabled) {
m_server->Get("/metrics", [&state](const httplib::Request &, httplib::Response &res) { m_server->Get("/metrics", [&state](const httplib::Request &, httplib::Response &res) {
res.set_content(falco_metrics::to_text(state), falco_metrics::content_type); res.set_content(falco_metrics::to_text_prometheus(state),
falco_metrics::content_type_prometheus);
}); });
} }
// run server in a separate thread // run server in a separate thread