cleanup(userspace,config): apply reviewers suggestions

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
2025-07-15 15:32:04 +00:00 · 2023-05-30 17:04:41 +00:00 · 2023-05-30 17:04:41 +00:00 · efd0c7421e
commit efd0c7421e
parent b29f6f4b2f
4 changed files with 38 additions and 26 deletions
--- a/falco.yaml
+++ b/falco.yaml
@ -77,11 +77,12 @@
 # configuration, you can run `falco --help` in your terminal. You can also pass
 # configuration options from this config file as command-line arguments by using
 # the `-o` flag followed by the option name and value. In the following example,
-# three config options (`json_output`, `log_level`, and `log_stderr`) are passed as
-# command-line arguments with their corresponding values:
-# `falco -o "json_output=true" -o "log_level=debug" -o "log_stderr=true"`. Please
-# note that command-line arguments take precedence over the options specified in
-# this config file.
+# three config options (`json_output`, `log_level`, and
+# `modern_bpf.cpus_for_each_syscall_buffer`) are passed as command-line
+# arguments with their corresponding values: falco -o "json_output=true"
+# -o "log_level=debug" -o "modern_bpf.cpus_for_each_syscall_buffer=4" 
+# Please note that command-line arguments take precedence over the options
+# specified in this config file.


 ###############################
@ -596,7 +597,8 @@ syscall_event_drops:

 # [Experimental] `metrics`
 #
-# Generates "Falco internal: metrics snapshot" rule output when `priority=info` at minimum
+# Generates "Falco internal: metrics snapshot" rule output when `priority=info`
+# at minimum
 #
 # periodic metric snapshots (including stats and resource utilization) captured
 # at regular intervals
@ -642,15 +644,25 @@ syscall_event_drops:
 # https://prometheus.io/docs/prometheus/latest/querying/basics/#time-durations
 #
 # Time durations are specified as a number, followed immediately by one of the
-# following units: ms - milliseconds s - seconds m - minutes h - hours d - days
-# - assuming a day has always 24h w - weeks - assuming a week has always 7d y -
-# years - assuming a year has always 365d
+# following units:
+# ms - millisecond
+# s - second
+# m - minute
+# h - hour
+# d - day - assuming a day has always 24h
+# w - week - assuming a week has always 7d
+# y - year - assuming a year has always 365d
 #
 # Example of a valid time duration: 1h30m20s10ms
 #
 # A minimum interval of 100ms is enforced for metric collection. However, for
 # production environments, we recommend selecting one of the following intervals
-# for optimal monitoring: 15m 30m 1h 4h 6h
+# for optimal monitoring:
+# 15m
+# 30m
+# 1h
+# 4h
+# 6h
 #
 # `output_rule`: To enable seamless metrics and performance monitoring, we
 # recommend emitting metrics as the rule "Falco internal: metrics snapshot".
@ -688,14 +700,14 @@ syscall_event_drops:
 # Additionally, please be aware that the current implementation of `libbpf` does
 # not support granularity of statistics at the bpf tail call level.
 #
-# `send_numeric_zero_values`: When the option is set to true, fields with a numeric
-# value of zero will be included in the output. However, this rule does not apply to
-# high-level fields such as `n_evts` or `n_drops`; they will always be included in the
-# output even if their value is zero. This option can be beneficial for exploring
-# the data schema and ensuring that fields with zero values are included in the output.
+# `include_empty_values`: When the option is set to true, fields with an empty
+# numeric value will be included in the output. However, this rule does not
+# apply to high-level fields such as `n_evts` or `n_drops`; they will always be
+# included in the output even if their value is empty. This option can be
+# beneficial for exploring the data schema and ensuring that fields with empty
+# values are included in the output.
 #
-# todo: prometheus export option
-# todo: syscall_counters_enabled option
+# todo: prometheus export option todo: syscall_counters_enabled option
 metrics:
  enabled: false
  interval: 1h
@ -705,7 +717,7 @@ metrics:
  kernel_event_counters_enabled: true
  libbpf_stats_enabled: true
  convert_memory_to_mb: true
-  send_numeric_zero_values: false
+  include_empty_values: false


 #######################################
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@ -69,7 +69,7 @@ falco_configuration::falco_configuration():
 	m_metrics_kernel_event_counters_enabled(true),
 	m_metrics_libbpf_stats_enabled(true),
 	m_metrics_convert_memory_to_mb(true),
-	m_metrics_send_numeric_zero_values(false)
+	m_metrics_include_empty_values(false)
 {
 	init({});
 }
@ -357,7 +357,7 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h
 	m_metrics_kernel_event_counters_enabled = config.get_scalar<bool>("metrics.kernel_event_counters_enabled", true);
 	m_metrics_libbpf_stats_enabled = config.get_scalar<bool>("metrics.libbpf_stats_enabled", true);
 	m_metrics_convert_memory_to_mb = config.get_scalar<bool>("metrics.convert_memory_to_mb", true);
-	m_metrics_send_numeric_zero_values = config.get_scalar<bool>("metrics.send_numeric_zero_values", false);
+	m_metrics_include_empty_values = config.get_scalar<bool>("metrics.include_empty_values", false);

 	std::vector<std::string> load_plugins;

--- a/userspace/falco/configuration.h
+++ b/userspace/falco/configuration.h
@ -122,7 +122,7 @@ public:
 	bool m_metrics_kernel_event_counters_enabled;
 	bool m_metrics_libbpf_stats_enabled;
 	bool m_metrics_convert_memory_to_mb;
-	bool m_metrics_send_numeric_zero_values;
+	bool m_metrics_include_empty_values;

 	std::vector<plugin_config> m_plugins;

--- a/userspace/falco/stats_writer.cpp
+++ b/userspace/falco/stats_writer.cpp
@ -254,7 +254,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
 				switch(utilization[stat].type)
 				{
 				case STATS_VALUE_TYPE_U64:
-					if (utilization[stat].value.u64 == 0 && !m_writer->m_config->m_metrics_send_numeric_zero_values)
+					if (utilization[stat].value.u64 == 0 && !m_writer->m_config->m_metrics_include_empty_values)
 					{
 						break;
 					}
@ -268,7 +268,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
 					}
 					break;
 				case STATS_VALUE_TYPE_U32:
-					if (utilization[stat].value.u32 == 0 && !m_writer->m_config->m_metrics_send_numeric_zero_values)
+					if (utilization[stat].value.u32 == 0 && !m_writer->m_config->m_metrics_include_empty_values)
 					{
 						break;
 					}
@ -282,7 +282,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
 					}
 					break;
 				case STATS_VALUE_TYPE_D:
-					if (utilization[stat].value.d == 0 && !m_writer->m_config->m_metrics_send_numeric_zero_values)
+					if (utilization[stat].value.d == 0 && !m_writer->m_config->m_metrics_include_empty_values)
 					{
 						break;
 					}
@ -316,7 +316,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
 	const scap_stats_v2* stats_v2 = inspector->get_capture_stats_v2(flags, &nstats, &rc);
 	if (stats_v2 && nstats > 0 && rc == 0)
 	{
-		/* Cache n_evts and n_drops to derice n_drops_perc. */
+		/* Cache n_evts and n_drops to derive n_drops_perc. */
 		uint64_t n_evts = 0;
 		uint64_t n_drops = 0;
 		for(uint32_t stat = 0; stat < nstats; stat++)
@ -370,7 +370,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
 					}
 					m_last_n_drops = n_drops;
 				}
-				if (stats_v2[stat].value.u64 == 0 && !m_writer->m_config->m_metrics_send_numeric_zero_values)
+				if (stats_v2[stat].value.u64 == 0 && !m_writer->m_config->m_metrics_include_empty_values)
 				{
 					break;
 				}