update(CHANGELOG.md): release 0.41.3

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

CHANGELOG.md

@@ -1,5 +1,67 @@
 # Change Log
 
+## v0.41.3
+
+Released on 2025-07-01
+
+
+
+### Minor Changes
+
+* update: bump container plugin to v0.3.1 [[#3629](https://github.com/falcosecurity/falco/pull/3629)] - [@FedeDP](https://github.com/FedeDP)
+
+
+
+
+### Statistics
+
+|   MERGED PRS    | NUMBER |
+|-----------------|--------|
+| Not user-facing |      0 |
+| Release note    |      1 |
+| Total           |      1 |
+
+## v0.41.2
+
+Released on 2025-06-17
+
+
+
+### Minor Changes
+
+* update(build): update container plugin to 0.3.0 [[#3619](https://github.com/falcosecurity/falco/pull/3619)] - [@ekoops](https://github.com/ekoops)
+
+
+
+### Non user-facing changes
+
+* update(build): update container plugin to 0.2.6 [[#3611](https://github.com/falcosecurity/falco/pull/3611)] - [@leogr](https://github.com/leogr)
+
+### Statistics
+
+|   MERGED PRS    | NUMBER |
+|-----------------|--------|
+| Not user-facing |      1 |
+| Release note    |      1 |
+| Total           |      2 |
+
+## v0.41.1
+
+Released on 2025-06-05
+
+### Bug Fixes
+
+* fix(userspace/falco): when collecting metrics for stats_writer, create a `libs_metrics_collector` for each source [[#3585](https://github.com/falcosecurity/falco/pull/3585)] - [@FedeDP](https://github.com/FedeDP)
+* fix(userspace/falco): only enable prometheus metrics once all inspectors have been opened [[#3588](https://github.com/falcosecurity/falco/pull/3588)] - [@FedeDP](https://github.com/FedeDP)
+
+### Statistics
+
+|   MERGED PRS    | NUMBER |
+|-----------------|--------|
+| Not user-facing |      0 |
+| Release note    |      2 |
+| Total           |      2 |
+
 ## v0.41.0
 
 Released on 2025-05-29

CMakeLists.txt

@@ -267,11 +267,11 @@ if(NOT WIN32
    AND NOT MUSL_OPTIMIZED_BUILD
 )
 	include(falcoctl)
-	set(CONTAINER_VERSION "0.2.4")
+	set(CONTAINER_VERSION "0.3.1")
 	if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
-		set(CONTAINER_HASH "2b6cf7c014fa29dffbc063582343402b863581218e704ca8021bc971c3e029fc")
+		set(CONTAINER_HASH "2c8f351448b30044560affd493e7af75dd1207a9ee9c26970e5aa41f1371059a")
 	else() # arm64
-		set(CONTAINER_HASH "ad96c2baa299fa51b6be07a93b21dd03fe6e2a9bea44cc13ea50a346e5d22774")
+		set(CONTAINER_HASH "8ebe2d7f691ba7fd47534cbffc640fd6830e5057742f185e0fda8fed7ab192a4")
 	endif()
 	include(container_plugin)
 

userspace/falco/app/actions/process_events.cpp

@@ -235,12 +235,6 @@ static falco::app::run_result do_inspect(
 			}
 
 			// for capture mode, the source name can change at every event
-			// TODO: This may currently cause issues for multiple event sources. We are deferring
-			// the fix to Falco 0.42.0.
-			// For multiple event sources, it generates `n` metrics logs per source at a time, as
-			// expected, with the engine_name correctly reflected. However, the order may interfere,
-			// as the correct inspector for the syscalls event source seems to never get passed,
-			// resulting in most metrics being missing.
 			stats_collector.collect(inspector,
 			                        inspector->event_sources()[source_engine_idx],
 			                        num_evts);
@@ -491,6 +485,10 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
 				}
 
 				if(s.enabled_sources.size() == 1) {
+					if(s.on_inspectors_opened != nullptr) {
+						s.on_inspectors_opened();
+					}
+
 					// optimization: with only one source we don't spawn additional threads
 					process_inspector_events(s,
 					                         src_info->inspector,
@@ -520,6 +518,9 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
 				break;
 			}
 		}
+		if(s.enabled_sources.size() > 1 && s.on_inspectors_opened != nullptr) {
+			s.on_inspectors_opened();
+		}
 
 		// wait for event processing to terminate for all sources
 		// if a thread terminates with an error, we trigger the app termination

userspace/falco/app/actions/start_webserver.cpp

@@ -44,6 +44,7 @@ falco::app::run_result falco::app::actions::start_webserver(falco::app::state& s
 	                          std::to_string(webserver_config.m_listen_port) + ssl_option + "\n");
 
 	state.webserver.start(state, webserver_config);
+	state.on_inspectors_opened = [&state]() { state.webserver.enable_prometheus_metrics(state); };
 #endif
 	return run_result::ok();
 }

userspace/falco/app/state.h

@@ -116,6 +116,9 @@ struct state {
 
 	falco_webserver webserver;
 #endif
+	// Set by start_webserver to start prometheus metrics
+	// once all inspectors are opened.
+	std::function<void()> on_inspectors_opened = nullptr;
 
 	inline bool is_capture_mode() const { return config->m_engine_mode == engine_kind_t::REPLAY; }
 

userspace/falco/stats_writer.cpp

@@ -414,7 +414,8 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
 
 void stats_writer::collector::get_metrics_output_fields_additional(
         nlohmann::json& output_fields,
-        double stats_snapshot_time_delta_sec) {
+        double stats_snapshot_time_delta_sec,
+        const std::string& src) {
 	// Falco metrics categories
 	//
 	// rules_counters_enabled
@@ -478,7 +479,8 @@ void stats_writer::collector::get_metrics_output_fields_additional(
 #endif
 
 #if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
-	if(m_writer->m_libs_metrics_collector && m_writer->m_output_rule_metrics_converter) {
+	if(m_writer->m_libs_metrics_collectors.find(src) != m_writer->m_libs_metrics_collectors.end() &&
+	   m_writer->m_output_rule_metrics_converter) {
 		// Libs metrics categories
 		//
 		// resource_utilization_enabled
@@ -487,8 +489,9 @@ void stats_writer::collector::get_metrics_output_fields_additional(
 		// libbpf_stats_enabled
 
 		// Refresh / New snapshot
-		m_writer->m_libs_metrics_collector->snapshot();
-		auto metrics_snapshot = m_writer->m_libs_metrics_collector->get_metrics();
+		auto& libs_metrics_collector = m_writer->m_libs_metrics_collectors[src];
+		libs_metrics_collector->snapshot();
+		auto metrics_snapshot = libs_metrics_collector->get_metrics();
 		// Cache n_evts and n_drops to derive n_drops_perc.
 		uint64_t n_evts = 0;
 		uint64_t n_drops = 0;
@@ -611,7 +614,8 @@ void stats_writer::collector::collect(const std::shared_ptr<sinsp>& inspector,
                                       uint64_t num_evts) {
 	if(m_writer->has_output()) {
 #if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
-		if(!m_writer->m_libs_metrics_collector) {
+		if(m_writer->m_libs_metrics_collectors.find(src) ==
+		   m_writer->m_libs_metrics_collectors.end()) {
 			uint32_t flags = m_writer->m_config->m_metrics_flags;
 			// Note: ENGINE_FLAG_BPF_STATS_ENABLED check has been moved to libs, that is, when
 			// libbpf stats is not enabled in the kernel settings we won't collect them even if the
@@ -625,7 +629,7 @@ void stats_writer::collector::collect(const std::shared_ptr<sinsp>& inspector,
 				flags &= ~(METRICS_V2_KERNEL_COUNTERS | METRICS_V2_KERNEL_COUNTERS_PER_CPU |
 				           METRICS_V2_STATE_COUNTERS | METRICS_V2_LIBBPF_STATS);
 			}
-			m_writer->m_libs_metrics_collector =
+			m_writer->m_libs_metrics_collectors[src] =
 			        std::make_unique<libs::metrics::libs_metrics_collector>(inspector.get(), flags);
 		}
 
@@ -658,7 +662,7 @@ void stats_writer::collector::collect(const std::shared_ptr<sinsp>& inspector,
 			                                  now,
 			                                  stats_snapshot_time_delta_sec);
 
-			get_metrics_output_fields_additional(output_fields, stats_snapshot_time_delta_sec);
+			get_metrics_output_fields_additional(output_fields, stats_snapshot_time_delta_sec, src);
 
 			/* Send message in the queue */
 			stats_writer::msg msg;

userspace/falco/stats_writer.h

@@ -79,7 +79,8 @@ public:
 		   fields.
 		*/
 		void get_metrics_output_fields_additional(nlohmann::json& output_fields,
-		                                          double stats_snapshot_time_delta_sec);
+		                                          double stats_snapshot_time_delta_sec,
+		                                          const std::string& src);
 
 		std::shared_ptr<stats_writer> m_writer;
 		// Init m_last_tick w/ invalid value to enable metrics logging immediately after
@@ -153,7 +154,9 @@ private:
 	tbb::concurrent_bounded_queue<stats_writer::msg> m_queue;
 #endif
 #if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
-	std::unique_ptr<libs::metrics::libs_metrics_collector> m_libs_metrics_collector;
+	// Per source map of libs metrics collectors
+	std::unordered_map<std::string, std::unique_ptr<libs::metrics::libs_metrics_collector>>
+	        m_libs_metrics_collectors;
 	std::unique_ptr<libs::metrics::output_rule_metrics_converter> m_output_rule_metrics_converter;
 #endif
 	std::shared_ptr<falco_outputs> m_outputs;

userspace/falco/webserver.cpp

@@ -58,12 +58,6 @@ void falco_webserver::start(const falco::app::state &state,
 		              res.set_content(versions_json_str, "application/json");
 	              });
 
-	if(state.config->m_metrics_enabled && webserver_config.m_prometheus_metrics_enabled) {
-		m_server->Get("/metrics", [&state](const httplib::Request &, httplib::Response &res) {
-			res.set_content(falco_metrics::to_text_prometheus(state),
-			                falco_metrics::content_type_prometheus);
-		});
-	}
 	// run server in a separate thread
 	if(!m_server->is_valid()) {
 		m_server = nullptr;
@@ -106,3 +100,13 @@ void falco_webserver::stop() {
 		m_running = false;
 	}
 }
+
+void falco_webserver::enable_prometheus_metrics(const falco::app::state &state) {
+	if(state.config->m_metrics_enabled &&
+	   state.config->m_webserver_config.m_prometheus_metrics_enabled) {
+		m_server->Get("/metrics", [&state](const httplib::Request &, httplib::Response &res) {
+			res.set_content(falco_metrics::to_text_prometheus(state),
+			                falco_metrics::content_type_prometheus);
+		});
+	}
+}

userspace/falco/webserver.h

@@ -40,6 +40,7 @@ public:
 	virtual void start(const falco::app::state& state,
 	                   const falco_configuration::webserver_config& webserver_config);
 	virtual void stop();
+	virtual void enable_prometheus_metrics(const falco::app::state& state);
 
 private:
 	bool m_running = false;