Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(userspace/falco): properly format numeric values in metrics #2569

Merged
merged 4 commits into from May 23, 2023
Merged

fix(userspace/falco): properly format numeric values in metrics #2569

merged 4 commits into from May 23, 2023

Conversation

jasondellaluce
Copy link
Contributor

What type of PR is this?

/kind bug

/kind cleanup

Any specific area of the project related to this PR?

/area engine

What this PR does / why we need it:

Following up #2333, this makes sure that numeric values are formatted as numbers in the JSON outputs of the new metrics system.

Which issue(s) this PR fixes:

Special notes for your reviewer:

cc @incertum

Does this PR introduce a user-facing change?:

fix(userspace/falco): properly format numeric values in metrics

@jasondellaluce
fix(userspace/falco): properly format numeric values in metrics
cc1e299 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
@jasondellaluce
fix(userspace/faclco): output drop perc metric only if drops are present
80e062c 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
@jasondellaluce
Copy link
Contributor Author

/milestone 0.35.0

@poiana poiana added this to the 0.35.0 milestone May 23, 2023
@poiana poiana requested review from Kaizhe and leogr May 23, 2023 09:22
@poiana poiana added the size/L label May 23, 2023
leogr
leogr previously approved these changes May 23, 2023
View reviewed changes
Copy link
Member

@leogr leogr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't like too much using nlohmann::json, but I can't think of a better solution right now.

So, LGTM.

@poiana poiana added the lgtm label May 23, 2023
@poiana
Copy link

poiana commented May 23, 2023

LGTM label has been added.

Git tree hash: 7f7f4dbad72727cc9848553c1efb314c0d66ecf7

@jasondellaluce
Copy link
Contributor Author

I don't like too much using nlohmann::json, but I can't think of a better solution right now.

Same 😸

@jasondellaluce
fix(userspace/falco): solve escape issues in grpc output
be47d4b 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
@poiana poiana removed the lgtm label May 23, 2023
@poiana poiana requested a review from leogr May 23, 2023 10:44
leogr
leogr previously approved these changes May 23, 2023
View reviewed changes
@poiana poiana added the lgtm label May 23, 2023
@poiana
Copy link

poiana commented May 23, 2023

LGTM label has been added.

Git tree hash: c5d429cfd86661daa76b3ec35128b49ceaa512d2

FedeDP
FedeDP reviewed May 23, 2023
View reviewed changes
userspace/falco/stats_writer.cpp
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jasondellaluce
please consider fixing #2333 (comment) here :)

FedeDP
FedeDP reviewed May 23, 2023
View reviewed changes
Copy link
Contributor

@FedeDP FedeDP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM; left a comment about strncat issue.
/hold

@incertum
Copy link
Contributor

incertum commented May 23, 2023
edited

LGTM; left a comment about strncat issue. /hold

@FedeDP please note in libs we do it the way it currently is for example kmod_path = strncat(cwd, KMOD_DEFAULT_PATH, FILENAME_MAX - strlen(cwd)) hence we would need a commit in libs to uniformly change it as well.

@incertum
Copy link
Contributor

Thanks @jasondellaluce for uniformly changing this. Wouldn't we need a ! as we change the data types for all Falco rules not just the internal stats / metrics related rules?

LGTM!

@jasondellaluce
Copy link
Contributor Author

Wouldn't we need a ! as we change the data types for all Falco rules not just the internal stats / metrics related rules?

I don't think so, this changes the types only for the new metrics internal alerts, which is something we haven't released yet.

@jasondellaluce @FedeDP
fix(userspace/falco): right boundary checks for strncat
632eba2 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
@poiana poiana removed the lgtm label May 23, 2023
@poiana poiana requested a review from leogr May 23, 2023 12:03
@incertum
Copy link
Contributor

Wouldn't we need a ! as we change the data types for all Falco rules not just the internal stats / metrics related rules?

I don't think so, this changes the types only for the new metrics internal alerts, which is something we haven't released yet.

Wait so handle_msg is just used for the internal rules and not for the regular Falco rules? In that case just out of curiosity could you point me to the place where regular Falco rules are formatted?

FedeDP
FedeDP approved these changes May 23, 2023
View reviewed changes
Copy link
Contributor

@FedeDP FedeDP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana poiana added the lgtm label May 23, 2023
@poiana
Copy link

poiana commented May 23, 2023

LGTM label has been added.

Git tree hash: 4a70a7d640c90185e5124c8d5f833a7a6c23272e

@leogr
Copy link
Member

leogr commented May 23, 2023

Wouldn't we need a ! as we change the data types for all Falco rules not just the internal stats / metrics related rules?

I don't think so, this changes the types only for the new metrics internal alerts, which is something we haven't released yet.

Wait so handle_msg is just used for the internal rules and not for the regular Falco rules? In that case just out of curiosity could you point me to the place where regular Falco rules are formatted?

handle_event() 👇
https://github.com/falcosecurity/falco/blob/master/userspace/falco/falco_outputs.cpp#L120

@poiana
Copy link

poiana commented May 23, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP, jasondellaluce, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [FedeDP,jasondellaluce,leogr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@incertum
Copy link
Contributor

Wouldn't we need a ! as we change the data types for all Falco rules not just the internal stats / metrics related rules?

I don't think so, this changes the types only for the new metrics internal alerts, which is something we haven't released yet.

Wait so handle_msg is just used for the internal rules and not for the regular Falco rules? In that case just out of curiosity could you point me to the place where regular Falco rules are formatted?

handle_event() 👇

https://github.com/falcosecurity/falco/blob/master/userspace/falco/falco_outputs.cpp#L120

Interesting, seems like there is an opportunity to consolidate more in the future.

@FedeDP
Copy link
Contributor

FedeDP commented May 23, 2023

/unhold

@poiana poiana merged commit b40a6bc into master May 23, 2023
16 checks passed
@poiana poiana deleted the fix/metrics-value-formatting branch May 23, 2023 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leogr leogr leogr approved these changes

@FedeDP FedeDP FedeDP approved these changes

@Kaizhe Kaizhe Awaiting requested review from Kaizhe

Assignees

@leogr leogr

@FedeDP FedeDP

Labels
approved area/engine dco-signoff: yes kind/bug kind/cleanup lgtm release-note size/L
Projects
Falco Roadmap
Archived in project
Milestone
0.35.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@jasondellaluce @poiana @incertum @leogr @FedeDP