-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cleanup(engines): detach per-cpu kernel metrics from global kernel metrics #2031
Changes from all commits
fe0ffd5
6224bcd
c431314
2300299
c27ef9c
6aaec6c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -50,7 +50,7 @@ limitations under the License. | |
#include <libscap/strerror.h> | ||
|
||
static const char * const bpf_kernel_counters_stats_names[] = { | ||
[BPF_N_EVTS] = "n_evts", | ||
[BPF_N_EVTS] = N_EVENTS_PREFIX, | ||
[BPF_N_DROPS_BUFFER_TOTAL] = "n_drops_buffer_total", | ||
[BPF_N_DROPS_BUFFER_CLONE_FORK_ENTER] = "n_drops_buffer_clone_fork_enter", | ||
[BPF_N_DROPS_BUFFER_CLONE_FORK_EXIT] = "n_drops_buffer_clone_fork_exit", | ||
|
@@ -1688,10 +1688,10 @@ int32_t scap_bpf_get_stats(struct scap_engine_handle engine, scap_stats* stats) | |
return SCAP_SUCCESS; | ||
} | ||
|
||
static void set_u64_monotonic_kernel_counter(struct metrics_v2* m, uint64_t val) | ||
static void set_u64_monotonic_kernel_counter(struct metrics_v2* m, uint64_t val, uint32_t metric_flag) | ||
{ | ||
m->type = METRIC_VALUE_TYPE_U64; | ||
m->flags = METRICS_V2_KERNEL_COUNTERS; | ||
m->flags = metric_flag; | ||
m->unit = METRIC_VALUE_UNIT_COUNT; | ||
m->metric_type = METRIC_VALUE_METRIC_TYPE_MONOTONIC; | ||
m->value.u64 = val; | ||
|
@@ -1722,11 +1722,15 @@ const struct metrics_v2* scap_bpf_get_stats_v2(struct scap_engine_handle engine, | |
} | ||
} | ||
|
||
// At the moment for each available CPU we want: | ||
// - the number of events. | ||
// - the number of drops. | ||
uint32_t per_cpu_stats = handle->m_ncpus* 2; | ||
|
||
uint32_t per_cpu_stats = 0; | ||
if(flags & METRICS_V2_KERNEL_COUNTERS_PER_CPU) | ||
{ | ||
// At the moment for each available CPU we want: | ||
// - the number of events. | ||
// - the number of drops. | ||
per_cpu_stats = handle->m_ncpus* 2; | ||
} | ||
|
||
handle->m_nstats = BPF_MAX_KERNEL_COUNTERS_STATS + per_cpu_stats + (nprogs_attached * BPF_MAX_LIBBPF_STATS); | ||
handle->m_stats = (metrics_v2*)calloc(handle->m_nstats, sizeof(metrics_v2)); | ||
if(!handle->m_stats) | ||
|
@@ -1746,7 +1750,7 @@ const struct metrics_v2* scap_bpf_get_stats_v2(struct scap_engine_handle engine, | |
{ | ||
for(uint32_t stat = 0; stat < BPF_MAX_KERNEL_COUNTERS_STATS; stat++) | ||
{ | ||
set_u64_monotonic_kernel_counter(&(stats[stat]), 0); | ||
set_u64_monotonic_kernel_counter(&(stats[stat]), 0, METRICS_V2_KERNEL_COUNTERS); | ||
strlcpy(stats[stat].name, (char*)bpf_kernel_counters_stats_names[stat], METRIC_NAME_MAX); | ||
} | ||
|
||
|
@@ -1783,15 +1787,18 @@ const struct metrics_v2* scap_bpf_get_stats_v2(struct scap_engine_handle engine, | |
v.n_drops_pf + \ | ||
v.n_drops_bug; | ||
|
||
// We set the num events for that CPU. | ||
set_u64_monotonic_kernel_counter(&(stats[pos]), v.n_evts); | ||
snprintf(stats[pos].name, METRIC_NAME_MAX, N_EVENTS_PER_CPU_PREFIX"%d", cpu); | ||
pos++; | ||
|
||
// We set the drops for that CPU. | ||
set_u64_monotonic_kernel_counter(&(stats[pos]), v.n_drops_buffer + v.n_drops_scratch_map + v.n_drops_pf + v.n_drops_bug); | ||
snprintf(stats[pos].name, METRIC_NAME_MAX, N_DROPS_PER_CPU_PREFIX"%d", cpu); | ||
pos++; | ||
if((flags & METRICS_V2_KERNEL_COUNTERS_PER_CPU)) | ||
{ | ||
// We set the num events for that CPU. | ||
set_u64_monotonic_kernel_counter(&(stats[pos]), v.n_evts, METRICS_V2_KERNEL_COUNTERS_PER_CPU); | ||
snprintf(stats[pos].name, METRIC_NAME_MAX, N_EVENTS_PER_CPU_PREFIX"%d", cpu); | ||
pos++; | ||
|
||
// We set the drops for that CPU. | ||
set_u64_monotonic_kernel_counter(&(stats[pos]), v.n_drops_buffer + v.n_drops_scratch_map + v.n_drops_pf + v.n_drops_bug, METRICS_V2_KERNEL_COUNTERS_PER_CPU); | ||
snprintf(stats[pos].name, METRIC_NAME_MAX, N_DROPS_PER_CPU_PREFIX"%d", cpu); | ||
pos++; | ||
} | ||
} | ||
offset = pos; | ||
} | ||
|
@@ -1849,22 +1856,20 @@ const struct metrics_v2* scap_bpf_get_stats_v2(struct scap_engine_handle engine, | |
{ | ||
strlcpy(stats[offset].name, info.name, METRIC_NAME_MAX); | ||
} | ||
strlcat(stats[offset].name, bpf_libbpf_stats_names[stat], sizeof(stats[offset].name)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [nit] re comment here https:/falcosecurity/libs/pull/2031/files#diff-12833abd4271488260dae0ba178c6ad3f0bc63642f793a20b06ab4eb10d02cf9L1839 libbpf stats were introduced w/ kernel 5.1 so folks with lower kernels can't reach this code since we check for libbpf stats being enabled. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You are right but since usually many bpf features are backported I'm not so confident in removing it... I found this commit 957ab1c, unfortunately, I don't remember why I added it but i bet I had found an issue on some old machines... There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fair, yes the backports. |
||
switch(stat) | ||
{ | ||
case RUN_CNT: | ||
strlcat(stats[offset].name, bpf_libbpf_stats_names[RUN_CNT], sizeof(stats[offset].name)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Follow up here: Shouldn't this stay here, because we concat the name according to the switch statement? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The idea is to call strlcat(stats[offset].name, bpf_libbpf_stats_names[stat], sizeof(stats[offset].name)); instead of triplicating the same line 3 times using an explicit enum strlcat(stats[offset].name, bpf_libbpf_stats_names[RUN_CNT], sizeof(stats[offset].name));
strlcat(stats[offset].name, bpf_libbpf_stats_names[RUN_TIME_NS], sizeof(stats[offset].name));
strlcat(stats[offset].name, bpf_libbpf_stats_names[AVG_TIME_NS], sizeof(stats[offset].name));
I am not sure I got this, we are using There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Looked again and yes stat is the index to the bpf_libbpf_stats ... I suppose a big confusion with stat and offset. Thanks for clarifying and also working on this. |
||
stats[offset].value.u64 = info.run_cnt; | ||
stats[offset].unit = METRIC_VALUE_UNIT_COUNT; | ||
stats[offset].metric_type = METRIC_VALUE_METRIC_TYPE_MONOTONIC; | ||
break; | ||
case RUN_TIME_NS: | ||
strlcat(stats[offset].name, bpf_libbpf_stats_names[RUN_TIME_NS], sizeof(stats[offset].name)); | ||
stats[offset].value.u64 = info.run_time_ns; | ||
stats[offset].unit = METRIC_VALUE_UNIT_TIME_NS_COUNT; | ||
stats[offset].metric_type = METRIC_VALUE_METRIC_TYPE_MONOTONIC; | ||
break; | ||
case AVG_TIME_NS: | ||
strlcat(stats[offset].name, bpf_libbpf_stats_names[AVG_TIME_NS], sizeof(stats[offset].name)); | ||
stats[offset].value.u64 = 0; | ||
stats[offset].unit = METRIC_VALUE_UNIT_TIME_NS; | ||
stats[offset].metric_type = METRIC_VALUE_METRIC_TYPE_NON_MONOTONIC_CURRENT; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should definitely unify the test for the 3 engines in some way because we are copying and pasting the same code 3 times for all the tests, in the end, the interface is the same... BTW I'm not doing it in this PR :/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree!