Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(stats): add host_netinfo networking information stats family #3344

Merged
merged 1 commit into from
Sep 26, 2024
Merged

feat(stats): add host_netinfo networking information stats family #3344

merged 1 commit into from
Sep 26, 2024

Conversation

ekoops
Copy link
Contributor

@ekoops ekoops commented Sep 26, 2024
edited
Loading

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

/kind release

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area build

/area engine

/area tests

/area proposals

/area CI

What this PR does / why we need it:

This PR introduces host_netinfo stats family to hold information regarding host networking. At the moment, it only provides ipv4 and ipv6 addresses lists for each interface available on the host.
The naming schema for the introduced stats is falco.host_netinfo.interfaces.<ifname>.protocols.<ipv4|ipv6>.addresses="<address_list>", where address_list is a comma separated list of network addresses (e.g.: "10.0.0.1,10.0.0.2"). This schema avoids JSON parsing and is easily extensible (e.g.: we could easily introduce ifindex to specify the interface index, or hw_addr to specify the mac address).

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

feat(stats): add host_netinfo networking information stats family

@ekoops
Copy link
Contributor Author

ekoops commented Sep 26, 2024

/milestone 0.39.0

@poiana
Copy link
Contributor

poiana commented Sep 26, 2024

@ekoops: You must be a member of the falcosecurity/falco-maintainers GitHub team to set the milestone. If you believe you should be able to issue the /milestone command, please contact your maintainers of falcosecurity/falco and have them propose you as an additional delegate for this responsibility.

In response to this:

/milestone 0.39.0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@ekoops ekoops force-pushed the add-host-netinfo-stats branch 2 times, most recently from f4673a9 to b3d3dc8 Compare September 26, 2024 13:11
@ekoops ekoops requested a review from LucaGuerra September 26, 2024 13:14
@LucaGuerra
Copy link
Contributor

I had just a couple minor comments, otherwise LGTM, thanks!

@ekoops
feat(stats): add host_netinfo networking information stats family
19385f4 
Introduce host_netinfo stats family to hold information regarding host
networking. At the moment, it only provides ipv4 and ipv6 addresses
list for each interface available on the host. The naming schema for
the introduced stats is
falco.host_netinfo.interfaces.<ifname>.protocols.<ipv4|ipv6>.addresses.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
@ekoops ekoops force-pushed the add-host-netinfo-stats branch from b3d3dc8 to 19385f4 Compare September 26, 2024 13:23
@ekoops ekoops requested a review from LucaGuerra September 26, 2024 13:26
FedeDP
FedeDP approved these changes Sep 26, 2024
View reviewed changes
Copy link
Contributor

@FedeDP FedeDP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like it! Thanks!
cc @incertum
/approve

@poiana poiana added the lgtm label Sep 26, 2024
@poiana
Copy link
Contributor

poiana commented Sep 26, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ekoops, FedeDP

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link
Contributor

poiana commented Sep 26, 2024

LGTM label has been added.

Git tree hash: eb97145eb4d74430ac8a828e1ecd4a5f491cbb03

@FedeDP
Copy link
Contributor

FedeDP commented Sep 26, 2024

/milestone 0.39.0

@poiana poiana added this to the 0.39.0 milestone Sep 26, 2024
@FedeDP
Copy link
Contributor

FedeDP commented Sep 26, 2024

@ekoops can you share an example output? Thanks!

@ekoops
Copy link
Contributor Author

ekoops commented Sep 26, 2024
edited
Loading

Yes sure! Here two jsonl:

{"output_fields":{"evt.hostname":"ekoops-pc","evt.source":"syscall","evt.time":1727356992473751604,"falco.cpu_usage_perc":28.5,"falco.duration_sec":5,"falco.host_boot_ts":1727349868000000000,"falco.host_cpu_usage_perc":5.6,"falco.host_memory_used_mb":12472.7,"falco.host_netinfo.interfaces.docker0.protocols.ipv4.addresses":"172.17.0.1","falco.host_netinfo.interfaces.veth0.protocols.ipv4.addresses":"10.0.0.50,10.0.0.51","falco.host_netinfo.interfaces.veth0.protocols.ipv6.addresses":"fe80:0:0:0:8881:4eff:fe30:eb56","falco.host_netinfo.interfaces.veth0_.protocols.ipv6.addresses":"fe80:0:0:0:1c38:56ff:fe9b:4d5","falco.host_netinfo.interfaces.wlp0s20f3.protocols.ipv4.addresses":"192.168.1.4","falco.host_netinfo.interfaces.wlp0s20f3.protocols.ipv6.addresses":"fe80:0:0:0:59d:c513:71d9:674b","falco.host_num_cpus":20,"falco.host_open_fds":15592,"falco.host_procs_running":10,"falco.kernel_release":"6.8.0-45-generic","falco.memory_pss_mb":119.5,"falco.memory_rss_mb":203.1,"falco.memory_vsz_mb":757.1,"falco.n_added_fds":7060,"falco.n_added_threads":1682,"falco.n_cached_fd_lookups":11150,"falco.n_cached_thread_lookups":19654,"falco.n_failed_fd_lookups":637,"falco.n_failed_thread_lookups":5253,"falco.n_fds":171102,"falco.n_noncached_fd_lookups":5396,"falco.n_noncached_thread_lookups":14427,"falco.n_removed_fds":1789,"falco.n_removed_threads":7,"falco.n_retrieve_evts_drops":133,"falco.n_retrieved_evts":3819,"falco.n_stored_evts":3971,"falco.n_threads":1675,"falco.num_evts":19170,"falco.num_evts_prev":0,"falco.outputs_queue_num_drops":0,"falco.rules.matches_total":0,"falco.sha256_config_file.falco_yaml":"fce6a03edd46c504cd15135ba0ad26262e12cd9743c5cc9c1467ac20d7d5b0c3","falco.sha256_rules_file.falco_rules_yaml":"58a4f187b6b04b43ae938132325cbbb6b2bb9eb4e76e553f5b4b7b5b360ee0b4","falco.start_ts":1727356987444928922,"falco.version":"0.0.0","scap.engine_name":"modern_bpf","scap.evts_drop_rate_sec":0.0,"scap.evts_rate_sec":0.0,"scap.n_drops":0,"scap.n_drops_perc":0.0,"scap.n_drops_prev":0,"scap.n_evts":20206,"scap.n_evts_prev":0},"sample":1}
{"output_fields":{"evt.hostname":"ekoops-pc","evt.source":"syscall","evt.time":1727356997497703123,"falco.cpu_usage_perc":15.2,"falco.duration_sec":10,"falco.evts_rate_sec":3601.3,"falco.host_boot_ts":1727349868000000000,"falco.host_cpu_usage_perc":5.6,"falco.host_memory_used_mb":12466.1,"falco.host_netinfo.interfaces.docker0.protocols.ipv4.addresses":"172.17.0.1","falco.host_netinfo.interfaces.veth0.protocols.ipv4.addresses":"10.0.0.50,10.0.0.51","falco.host_netinfo.interfaces.veth0.protocols.ipv6.addresses":"fe80:0:0:0:8881:4eff:fe30:eb56","falco.host_netinfo.interfaces.veth0_.protocols.ipv6.addresses":"fe80:0:0:0:1c38:56ff:fe9b:4d5","falco.host_netinfo.interfaces.wlp0s20f3.protocols.ipv4.addresses":"192.168.1.4","falco.host_netinfo.interfaces.wlp0s20f3.protocols.ipv6.addresses":"fe80:0:0:0:59d:c513:71d9:674b","falco.host_num_cpus":20,"falco.host_open_fds":15472,"falco.host_procs_running":1,"falco.kernel_release":"6.8.0-45-generic","falco.memory_pss_mb":119.6,"falco.memory_rss_mb":203.1,"falco.memory_vsz_mb":757.1,"falco.n_added_fds":8482,"falco.n_added_threads":1687,"falco.n_cached_fd_lookups":23273,"falco.n_cached_thread_lookups":36101,"falco.n_failed_fd_lookups":818,"falco.n_failed_thread_lookups":5312,"falco.n_fds":170800,"falco.n_noncached_fd_lookups":10334,"falco.n_noncached_thread_lookups":17903,"falco.n_removed_fds":3164,"falco.n_removed_threads":15,"falco.n_retrieve_evts_drops":322,"falco.n_retrieved_evts":6721,"falco.n_stored_evts":7041,"falco.n_threads":1672,"falco.num_evts":37263,"falco.num_evts_prev":19170,"falco.outputs_queue_num_drops":0,"falco.rules.matches_total":0,"falco.sha256_config_file.falco_yaml":"fce6a03edd46c504cd15135ba0ad26262e12cd9743c5cc9c1467ac20d7d5b0c3","falco.sha256_rules_file.falco_rules_yaml":"58a4f187b6b04b43ae938132325cbbb6b2bb9eb4e76e553f5b4b7b5b360ee0b4","falco.start_ts":1727356987444928922,"falco.version":"0.0.0","scap.engine_name":"modern_bpf","scap.evts_drop_rate_sec":0.0,"scap.evts_rate_sec":3639.2,"scap.n_drops":0,"scap.n_drops_perc":0.0,"scap.n_drops_prev":0,"scap.n_evts":38489,"scap.n_evts_prev":20206},"sample":2}

@poiana poiana merged commit 3a6d1c8 into falcosecurity:master Sep 26, 2024
33 of 34 checks passed
@ekoops ekoops deleted the add-host-netinfo-stats branch September 26, 2024 15:07
@FedeDP FedeDP mentioned this pull request Sep 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LucaGuerra LucaGuerra LucaGuerra approved these changes

@FedeDP FedeDP FedeDP approved these changes

@Andreagit97 Andreagit97 Awaiting requested review from Andreagit97

@Kaizhe Kaizhe Awaiting requested review from Kaizhe

Assignees

@FedeDP FedeDP

@LucaGuerra LucaGuerra

Labels
approved area/engine dco-signoff: yes kind/feature lgtm release-note size/M
Projects
Falco Roadmap
Status: Done
Milestone
0.39.0
Development

Successfully merging this pull request may close these issues.
4 participants
@ekoops @poiana @LucaGuerra @FedeDP