update(metrics): use new libs addr_to_string methods for host_ifinfo_json

Signed-off-by: Melissa Kilby <[email protected]>

Author: incertum

unit_tests/engine/test_falco_utils.cpp

@@ -101,28 +101,3 @@ TEST(FalcoUtils, matches_wildcard)
 	ASSERT_FALSE(falco::utils::matches_wildcard("*hello*world", "come on hello this world yes"));
 	ASSERT_FALSE(falco::utils::matches_wildcard("*hello*world*", "come on hello this yes"));
 }
-
-#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
-TEST(FalcoUtils, ipv4addr_to_string)
-{
-	ASSERT_EQ(falco::utils::network::ipv4addr_to_string(0x0101A8C0), "192.168.1.1");
-	ASSERT_EQ(falco::utils::network::ipv4addr_to_string(0x0100007F), "127.0.0.1");
-	ASSERT_EQ(falco::utils::network::ipv4addr_to_string(0xFFFFFFFF), "255.255.255.255");
-	ASSERT_EQ(falco::utils::network::ipv4addr_to_string(0x00000000), "0.0.0.0");
-}
-
-TEST(FalcoUtils, ipv6addr_to_string)
-{
-	ipv6addr addr1("2001:0db8:85a3:0000:0000:8a2e:0370:7334");
-	ASSERT_EQ(falco::utils::network::ipv6addr_to_string(addr1), "2001:db8:85a3:0:0:8a2e:370:7334");
-
-	ipv6addr addr2("fe80:0:0:0:2aa:ff:fe9a:4ca3");
-	ASSERT_EQ(falco::utils::network::ipv6addr_to_string(addr2), "fe80:0:0:0:2aa:ff:fe9a:4ca3");
-
-	ipv6addr addr3("0:0:0:0:0:0:0:0");
-	ASSERT_EQ(falco::utils::network::ipv6addr_to_string(addr3), "0:0:0:0:0:0:0:0");
-
-	ipv6addr addr4("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff");
-	ASSERT_EQ(falco::utils::network::ipv6addr_to_string(addr4), "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff");
-}
-#endif

userspace/engine/falco_utils.cpp

@@ -257,38 +257,6 @@ bool is_unix_scheme(const std::string& url)
 {
 	return sinsp_utils::startswith(url, UNIX_SCHEME);
 }
-
-#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
-std::string ipv4addr_to_string(uint32_t addr)
-{
-	char dest[16];
-	snprintf(
-		dest,
-		sizeof(dest),
-		"%d.%d.%d.%d",
-		(addr & 0xFF),
-		((addr & 0xFF00) >> 8),
-		((addr & 0xFF0000) >> 16),
-		((addr & 0xFF000000) >> 24));
-	return std::string(dest);
-}
-
-std::string ipv6addr_to_string(const ipv6addr& addr)
-{
-	std::ostringstream oss;
-	const uint16_t* words = reinterpret_cast<const uint16_t*>(addr.m_b);
-	for (int i = 0; i < 8; ++i)
-	{
-		if (i != 0)
-		{
-			oss << ':';
-		}
-		oss << std::hex << ntohs(words[i]);
-	}
-	return oss.str();
-}
-#endif
-
 } // namespace network
 } // namespace utils
 } // namespace falco

userspace/engine/falco_utils.h

@@ -49,11 +49,5 @@ namespace network
 {
 static const std::string UNIX_SCHEME("unix://");
 bool is_unix_scheme(const std::string& url);
-#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
-// todo: consider extending libs and expose API for ipv4 and ipv6 to string conversion
-std::string ipv4addr_to_string(uint32_t addr);
-std::string ipv6addr_to_string(const ipv6addr& addr);
-#endif
-
 } // namespace network
 } // namespace falco::utils

userspace/falco/falco_metrics.cpp

@@ -112,44 +112,39 @@ std::string falco_metrics::to_text(const falco::app::state& state)
 			prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, item.second}});
 		}
 
-		static bool is_first_call = true;
 		static std::string ifinfo_json_escaped;
-		if (is_first_call)
+		auto ipv4list = inspector->get_ifaddr_list().get_ipv4_list();
+		auto ipv6list = inspector->get_ifaddr_list().get_ipv6_list();
+		nlohmann::json ipv4_json;
+		nlohmann::json ipv6_json;
+		if(ipv4list)
 		{
-			is_first_call = false;
-			auto ipv4list = inspector->get_ifaddr_list().get_ipv4_list();
-			auto ipv6list = inspector->get_ifaddr_list().get_ipv6_list();
-			nlohmann::json ipv4_json;
-			nlohmann::json ipv6_json;
-			if(ipv4list)
+			for (const auto& item : *ipv4list)
 			{
-				for (const auto& item : *ipv4list)
+				if(item.m_name == "lo")
 				{
-					if(item.m_name == "lo")
-					{
-						continue;
-					}
-					ipv4_json[item.m_name] = falco::utils::network::ipv4addr_to_string(item.m_addr);
+					continue;
 				}
+				ipv4_json[item.m_name] = item.addr_to_string();
 			}
+		}
 
-			if(ipv6list)
+		if(ipv6list)
+		{
+			for (const auto& item : *ipv6list)
 			{
-				for (const auto& item : *ipv6list)
+				if(item.m_name == "lo")
 				{
-					if(item.m_name == "lo")
-					{
-						continue;
-					}
-					ipv6_json[item.m_name] = falco::utils::network::ipv6addr_to_string(item.m_net);
+					continue;
 				}
+				ipv6_json[item.m_name] = item.addr_to_string();
 			}
-			nlohmann::json ifinfo_json;
-			ifinfo_json["ipv4"] = ipv4_json;
-			ifinfo_json["ipv6"] = ipv6_json;
-			ifinfo_json_escaped = ifinfo_json.dump();
 		}
-		prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("host_ifinfo", "falcosecurity", "falco", {{"host_ifinfo", ifinfo_json_escaped}});
+		nlohmann::json ifinfo_json;
+		ifinfo_json["ipv4"] = ipv4_json;
+		ifinfo_json["ipv6"] = ipv6_json;
+		ifinfo_json_escaped = ifinfo_json.dump();
+		prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("host_ifinfo_json", "falcosecurity", "falco", {{"host_ifinfo_json", ifinfo_json_escaped}});
 #endif
 
 		for (const std::string& source: inspector->event_sources())

userspace/falco/stats_writer.cpp

@@ -358,11 +358,8 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
 		output_fields[metric_name_file_sha256] = item.second;
 	}
 
-	static bool is_first_call = true;
-	static std::string ifinfo_json_escaped;
-	if (is_first_call)
+	if (stats_snapshot_time_delta_sec == 0)
 	{
-		is_first_call = false;
 		auto ipv4list = inspector->get_ifaddr_list().get_ipv4_list();
 		auto ipv6list = inspector->get_ifaddr_list().get_ipv6_list();
 		nlohmann::json ipv4_json;
@@ -375,7 +372,7 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
 				{
 					continue;
 				}
-				ipv4_json[item.m_name] = falco::utils::network::ipv4addr_to_string(item.m_addr);
+				ipv4_json[item.m_name] = item.addr_to_string();
 			}
 		}
 
@@ -387,15 +384,15 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
 				{
 					continue;
 				}
-				ipv6_json[item.m_name] = falco::utils::network::ipv6addr_to_string(item.m_net);
+				ipv6_json[item.m_name] = item.addr_to_string();
 			}
 		}
 		nlohmann::json ifinfo_json;
 		ifinfo_json["ipv4"] = ipv4_json;
 		ifinfo_json["ipv6"] = ipv6_json;
-		ifinfo_json_escaped = ifinfo_json.dump();
+		m_ifinfo_json_escaped = ifinfo_json.dump();
 	}
-	output_fields["falco.host_ifinfo"] = ifinfo_json_escaped;
+	output_fields["falco.host_ifinfo_json"] = m_ifinfo_json_escaped;
 
 #endif
 	output_fields["evt.source"] = src;

userspace/falco/stats_writer.h

@@ -80,6 +80,7 @@ class stats_writer
 		uint64_t m_last_n_evts = 0;
 		uint64_t m_last_n_drops = 0;
 		uint64_t m_last_num_evts = 0;
+		std::string m_ifinfo_json_escaped;
 	};
 
 	stats_writer(const stats_writer&) = delete;