diff --git a/benchmark/libsinsp/utils.cpp b/benchmark/libsinsp/utils.cpp index 26c06c8c35..d53d66ee2b 100644 --- a/benchmark/libsinsp/utils.cpp +++ b/benchmark/libsinsp/utils.cpp @@ -53,19 +53,3 @@ static void BM_sinsp_concatenate_paths_absolute_path(benchmark::State& state) { } } BENCHMARK(BM_sinsp_concatenate_paths_absolute_path); - -static void BM_sinsp_split_container_image(benchmark::State& state) { - for(auto _ : state) { - std::string container_image = - "localhost:12345/library/" - "busybox:1.27.2@sha256:da39a3ee5e6b4b0d3255bfef95601890afd80709"; - std::string hostname, port, name, tag, digest; - sinsp_utils::split_container_image(container_image, hostname, port, name, tag, digest); - benchmark::DoNotOptimize(hostname); - benchmark::DoNotOptimize(port); - benchmark::DoNotOptimize(name); - benchmark::DoNotOptimize(tag); - benchmark::DoNotOptimize(digest); - } -} -BENCHMARK(BM_sinsp_split_container_image); diff --git a/userspace/libsinsp/examples/README.md b/userspace/libsinsp/examples/README.md index 980eafb6cb..73a76f6891 100644 --- a/userspace/libsinsp/examples/README.md +++ b/userspace/libsinsp/examples/README.md @@ -4,7 +4,12 @@ This directory contains a program that demonstrates how to use libsinsp for even ## Quick Start ## -`sinsp-example` monitors the host and any running containers for system activity. By default, it prints events of all types and is very noisy. +`sinsp-example` monitors the host for system activity. By default, it prints events of all types and is very noisy. +To enable containers support, you need to load the `container` plugin, like: +``` +sudo ./libsinsp/examples/sinsp-example -p "~/libcontainer.so" -m +``` + To use filtering, specify a [filter](https://falco.org/docs/rules/supported-fields/#system-calls-source-syscall) using `-f`. diff --git a/userspace/libsinsp/metrics_collector.cpp b/userspace/libsinsp/metrics_collector.cpp index b99614bb46..af83b60ca6 100644 --- a/userspace/libsinsp/metrics_collector.cpp +++ b/userspace/libsinsp/metrics_collector.cpp @@ -377,18 +377,6 @@ std::vector libs_state_counters::to_metrics() { METRIC_VALUE_UNIT_COUNT, METRIC_VALUE_METRIC_TYPE_MONOTONIC, m_sinsp_stats_v2->m_n_drops_full_threadtable)); - metrics.emplace_back(new_metric("n_missing_container_images", - METRICS_V2_STATE_COUNTERS, - METRIC_VALUE_TYPE_U32, - METRIC_VALUE_UNIT_COUNT, - METRIC_VALUE_METRIC_TYPE_NON_MONOTONIC_CURRENT, - m_sinsp_stats_v2->m_n_missing_container_images)); - metrics.emplace_back(new_metric("n_containers", - METRICS_V2_STATE_COUNTERS, - METRIC_VALUE_TYPE_U32, - METRIC_VALUE_UNIT_COUNT, - METRIC_VALUE_METRIC_TYPE_NON_MONOTONIC_CURRENT, - m_sinsp_stats_v2->m_n_containers)); return metrics; } diff --git a/userspace/libsinsp/metrics_collector.h b/userspace/libsinsp/metrics_collector.h index 133ce21bdb..6dda3ae640 100644 --- a/userspace/libsinsp/metrics_collector.h +++ b/userspace/libsinsp/metrics_collector.h @@ -53,15 +53,6 @@ struct sinsp_stats_v2 { uint64_t m_n_removed_threads; ///@) uint32_t m_n_drops_full_threadtable; ///< Number of drops due to full threadtable, unit: count. - uint32_t - m_n_missing_container_images; ///< Number of cached containers (cgroups) without - ///< container info such as image, hijacked - ///< sinsp_container_manager::remove_inactive_containers() - ///< -> every flush snapshot update, unit: count. - uint32_t m_n_containers; ///< Number of containers (cgroups) currently cached by - ///< sinsp_container_manager, hijacked - ///< sinsp_container_manager::remove_inactive_containers() -> every - ///< flush snapshot update, unit: count. }; namespace libs::metrics { diff --git a/userspace/libsinsp/settings.h b/userspace/libsinsp/settings.h index b2725ff81a..21490d87cd 100644 --- a/userspace/libsinsp/settings.h +++ b/userspace/libsinsp/settings.h @@ -29,11 +29,6 @@ limitations under the License. // #define MAX_FD_TABLE_SIZE 4096 -// -// How often the container table is scanned for inactive containers -// -#define DEFAULT_INACTIVE_CONTAINER_SCAN_TIME_S 30 - // // How often the users/groups tables are scanned for deleted users/groups // diff --git a/userspace/libsinsp/test/CMakeLists.txt b/userspace/libsinsp/test/CMakeLists.txt index b35efd8abc..bb30f7df51 100644 --- a/userspace/libsinsp/test/CMakeLists.txt +++ b/userspace/libsinsp/test/CMakeLists.txt @@ -38,10 +38,6 @@ if(NOT WIN32) file(GLOB_RECURSE SINSP_CLASSES_SUITE ${CMAKE_CURRENT_SOURCE_DIR}/classes/*.cpp) file(GLOB_RECURSE SINSP_FILTERCHECKS_SUITE ${CMAKE_CURRENT_SOURCE_DIR}/filterchecks/*.cpp) - - file(GLOB_RECURSE SINSP_CONTAINER_ENGINE_SUITE - ${CMAKE_CURRENT_SOURCE_DIR}/container_engine/*.cpp - ) endif() option(SCAP_FILES_SUITE_ENABLE "Enable scap-file tests in sinsp" "ON") @@ -120,7 +116,6 @@ set(LIBSINSP_UNIT_TESTS_SOURCES "${SINSP_FILTERCHECKS_SUITE}" "${SCAP_FILES_SUITE}" "${TEST_HELPERS}" - "${SINSP_CONTAINER_ENGINE_SUITE}" ) if(WIN32) diff --git a/userspace/libsinsp/test/sinsp_metrics.ut.cpp b/userspace/libsinsp/test/sinsp_metrics.ut.cpp index 392adb08d2..8880cd3628 100644 --- a/userspace/libsinsp/test/sinsp_metrics.ut.cpp +++ b/userspace/libsinsp/test/sinsp_metrics.ut.cpp @@ -34,7 +34,7 @@ TEST_F(sinsp_with_test_input, sinsp_libs_metrics_collector_prometheus) { libs_metrics_collector.snapshot(); auto metrics_snapshot = libs_metrics_collector.get_metrics(); - ASSERT_EQ(metrics_snapshot.size(), 28); + ASSERT_EQ(metrics_snapshot.size(), 26); /* Test prometheus_metrics_converter.convert_metric_to_text_prometheus */ std::string prometheus_text; @@ -54,90 +54,7 @@ TEST_F(sinsp_with_test_input, sinsp_libs_metrics_collector_prometheus) { "falco"); std::cerr << prometheus_text; - if(strncmp(metric.name, "n_missing_container_images", strlen(metric.name)) == 0) { - // This resembles the Falco client use case - - // Falco output_rule metrics prepends either `falco.` or `scap.` to a single metric, see - // https://falco.org/docs/metrics/ Use same strings for `prometheus_subsystem`, but - // instead of `.` we use `_` delimiter to conform with Prometheus naming conventions + - // append the unit - prometheus_text = prometheus_metrics_converter.convert_metric_to_text_prometheus( - metric, - "testns", - "falco", - {{"example_key1", "example1"}, {"example_key2", "example2"}}); - prometheus_text_substring = - R"(# HELP testns_falco_n_missing_container_images_total https://falco.org/docs/metrics/ -# TYPE testns_falco_n_missing_container_images_total gauge -testns_falco_n_missing_container_images_total{example_key1="example1",example_key2="example2"} 0 -)"; - ASSERT_TRUE(prometheus_text.find(prometheus_text_substring) != std::string::npos) - << "Substring not found in prometheus_text got\n" - << prometheus_text; - // Test only one const_labels - prometheus_text = prometheus_metrics_converter.convert_metric_to_text_prometheus( - metric, - "testns", - "falco", - {{"example_key1", "example1"}}); - prometheus_text_substring = - R"(# HELP testns_falco_n_missing_container_images_total https://falco.org/docs/metrics/ -# TYPE testns_falco_n_missing_container_images_total gauge -testns_falco_n_missing_container_images_total{example_key1="example1"} 0 -)"; - ASSERT_TRUE(prometheus_text.find(prometheus_text_substring) != std::string::npos) - << "Substring not found in prometheus_text got\n" - << prometheus_text; - // Test no const_labels - prometheus_text = - prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, - "testns", - "falco"); - prometheus_text_substring = - R"(# HELP testns_falco_n_missing_container_images_total https://falco.org/docs/metrics/ -# TYPE testns_falco_n_missing_container_images_total gauge -testns_falco_n_missing_container_images_total 0 -)"; - ASSERT_TRUE(prometheus_text.find(prometheus_text_substring) != std::string::npos) - << "Substring not found in prometheus_text got\n" - << prometheus_text; - // Test no prometheus_subsytem - prometheus_text = - prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, - "testns"); - prometheus_text_substring = - R"(# HELP testns_n_missing_container_images_total https://falco.org/docs/metrics/ -# TYPE testns_n_missing_container_images_total gauge -testns_n_missing_container_images_total 0 -)"; - ASSERT_TRUE(prometheus_text.find(prometheus_text_substring) != std::string::npos) - << "Substring not found in prometheus_text got\n" - << prometheus_text; - // Test no prometheus_namespace - prometheus_text = - prometheus_metrics_converter.convert_metric_to_text_prometheus(metric); - prometheus_text_substring = - R"(# HELP n_missing_container_images_total https://falco.org/docs/metrics/ -# TYPE n_missing_container_images_total gauge -n_missing_container_images_total 0 -)"; - ASSERT_TRUE(prometheus_text.find(prometheus_text_substring) != std::string::npos) - << "Substring not found in prometheus_text got\n" - << prometheus_text; - // Test no prometheus_namespace, but prometheus_subsytem - prometheus_text = - prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, - "", - "falco"); - prometheus_text_substring = - R"(# HELP falco_n_missing_container_images_total https://falco.org/docs/metrics/ -# TYPE falco_n_missing_container_images_total gauge -falco_n_missing_container_images_total 0 -)"; - ASSERT_TRUE(prometheus_text.find(prometheus_text_substring) != std::string::npos) - << "Substring not found in prometheus_text got\n" - << prometheus_text; - } else if(strncmp(metric.name, "memory_rss_bytes", strlen(metric.name)) == 0) { + if(strncmp(metric.name, "memory_rss_bytes", strlen(metric.name)) == 0) { // Test that libs native metric unit suffix was removed and replaced by the Prometheus // specific unit suffix naming convention todo adjust once base units are implemented prometheus_text = @@ -162,7 +79,7 @@ testns_falco_memory_rss_bytes )"; "n_cached_fd_lookups n_failed_fd_lookups n_added_fds n_removed_fds n_stored_evts " "n_store_evts_drops n_retrieved_evts n_retrieve_evts_drops n_noncached_thread_lookups " "n_cached_thread_lookups n_failed_thread_lookups n_added_threads n_removed_threads " - "n_drops_full_threadtable n_missing_container_images n_containers"); + "n_drops_full_threadtable"); // Test global wrapper base metrics plus test invalid characters sanitization for the metric and // label names (pseudo metrics) @@ -352,7 +269,7 @@ TEST_F(sinsp_with_test_input, sinsp_libs_metrics_collector_output_rule) { libs_metrics_collector.snapshot(); libs_metrics_collector.snapshot(); metrics_snapshot = libs_metrics_collector.get_metrics(); - ASSERT_EQ(metrics_snapshot.size(), 28); + ASSERT_EQ(metrics_snapshot.size(), 26); /* These names should always be available, note that we currently can't check for the merged * scap stats metrics here */ @@ -363,8 +280,7 @@ TEST_F(sinsp_with_test_input, sinsp_libs_metrics_collector_output_rule) { "n_fds", "n_added_fds", "n_added_threads", - "n_removed_threads", - "n_containers"}; + "n_removed_threads"}; for(const auto& metric_name : minimal_metrics_names) { size_t i = 0; @@ -454,13 +370,13 @@ TEST_F(sinsp_with_test_input, sinsp_libs_metrics_collector_output_rule) { libs::metrics::libs_metrics_collector libs_metrics_collector6(&m_inspector, test_metrics_flags); libs_metrics_collector6.snapshot(); metrics_snapshot = libs_metrics_collector6.get_metrics(); - ASSERT_EQ(metrics_snapshot.size(), 19); + ASSERT_EQ(metrics_snapshot.size(), 17); test_metrics_flags = (METRICS_V2_RESOURCE_UTILIZATION | METRICS_V2_STATE_COUNTERS); libs::metrics::libs_metrics_collector libs_metrics_collector7(&m_inspector, test_metrics_flags); libs_metrics_collector7.snapshot(); metrics_snapshot = libs_metrics_collector7.get_metrics(); - ASSERT_EQ(metrics_snapshot.size(), 28); + ASSERT_EQ(metrics_snapshot.size(), 26); } TEST(sinsp_libs_metrics, sinsp_libs_metrics_convert_units) {