Target hits metrics #467
Merged
Target hits metrics #467
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LionelJouin
added
kind/enhancement
LionelJouin
force-pushed
the
observability
branch
from
21ea823
to
6bcd9ef
Compare
Collect number of packets and bytes for each target. Metrics are collected based on nftables metrics on postrouting rules matching target identifier (fwmark).
LionelJouin
force-pushed
the
observability
branch
from
6bcd9ef
to
c21ad0c
Compare
|
/reverify |
3 similar comments
|
/reverify |
|
/reverify |
|
/reverify |
zolug
reviewed
Oct 24, 2023
There was a problem hiding this comment.
Try using verdict maps to minimize performance impact that would otherwise arise when number of targets increases.
e.g.:
table inet meridio-metrics {
map mydict {
type mark : verdict
elements = { 0x000013b3 : jump chain-5043, 0x000013b8 : jump chain-5048, 0x000013c7 : jump chain-5063, 0x000013e7 : jump chain-5095 }
}
chain nfqlb {
type filter hook postrouting priority filter; policy accept;
meta mark vmap @mydict
}
chain chain-5095 {
counter packets 13 bytes 1092
}
chain chain-5043 {
counter packets 0 bytes 0
}
chain chain-5063 {
counter packets 0 bytes 0
}
chain chain-5048 {
counter packets 0 bytes 0
}
}
~ $
~ $
~ $ ip rule
0: from all lookup local
96: from all fwmark 0x13e7 lookup 5095
97: from all fwmark 0x13b3 lookup 5043
98: from all fwmark 0x13c7 lookup 5063
99: from all fwmark 0x13b8 lookup 5048
100: from 20.0.0.1 lookup 4096
100: from 40.0.0.0/24 lookup 4096
101: from 20.0.0.1 lookup 4097
101: from 40.0.0.0/24 lookup 4097
32766: from all lookup main
32767: from all lookup default
nft add table inet meridio-metrics
nft add map inet meridio-metrics mydict { type mark : verdict\; }
nft 'add chain inet meridio-metrics nfqlb { type filter hook postrouting priority filter ; }'
nft add rule inet meridio-metrics nfqlb mark vmap @mydict
nft add rule inet meridio-metrics chain-5095 counter
nft add chain inet meridio-metrics chain-5095
nft add element inet meridio-metrics mydict { 5095 : jump chain-5095 }
...
45cc2ab
to
1ad44ae
Compare
|
/reverify |
1 similar comment
|
/reverify |
zolug
reviewed
Nov 6, 2023
zolug
reviewed
Nov 6, 2023
zolug
reviewed
Nov 6, 2023
zolug
reviewed
Nov 6, 2023
zolug
reviewed
Nov 6, 2023
|
In general would be nice wrapping the errors to please wrapcheck. |
The nftables implementation has been changed to a chain with no hook per fwmark. Another chain will catch the fwmark and jump to the counting chains.
LionelJouin
force-pushed
the
observability
branch
from
1ad44ae
to
89a060c
Compare
zolug
approved these changes
Nov 9, 2023
10 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Collect number of packets and bytes for each target. Metrics are collected based on nftables metrics on postrouting rules matching target identifier (fwmark).
Example of the new nftables table with 3 targets:
Issue link
#428
#419
Checklist