-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bpf: add metrics for fragmented ipv4 packets #13347
bpf: add metrics for fragmented ipv4 packets #13347
Conversation
Commit c4f46f8f434938630d2fc4868c61c1e6da1a84d7 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Including ➜ cilium git:(pr/jibi/data-path-add-metrics-for-frag-packets) make -C test/bpf
make: Entering directory '/home/gilberto/go/src/github.com/cilium/cilium/test/bpf'
clang -Wall -Wextra -Werror -Wshadow -Wno-unused-parameter -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -I../../bpf/ -I../../bpf/include -I. -D__NR_CPUS__=8 -O2 -I../../bpf/ unit-test.c -o unit-test
In file included from unit-test.c:28:
../../bpf/tests/ipv6_test.h:60:30: error: unexpected type name '__be32': expected identifier
LPM_LOOKUP_FN(lpm4_lookup32, __be32, PREFIX32, dummy_map, match_dummy_prefix)
^
../../bpf/tests/ipv6_test.h:60:38: error: expected identifier
LPM_LOOKUP_FN(lpm4_lookup32, __be32, PREFIX32, dummy_map, match_dummy_prefix)
^
../../bpf/tests/ipv6_test.h:55:18: note: expanded from macro 'PREFIX32'
#define PREFIX32 32,
^
../../bpf/tests/ipv6_test.h:61:1: error: expected function body after function declarator
LPM_LOOKUP_FN(lpm4_lookup31, __be32, PREFIX31, dummy_map, match_dummy_prefix)
^ (looking into it) |
I suspect that injecting Includes: Some solutions could be to reorder the includes in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, with a few nitpicks and pending the unit test build is fixed :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh and you probably want to add a description in pkg/monitor/api/drop.go
for the new metrics.
There it is :) I looked for that mapping but couldn't find anything by grepping for the constants defined in Do you think it makes sense to add a comment in |
I can't see how that would hurt :) Please go ahead! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we also need to extend the existing e2e fragment tracking test (K8sServicesTest Checks service across nodes Supports IPv4 fragments
) to ensure we don't miss events or count them several times.
I went for the latter and moved |
I should have addressed all the comments, beside e2e testing (looking into now). For the The other 2 cases are a bit more tricky as they require to:
|
I think you want |
test-me-please |
Surely there are libraries for creating packets in go? Otherwise, stick to
We can't destroy the map since the program uses it, we can't freeze it after it's been created. We use the |
test-me-please |
On a positive note, this pull request seems to fix #13931 in the dev. VM 🎉 |
(@brb I re-requested your review as for some reason the approval for cilium/agent is still missing 🤔) |
I backported the four commits related to
I'm not adding backport labels considering the metric introduced in this PR wasn't backported. |
This commit introduces 2 new metrics in the datapath logic related to
fragmented IPv4 packets:
REASON_FRAG_PACKET
: number of received fragmented packetsREASON_FRAG_PACKET_UPDATE
: number of failures in updating theIPV4_FRAG_DATAGRAMS_MAP
map to register the first logical fragment ofa datagram
Regarding testing: I did a smoke test by running
make build_all
and I'm now waiting for e2e tests to finish