Target hits metrics using nftables verdict map

The nftables implementation has been changed to a chain with no hook per fwmark. Another chain will catch the fwmark and jump to the counting chains.
Nordix · Nov 7, 2023 · 89a060c · 89a060c
1 parent c21ad0c
commit 89a060c
Show file tree

Hide file tree

Showing 5 changed files with 149 additions and 105 deletions.
diff --git a/docs/observability/metrics.md b/docs/observability/metrics.md
@@ -28,29 +28,20 @@ Counts number of packets that have matched a flow.
    * Stream
    * Flow
 
-### meridio.conduit.stream.target.hits.packets
+### meridio.conduit.stream.target.hits.`METRIC_TYPE`
 
-Counts number of packets that have hit a target.
+`METRIC_TYPE`: packets, bytes
 
-* Type: Counter
-* Attributes:
-   * Pod Name
-   * Trench
-   * Conduit
-   * Stream
-   * Target (identifier + IPs)
-
-### meridio.conduit.stream.target.hits.bytes
-
-Counts number of bytes that have hit a target.
+Counts number of `METRIC_TYPE` that have hit a target.
 
 * Type: Counter
 * Attributes:
    * Pod Name
    * Trench
    * Conduit
    * Stream
-   * Target (identifier + IPs)
+   * Identifier
+   * IPs
 
 ### meridio.conduit.stream.target.latency (Planned)
 

diff --git a/pkg/loadbalancer/stream/loadbalancer.go b/pkg/loadbalancer/stream/loadbalancer.go
@@ -170,11 +170,11 @@ func (lb *LoadBalancer) AddTarget(target types.Target) error {
 	if exists {
 		return errors.New("the target is already registered")
 	}
-	err := target.Configure(lb.IdentifierOffset) // TODO: avoid multiple identical ip rule entries (e.g. after container crash)
+	err := target.Configure() // TODO: avoid multiple identical ip rule entries (e.g. after container crash)
 	if err != nil {
 		lb.addPendingTarget(target)
 		returnErr := err
-		err = target.Delete(lb.IdentifierOffset)
+		err = target.Delete()
 		if err != nil {
 			return fmt.Errorf("%w; %v", err, returnErr)
 		}
@@ -184,7 +184,7 @@ func (lb *LoadBalancer) AddTarget(target types.Target) error {
 	if err != nil {
 		lb.addPendingTarget(target)
 		returnErr := err
-		err = target.Delete(lb.IdentifierOffset)
+		err = target.Delete()
 		if err != nil {
 			return fmt.Errorf("%w; %v", err, returnErr)
 		}
@@ -208,7 +208,7 @@ func (lb *LoadBalancer) RemoveTarget(identifier int) error {
 	if err != nil {
 		errFinal = fmt.Errorf("%w; %v", errFinal, err) // todo
 	}
-	err = target.Delete(lb.IdentifierOffset)
+	err = target.Delete()
 	if err != nil {
 		errFinal = fmt.Errorf("%w; %v", errFinal, err) // todo
 	}
@@ -347,7 +347,7 @@ func (lb *LoadBalancer) setTargets(targets []*nspAPI.Target) error {
 	var errFinal error
 	newTargetsMap := make(map[int]types.Target)
 	for _, target := range targets {
-		t, err := NewTarget(target, lb.netUtils, lb.targetHitsMetrics)
+		t, err := NewTarget(target, lb.netUtils, lb.targetHitsMetrics, lb.IdentifierOffset)
 		if err != nil {
 			continue
 		}

diff --git a/pkg/loadbalancer/stream/target.go b/pkg/loadbalancer/stream/target.go
@@ -33,15 +33,17 @@ type target struct {
 	nspTarget         *nspAPI.Target
 	netUtils          networking.Utils
 	identifier        int
+	identifierOffset  int
 	targetHitsMetrics *targetMetrics.HitsMetrics
 }
 
-func NewTarget(nspTarget *nspAPI.Target, netUtils networking.Utils, targetHitsMetrics *targetMetrics.HitsMetrics) (types.Target, error) {
+func NewTarget(nspTarget *nspAPI.Target, netUtils networking.Utils, targetHitsMetrics *targetMetrics.HitsMetrics, identifierOffset int) (types.Target, error) {
 	target := &target{
 		fwMarks:           []networking.FWMarkRoute{},
 		nspTarget:         nspTarget,
 		netUtils:          netUtils,
 		targetHitsMetrics: targetHitsMetrics,
+		identifierOffset:  identifierOffset,
 	}
 	if nspTarget.GetStatus() != nspAPI.Target_ENABLED {
 		return nil, errors.New("the target is not enabled")
@@ -75,11 +77,11 @@ func (t *target) Verify() bool {
 	return true
 }
 
-func (t *target) Configure(identifierOffset int) error {
+func (t *target) Configure() error {
 	if t.fwMarks == nil {
 		t.fwMarks = []networking.FWMarkRoute{}
 	}
-	offsetId := t.identifier + identifierOffset
+	offsetId := t.identifier + t.identifierOffset
 	for _, ip := range t.GetIps() {
 		var fwMark networking.FWMarkRoute
 		fwMark, err := t.netUtils.NewFWMarkRoute(ip, offsetId, offsetId)
@@ -92,7 +94,7 @@ func (t *target) Configure(identifierOffset int) error {
 	return nil
 }
 
-func (t *target) Delete(identifierOffset int) error {
+func (t *target) Delete() error {
 	if t.fwMarks == nil {
 		t.fwMarks = []networking.FWMarkRoute{}
 		return nil
@@ -105,7 +107,7 @@ func (t *target) Delete(identifierOffset int) error {
 		}
 	}
 	t.fwMarks = []networking.FWMarkRoute{}
-	offsetId := t.identifier + identifierOffset
+	offsetId := t.identifier + t.identifierOffset
 	_ = t.targetHitsMetrics.Unregister(offsetId)
 	return errFinal
 }