add example using Linux TC hook for network flow monitoring #1352
Conversation
There was a problem hiding this comment.
Thanks for this nice example! I find that examples work best when they are quite narrow in scope: they show how to do one particular thing well. What would you say is that particular thing here?
I see a couple of candidates:
- Use of TCX
- Sharing code between XDP and TC
- Subtleties of LRU maps
- Batch operations
- Something else?
My personal preference is to choose one of them and strip the example down to the essentials. For example, rework this to showcase how to use the TCX link for flow monitoring on both ingress and egress. Drop the things that increase the lines of code needed beyond that: no XDP, no map clearing, no batch ops. WDYT?
Thanks for the feedback, I'm glad to help. I totally agree with you, there are so many things showcased in this example, even though they're all interesting and expand the example section. I'd proceed with:
Let me know if I can go on this road. |
acbb091 to
8b7ca9b
Compare
8b7ca9b to
5123133
Compare
5123133 to
5e4d783
Compare
|
@S41m0n Thanks for the ping. I think Lorenz was suggesting to pick one of the items in the list to showcase in this PR. Given the focus of this example is tcx, I'd go for that one. All the other bullets can be examples of their own. I'll convert to a draft for now, please mark as ready to review when done. Thanks! |
Hi @ti-mo and thanks for the feedback. If I'm not mistaken, the second commit should have removed everything except the "Use of TCx" from the bullet list. The example now is composed by:
If you'd like to keep it even simpler, let me know :) |
5e4d783 to
3abb86c
Compare
@ti-mo @lmb With respect to the previous proposal, I think the example is now simpler, dealing with only Ingress/Egress flow monitoring through TC. What are your opinions about this? Thanks in advance for the feedback. |
|
Hi @S41m0n, sorry for the long delay. I've written up what kind of examples fit into the library here: https://ebpf-go.dev/contributing/new-example/ I think it makes sense to have an example for |
This example shows how to load an eBPF program that monitors both incoming and outgoing TCP/UDP/IP flows identified with the 5-tuple session identifier (IP addresses, L4 ports, IP protocol). The statistics are periodically displayed, and the content of the map is erased after a given number of iterations to allow potential new flows to be monitored. The common header file is updated accordingly, to introduce few shrinked data structures used during the packet processing logic (useful also for future examples). Signed-off-by: Simone Magnani <simonemagnani.96@gmail.com>
Signed-off-by: Simone Magnani <simonemagnani.96@gmail.com>
3abb86c to
7058638
Compare
@lmb That's amazing, thanks for the guide! I just simplified the example to only count ingress and egress packets, as you suggested. Let me know :) |
7058638 to
af08538
Compare
af08538 to
89277a0
Compare
Signed-off-by: Simone Magnani <simonemagnani.96@gmail.com>
89277a0 to
5ebeeeb
Compare
|
Thanks again! |
While an example program already exists for the incoming traffic hook with XDP, an example for a TC program was missing.
This example shows how to load an eBPF program that monitors both incoming and outgoing TCP/UDP/IP flows identified with the 5-tuple session identifier (IP addresses, L4 ports, IP protocol).
The statistics are periodically displayed, and the content of the map is erased after a given number of iterations to allow potential new flows to be monitored.
The common header file is updated accordingly, to introduce a few shrunk data structures used during the packet processing logic (useful also for future examples).