Skip to content

Commit 927d6ab

Browse files
l1b0kl1b0k
committed
add ct full logging
Signed-off-by: l1b0k <[email protected]>
1 parent 2d9c337 commit 927d6ab

File tree

1 file changed

+51
-0
lines changed

1 file changed

+51
-0
lines changed

Diff for: policy/cilium/0033-logging.patch

+51
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2+
From: l1b0k <[email protected]>
3+
Date: Mon, 14 Oct 2024 16:33:42 +0800
4+
Subject: logging
5+
6+
Signed-off-by: l1b0k <[email protected]>
7+
---
8+
pkg/maps/ctmap/ctmap.go | 19 +++++++++++++------
9+
1 file changed, 13 insertions(+), 6 deletions(-)
10+
11+
diff --git a/pkg/maps/ctmap/ctmap.go b/pkg/maps/ctmap/ctmap.go
12+
index 868871811b..052cab28e9 100644
13+
--- a/pkg/maps/ctmap/ctmap.go
14+
+++ b/pkg/maps/ctmap/ctmap.go
15+
@@ -496,6 +496,13 @@ func doGC4(m *Map, filter *GCFilter) gcStats {
16+
globalDeleteLock[m.mapType].Lock()
17+
stats.dumpError = m.DumpReliablyWithCallback(filterCallback, stats.DumpStats)
18+
globalDeleteLock[m.mapType].Unlock()
19+
+
20+
+ log.Infof("gc map %s id %d max %d deleted %d alived %d", m.Name(), m.InnerID, m.MaxEntries, stats.deleted, stats.aliveEntries)
21+
+ cur := stats.aliveEntries + stats.deleted
22+
+ if float64(cur)/float64(m.MaxEntries) >= 0.9 {
23+
+ log.Infof("ConntrackFull table %s current %d maxEntries %d", m.Name(), cur, m.MaxEntries)
24+
+ }
25+
+
26+
return stats
27+
}
28+
29+
@@ -566,13 +573,13 @@ func GC(m *Map, filter *GCFilter) int {
30+
// The consumer of the buffer invokes the function.
31+
//
32+
// The SNAT is being used for the following cases:
33+
-// 1. By NodePort BPF on an intermediate node before fwd'ing request from outside
34+
+// 1. By NodePort BPF on an intermediate node before fwd'ing request from outside
35+
// to a destination node.
36+
-// 2. A packet from local endpoint sent to outside (BPF-masq).
37+
-// 3. A packet from a host local application (i.e. running in the host netns)
38+
-// This is needed to prevent SNAT from hijacking such connections.
39+
-// 4. By DSR on a backend node to SNAT responses with service IP+port before
40+
-// sending to a client.
41+
+// 2. A packet from local endpoint sent to outside (BPF-masq).
42+
+// 3. A packet from a host local application (i.e. running in the host netns)
43+
+// This is needed to prevent SNAT from hijacking such connections.
44+
+// 4. By DSR on a backend node to SNAT responses with service IP+port before
45+
+// sending to a client.
46+
//
47+
// In the case of 1-3, we always create a CT_EGRESS CT entry. This allows the
48+
// CT GC to remove corresponding SNAT entries. In the case of 4, will create
49+
--
50+
2.47.0
51+

0 commit comments

Comments
 (0)