net/tsnet: add expvar metrics for in/outbound packets

Updates tailscale/corp#22075 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-01-07 16:17:41 +00:00 · 2024-08-01 13:00:36 +02:00 · 2024-08-01 13:00:36 +02:00 · 62ed1eeb26
commit 62ed1eeb26
parent e107977f75
1 changed files with 51 additions and 1 deletions
--- a/net/tstun/wrap.go
+++ b/net/tstun/wrap.go
@ -24,6 +24,7 @@
 	"go4.org/mem"
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
 	"tailscale.com/disco"
+	"tailscale.com/metrics"
 	"tailscale.com/net/connstats"
 	"tailscale.com/net/packet"
 	"tailscale.com/net/packet/checksum"
@ -870,7 +871,6 @@ func (t *Wrapper) filterPacketOutboundToWireGuard(p *packet.Parsed, pc *peerConf
 			return res
 		}
 	}
-
 	return filter.Accept
 }

@ -924,6 +924,9 @@ func (t *Wrapper) Read(buffs [][]byte, sizes []int, offset int) (int, error) {
 		if !t.disableFilter {
 			response := t.filterPacketOutboundToWireGuard(p, pc)
 			if response != filter.Accept {
+				metricOutboundPacketsTotal.Add(trafficLabel{
+					Action: TrafficActionDropACL,
+				}, 1)
 				metricPacketOutDrop.Add(1)
 				continue
 			}
@ -951,6 +954,10 @@ func (t *Wrapper) Read(buffs [][]byte, sizes []int, offset int) (int, error) {
 		t.sendBufferConsumed()
 	}

+	metricOutboundPacketsTotal.Add(trafficLabel{
+		Action: TrafficActionAccept,
+	}, int64(len(res.data)))
+
 	t.noteActivity()
 	return buffsPos, res.err
 }
@ -1177,6 +1184,9 @@ func (t *Wrapper) Write(buffs [][]byte, offset int) (int, error) {
 		if !t.disableFilter {
 			if t.filterPacketInboundFromWireGuard(p, captHook, pc) != filter.Accept {
 				metricPacketInDrop.Add(1)
+				metricInboundPacketsTotal.Add(trafficLabel{
+					Action: TrafficActionDropACL,
+				}, 1)
 			} else {
 				buffs[i] = buff
 				i++
@ -1194,6 +1204,15 @@ func (t *Wrapper) Write(buffs [][]byte, offset int) (int, error) {
 	if len(buffs) > 0 {
 		t.noteActivity()
 		_, err := t.tdevWrite(buffs, offset)
+		if err != nil {
+			metricInboundPacketsTotal.Add(trafficLabel{
+				Action: TrafficActionDropError,
+			}, int64(len(buffs)))
+		} else {
+			metricInboundPacketsTotal.Add(trafficLabel{
+				Action: TrafficActionAccept,
+			}, int64(len(buffs)))
+		}
 		return len(buffs), err
 	}
 	return 0, nil
@ -1396,6 +1415,37 @@ func (t *Wrapper) SetStatistics(stats *connstats.Statistics) {
 	metricPacketOutDropSelfDisco = clientmetric.NewCounter("tstun_out_to_wg_drop_self_disco")
 )

+type TrafficAction string
+
+const (
+	TrafficActionAccept    TrafficAction = "accept"
+	TrafficActionDropACL   TrafficAction = "drop_acl"
+	TrafficActionDropError TrafficAction = "drop_error"
+	TrafficActionDropDst   TrafficAction = "drop_dst_unknown"
+)
+
+type trafficLabel struct {
+	// Action indicates what we have done with the packet, and has the following wvalues:
+	// - accept
+	// - drop_acl (rejected packets because of ACL)
+	// - drop_error (rejected packets because of an error)
+	// - drop_dst_unknown
+	Action TrafficAction
+}
+
+var (
+	metricInboundPacketsTotal = metrics.NewMultiLabelMap[trafficLabel](
+		"tailscaled_inbound_packets_total",
+		"counter",
+		"Counts the number of packets received by the node from other peers",
+	)
+	metricOutboundPacketsTotal = metrics.NewMultiLabelMap[trafficLabel](
+		"tailscaled_outbound_packets_total",
+		"counter",
+		"Counts the number of packets sent by the node to other peers",
+	)
+)
+
 func (t *Wrapper) InstallCaptureHook(cb capture.Callback) {
 	t.captureHook.Store(cb)
 }