optimize filter sampling logic when filtering not enabled

Signed-off-by: Mohamed Mahmoud <[email protected]>
netobserv · Dec 16, 2024 · 9d72433 · 9d72433
1 parent 8c14a3f
commit 9d72433
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 14 deletions.
diff --git a/bpf/flows.c b/bpf/flows.c
@@ -79,6 +79,17 @@ static inline void update_dns(additional_metrics *extra_metrics, pkt_info *pkt,
 }
 
 static inline int flow_monitor(struct __sk_buff *skb, u8 direction) {
+    u32 filter_sampling = 0;
+
+    if (!is_filter_enabled()) {
+        if (sampling > 1 && (bpf_get_prandom_u32() % sampling) != 0) {
+            do_sampling = 0;
+            return TC_ACT_OK;
+        }
+        filter_sampling = sampling;
+        do_sampling = 1;
+    }
+
     u16 eth_protocol = 0;
     pkt_info pkt;
     __builtin_memset(&pkt, 0, sizeof(pkt));
@@ -103,21 +114,19 @@ static inline int flow_monitor(struct __sk_buff *skb, u8 direction) {
     id.direction = direction;
 
     // check if this packet need to be filtered if filtering feature is enabled
-    u32 filter_sampling = 0;
-    bool skip = check_and_do_flow_filtering(&id, pkt.flags, 0, eth_protocol, &filter_sampling);
-    if (skip) {
-        return TC_ACT_OK;
-    }
-    if (filter_sampling == 0) {
-        filter_sampling = sampling;
-    }
+    if (is_filter_enabled()) {
+        bool skip = check_and_do_flow_filtering(&id, pkt.flags, 0, eth_protocol, &filter_sampling);
+        if (skip) {
+            return TC_ACT_OK;
+        }
 
-    // If sampling is defined, will only parse 1 out of "sampling" flows
-    if (filter_sampling > 1 && (bpf_get_prandom_u32() % filter_sampling) != 0) {
-        do_sampling = 0;
-        return TC_ACT_OK;
+        // If sampling is defined, will only parse 1 out of "sampling" flows
+        if (filter_sampling > 1 && (bpf_get_prandom_u32() % filter_sampling) != 0) {
+            do_sampling = 0;
+            return TC_ACT_OK;
+        }
+        do_sampling = 1;
     }
-    do_sampling = 1;
 
     int dns_errno = 0;
     if (enable_dns_tracking) {

diff --git a/bpf/utils.h b/bpf/utils.h
@@ -174,13 +174,20 @@ static inline int fill_ethhdr(struct ethhdr *eth, void *data_end, pkt_info *pkt,
     return SUBMIT;
 }
 
+static inline bool is_filter_enabled() {
+    if (enable_flows_filtering || enable_pca) {
+        return true;
+    }
+    return false;
+}
+
 /*
  * check if flow filter is enabled and if we need to continue processing the packet or not
  */
 static inline bool check_and_do_flow_filtering(flow_id *id, u16 flags, u32 drop_reason,
                                                u16 eth_protocol, u32 *sampling) {
     // check if this packet need to be filtered if filtering feature is enabled
-    if (enable_flows_filtering || enable_pca) {
+    if (is_filter_enabled()) {
         filter_action action = ACCEPT;
         if (is_flow_filtered(id, &action, flags, drop_reason, eth_protocol, sampling) != 0 &&
             action != MAX_FILTER_ACTIONS) {

diff --git a/pkg/ebpf/bpf_arm64_bpfel.o b/pkg/ebpf/bpf_arm64_bpfel.o
diff --git a/pkg/ebpf/bpf_powerpc_bpfel.o b/pkg/ebpf/bpf_powerpc_bpfel.o
diff --git a/pkg/ebpf/bpf_s390_bpfeb.o b/pkg/ebpf/bpf_s390_bpfeb.o
diff --git a/pkg/ebpf/bpf_x86_bpfel.o b/pkg/ebpf/bpf_x86_bpfel.o