NETOBSERV-838 Group ingress+egress flows in same connection

[jpinsonneau]

This PR skip duplicates in connection tracking aggregations.

It rely on Duplicate field provided by eBPF agent

[codecov-commenter]

Codecov Report

Merging #387 (308d02b) into main (d30b115) will increase coverage by 0.04%.
The diff coverage is 100.00%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main     #387      +/-   ##
==========================================
+ Coverage   60.89%   60.94%   +0.04%     
==========================================
  Files          91       91              
  Lines        6281     6288       +7     
==========================================
+ Hits         3825     3832       +7     
  Misses       2223     2223              
  Partials      233      233              

Flag	Coverage Δ
unittests	60.94% <100.00%> (+0.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/config/generic_map.go	100.00% <100.00%> (ø)
pkg/pipeline/extract/conntrack/conntrack.go	92.25% <100.00%> (+0.05%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[jpinsonneau]

@ronensc please let me know if you are fine with that approach. The initial ticket suggested to rely on 2 hash ids but I feel it's less performant as we already have the duplicate field on flows.

[ronensc]

@jpinsonneau I agree with you that this is much simpler and elegant than the approach suggested in the ticket.
@jotak , do you remember if there was a reason why we didn't follow this path the first place?

[ronensc]

I think the call to getFlowLogDirection() could be moved under the new "if isn't duplicated"

[jpinsonneau]

sure 👍

[jpinsonneau]

flaky tests on data race => https://github.com/netobserv/flowlogs-pipeline/actions/runs/4185399722/jobs/7252391870

[ronensc]

We have ConvertToBool() that can handle cases where the type of m["Duplicate"] is not bool but is convertible to bool.

flowlogs-pipeline/pkg/pipeline/utils/convert.go

Line 220 in 3f2481e

func ConvertToBool(unk interface{}) (bool, error) {

I just noticed that ConvertToBool() is missing the trivial case bool:. If you think it's worth using ConvertToBool() here, the fix of adding the trivial case could be done in this PR as well.

[jpinsonneau]

I'm getting some conflicts when I try to import pipeline/utils:

$ make build
/home/julien/dev/flowlogs-pipeline/bin/golangci-lint-v1.50.1 run --enable goimports --enable gofmt --enable ineffassign --timeout 5m
ERRO Running error: context loading failed: failed to load packages: failed to load with go/packages: internal error: go list gives conflicting information for package github.com/netobserv/flowlogs-pipeline/pkg/config [github.com/netobserv/flowlogs-pipeline/pkg/config.test] 
make: *** [Makefile:70: lint] Error 3

Any idea ? Should we move utils outside of the pipeline package ?

[ronensc]

I think this errors implies a cyclic reference: config imports pipeline/utils and pipeline/utils imports config.
Looking at pipeline/utils files, it seems that only batcher.go has an import to config.

flowlogs-pipeline/pkg/pipeline/utils/batcher.go

Line 6 in 3f2481e

"github.com/netobserv/flowlogs-pipeline/pkg/config"

Hm... I'm not sure what would be the most proper solution in this case.

[jpinsonneau]

Yeah so we should either move away Convert* functions or batcher.go from pipeline/utils...
Or keep as is.

[ronensc]

I think I would go with the first option of moving convert.go to an "FLP-independent" utils package.

[jpinsonneau]

70514bf here we go

[jpinsonneau]

/retest

[jpinsonneau]

rebased to pass the go 1.19 e2e checks

[jotak]

@ronensc @jpinsonneau I haven't reviewed the code, but what does it mean "This PR skip duplicates in connection tracking aggregations." ? iirc we wanted to keep duplicated on purpose because it gives information about the network interfaces. But probably I don't have all the context, I will do a better review hopefully tomorrow

[jpinsonneau]

@ronensc @jpinsonneau I haven't reviewed the code, but what does it mean "This PR skip duplicates in connection tracking aggregations." ? iirc we wanted to keep duplicated on purpose because it gives information about the network interfaces. But probably I don't have all the context, I will do a better review hopefully tomorrow

Connection tracking implements aggregators (sum, count, min, max) based on its flows. However, duplicates were initially counted and the aggregators were wrong.

This PR simply skip flows containing "Duplicate": true in aggregators calculations. The duplicated flows are still part of the connection since they share the same hashId.

For performance reasons, we reuse Duplicate field from netobserv/netobserv-ebpf-agent#66

[jpinsonneau]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jpinsonneau

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jpinsonneau]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jotak]

Hmm ok this change looks good, but it doesn't address the "group ingress+egress" req, as the PR title shows, does it? Is there another PR for that?