nginx-ipng-stats-plugin

ipng/nginx-ipng-stats-plugin

Fork 0

Commit Graph

Author	SHA1	Message	Date
Pim van Pelt	59f3deef66	PRE-RELEASE v0.6.0 Describe the ipng_stats_logtail UDP feature in debian/control alongside the per-VIP / per-device counter description, so the package metadata reflects what the module actually ships. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-18 15:31:31 +02:00
Pim van Pelt	055cf9f830	Update docs and header comments for the IP_PKTINFO attribution model The SO_BINDTODEVICE → IP_PKTINFO switch in the previous commit was a semantic change: the module no longer touches outgoing routing at all, and several places in the docs and the module's top-of-file comment still described the old mechanism. - README.md and debian/control now describe attribution as reading the ingress ifindex per connection from the kernel's IP_PKTINFO / IPV6_PKTINFO cmsg, and explicitly call out that the DSR / maglev return-path constraint is what makes the change necessary. - docs/design.md FR-1.1 / FR-1.5 / FR-1.6 are rewritten to forbid SO_BINDTODEVICE and to describe the cmsg-based lookup. NFR-6.1 notes these are ordinary unprivileged socket options. The "Components" / "Composes With" sections and the "Alternatives Considered" entry are brought in line — and a new entry records SO_BINDTODEVICE as a rejected alternative with the exact failure mode seen on an IPng production box. - docs/config-guide.md already carried the new description; unchanged here. - src/ngx_http_ipng_stats_module.c's top-level block comment is rewritten to match; the section header above init_module goes from "rebind listen sockets with SO_BINDTODEVICE" to "enable IP_PKTINFO on listen sockets, resolve ifindexes". Three SO_BINDTODEVICE mentions deliberately remain in the source and one in the design doc's alternatives table — all of them explain that the module avoids the option, which is itself load-bearing documentation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-18 15:16:10 +02:00
Pim van Pelt	5a7e2f77f1	Add ngx_http_ipng_stats_module: per-VIP, per-device traffic counters Full implementation of the nginx dynamic module with: - SO_BINDTODEVICE-based per-interface traffic attribution - Per-worker lock-free counters flushed to shared memory - Prometheus text and JSON scrape endpoint at configurable location - UDP-only global logtail (ipng_stats_logtail) for fire-and-forget access log streaming - $ipng_source_tag nginx variable for use in log_format/map - Histogram buckets, EWMA rate gauges, zone meta-metrics - Debian packaging (libnginx-mod-http-ipng-stats) - Robot Framework end-to-end tests via containerlab - SPDX Apache-2.0 headers on all source files	2026-04-16 17:41:23 +02:00

Author

SHA1

Message

Date

Pim van Pelt

59f3deef66

PRE-RELEASE v0.6.0

Describe the ipng_stats_logtail UDP feature in debian/control alongside
the per-VIP / per-device counter description, so the package metadata
reflects what the module actually ships.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-18 15:31:31 +02:00

Pim van Pelt

055cf9f830

Update docs and header comments for the IP_PKTINFO attribution model

The SO_BINDTODEVICE → IP_PKTINFO switch in the previous commit
was a semantic change: the module no longer touches outgoing
routing at all, and several places in the docs and the module's
top-of-file comment still described the old mechanism.

- README.md and debian/control now describe attribution as
  reading the ingress ifindex per connection from the kernel's
  IP_PKTINFO / IPV6_PKTINFO cmsg, and explicitly call out that
  the DSR / maglev return-path constraint is what makes the
  change necessary.
- docs/design.md FR-1.1 / FR-1.5 / FR-1.6 are rewritten to
  forbid SO_BINDTODEVICE and to describe the cmsg-based lookup.
  NFR-6.1 notes these are ordinary unprivileged socket options.
  The "Components" / "Composes With" sections and the
  "Alternatives Considered" entry are brought in line — and a
  new entry records SO_BINDTODEVICE as a rejected alternative
  with the exact failure mode seen on an IPng production box.
- docs/config-guide.md already carried the new description;
  unchanged here.
- src/ngx_http_ipng_stats_module.c's top-level block comment is
  rewritten to match; the section header above init_module goes
  from "rebind listen sockets with SO_BINDTODEVICE" to "enable
  IP_PKTINFO on listen sockets, resolve ifindexes".

Three SO_BINDTODEVICE mentions deliberately remain in the source
and one in the design doc's alternatives table — all of them
explain that the module *avoids* the option, which is itself
load-bearing documentation.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-18 15:16:10 +02:00

Pim van Pelt

5a7e2f77f1

Add ngx_http_ipng_stats_module: per-VIP, per-device traffic counters

Full implementation of the nginx dynamic module with:
- SO_BINDTODEVICE-based per-interface traffic attribution
- Per-worker lock-free counters flushed to shared memory
- Prometheus text and JSON scrape endpoint at configurable location
- UDP-only global logtail (ipng_stats_logtail) for fire-and-forget
  access log streaming
- $ipng_source_tag nginx variable for use in log_format/map
- Histogram buckets, EWMA rate gauges, zone meta-metrics
- Debian packaging (libnginx-mod-http-ipng-stats)
- Robot Framework end-to-end tests via containerlab
- SPDX Apache-2.0 headers on all source files

2026-04-16 17:41:23 +02:00

3 Commits