ipng/nginx-ipng-stats-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
055cf9f830389a42e3b162388ed28f9ab1b0d369
nginx-ipng-stats-plugin/debian/control
Pim van Pelt 055cf9f830 Update docs and header comments for the IP_PKTINFO attribution model 
The SO_BINDTODEVICE → IP_PKTINFO switch in the previous commit
was a semantic change: the module no longer touches outgoing
routing at all, and several places in the docs and the module's
top-of-file comment still described the old mechanism.

- README.md and debian/control now describe attribution as
  reading the ingress ifindex per connection from the kernel's
  IP_PKTINFO / IPV6_PKTINFO cmsg, and explicitly call out that
  the DSR / maglev return-path constraint is what makes the
  change necessary.
- docs/design.md FR-1.1 / FR-1.5 / FR-1.6 are rewritten to
  forbid SO_BINDTODEVICE and to describe the cmsg-based lookup.
  NFR-6.1 notes these are ordinary unprivileged socket options.
  The "Components" / "Composes With" sections and the
  "Alternatives Considered" entry are brought in line — and a
  new entry records SO_BINDTODEVICE as a rejected alternative
  with the exact failure mode seen on an IPng production box.
- docs/config-guide.md already carried the new description;
  unchanged here.
- src/ngx_http_ipng_stats_module.c's top-level block comment is
  rewritten to match; the section header above init_module goes
  from "rebind listen sockets with SO_BINDTODEVICE" to "enable
  IP_PKTINFO on listen sockets, resolve ifindexes".

Three SO_BINDTODEVICE mentions deliberately remain in the source
and one in the design doc's alternatives table — all of them
explain that the module *avoids* the option, which is itself
load-bearing documentation.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 15:16:10 +02:00

40 lines
1.4 KiB
Plaintext
Raw Blame History

# SPDX-License-Identifier: Apache-2.0
Source: nginx-ipng-stats-plugin
Section: httpd
Priority: optional
Maintainer: Pim van Pelt <pim@ipng.ch>
Build-Depends:
debhelper-compat (= 13),
nginx-dev,
libpcre2-dev,
zlib1g-dev,
libssl-dev
Standards-Version: 4.6.2
Homepage: https://git.ipng.ch/ipng/nginx-ipng-stats-plugin
Rules-Requires-Root: no
Package: libnginx-mod-http-ipng-stats
Architecture: any
Depends:
${misc:Depends},
${shlibs:Depends},
nginx (>= 1.26~)
Description: nginx dynamic module for per-VIP, per-device traffic counters
This package ships ngx_http_ipng_stats_module as a dynamic module
loadable into stock upstream nginx on Debian. The module records
per-VIP HTTP request counters, status code distribution, bytes in
and out, and request-duration histograms, and attributes each
request to the interface it arrived on. Counters are exposed as
Prometheus text and JSON from a single scrape endpoint.
.
Attribution is done by reading the ingress ifindex per connection
from the kernel's IP_PKTINFO / IPV6_PKTINFO cmsg; listening sockets
stay plain wildcards so outgoing packets follow the normal routing
table (which matters for DSR / maglev setups). The module adds
device= and ipng_source_tag= parameters to the nginx listen
directive, mapping interface names to source tags.
.
Typical use cases include GRE tunnel fleets, VLAN trunks, or any
deployment where traffic arrives on distinct interfaces and
per-interface observability is needed.
Reference in New Issue View Git Blame Copy Permalink