-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NETOBSERV-386 IP categorization #359
Conversation
Allows to configure IP ranges and assign them any name IPs falling in those ranges are flagged with that name
func (n *Network) categorizeIP(ip net.IP) string { | ||
for _, subnetCat := range n.categories { | ||
for _, cidr := range subnetCat.cidrs { | ||
if cidr.Contains(ip) { | ||
return subnetCat.name | ||
} | ||
} | ||
} | ||
return "" | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm afraid this exhaustive search could increase noticeably the CPU usage. I'd add an lru cache implementation (like this or this) and check there the IP first.
In pseudo-golang:
func (n *Network) categorizeIP(ip net.IP) string {
if category, ok := n.cache.Get(ip); ok {
return category
}
for _, subnetCat := range n.categories {
for _, cidr := range subnetCat.cidrs {
if cidr.Contains(ip) {
n.cache.Put(ip, subnetCat.name)
return subnetCat.name
}
}
}
n.cache.Put(ip, "")
return ""
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I have the same concern and wanted to point out in the documentation (when this is implemented on operator side) that this could be disabled to save processor's resource.
But +1 about implementing a cache right now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
I took the opportunity to update a little bit TimedCache
in order to use go's time API + a couple of small stuffs
- Cache categorized IPs to avoid too much IP parsing & matching - Update TimedCache to use time API rather than int64 - Use lambda-style cleanup rather than an interface
Codecov Report
@@ Coverage Diff @@
## main #359 +/- ##
==========================================
+ Coverage 69.05% 69.23% +0.18%
==========================================
Files 88 88
Lines 5157 5204 +47
==========================================
+ Hits 3561 3603 +42
- Misses 1378 1382 +4
- Partials 218 219 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
svcNames: servicesDB, | ||
svcNames: servicesDB, | ||
categories: subnetCats, | ||
ipCatCache: utils.NewQuietExpiringTimedCache(2 * time.Minute), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this timeout be configurable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it's important to make it configurable, it won't have any impact on the results (unlike conn-tracking timeout, for instance, where timeout impacts updates granularity) - this one is really an implementation detail
|
JIRA: https://issues.redhat.com/browse/NETOBSERV-386
Allows to configure IP ranges and assign them any name
IPs falling in those ranges are flagged with that name