Using XDP in docker swarm to track outgoing traffic

Using XDP in docker swarm to track outgoing traffic

[Sebastião Santos Boavida Amaro]

Hi everyone,
I am trying to use XDP to track outgoing traffic from docker containers 
deployed using docker swarm and running in a network using the driver 
overlay. I am using a simple xdp program based on [1], and I run this 
program on the network namespace of the container using nsenter and 
attach it to its eth0.
However, I am only able to detect the incoming packets and not the 
outgoing ones. When running tcpdump on the container network namespace I 
can see both incoming and outgoing packets. So I am a bit confused as to 
why XDP would not detect the outgoing ones.
Does anyone know why the reason for this or a general idea as to why 
this might happen?

[1]https://github.com/iovisor/bcc/blob/master/examples/networking/xdp/xdp_drop_count.py

Best Regards,
Sebastião Amaro

Re: Using XDP in docker swarm to track outgoing traffic

[Toke Høiland-Jørgensen]

Sebastião Santos Boavida Amaro
<sebastiao.amaro@tecnico.ulisboa.pt> writes:

> Hi everyone,
> I am trying to use XDP to track outgoing traffic from docker containers 
> deployed using docker swarm and running in a network using the driver 
> overlay. I am using a simple xdp program based on [1], and I run this 
> program on the network namespace of the container using nsenter and 
> attach it to its eth0.
> However, I am only able to detect the incoming packets and not the 
> outgoing ones. When running tcpdump on the container network namespace I 
> can see both incoming and outgoing packets. So I am a bit confused as to 
> why XDP would not detect the outgoing ones.
> Does anyone know why the reason for this or a general idea as to why 
> this might happen?

Yeah, XDP only works on ingress - you'll need to use the TC hook if you
want to look at egress traffic (or attach to the veth peer outside the
container) :)

-Toke