[FR] FR-38: Support l7 protocol to obtain accurate throughput and delay data in the TCP segmentation scenario

[wenhuwang]

Search before asking

• [X] I had searched in the issues and found no similar feature requirement.

Description

The current version of the deepflow-agent can't identify whether the network packets belong to the same mysql response after tcp segmentation, and according to the characteristic that the ACK numbers of all response packets corresponding to the same request in the TCP protocol are the same, we can use the TCP ack number field to aggregate data related to network packets of the same response, including but not limited to throughput, delay, etc.

Use case

Obtain the throughput and delay data of the l7 protocol based on the request response

Related issues

No response

Are you willing to submit a PR?

• [ ] Yes I am willing to submit a PR!

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[sharang]

We have thought of a method where we can first locate TCP Flows with high traffic (based on byte_rx, byte_tx, etc.) in the flow log (l4_flow_log) list. After clicking on one flow log, all the request logs within this TCP flow will be displayed in the request log (l7_flow_log) list below.

This approach avoids reliance on complex TCP segmentation reassembly. The reassembly consumes more resources and the benefits obtained are not significant.

@liqian1834 will attempt to create such a Dashboard.