Documentation on how packetparser avoids double-counting

[andreev-io]

Is your feature request related to a problem? Please describe. Retina's packetparser plugin loads 4 tc BPF programs, assuming there is one container on a node: endpoint_ingress (outer veth's ingress hook), endpoint_egress (outer veth's egress hook), netdev_ingress (eth0's ingress hook), netdev_egress (eth0's egress hook). Per my mental model, a packet sent from the container to the outer world will be seen by both endpoint_ingress and netdev_egress and written to the perf buffer twice. In my understanding, there is no userspace filtering that removes samples based on their sampling point.

Describe the solution you'd like In my experiments, Retina did not double-count packets. Could you please provide documentation on how you avoid double-counting despite the same packets being observed by potentially multiple measurement points?

Describe alternatives you've considered N/A

Additional context N/A

[anubhabMajumdar]

Sorry for late reply. @andreev-io Can you provide some details around how you conducted the experiment? We currently don't have a mechanism to filter flows based on observation point, so metrics should double count them for now.