Merging upstream version 1.43.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 197 insertions, 0 deletions

diff --git a/collectors/ebpf.plugin/integrations/ebpf_socket.md b/collectors/ebpf.plugin/integrations/ebpf_socket.md
new file mode 100644
index 000000000..3d621f439
--- /dev/null
+++ b/collectors/ebpf.plugin/integrations/ebpf_socket.md
@@ -0,0 +1,197 @@
+<!--startmeta
+custom_edit_url: "https://github.com/netdata/netdata/edit/master/collectors/ebpf.plugin/integrations/ebpf_socket.md"
+meta_yaml: "https://github.com/netdata/netdata/edit/master/collectors/ebpf.plugin/metadata.yaml"
+sidebar_label: "eBPF Socket"
+learn_status: "Published"
+learn_rel_path: "Data Collection/eBPF"
+message: "DO NOT EDIT THIS FILE DIRECTLY, IT IS GENERATED BY THE COLLECTOR'S metadata.yaml FILE"
+endmeta-->
+
+# eBPF Socket
+
+
+<img src="https://netdata.cloud/img/ebpf.jpg" width="150"/>
+
+
+Plugin: ebpf.plugin
+Module: socket
+
+<img src="https://img.shields.io/badge/maintained%20by-Netdata-%2300ab44" />
+
+## Overview
+
+Monitor bandwidth consumption per application for protocols TCP and UDP.
+
+Attach tracing (kprobe, trampoline) to internal kernel functions according options used to compile kernel.
+
+This collector is only supported on the following platforms:
+
+- Linux
+
+This collector supports collecting metrics from multiple instances of this integration, including remote instances.
+
+The plugin needs setuid because it loads data inside kernel. Netada sets necessary permission during installation time.
+
+### Default Behavior
+
+#### Auto-Detection
+
+The plugin checks kernel compilation flags (CONFIG_KPROBES, CONFIG_BPF, CONFIG_BPF_SYSCALL, CONFIG_BPF_JIT) and presence of BTF files to decide which eBPF program will be attached.
+
+#### Limits
+
+The default configuration for this integration does not impose any limits on data collection.
+
+#### Performance Impact
+
+This thread will add overhead every time that an internal kernel function monitored by this thread is called. The estimated additional period of time is between 90-200ms per call on kernels that do not have BTF technology.
+
+
+## Metrics
+
+Metrics grouped by *scope*.
+
+The scope defines the instance that the metric belongs to. An instance is uniquely identified by a set of labels.
+
+
+
+### Per eBPF Socket instance
+
+These metrics show total number of calls to functions inside kernel.
+
+This scope has no labels.
+
+Metrics:
+
+| Metric | Dimensions | Unit |
+|:------|:----------|:----|
+| ip.inbound_conn | connection_tcp | connections/s |
+| ip.tcp_outbound_conn | received | connections/s |
+| ip.tcp_functions | received, send, closed | calls/s |
+| ip.total_tcp_bandwidth | received, send | kilobits/s |
+| ip.tcp_error | received, send | calls/s |
+| ip.tcp_retransmit | retransmited | calls/s |
+| ip.udp_functions | received, send | calls/s |
+| ip.total_udp_bandwidth | received, send | kilobits/s |
+| ip.udp_error | received, send | calls/s |
+
+### Per apps
+
+These metrics show grouped information per apps group.
+
+This scope has no labels.
+
+Metrics:
+
+| Metric | Dimensions | Unit |
+|:------|:----------|:----|
+| apps.outbound_conn_v4 | a dimension per app group | connections/s |
+| apps.outbound_conn_v6 | a dimension per app group | connections/s |
+| apps.total_bandwidth_sent | a dimension per app group | kilobits/s |
+| apps.total_bandwidth_recv | a dimension per app group | kilobits/s |
+| apps.bandwidth_tcp_send | a dimension per app group | calls/s |
+| apps.bandwidth_tcp_recv | a dimension per app group | calls/s |
+| apps.bandwidth_tcp_retransmit | a dimension per app group | calls/s |
+| apps.bandwidth_udp_send | a dimension per app group | calls/s |
+| apps.bandwidth_udp_recv | a dimension per app group | calls/s |
+| services.net_conn_ipv4 | a dimension per systemd service | connections/s |
+
+### Per cgroup
+
+
+
+This scope has no labels.
+
+Metrics:
+
+| Metric | Dimensions | Unit |
+|:------|:----------|:----|
+| cgroup.net_conn_ipv4 | connected_v4 | connections/s |
+| cgroup.net_conn_ipv6 | connected_v6 | connections/s |
+| cgroup.net_bytes_recv | received | calls/s |
+| cgroup.net_bytes_sent | sent | calls/s |
+| cgroup.net_tcp_recv | received | calls/s |
+| cgroup.net_tcp_send | sent | calls/s |
+| cgroup.net_retransmit | retransmitted | calls/s |
+| cgroup.net_udp_send | sent | calls/s |
+| cgroup.net_udp_recv | received | calls/s |
+| services.net_conn_ipv6 | a dimension per systemd service | connections/s |
+| services.net_bytes_recv | a dimension per systemd service | kilobits/s |
+| services.net_bytes_sent | a dimension per systemd service | kilobits/s |
+| services.net_tcp_recv | a dimension per systemd service | calls/s |
+| services.net_tcp_send | a dimension per systemd service | calls/s |
+| services.net_tcp_retransmit | a dimension per systemd service | calls/s |
+| services.net_udp_send | a dimension per systemd service | calls/s |
+| services.net_udp_recv | a dimension per systemd service | calls/s |
+
+
+
+## Alerts
+
+There are no alerts configured by default for this integration.
+
+
+## Setup
+
+### Prerequisites
+
+#### Compile kernel
+
+Check if your kernel was compiled with necessary options (CONFIG_KPROBES, CONFIG_BPF, CONFIG_BPF_SYSCALL, CONFIG_BPF_JIT) in `/proc/config.gz` or inside /boot/config file. Some cited names can be different accoring preferences of Linux distributions.
+When you do not have options set, it is necessary to get the kernel source code from https://kernel.org or a kernel package from your distribution, this last is preferred. The kernel compilation has a well definedd pattern, but distributions can deliver their configuration files
+with different names.
+
+Now follow steps:
+1. Copy the configuration file to /usr/src/linux/.config.
+2. Select the necessary options: make oldconfig
+3. Compile your kernel image: make bzImage
+4. Compile your modules: make modules
+5. Copy your new kernel image for boot loader directory
+6. Install the new modules: make modules_install
+7. Generate an initial ramdisk image (`initrd`) if it is necessary.
+8. Update your boot loader
+
+
+
+### Configuration
+
+#### File
+
+The configuration file name for this integration is `ebpf.d/network.conf`.
+
+
+You can edit the configuration file using the `edit-config` script from the
+Netdata [config directory](https://github.com/netdata/netdata/blob/master/docs/configure/nodes.md#the-netdata-config-directory).
+
+```bash
+cd /etc/netdata 2>/dev/null || cd /opt/netdata/etc/netdata
+sudo ./edit-config ebpf.d/network.conf
+```
+#### Options
+
+All options are defined inside section `[global]`. Options inside `network connections` are ignored for while.
+
+
+<details><summary>Config options</summary>
+
+| Name | Description | Default | Required |
+|:----|:-----------|:-------|:--------:|
+| update every | Data collection frequency. | 5 | False |
+| ebpf load mode | Define whether plugin will monitor the call (`entry`) for the functions or it will also monitor the return (`return`). | entry | False |
+| apps | Enable or disable integration with apps.plugin | no | False |
+| cgroups | Enable or disable integration with cgroup.plugin | no | False |
+| bandwidth table size | Number of elements stored inside hash tables used to monitor calls per PID. | 16384 | False |
+| ipv4 connection table size | Number of elements stored inside hash tables used to monitor calls per IPV4 connections. | 16384 | False |
+| ipv6 connection table size | Number of elements stored inside hash tables used to monitor calls per IPV6 connections. | 16384 | False |
+| udp connection table size | Number of temporary elements stored inside hash tables used to monitor UDP connections. | 4096 | False |
+| ebpf type format | Define the file type to load an eBPF program. Three options are available: `legacy` (Attach only `kprobe`), `co-re` (Plugin tries to use `trampoline` when available), and `auto` (plugin check OS configuration before to load). | auto | False |
+| ebpf co-re tracing | Select the attach method used by plugin when `co-re` is defined in previous option. Two options are available: `trampoline` (Option with lowest overhead), and `probe` (the same of legacy code). | trampoline | False |
+| maps per core | Define how plugin will load their hash maps. When enabled (`yes`) plugin will load one hash table per core, instead to have centralized information. | yes | False |
+| lifetime | Set default lifetime for thread when enabled by cloud. | 300 | False |
+
+</details>
+
+#### Examples
+There are no configuration examples.
+
+