Idea #3826
Updated by Tom Clegg over 9 years ago
cgroups doesn't provide a nice way to monitor network usage, but we can use iptables to set up accounting rules to monitor network usage for the docker virtual network device. Figure out how to do that. (TC) sysfs provides seems to provide an easy way to get traffic statistics. I tried this in a docker container, after doing a few pings: <pre> # head /sys/devices/virtual/net/*/statistics/*_bytes ==> /sys/devices/virtual/net/eth0/statistics/rx_bytes <== 1116 ==> /sys/devices/virtual/net/eth0/statistics/tx_bytes <== 1170 ==> /sys/devices/virtual/net/lo/statistics/rx_bytes <== 168 ==> /sys/devices/virtual/net/lo/statistics/tx_bytes <== 168 </pre> This does require that we run crunchstat inside docker, instead of monitoring statistics from outside using cgroups. Fortunately this is easy and greatly simplifies crunchstat (e.g., call runtime.NumCPU() instead of reading and parsing @/sys/fs/cgroup/..../cpuset/cpus@, and read from predictable parts of @/sys@ instead of requiring the caller to specify parts of the cgroup path). <pre> docker run --volume=/usr/bin/crunchstat:/usr/bin/crunchstat ... /usr/bin/crunchstat {command...} </pre>