Support IPv6 for egress metrics

[terassyi]

This PR adds a IPv6 support for following egress related metrics.

• coil_egress_nftables_masqueraded_packets_total
• coil_egress_nftables_masqueraded_bytes_total
• coil_egress_nftables_invalid_packets_total
• coil_egress_nftables_invalid_bytes_total

I introduced a new label named protocol for these metrics, which can take ipv4 or ipv6.

Signed-off-by: terashima [email protected]

[terassyi]

We can get metrics like this.

kubectl -n internet exec -it egress-697d96cf57-k24hm -- curl http://localhost:8080/metrics | grep nftables
# HELP coil_egress_nftables_invalid_bytes_total the number of bytes that are dropped as invalid packets by nftables
# TYPE coil_egress_nftables_invalid_bytes_total gauge
coil_egress_nftables_invalid_bytes_total{egress="egress",namespace="internet",pod="egress-697d96cf57-k24hm",protocol="ipv4"} 0
coil_egress_nftables_invalid_bytes_total{egress="egress",namespace="internet",pod="egress-697d96cf57-k24hm",protocol="ipv6"} 0
# HELP coil_egress_nftables_invalid_packets_total the number of packets that are dropped as invalid packets by nftables
# TYPE coil_egress_nftables_invalid_packets_total gauge
coil_egress_nftables_invalid_packets_total{egress="egress",namespace="internet",pod="egress-697d96cf57-k24hm",protocol="ipv4"} 0
coil_egress_nftables_invalid_packets_total{egress="egress",namespace="internet",pod="egress-697d96cf57-k24hm",protocol="ipv6"} 0
# HELP coil_egress_nftables_masqueraded_bytes_total the number of bytes that are masqueraded by nftables
# TYPE coil_egress_nftables_masqueraded_bytes_total gauge
coil_egress_nftables_masqueraded_bytes_total{egress="egress",namespace="internet",pod="egress-697d96cf57-k24hm",protocol="ipv4"} 60
coil_egress_nftables_masqueraded_bytes_total{egress="egress",namespace="internet",pod="egress-697d96cf57-k24hm",protocol="ipv6"} 640
# HELP coil_egress_nftables_masqueraded_packets_total the number of packets that are masqueraded by nftables
# TYPE coil_egress_nftables_masqueraded_packets_total gauge
coil_egress_nftables_masqueraded_packets_total{egress="egress",namespace="internet",pod="egress-697d96cf57-k24hm",protocol="ipv4"} 1
coil_egress_nftables_masqueraded_packets_total{egress="egress",namespace="internet",pod="egress-697d96cf57-k24hm",protocol="ipv6"} 8

[Copilot]

Pull Request Overview

This PR enhances egress metrics by adding IPv6 support and a new protocol label on existing nftables metrics, enabling separate tracking for IPv4 and IPv6.

• Add a protocol label to all masquerade and invalid packet/byte metrics.
• Extend NewEgressCollector to accept a list of protocols and instantiate per-protocol metric collectors.
• Introduce stringToTableFamily helper and update NAT/invalid counter methods to select IPv4 or IPv6 tables.
• Update the CLI runner to detect local IPs and pass supported protocols; update docs to include protocol column.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
v2/pkg/metrics/egress.go	Updated metric definitions, collector logic, helper
v2/cmd/coil-egress/sub/run.go	Pass detected protocols to the collector
docs/cmd-coil-egress.md	Documented new protocol label

Comments suppressed due to low confidence (3)

v2/pkg/metrics/egress.go:23

• Typo in metric and variable name: ‘Connctrack’ should be ‘Conntrack’ (e.g. NfConntrackCount) for clarity and consistency.

NfConnctrackCount = prometheus.NewGaugeVec(prometheus.GaugeOpts{

v2/cmd/coil-egress/sub/run.go:40

• Update registration to match the corrected metric name ‘NfConntrackCount’ after fixing the typo in the variable.

metrics.Registry.MustRegister(egressMetrics.NfConnctrackCount)

v2/pkg/metrics/egress.go:217

• Add unit tests for stringToTableFamily and the protocol-specific branches in getNfTablesNATCounter/getNfTablesInvalidCounter to verify IPv6 behavior.

func stringToTableFamily(protocol string) (nftables.TableFamily, error) {

[yokaze]

LGTM!