Skip to content

IP socket options (TTL / hop-limit / DSCP) — depends on prometheus/exporter-toolkit#396#1

Open
randomizedcoder wants to merge 2 commits into
masterfrom
ttl
Open

IP socket options (TTL / hop-limit / DSCP) — depends on prometheus/exporter-toolkit#396#1
randomizedcoder wants to merge 2 commits into
masterfrom
ttl

Conversation

@randomizedcoder
Copy link
Copy Markdown
Owner

@randomizedcoder randomizedcoder commented May 28, 2026

Self-review PR — opened against randomizedcoder/node_exporter:master so the diff can be reviewed in the GitHub UI before opening upstream. Depends on the toolkit-side PR landing first.

What this picks up

The IP socket-options feature being added to prometheus/exporter-toolkit in prometheus/exporter-toolkit#396. Once that PR merges and the toolkit cuts a new release, node_exporter just needs to bump its exporter-toolkit dependency and the three new flags appear in --help automatically — no node_exporter code change beyond go.mod and the README.

New surface visible to a node_exporter operator:

  • --web.ipv4-ttl / WEB_IPV4_TTL / ip_socket_config.ipv4_ttl (range 1–255)
  • --web.ipv6-hop-limit / WEB_IPV6_HOP_LIMIT / ip_socket_config.ipv6_hop_limit (range 1–255)
  • --web.dscp / WEB_DSCP / ip_socket_config.dscp (range 0–63)

Changes in this PR

File Change
docs/IP_SOCKET_CONFIG.md Already on this branch from the design phase. Canonical spec for the feature (intro, ToC, per-step DoD, summary).
README.md New section "IP socket options" with operator-facing examples and a link to docs/IP_SOCKET_CONFIG.md.
go.mod, go.sum Temporary replace github.com/prometheus/exporter-toolkit => github.com/randomizedcoder/exporter-toolkit @master so this PR is buildable + testable against the unmerged toolkit changes. Will be removed before opening the upstream PR and replaced with a require of a real released version.

Why a replace directive

The toolkit-side PR (prometheus#396 upstream) isn't merged or tagged yet. To make this PR diff reviewable on GitHub and go build runnable, we need to point exporter-toolkit at a place where the changes actually live — the fork's master, which now has the merged feature commits (via #1 on randomizedcoder/exporter-toolkit).

Before opening the actual upstream prometheus/node_exporter PR, the workflow is:

  1. Wait for prometheus/exporter-toolkit#396 to merge.
  2. Wait for a new exporter-toolkit release tag containing those commits.
  3. cd node_exporter && go mod edit -dropreplace github.com/prometheus/exporter-toolkit && go get github.com/prometheus/exporter-toolkit@<new-tag> && go mod tidy.
  4. Amend this commit, push, and open upstream.

Test plan

  • go build ./... clean against the fork-resolved toolkit.
  • ./node_exporter --help shows all three new flags with their env-var bindings.
  • Smoke tests against a running exporter (see toolkit PR Don't leak or race in FreeBSD devstat collector prometheus/node_exporter#396 for the full end-to-end verification — all four config paths (flag/env/YAML/precedence) plus both validation paths confirmed).

Design doc

docs/IP_SOCKET_CONFIG.md is the canonical spec — security rationale, configuration surface, step-by-step plan with Definition of Done per step, platform support matrix, and a companion-doc link to the toolkit-side brief.

🤖 Generated with Claude Code

@randomizedcoder
docs: add design spec for IP socket options (TTL, hop-limit, DSCP)
9bc3de6 
Primary design spec for a defense-in-depth + QoS feature: clamp the
IPv4 TTL / IPv6 Hop Limit and set DSCP on packets leaving the
exporter's listening socket. Includes motivation, configuration
surface, step-by-step implementation plan with Definition-of-Done per
step, platform support matrix, and test coverage matrix.

The implementation lives upstream in github.com/prometheus/exporter-toolkit
so every toolkit-using exporter benefits. node_exporter picks up the
new flags automatically once it bumps go.mod.

Signed-off-by: randomizedcoder dave.seddon.ca@gmail.com <dave.seddon.ca@gmail.com>
@randomizedcoder
README + go.mod for IP socket-options (pre-release testing)
c266744 
Picks up the IP socket-options feature (TTL, IPv6 Hop Limit, DSCP) from
prometheus/exporter-toolkit -- the toolkit-side change is currently open
upstream at prometheus/exporter-toolkit#396.

Changes:
  * README.md: new section "IP socket options" with operator-facing
    examples and a link to docs/IP_SOCKET_CONFIG.md (the canonical
    design spec, already on this branch from the design phase).
  * go.mod: temporary `replace` directive pointing at the fork's
    exporter-toolkit master so node_exporter can be built and tested
    against the unmerged toolkit changes.

The replace directive is for self-review and pre-release testing only.
Before opening the upstream node_exporter PR, the replace will be
removed and the require line will be bumped to point at a real tagged
exporter-toolkit version (whichever tag includes the upstream PR's
merged commits).

The three new flags (--web.ipv4-ttl, --web.ipv6-hop-limit, --web.dscp)
appear in `node_exporter --help` automatically via kingpinflag.AddFlags
in the toolkit; no node_exporter code change needed beyond go.mod and
the README link.

Signed-off-by: randomizedcoder dave.seddon.ca@gmail.com <dave.seddon.ca@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@randomizedcoder