Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NETOBSERV-1703 Add enrichment in packet capture #364

Merged
merged 2 commits into from
Jul 25, 2024
Merged

NETOBSERV-1703 Add enrichment in packet capture #364

merged 2 commits into from
Jul 25, 2024

Conversation

jpinsonneau
Copy link
Contributor

@jpinsonneau jpinsonneau commented Jul 5, 2024
edited
Loading

Description

This PR allows pcap parsing to generic map. Check CLI implementation for usage.

Dependencies

netobserv/network-observability-cli#61

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Will this change affect NetObserv / Network Observability operator? If not, you can ignore the rest of this checklist.
  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
    • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
    • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
    • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
    • Standard QE validation, with pre-merge tests unless stated otherwise.
    • Regression tests only (e.g. refactoring with no user-facing change).
    • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jul 5, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@jpinsonneau jpinsonneau mentioned this pull request Jul 5, 2024
Merged
10 tasks
@codecov Codecov
Copy link

codecov bot commented Jul 5, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 80 lines in your changes missing coverage. Please review.

Please upload report for BASE (main@434968e). Learn more about missing BASE report.
Report is 5 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #364   +/-   ##
=======================================
  Coverage        ?   32.16%           
=======================================
  Files           ?       48           
  Lines           ?     3666           
  Branches        ?        0           
=======================================
  Hits            ?     1179           
  Misses          ?     2386           
  Partials        ?      101
Flag Coverage Δ
unittests 32.16% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
pkg/agent/config.go 10.00% <ø> (ø)
pkg/agent/agent.go 35.97% <0.00%> (ø)
pkg/exporter/direct_flp.go 55.00% <0.00%> (ø)
pkg/exporter/grpc_packets.go 0.00% <0.00%> (ø)
pkg/agent/packets_agent.go 0.00% <0.00%> (ø)
pkg/utils/packets.go 0.00% <0.00%> (ø)
pkg/decode/decode_protobuf.go 24.36% <0.00%> (ø)

@jpinsonneau jpinsonneau marked this pull request as ready for review July 9, 2024 10:21
@jpinsonneau jpinsonneau requested review from jotak and msherif1234 July 9, 2024 10:21
@jpinsonneau
Copy link
Contributor Author

@eranra & @KalmanMeth you might be interested by this PR 👀

msherif1234
msherif1234 reviewed Jul 9, 2024
View reviewed changes
pkg/decode/decode_protobuf.go
} else if udpLayer := packet.Layer(layers.LayerTypeUDP); udpLayer != nil {
udp, _ := udpLayer.(*layers.UDP)
out["SrcPort"] = udp.SrcPort.String()
out["DstPort"] = udp.DstPort.String()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you are missing SCTP protocol support

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure I can add it !

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

b39afec

msherif1234
msherif1234 reviewed Jul 9, 2024
View reviewed changes
pkg/decode/decode_protobuf.go
out["IcmpCode"] = icmpv6.TypeCode.Code()
}

if dnsLayer := packet.Layer(layers.LayerTypeDNS); dnsLayer != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we allow DNS in packet capture mode ? pca code doesn't enable any feature including DNS

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We capture any packets as far as I saw

image

msherif1234
msherif1234 reviewed Jul 9, 2024
View reviewed changes
pkg/decode/decode_protobuf.go

out["Bytes"] = len(pr.Stream)
// Data is base64 encoded to avoid marshal / unmarshal issues
out["Data"] = base64.StdEncoding.EncodeToString(packet.Data())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this efficient I didn't look for any better alternative did u get a chance to explore other options ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm considering to update the gRPC message to send flows and packets as two separate byte array but during the pipeline lifetime I feel that's the easiest solution.

On my local kind cluster it's super fast so for now I'm not looking deeper in this.

msherif1234
msherif1234 reviewed Jul 9, 2024
View reviewed changes
pkg/decode/decode_protobuf.go
if dnsLayer := packet.Layer(layers.LayerTypeDNS); dnsLayer != nil {
dns, _ := dnsLayer.(*layers.DNS)
out["DnsId"] = dns.ID
out["DnsFlagsResponseCode"] = dns.ResponseCode.String()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DNS enrichement not enabled with pca

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see #364 (comment)

@msherif1234
Copy link
Contributor

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Jul 9, 2024
@jpinsonneau jpinsonneau added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Jul 10, 2024
@github-actions GitHub Actions
Copy link

New image:
quay.io/netobserv/netobserv-ebpf-agent:30c0f75

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=30c0f75 make set-agent-image

@Amoghrd Amoghrd removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Jul 24, 2024
@Amoghrd
Copy link

Amoghrd commented Jul 24, 2024

/ok-to-test

@openshift-ci openshift-ci bot added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Jul 24, 2024
@github-actions GitHub Actions
Copy link

New image:
quay.io/netobserv/netobserv-ebpf-agent:95041fd

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=95041fd make set-agent-image

@Amoghrd
Copy link

Amoghrd commented Jul 24, 2024

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved QE has approved this pull request label Jul 24, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jul 25, 2024

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jpinsonneau jpinsonneau merged commit bef4343 into netobserv:main Jul 25, 2024
12 of 14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msherif1234 msherif1234 msherif1234 left review comments

@jotak jotak Awaiting requested review from jotak

Assignees

@msherif1234 msherif1234

Labels
approved lgtm ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. qe-approved QE has approved this pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jpinsonneau @msherif1234 @Amoghrd