NETOBSERV-1478: Add eBPF Agent flows filtering capability

Signed-off-by: Mohamed Mahmoud <[email protected]>

apis/flowcollector/v1beta1/flowcollector_types.go

@@ -19,6 +19,7 @@ import (
 	ascv2 "k8s.io/api/autoscaling/v2"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
 )
 
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
@@ -166,6 +167,66 @@ type EBPFMetrics struct {
 	Enable *bool `json:"enable,omitempty"`
 }
 
+// FlowFilterConfig defines the configuration of the flow filter.
+type FlowFilterConfig struct {
+	// FlowFilterIPCIDR defines the IP CIDR to filter flows by.
+	// Example: 10.10.10.0/24 or 100:100:100:100::/64
+	FlowFilterIPCIDR string `json:"cidr,omitempty"`
+
+	// FlowFilterAction defines the action to perform on the flows that match the filter.
+	// +kubebuilder:validation:Enum:="Accept";"Reject"
+	FlowFilterAction string `json:"action,omitempty"`
+
+	// FlowFilterProtocol defines the protocol to filter flows by.
+	// +kubebuilder:validation:Enum:="TCP";"UDP";"ICMP";"ICMPv6";"SCTP"
+	// +optional
+	FlowFilterProtocol string `json:"protocol,omitempty"`
+
+	// FlowFilterDirection defines the direction to filter flows by.
+	// +kubebuilder:validation:Enum:="Ingress";"Egress"
+	// +optional
+	FLowFilterDirection string `json:"direction,omitempty"`
+
+	// FlowFilterSourcePorts defines the source ports to filter flows by.
+	// To filter a single port, set a single port as an integer value. For example sourcePorts: 80.
+	// To filter a range of ports, use a "start-end" range, string format. For example sourcePorts: "80-100".
+	// +optional
+	FlowFilterSourcePorts intstr.IntOrString `json:"sourcePorts,omitempty"`
+
+	// FlowFilterDestPorts defines the destination ports to filter flows by.
+	// To filter a single port, set a single port as an integer value. For example destPorts: 80.
+	// To filter a range of ports, use a "start-end" range, string format. For example destPorts: "80-100".
+	// +optional
+	FlowFilterDestPorts intstr.IntOrString `json:"destPorts,omitempty"`
+
+	// FlowFilterPorts defines the ports to filter flows by. it can be user for either source or destination ports.
+	// To filter a single port, set a single port as an integer value. For example ports: 80.
+	// To filter a range of ports, use a "start-end" range, string format. For example ports: "80-10
+	FlowFilterPorts intstr.IntOrString `json:"ports,omitempty"`
+
+	// FlowFilterPeerIPAddress defines the IP address to filter flows by.
+	// Example: 10.10.10.10
+	// +optional
+	FlowFilterPeerIPAddress string `json:"peerIPAddress,omitempty"`
+
+	// FlowFilterICMPType defines the ICMP type to filter flows by.
+	// +optional
+	FlowFilterICMPType *int `json:"icmpType,omitempty"`
+
+	// FlowFilterICMPCode defines the ICMP code to filter flows by.
+	// +optional
+	FlowFilterICMPCode *int `json:"icmpCode,omitempty"`
+}
+
+// `EBPFFlowFilter` defines the desired eBPF agent configuration regarding flow filtering
+type EBPFFlowFilter struct {
+	// Set `enable` to `true` to enable eBPF flow filtering feature.
+	Enable *bool `json:"enable,omitempty"`
+
+	// `config` defines the configuration of the flow filter.
+	Config FlowFilterConfig `json:"config,omitempty"`
+}
+
 // `FlowCollectorEBPF` defines a FlowCollector that uses eBPF to collect the flows information
 type FlowCollectorEBPF struct {
 	// Important: Run "make generate" to regenerate code after modifying this file
@@ -251,6 +312,10 @@ type FlowCollectorEBPF struct {
 	// `metrics` defines the eBPF agent configuration regarding metrics
 	// +optional
 	Metrics EBPFMetrics `json:"metrics,omitempty"`
+
+	// `flowFilter` defines the eBPF agent configuration regarding flow filtering
+	// +optional
+	FlowFilter *EBPFFlowFilter `json:"flowFilter,omitempty"`
 }
 
 // `FlowCollectorKafka` defines the desired Kafka config of FlowCollector

apis/flowcollector/v1beta2/flowcollector_types.go

@@ -19,6 +19,7 @@ import (
 	ascv2 "k8s.io/api/autoscaling/v2"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
 )
 
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
@@ -173,6 +174,66 @@ type EBPFMetrics struct {
 	Enable *bool `json:"enable,omitempty"`
 }
 
+// FlowFilterConfig defines the configuration of the flow filter.
+type FlowFilterConfig struct {
+	// FlowFilterIPCIDR defines the IP CIDR to filter flows by.
+	// Example: 10.10.10.0/24 or 100:100:100:100::/64
+	FlowFilterIPCIDR string `json:"cidr,omitempty"`
+
+	// FlowFilterAction defines the action to perform on the flows that match the filter.
+	// +kubebuilder:validation:Enum:="Accept";"Reject"
+	FlowFilterAction string `json:"action,omitempty"`
+
+	// FlowFilterProtocol defines the protocol to filter flows by.
+	// +kubebuilder:validation:Enum:="TCP";"UDP";"ICMP";"ICMPv6";"SCTP"
+	// +optional
+	FlowFilterProtocol string `json:"protocol,omitempty"`
+
+	// FlowFilterDirection defines the direction to filter flows by.
+	// +kubebuilder:validation:Enum:="Ingress";"Egress"
+	// +optional
+	FLowFilterDirection string `json:"direction,omitempty"`
+
+	// FlowFilterSourcePorts defines the source ports to filter flows by.
+	// To filter a single port, set a single port as an integer value. For example sourcePorts: 80.
+	// To filter a range of ports, use a "start-end" range, string format. For example sourcePorts: "80-100".
+	// +optional
+	FlowFilterSourcePorts intstr.IntOrString `json:"sourcePorts,omitempty"`
+
+	// FlowFilterDestPorts defines the destination ports to filter flows by.
+	// To filter a single port, set a single port as an integer value. For example destPorts: 80.
+	// To filter a range of ports, use a "start-end" range, string format. For example destPorts: "80-100".
+	// +optional
+	FlowFilterDestPorts intstr.IntOrString `json:"destPorts,omitempty"`
+
+	// FlowFilterPorts defines the ports to filter flows by. it can be user for either source or destination ports.
+	// To filter a single port, set a single port as an integer value. For example ports: 80.
+	// To filter a range of ports, use a "start-end" range, string format. For example ports: "80-10
+	FlowFilterPorts intstr.IntOrString `json:"ports,omitempty"`
+
+	// FlowFilterPeerIPAddress defines the IP address to filter flows by.
+	// Example: 10.10.10.10
+	// +optional
+	FlowFilterPeerIPAddress string `json:"peerIPAddress,omitempty"`
+
+	// FlowFilterICMPType defines the ICMP type to filter flows by.
+	// +optional
+	FlowFilterICMPType *int `json:"icmpType,omitempty"`
+
+	// FlowFilterICMPCode defines the ICMP code to filter flows by.
+	// +optional
+	FlowFilterICMPCode *int `json:"icmpCode,omitempty"`
+}
+
+// `EBPFFlowFilter` defines the desired eBPF agent configuration regarding flow filtering
+type EBPFFlowFilter struct {
+	// Set `enable` to `true` to enable eBPF flow filtering feature.
+	Enable *bool `json:"enable,omitempty"`
+
+	// `config` defines the configuration of the flow filter.
+	Config FlowFilterConfig `json:"config,omitempty"`
+}
+
 // `FlowCollectorEBPF` defines a FlowCollector that uses eBPF to collect the flows information
 type FlowCollectorEBPF struct {
 	// Important: Run "make generate" to regenerate code after modifying this file
@@ -258,6 +319,10 @@ type FlowCollectorEBPF struct {
 	// `metrics` defines the eBPF agent configuration regarding metrics
 	// +optional
 	Metrics EBPFMetrics `json:"metrics,omitempty"`
+
+	// `flowFilter` defines the eBPF agent configuration regarding flow filtering
+	// +optional
+	FlowFilter *EBPFFlowFilter `json:"flowFilter,omitempty"`
 }
 
 // `FlowCollectorKafka` defines the desired Kafka config of FlowCollector