Skip to content

Commit

Permalink
Add peerCIDR flow filter config
Browse files Browse the repository at this point in the history 
Signed-off-by: Mohamed Mahmoud <[email protected]>
  • Loading branch information
@msherif1234
msherif1234 committed Jan 7, 2025
1 parent 1221edc commit b06b3ac
Show file tree
Hide file tree
Showing 8 changed files with 89 additions and 0 deletions.
4 changes: 4 additions & 0 deletions apis/flowcollector/v1beta1/flowcollector_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,10 @@ type EBPFFlowFilterRule struct {
// +optional
PeerIP string `json:"peerIP,omitempty"`

// `peerCIDR` defines the Peer IP CIDR to filter flows by.
// Examples: `10.10.10.0/24` or `100:100:100:100::/64`
PeerCIDR string `json:"peerCIDR,omitempty"`

// `icmpCode`, for Internet Control Message Protocol (ICMP) traffic, optionally defines the ICMP code to filter flows by.
// +optional
ICMPCode *int `json:"icmpCode,omitempty"`
Expand Down
2 changes: 2 additions & 0 deletions apis/flowcollector/v1beta1/zz_generated.conversion.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions apis/flowcollector/v1beta2/flowcollector_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,10 @@ type EBPFFlowFilterRule struct {
// +optional
PeerIP string `json:"peerIP,omitempty"`

// `peerCIDR` defines the Peer IP CIDR to filter flows by.
// Examples: `10.10.10.0/24` or `100:100:100:100::/64`
PeerCIDR string `json:"peerCIDR,omitempty"`

// `icmpCode`, for Internet Control Message Protocol (ICMP) traffic, optionally defines the ICMP code to filter flows by.
// +optional
ICMPCode *int `json:"icmpCode,omitempty"`
Expand Down
20 changes: 20 additions & 0 deletions bundle/manifests/flows.netobserv.io_flowcollectors.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,11 @@ spec:
description: '`icmpType`, for ICMP traffic, optionally
defines the ICMP type to filter flows by.'
type: integer
peerCIDR:
description: |-
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`
type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
Expand Down Expand Up @@ -282,6 +287,11 @@ spec:
description: '`icmpType`, for ICMP traffic, optionally
defines the ICMP type to filter flows by.'
type: integer
peerCIDR:
description: |-
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`
type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
Expand Down Expand Up @@ -4015,6 +4025,11 @@ spec:
description: '`icmpType`, for ICMP traffic, optionally
defines the ICMP type to filter flows by.'
type: integer
peerCIDR:
description: |-
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`
type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
Expand Down Expand Up @@ -4094,6 +4109,11 @@ spec:
description: '`icmpType`, for ICMP traffic, optionally
defines the ICMP type to filter flows by.'
type: integer
peerCIDR:
description: |-
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`
type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
Expand Down
20 changes: 20 additions & 0 deletions config/crd/bases/flows.netobserv.io_flowcollectors.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,11 @@ spec:
icmpType:
description: '`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.'
type: integer
peerCIDR:
description: |-
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`
type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
Expand Down Expand Up @@ -244,6 +249,11 @@ spec:
icmpType:
description: '`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.'
type: integer
peerCIDR:
description: |-
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`
type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
Expand Down Expand Up @@ -3688,6 +3698,11 @@ spec:
icmpType:
description: '`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.'
type: integer
peerCIDR:
description: |-
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`
type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
Expand Down Expand Up @@ -3753,6 +3768,11 @@ spec:
icmpType:
description: '`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.'
type: integer
peerCIDR:
description: |-
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`
type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
Expand Down
1 change: 1 addition & 0 deletions config/samples/flows_v1beta2_flowcollector.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ spec:
# rules:
# - action: Accept
# cidr: 10.128.0.1/24
# peerCIDR: 0.0.0.0/0
# ports: 6443
# protocol: TCP
# sampling: 10
Expand Down
6 changes: 6 additions & 0 deletions controllers/ebpf/agent_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -538,6 +538,9 @@ func mapFlowFilterRuleToFilter(rule *flowslatest.EBPFFlowFilterRule) ebpfconfig.
if rule.PeerIP != "" {
f.FilterPeerIP = rule.PeerIP
}
if rule.PeerCIDR != "" {
f.FilterPeerCIDR = rule.PeerCIDR
}
if rule.TCPFlags != "" {
f.FilterTCPFlags = rule.TCPFlags
}
Expand Down Expand Up @@ -573,6 +576,9 @@ func mapFlowFilterToFilter(filter *flowslatest.EBPFFlowFilter) ebpfconfig.FlowFi
if filter.PeerIP != "" {
f.FilterPeerIP = filter.PeerIP
}
if filter.PeerCIDR != "" {
f.FilterPeerCIDR = filter.PeerCIDR
}
if filter.TCPFlags != "" {
f.FilterTCPFlags = filter.TCPFlags
}
Expand Down
32 changes: 32 additions & 0 deletions docs/FlowCollector.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -490,6 +490,14 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>peerCIDR</b></td>
<td>string</td>
<td>
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>peerIP</b></td>
<td>string</td>
Expand Down Expand Up @@ -630,6 +638,14 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>peerCIDR</b></td>
<td>string</td>
<td>
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>peerIP</b></td>
<td>string</td>
Expand Down Expand Up @@ -8216,6 +8232,14 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>peerCIDR</b></td>
<td>string</td>
<td>
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>peerIP</b></td>
<td>string</td>
Expand Down Expand Up @@ -8356,6 +8380,14 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>peerCIDR</b></td>
<td>string</td>
<td>
`peerCIDR` defines the Peer IP CIDR to filter flows by.
Examples: `10.10.10.0/24` or `100:100:100:100::/64`<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>peerIP</b></td>
<td>string</td>
Expand Down

0 comments on commit b06b3ac

Please sign in to comment.