NETOBSERV-1617: use filter with packets capture feature

[msherif1234]

Description

add filter capability for pca feature
Example from running on Kind cluster

• build commands locally and use agent custom image

NETOBSERV_AGENT_IMAGE=quay.io/netobserv/netobserv-ebpf-agent:f525832 ./build/oc-netobserv packets --protocol="TCP" --port=443

output pcap

tcpdump -r 2024-06-27T110645Z.pcap 
reading from file 2024-06-27T110645Z.pcap, link-type EN10MB (Ethernet), snapshot length 262144
07:06:57.502363 IP 172.18.0.3.41396 > ec2-52-204-93-25.compute-1.amazonaws.com.https: Flags [P.], seq 2078794407:2078794438, ack 1312010586, win 458, options [nop,nop,TS val 3614985982 ecr 3018431589], length 31
07:06:57.502422 IP 172.18.0.3.41396 > ec2-52-204-93-25.compute-1.amazonaws.com.https: Flags [F.], seq 31, ack 1, win 458, options [nop,nop,TS val 3614985982 ecr 3018431589], length 0
07:06:57.531353 IP ec2-52-204-93-25.compute-1.amazonaws.com.https > 172.18.0.3.41396: Flags [.], ack 31, win 114, options [nop,nop,TS val 3018461620 ecr 3614985982], length 0
07:06:57.531372 IP ec2-52-204-93-25.compute-1.amazonaws.com.https > 172.18.0.3.41396: Flags [F.], seq 1, ack 32, win 114, options [nop,nop,TS val 3018461620 ecr 3614985982], length 0
07:06:57.531381 IP 172.18.0.3.41396 > ec2-52-204-93-25.compute-1.amazonaws.com.https: Flags [.], ack 2, win 458, options [nop,nop,TS val 3614986011 ecr 3018461620], length 0
07:06:58.819363 IP 172.18.0.3.37132 > ec2-44-216-66-253.compute-1.amazonaws.com.https: Flags [P.], seq 1277682538:1277682569, ack 1218593254, win 461, options [nop,nop,TS val 1795579274 ecr 783897356], length 31

Dependencies

netobserv/netobserv-ebpf-agent#359

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

[openshift-ci-robot]

@msherif1234: This pull request references NETOBSERV-1617 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

Details

In response to this:

Description

add filter capability for pca feature

Dependencies

netobserv/netobserv-ebpf-agent#359

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
• If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
• If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
• If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
• Standard QE validation, with pre-merge tests unless stated otherwise.
• Regression tests only (e.g. refactoring with no user-facing change).
• No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 28.99%. Comparing base (88ad0cb) to head (8a46886).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #54   +/-   ##
=======================================
  Coverage   28.99%   28.99%           
=======================================
  Files           8        8           
  Lines        1045     1045           
=======================================
  Hits          303      303           
  Misses        720      720           
  Partials       22       22           

Flag	Coverage Δ
unittests	28.99% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

[jpinsonneau]

Can't we merge that loop in a single function to avoid code duplicate ?

We can add check for options not available in both flows / packets commands stopping the script

[msherif1234]

ok will gen common function

[jpinsonneau]

Not sure to get the point of this option.

To run a packet capture, the user is supposed to type oc netobserv packets right ?

[msherif1234]

Yes the above default is true the only use of this as way to disable pca which I don’t see a use for it in production see the new doc

[msherif1234]

I will drop this option

[openshift-ci-robot]

@msherif1234: This pull request references NETOBSERV-1617 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

Details

In response to this:

Description

add filter capability for pca feature
Example from running on Kind cluster

• build commands locally and use agent custom image

NETOBSERV_AGENT_IMAGE=quay.io/netobserv/netobserv-ebpf-agent:f525832 ./build/oc-netobserv packets --protocol="TCP" --port=443

output pcap

tcpdump -r 2024-06-27T110645Z.pcap 
reading from file 2024-06-27T110645Z.pcap, link-type EN10MB (Ethernet), snapshot length 262144
07:06:57.502363 IP 172.18.0.3.41396 > ec2-52-204-93-25.compute-1.amazonaws.com.https: Flags [P.], seq 2078794407:2078794438, ack 1312010586, win 458, options [nop,nop,TS val 3614985982 ecr 3018431589], length 31
07:06:57.502422 IP 172.18.0.3.41396 > ec2-52-204-93-25.compute-1.amazonaws.com.https: Flags [F.], seq 31, ack 1, win 458, options [nop,nop,TS val 3614985982 ecr 3018431589], length 0
07:06:57.531353 IP ec2-52-204-93-25.compute-1.amazonaws.com.https > 172.18.0.3.41396: Flags [.], ack 31, win 114, options [nop,nop,TS val 3018461620 ecr 3614985982], length 0
07:06:57.531372 IP ec2-52-204-93-25.compute-1.amazonaws.com.https > 172.18.0.3.41396: Flags [F.], seq 1, ack 32, win 114, options [nop,nop,TS val 3018461620 ecr 3614985982], length 0
07:06:57.531381 IP 172.18.0.3.41396 > ec2-52-204-93-25.compute-1.amazonaws.com.https: Flags [.], ack 2, win 458, options [nop,nop,TS val 3614986011 ecr 3018461620], length 0
07:06:58.819363 IP 172.18.0.3.37132 > ec2-44-216-66-253.compute-1.amazonaws.com.https: Flags [P.], seq 1277682538:1277682569, ack 1218593254, win 461, options [nop,nop,TS val 1795579274 ecr 783897356], length 31

Dependencies

netobserv/netobserv-ebpf-agent#359

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
• If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
• If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
• If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
• Standard QE validation, with pre-merge tests unless stated otherwise.
• Regression tests only (e.g. refactoring with no user-facing change).
• No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jpinsonneau]

Code looks good, thanks @msherif1234 !

[Amoghrd]

/ok-to-test

[github-actions]

New image:
quay.io/netobserv/network-observability-cli:2fd8052

It will expire after two weeks.

To use this build, update your commands using:

USER=netobserv VERSION=2fd8052 make commands

[msherif1234]

/retest

[openshift-ci]

New changes are detected. LGTM label has been removed.

[msherif1234]

fixed the help strings to match with the new pca fmt for e2e to pass

[openshift-ci]

New changes are detected. LGTM label has been removed.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Amoghrd]

Was this also meant to be no-qe? If not, why was it merged prior to testing?