diff --git a/cmd/config.yaml b/cmd/config.yaml index 4bed23f3..d596519b 100644 --- a/cmd/config.yaml +++ b/cmd/config.yaml @@ -44,6 +44,7 @@ columns: docURL: http://kubernetes.io/docs/user-guide/identifiers#names field: SrcK8S_Name filter: src_name + calculated: kubeObject(SrcK8S_Type,SrcK8S_Namespace,SrcK8S_Name,0) default: true width: 15 - id: SrcK8S_Type @@ -65,6 +66,7 @@ columns: docURL: https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/ field: SrcK8S_OwnerName filter: src_owner_name + calculated: kubeObject(SrcK8S_OwnerType,SrcK8S_Namespace,SrcK8S_OwnerName,0) default: false width: 15 - id: SrcK8S_OwnerType @@ -88,6 +90,7 @@ columns: docURL: http://kubernetes.io/docs/user-guide/identifiers#namespaces field: SrcK8S_Namespace filter: src_namespace + calculated: kubeObject('Namespace','',SrcK8S_Namespace,0) default: true width: 15 - id: SrcAddr @@ -129,24 +132,25 @@ columns: docURL: https://kubernetes.io/docs/concepts/architecture/nodes/ field: SrcK8S_HostName filter: src_host_name + calculated: kubeObject('Node','',SrcK8S_HostName,0) default: false width: 15 - id: SrcK8S_Object group: Source name: Kubernetes Object - calculated: getConcatenatedValue(SrcAddr,SrcPort,SrcK8S_Type,SrcK8S_Namespace,SrcK8S_Name) + calculated: kubeObject(SrcK8S_Type,SrcK8S_Namespace,SrcK8S_Name,1) or concat(SrcAddr,':',SrcPort) default: false width: 15 - id: SrcK8S_OwnerObject group: Source name: Owner Kubernetes Object - calculated: getConcatenatedValue(SrcAddr,SrcPort,SrcK8S_OwnerType,SrcK8S_Namespace,SrcK8S_OwnerName) + calculated: kubeObject(SrcK8S_OwnerType,SrcK8S_Namespace,SrcK8S_OwnerName,1) default: false width: 15 - id: SrcAddrPort group: Source name: IP & Port - calculated: getConcatenatedValue(SrcAddr,SrcPort) + calculated: concat(SrcAddr,':',SrcPort) default: false width: 15 - id: SrcZone @@ -172,6 +176,7 @@ columns: docURL: http://kubernetes.io/docs/user-guide/identifiers#names field: DstK8S_Name filter: dst_name + calculated: kubeObject(DstK8S_Type,DstK8S_Namespace,DstK8S_Name,0) default: true width: 15 - id: DstK8S_Type @@ -193,6 +198,7 @@ columns: docURL: https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/ field: DstK8S_OwnerName filter: dst_owner_name + calculated: kubeObject(DstK8S_OwnerType,DstK8S_Namespace,DstK8S_OwnerName,0) default: false width: 15 - id: DstK8S_OwnerType @@ -216,6 +222,7 @@ columns: docURL: http://kubernetes.io/docs/user-guide/identifiers#namespaces field: DstK8S_Namespace filter: dst_namespace + calculated: kubeObject('Namespace','',DstK8S_Namespace,0) default: true width: 15 - id: DstAddr @@ -257,24 +264,25 @@ columns: docURL: https://kubernetes.io/docs/concepts/architecture/nodes/ field: DstK8S_HostName filter: dst_host_name + calculated: kubeObject('Node','',DstK8S_HostName,0) default: false width: 15 - id: DstK8S_Object group: Destination name: Kubernetes Object - calculated: getConcatenatedValue(DstAddr,DstPort,DstK8S_Type,DstK8S_Namespace,DstK8S_Name) + calculated: kubeObject(DstK8S_Type,DstK8S_Namespace,DstK8S_Name,1) or concat(DstAddr,':',DstPort) default: false width: 15 - id: DstK8S_OwnerObject group: Destination name: Owner Kubernetes Object - calculated: getConcatenatedValue(DstAddr,DstPort,DstK8S_OwnerType,DstK8S_Namespace,DstK8S_OwnerName) + calculated: kubeObject(DstK8S_OwnerType,DstK8S_Namespace,DstK8S_OwnerName,1) default: false width: 15 - id: DstAddrPort group: Destination name: IP & Port - calculated: getConcatenatedValue(DstAddr,DstPort) + calculated: concat(DstAddr,':',DstPort) default: false width: 15 - id: DstZone @@ -295,52 +303,52 @@ columns: feature: subnetLabels - id: K8S_Name name: Names - calculated: getSrcOrDstValue(SrcK8S_Name,DstK8S_Name) + calculated: '[SrcK8S_Name,DstK8S_Name]' default: false width: 15 - id: K8S_Type name: Kinds - calculated: getSrcOrDstValue(SrcK8S_Type,DstK8S_Type) + calculated: '[SrcK8S_Type,DstK8S_Type]' default: false width: 10 - id: K8S_OwnerName name: Owners - calculated: getSrcOrDstValue(SrcK8S_OwnerName,DstK8S_OwnerName) + calculated: '[SrcK8S_OwnerName,DstK8S_OwnerName]' default: false width: 15 - id: K8S_OwnerType name: Owner Kinds - calculated: getSrcOrDstValue(SrcK8S_OwnerType,DstK8S_OwnerType) + calculated: '[SrcK8S_OwnerType,DstK8S_OwnerType]' default: false width: 10 - id: K8S_Namespace name: Namespaces - calculated: getSrcOrDstValue(SrcK8S_Namespace,DstK8S_Namespace) + calculated: '[SrcK8S_Namespace,DstK8S_Namespace]' default: false width: 15 - id: Addr name: IP - calculated: getSrcOrDstValue(SrcAddr,DstAddr) + calculated: '[SrcAddr,DstAddr]' default: false width: 10 - id: Port name: Ports - calculated: getSrcOrDstValue(SrcPort,DstPort) + calculated: '[SrcPort,DstPort]' default: false width: 10 - id: Mac name: MAC - calculated: getSrcOrDstValue(SrcMac,DstMac) + calculated: '[SrcMac,DstMac]' default: false width: 10 - id: K8S_HostIP name: Node IP - calculated: getSrcOrDstValue(SrcK8S_HostIP,DstK8S_HostIP) + calculated: '[SrcK8S_HostIP,DstK8S_HostIP]' default: false width: 10 - id: K8S_HostName name: Node Name - calculated: getSrcOrDstValue(SrcK8S_HostName,DstK8S_HostName) + calculated: '[SrcK8S_HostName,DstK8S_HostName]' default: false width: 15 - id: K8S_Object @@ -385,9 +393,6 @@ columns: name: Type tooltip: The type of the ICMP message field: IcmpType - fields: - - Proto - - IcmpType filter: icmp_type default: false width: 10 @@ -396,10 +401,6 @@ columns: name: Code tooltip: The code of the ICMP message field: IcmpCode - fields: - - Proto - - IcmpType - - IcmpCode filter: icmp_code default: false width: 10 @@ -440,7 +441,6 @@ columns: - id: Bytes name: Bytes tooltip: The total aggregated number of bytes. - field: Bytes fields: - Bytes - PktDropBytes @@ -449,7 +449,6 @@ columns: - id: Packets name: Packets tooltip: The total aggregated number of packets. - field: Packets fields: - Packets - PktDropPackets @@ -465,7 +464,7 @@ columns: - id: CollectionTime name: Collection Time tooltip: Reception time of the record by the collector. - calculated: multiply(TimeReceived,1000), + calculated: multiply(TimeReceived,1000) field: TimeReceived default: false width: 15 @@ -475,41 +474,6 @@ columns: calculated: substract(column.CollectionTime,TimeFlowEndMs) default: false width: 5 - - id: PktDropBytes - name: Dropped Bytes - tooltip: The total aggregated number of bytes dropped. - field: PktDropBytes - default: false - width: 5 - feature: pktDrop - - id: PktDropPackets - name: Dropped Packets - tooltip: The total aggregated number of packets dropped. - field: PktDropPackets - default: false - width: 5 - feature: pktDrop - - id: PktDropLatestState - name: Drop State - tooltip: TCP state on last dropped packet. - field: PktDropLatestState - default: false - width: 10 - feature: pktDrop - - id: PktDropLatestDropCause - name: Drop Cause - tooltip: TCP state on last dropped packet. - field: PktDropLatestDropCause - default: false - width: 10 - feature: pktDrop - - id: PktDropLatestFlags - name: Drop Flags - tooltip: TCP flags on last dropped packet. - field: PktDropLatestFlags - default: false - width: 10 - feature: pktDrop - id: DNSId group: DNS name: DNS Id @@ -695,26 +659,24 @@ filters: name: Resource component: autocomplete category: source - placeholder: 'E.g: Pod.default.my-pod' + placeholder: 'E.g: Deployment.example.my-dep or Pod.default.my-pod' hint: Specify an existing resource from its kind, namespace and name. examples: |- Specify a kind, namespace and name from existing: - Select kind first from suggestions - - Then Select namespace from suggestions + - Then select namespace from suggestions - Finally select name from suggestions - You can also directly specify a kind, namespace and name like pod.openshift.apiserver - id: dst_resource name: Resource component: autocomplete category: destination - placeholder: 'E.g: Pod.default.my-pod' + placeholder: 'E.g: Deployment.example.my-dep or Pod.default.my-pod' hint: Specify an existing resource from its kind, namespace and name. examples: |- Specify a kind, namespace and name from existing: - Select kind first from suggestions - - Then Select namespace from suggestions + - Then select namespace from suggestions - Finally select name from suggestions - You can also directly specify a kind, namespace and name like pod.openshift.apiserver - id: src_address name: IP component: text @@ -852,21 +814,9 @@ filters: - id: tcp_flags name: TCP flags component: autocomplete - hint: Specify a TCP flags value as integer number. + hint: Specify a TCP flags value. examples: |- - Logical OR combination of unique TCP flags comprised in the flow, as per RFC-9293, with additional custom flags - users can specify either numeric value or string representation of the flags as follows : - - FIN or 1, - - SYN or 2, - - RST or 4, - - PSH or 8, - - ACK or 16, - - URG or 32, - - ECE or 64, - - CWR or 128, - - SYN_ACK or 256, - - FIN_ACK or 512, - - RST_ACK or 1024, + Logical OR combination of unique TCP flags comprised in the flow, as per RFC-9293, with additional custom flags (SYN_ACK, FIN_ACK and RST_ACK). - id: node_direction name: Node Direction component: autocomplete @@ -941,6 +891,127 @@ filters: name: Network events flow monitoring component: text hint: Specify a single network event. +scopes: + - id: cluster + name: Cluster + shortName: Cl + description: Cluster name or identifier + labels: + - K8S_ClusterName + feature: multiCluster + filter: cluster_name + stepInto: zone + - id: zone + name: Zone + shortName: AZ + description: Availability zone + labels: + - SrcK8S_Zone + - DstK8S_Zone + feature: zones + groups: + - clusters + filters: + - src_zone + - dst_zone + stepInto: host + - id: host + name: Node + shortName: Node + description: Node on which the resources are running + labels: + - SrcK8S_HostName + - DstK8S_HostName + groups: + - clusters + - zones + - clusters+zones + filters: + - src_host_name + - dst_host_name + stepInto: resource + - id: namespace + name: Namespace + shortName: NS + description: Resource namespace + labels: + - SrcK8S_Namespace + - DstK8S_Namespace + groups: + - clusters + - clusters+zones + - clusters+hosts + - zones + - zones+hosts + - hosts + filters: + - src_namespace + - dst_namespace + stepInto: owner + - id: owner + name: Owner + shortName: Own + description: Controller owner, such as a Deployment + labels: + - SrcK8S_OwnerName + - SrcK8S_OwnerType + - DstK8S_OwnerName + - DstK8S_OwnerType + - SrcK8S_Namespace + - DstK8S_Namespace + groups: + - clusters + - clusters+zones + - clusters+hosts + - clusters+namespaces + - zones + - zones+hosts + - zones+namespaces + - hosts + - hosts+namespaces + - namespaces + filters: + - src_owner_name + - dst_owner_name + stepInto: resource + - id: resource + name: Resource + shortName: Res + description: Base resource, such as a Pod, a Service or a Node + labels: + - SrcK8S_Name + - SrcK8S_Type + - SrcK8S_OwnerName + - SrcK8S_OwnerType + - SrcK8S_Namespace + - SrcAddr + - SrcK8S_HostName + - DstK8S_Name + - DstK8S_Type + - DstK8S_OwnerName + - DstK8S_OwnerType + - DstK8S_Namespace + - DstAddr + - DstK8S_HostName + groups: + - clusters + - clusters+zones + - clusters+hosts + - clusters+namespaces + - clusters+owners + - zones + - zones+hosts + - zones+namespaces + - zones+owners + - hosts + - hosts+namespaces + - hosts+owners + - namespaces + - namespaces+owners + - owners + filters: + - src_resource + - dst_resource # Fields definition, used to generate documentation fields: - name: TimeFlowStartMs @@ -1059,7 +1130,7 @@ fields: type: string description: Network interfaces - name: Flags - type: number + type: string description: | Logical OR combination of unique TCP flags comprised in the flow, as per RFC-9293, with additional custom flags to represent the following per-packet combinations: + - SYN+ACK (0x100) + diff --git a/cmd/flow_capture.go b/cmd/flow_capture.go index dbe36e5b..dca0dfc8 100644 --- a/cmd/flow_capture.go +++ b/cmd/flow_capture.go @@ -45,16 +45,16 @@ var ( displays = []string{pktDropDisplay, dnsDisplay, rttDisplay, networkEventsDisplay} display = []string{standardDisplay} - noEnrichment = "None" - exclusiveEnrichments = []string{noEnrichment} - multiClusterEnrichment = "multiCluster" - zoneEnrichment = "zones" - hostEnrichment = "hosts" - ownerEnrichment = "owners" - resourceEnrichment = "resources" - subnetLabelEnrichment = "subnetLabels" - enrichments = []string{multiClusterEnrichment, zoneEnrichment, hostEnrichment, ownerEnrichment, resourceEnrichment, subnetLabelEnrichment} - enrichment = []string{resourceEnrichment} + noEnrichment = "None" + exclusiveEnrichments = []string{noEnrichment} + clusterEnrichment = "Cluster" + zoneEnrichment = "Zone" + hostEnrichment = "Host" + ownerEnrichment = "Owner" + resourceEnrichment = "Resource" + subnetLabelEnrichment = "SubnetLabel" + enrichments = []string{clusterEnrichment, zoneEnrichment, hostEnrichment, ownerEnrichment, resourceEnrichment, subnetLabelEnrichment} + enrichment = []string{resourceEnrichment} ) func runFlowCapture(_ *cobra.Command, _ []string) { @@ -277,6 +277,8 @@ func updateTable() { var fieldMatch string if enr == resourceEnrichment { fieldMatch = "K8S_Name" + } else if enr == subnetLabelEnrichment { + fieldMatch = "SubnetLabel" } else { fieldMatch = fmt.Sprintf("K8S_%s", enr) }