WIP: UDN mappnig PoC

Signed-off-by: Mohamed Mahmoud <[email protected]>

apis/flowcollector/v1beta1/flowcollector_types.go

@@ -154,7 +154,8 @@ type FlowCollectorIPFIX struct {
 // - `NetworkEvents`, to track Network events.<br>
 // - `PacketTranslation`, to enrich flows with packets translation information. <br>
 // - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
-// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager"
+// - `UDNMapping`, to enable interfaces mappind to udn. <br>
+// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager";"UDNMapping"
 type AgentFeature string
 
 const (
@@ -164,6 +165,7 @@ const (
 	NetworkEvents     AgentFeature = "NetworkEvents"
 	PacketTranslation AgentFeature = "PacketTranslation"
 	EbpfManager       AgentFeature = "EbpfManager"
+	UDNMapping        AgentFeature = "UDNMapping"
 )
 
 // Name of an eBPF agent alert.
@@ -358,6 +360,7 @@ type FlowCollectorEBPF struct {
 	// the kernel debug filesystem, so the eBPF pod has to run as privileged.
 	// - `PacketTranslation`: enable enriching flows with packet's translation information. <br>
 	// - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
+	// - `UDNMapping`, to enable interfaces mappind to udn. <br>
 	// +optional
 	Features []AgentFeature `json:"features,omitempty"`
 

apis/flowcollector/v1beta2/flowcollector_types.go

@@ -177,7 +177,8 @@ type FlowCollectorIPFIX struct {
 // - `NetworkEvents`, to track Network events [Developer Preview].<br>
 // - `PacketTranslation`, to enrich flows with packets translation information. <br>
 // - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
-// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager"
+// - `UDNMapping`, to enable interfaces mappind to udn. <br>
+// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager";"UDNMapping"
 type AgentFeature string
 
 const (
@@ -187,6 +188,7 @@ const (
 	NetworkEvents     AgentFeature = "NetworkEvents"
 	PacketTranslation AgentFeature = "PacketTranslation"
 	EbpfManager       AgentFeature = "EbpfManager"
+	UDNMapping        AgentFeature = "UDNMapping"
 )
 
 // Name of an eBPF agent alert.
@@ -384,6 +386,7 @@ type FlowCollectorEBPF struct {
 	// - `PacketTranslation`: enable enriching flows with packet's translation information. <br>
 	// - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
 	// IMPORTANT: This feature is available as a Developer Preview.<br>
+	// - `UDNMapping`, to enable interfaces mappind to udn. <br>
 	// +optional
 	Features []AgentFeature `json:"features,omitempty"`
 

apis/flowcollector/v1beta2/flowcollector_validation_webhook.go

@@ -105,6 +105,9 @@ func (r *FlowCollector) validateAgent(_ context.Context, fc *FlowCollector) (adm
 	if slices.Contains(fc.Spec.Agent.EBPF.Features, EbpfManager) && !fc.Spec.Agent.EBPF.Privileged {
 		warnings = append(warnings, "The BPF Manager feature requires eBPF Agent to run in privileged mode")
 	}
+	if slices.Contains(fc.Spec.Agent.EBPF.Features, UDNMapping) && !fc.Spec.Agent.EBPF.Privileged {
+		warnings = append(warnings, "The UDNMapping feature requires eBPF Agent to run in privileged mode")
+	}
 	var errs []error
 	if fc.Spec.Agent.EBPF.FlowFilter != nil && fc.Spec.Agent.EBPF.FlowFilter.Enable != nil && *fc.Spec.Agent.EBPF.FlowFilter.Enable {
 		for i := range fc.Spec.Agent.EBPF.FlowFilter.FlowFilterRules {

bundle/manifests/flows.netobserv.io_flowcollectors.yaml

@@ -137,6 +137,7 @@ spec:
                           the kernel debug filesystem, so the eBPF pod has to run as privileged.
                           - `PacketTranslation`: enable enriching flows with packet's translation information. <br>
                           - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
+                          - `UDNMapping`, to enable interfaces mappind to udn. <br>
                         items:
                           description: |-
                             Agent feature, can be one of:<br>
@@ -146,13 +147,15 @@ spec:
                             - `NetworkEvents`, to track Network events.<br>
                             - `PacketTranslation`, to enrich flows with packets translation information. <br>
                             - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
+                            - `UDNMapping`, to enable interfaces mappind to udn. <br>
                           enum:
                           - PacketDrop
                           - DNSTracking
                           - FlowRTT
                           - NetworkEvents
                           - PacketTranslation
                           - EbpfManager
+                          - UDNMapping
                           type: string
                         type: array
                       flowFilter:
@@ -3949,6 +3952,7 @@ spec:
                           - `PacketTranslation`: enable enriching flows with packet's translation information. <br>
                           - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
                           IMPORTANT: This feature is available as a Developer Preview.<br>
+                          - `UDNMapping`, to enable interfaces mappind to udn. <br>
                         items:
                           description: |-
                             Agent feature, can be one of:<br>
@@ -3958,13 +3962,15 @@ spec:
                             - `NetworkEvents`, to track Network events [Developer Preview].<br>
                             - `PacketTranslation`, to enrich flows with packets translation information. <br>
                             - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
+                            - `UDNMapping`, to enable interfaces mappind to udn. <br>
                           enum:
                           - PacketDrop
                           - DNSTracking
                           - FlowRTT
                           - NetworkEvents
                           - PacketTranslation
                           - EbpfManager
+                          - UDNMapping
                           type: string
                         type: array
                       flowFilter:

config/crd/bases/flows.netobserv.io_flowcollectors.yaml

@@ -122,6 +122,7 @@ spec:
                             the kernel debug filesystem, so the eBPF pod has to run as privileged.
                             - `PacketTranslation`: enable enriching flows with packet's translation information. <br>
                             - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
+                            - `UDNMapping`, to enable interfaces mappind to udn. <br>
                           items:
                             description: |-
                               Agent feature, can be one of:<br>
@@ -131,13 +132,15 @@ spec:
                               - `NetworkEvents`, to track Network events.<br>
                               - `PacketTranslation`, to enrich flows with packets translation information. <br>
                               - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
+                              - `UDNMapping`, to enable interfaces mappind to udn. <br>
                             enum:
                               - PacketDrop
                               - DNSTracking
                               - FlowRTT
                               - NetworkEvents
                               - PacketTranslation
                               - EbpfManager
+                              - UDNMapping
                             type: string
                           type: array
                         flowFilter:
@@ -3631,6 +3634,7 @@ spec:
                             - `PacketTranslation`: enable enriching flows with packet's translation information. <br>
                             - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
                             IMPORTANT: This feature is available as a Developer Preview.<br>
+                            - `UDNMapping`, to enable interfaces mappind to udn. <br>
                           items:
                             description: |-
                               Agent feature, can be one of:<br>
@@ -3640,13 +3644,15 @@ spec:
                               - `NetworkEvents`, to track Network events [Developer Preview].<br>
                               - `PacketTranslation`, to enrich flows with packets translation information. <br>
                               - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].<br>
+                              - `UDNMapping`, to enable interfaces mappind to udn. <br>
                             enum:
                               - PacketDrop
                               - DNSTracking
                               - FlowRTT
                               - NetworkEvents
                               - PacketTranslation
                               - EbpfManager
+                              - UDNMapping
                             type: string
                           type: array
                         flowFilter:

config/samples/flows_v1beta2_flowcollector.yaml

@@ -25,6 +25,7 @@ spec:
       # - "NetworkEvents"
       # - "PacketTranslation"
       # - "EbpfManager"
+      # - "UDNMapping"
       interfaces: []
       excludeInterfaces: ["lo"]
       kafkaBatchSize: 1048576

controllers/consoleplugin/config/static-frontend-config.yaml

@@ -437,6 +437,12 @@ columns:
     filter: ifdirections
     default: false
     width: 10
+  - id: Udns
+    name: interface assigned UDN label
+    field: Udns
+    filter: udns
+    default: false
+    width: 10
   - id: FlowDirInts
     name: Interfaces and Directions
     tooltip: Pairs of network interface and direction of the Flow observed at the network interface observation point.
@@ -951,6 +957,8 @@ filters:
     component: autocomplete
     placeholder: 'E.g: Ingress, Egress'
     hint: Specify the direction of the Flow observed at the network interface observation point.
+  - id: udns
+    name: interface assigned udn label
   - id: id
     name: Conversation Id
     component: text
@@ -1272,6 +1280,9 @@ fields:
   - name: Interfaces
     type: string
     description: Network interfaces
+  - name: Udns
+    type: string
+    description: Network interfaces UDNs mapping
   - name: Flags
     type: string
     description: |

controllers/ebpf/agent_controller.go

@@ -69,6 +69,7 @@ const (
 	envFilterRules                = "FLOW_FILTER_RULES"
 	envEnablePacketTranslation    = "ENABLE_PKT_TRANSLATION"
 	envEnableEbpfMgr              = "EBPF_PROGRAM_MANAGER_MODE"
+	envEnableUDNMapping           = "ENABLE_UDN_MAPPING"
 	envListSeparator              = ","
 )
 
@@ -319,7 +320,8 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol
 		}
 	}
 
-	if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.NetworkEvents) {
+	if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.NetworkEvents) ||
+		helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.UDNMapping) {
 		if !coll.Spec.Agent.EBPF.Privileged {
 			rlog.Error(fmt.Errorf("invalid configuration"), "To use Network Events Monitor"+
 				"features privileged mode needs to be enabled")
@@ -699,6 +701,13 @@ func (c *AgentController) setEnvConfig(coll *flowslatest.FlowCollector) []corev1
 		})
 	}
 
+	if helper.IsUDNMappingEnabled(&coll.Spec.Agent.EBPF) {
+		config = append(config, corev1.EnvVar{
+			Name:  envEnableUDNMapping,
+			Value: "true",
+		})
+	}
+
 	if helper.IsPacketTranslationEnabled(&coll.Spec.Agent.EBPF) {
 		config = append(config, corev1.EnvVar{
 			Name: envEnablePacketTranslation,

docs/FlowCollector.md

@@ -293,7 +293,8 @@ If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<
 - `NetworkEvents`: enable the Network events monitoring feature. This feature requires mounting
 the kernel debug filesystem, so the eBPF pod has to run as privileged.
 - `PacketTranslation`: enable enriching flows with packet's translation information. <br>
-- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br><br/>
+- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
+- `UDNMapping`, to enable interfaces mappind to udn. <br><br/>
         </td>
         <td>false</td>
       </tr><tr>
@@ -6265,7 +6266,8 @@ It requires using the OVN-Kubernetes network plugin with the Observability featu
 IMPORTANT: This feature is available as a Developer Preview.<br>
 - `PacketTranslation`: enable enriching flows with packet's translation information. <br>
 - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs. <br>
-IMPORTANT: This feature is available as a Developer Preview.<br><br/>
+IMPORTANT: This feature is available as a Developer Preview.<br>
+- `UDNMapping`, to enable interfaces mappind to udn. <br><br/>
         </td>
         <td>false</td>
       </tr><tr>

pkg/helper/flowcollector.go

@@ -134,6 +134,10 @@ func IsEbpfManagerEnabled(spec *flowslatest.FlowCollectorEBPF) bool {
 	return IsAgentFeatureEnabled(spec, flowslatest.EbpfManager)
 }
 
+func IsUDNMappingEnabled(spec *flowslatest.FlowCollectorEBPF) bool {
+	return IsAgentFeatureEnabled(spec, flowslatest.UDNMapping)
+}
+
 func IsConntrack(spec *flowslatest.FlowCollectorFLP) bool {
 	return spec != nil && spec.LogTypes != nil && *spec.LogTypes != flowslatest.LogTypeFlows
 }