network events to string

Author: jotak

cmd/flow_capture_test.go

@@ -129,9 +129,9 @@ func TestFlowTableAdvancedDisplay(t *testing.T) {
 	// set display without enrichment
 	rows := getRows([]string{pktDropDisplay, dnsDisplay, rttDisplay, networkEventsDisplay}, []string{noEnrichment})
 	assert.Equal(t, 4, len(rows))
-	assert.Equal(t, `End Time         Src IP       Src Port    Dst IP       Dst Port    Dropped Bytes  Dropped Packets  Drop State         Drop Cause                            Drop Flags  DNS Id  DNS Latency  DNS RCode  DNS Error  Flow RTT  Network Events   `, rows[0])
-	assert.Equal(t, `17:25:28.703000  10.128.0.29  1234        10.129.0.26  5678        32B            1                TCP_INVALID_STATE  SKB_DROP_REASON_TCP_INVALID_SEQUENCE  16          31319   1ms          NoError    0          10µs      hello            `, rows[1])
-	assert.Equal(t, `---------------  ----------   ----------  ----------   ----------  -----          -----            ----------         ----------                            ----------  -----   -----        -----      -----      -----     ---------------  `, rows[2])
+	assert.Equal(t, `End Time         Src IP       Src Port    Dst IP       Dst Port    Dropped Bytes  Dropped Packets  Drop State         Drop Cause                            Drop Flags  DNS Id  DNS Latency  DNS RCode  DNS Error  Flow RTT  Network Events                                                      `, rows[0])
+	assert.Equal(t, `17:25:28.703000  10.128.0.29  1234        10.129.0.26  5678        32B            1                TCP_INVALID_STATE  SKB_DROP_REASON_TCP_INVALID_SEQUENCE  16          31319   1ms          NoError    0          10µs      Allowed by default allow from local node policy, direction Ingress  `, rows[1])
+	assert.Equal(t, `---------------  ----------   ----------  ----------   ----------  -----          -----            ----------         ----------                            ----------  -----   -----        -----      -----      -----     ---------------                                                     `, rows[2])
 	assert.Empty(t, rows[3])
 
 	// set display to standard
@@ -173,8 +173,8 @@ func TestFlowTableAdvancedDisplay(t *testing.T) {
 	// set display to NetworkEvents
 	rows = getRows([]string{networkEventsDisplay}, []string{noEnrichment})
 	assert.Equal(t, 4, len(rows))
-	assert.Equal(t, `End Time         Src IP       Src Port    Dst IP       Dst Port    Network Events   `, rows[0])
-	assert.Equal(t, `17:25:28.703000  10.128.0.29  1234        10.129.0.26  5678        hello            `, rows[1])
-	assert.Equal(t, `---------------  ----------   ----------  ----------   ----------  ---------------  `, rows[2])
+	assert.Equal(t, `End Time         Src IP       Src Port    Dst IP       Dst Port    Network Events                                                      `, rows[0])
+	assert.Equal(t, `17:25:28.703000  10.128.0.29  1234        10.129.0.26  5678        Allowed by default allow from local node policy, direction Ingress  `, rows[1])
+	assert.Equal(t, `---------------  ----------   ----------  ----------   ----------  ---------------                                                     `, rows[2])
 	assert.Empty(t, rows[3])
 }

cmd/map_format.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/jpillora/sizestr"
 	"github.com/netobserv/flowlogs-pipeline/pkg/config"
+	ovnmodel "github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/model"
 )
 
 const (
@@ -431,6 +432,47 @@ func toTimeString(genericMap config.GenericMap, fieldName string) string {
 	return emptyText
 }
 
+func networkEventsToString(flow config.GenericMap) string {
+	if ne, found := flow["NetworkEvents"]; found {
+		if neList, isList := ne.([]any); isList {
+			var messages []string
+			for _, item := range neList {
+				if neItem, isMap := item.(map[string]any); isMap {
+					messages = append(messages, networkEventItemToString(neItem))
+				}
+			}
+			return strings.Join(messages, ", ")
+		}
+	}
+	return ""
+}
+
+func networkEventItemToString(in map[string]any) string {
+	if msg := getAsString(in, "Message"); msg != "" {
+		return msg
+	}
+	if feat := getAsString(in, "Feature"); feat == "acl" {
+		aclObj := ovnmodel.ACLEvent{
+			Action:    getAsString(in, "Action"),
+			Actor:     getAsString(in, "Type"),
+			Name:      getAsString(in, "Name"),
+			Namespace: getAsString(in, "Namespace"),
+			Direction: getAsString(in, "Direction"),
+		}
+		return aclObj.String()
+	}
+	return ""
+}
+
+func getAsString(in map[string]any, key string) string {
+	if anyV, hasKey := in[key]; hasKey {
+		if v, isStr := anyV.(string); isStr {
+			return v
+		}
+	}
+	return ""
+}
+
 func toTitles(strs []string) []string {
 	titleCaseStrs := []string{}
 	for _, s := range strs {
@@ -504,6 +546,8 @@ func ToTableRow(genericMap config.GenericMap, colIDs []string) []interface{} {
 			row = append(row, toDuration(genericMap, fieldName, time.Millisecond))
 		case "TimeFlowRttMs":
 			row = append(row, toDuration(genericMap, fieldName, time.Nanosecond))
+		case "NetworkEvents":
+			row = append(row, networkEventsToString(genericMap))
 		default:
 			// else simply pick field value as text from column name
 			row = append(row, toValue(genericMap, fieldName))

cmd/root_test.go

@@ -44,7 +44,7 @@ const (
 		"PktDropLatestFlags":16,
 		"PktDropLatestState":"TCP_INVALID_STATE",
 		"PktDropPackets":1,
-        "NetworkEvents":["hello"],
+		"NetworkEvents":[{"Feature":"acl","Type":"NetpolNode","Action":"allow","Direction":"Ingress"}],
 		"Proto":6,
 		"SrcAddr":"10.128.0.29",
 		"SrcK8S_HostIP":"10.0.1.1",

go.mod

@@ -10,7 +10,8 @@ require (
 	github.com/google/gopacket v1.1.19
 	github.com/jpillora/sizestr v1.0.0
 	github.com/mattn/go-sqlite3 v1.14.24
-	github.com/netobserv/flowlogs-pipeline v1.6.1-crc0
+	github.com/netobserv/flowlogs-pipeline v1.7.0-community.0.20241203095621-9592b66e80cc
+	github.com/ovn-org/ovn-kubernetes/go-controller v0.0.0-20241126140656-c95491e46334
 	github.com/rodaine/table v1.3.0
 	github.com/ryankurte/go-pcapng v0.0.0-20170712041429-73fd1a63fab4
 	github.com/sirupsen/logrus v1.9.3
@@ -22,17 +23,35 @@ require (
 
 require (
 	github.com/blang/semver/v4 v4.0.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cenkalti/hub v1.0.1 // indirect
+	github.com/cenkalti/rpc2 v0.0.0-20210604223624-c1acbc6ec984 // indirect
+	github.com/containernetworking/cni v1.1.2 // indirect
+	github.com/containernetworking/plugins v1.2.0 // indirect
+	github.com/coreos/go-iptables v0.6.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/moby/spdystream v0.4.0 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
-	github.com/netobserv/netobserv-ebpf-agent v1.6.1-crc2.0.20240913155426-6ac7c5ccbf59 // indirect
+	github.com/netobserv/netobserv-ebpf-agent v1.7.0-community.0.20241206141054-2ab577a88c12 // indirect
+	github.com/ovn-org/libovsdb v0.7.1-0.20240820095311-ce1951614a20 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/safchain/ethtool v0.3.1-0.20231027162144-83e5e0097c91 // indirect
+	github.com/urfave/cli/v2 v2.27.2 // indirect
+	github.com/vishvananda/netlink v1.3.0 // indirect
+	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	k8s.io/component-base v0.30.2 // indirect
-	sigs.k8s.io/controller-runtime v0.18.4 // indirect
+	github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 // indirect
+	gopkg.in/gcfg.v1 v1.2.3 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	k8s.io/component-base v0.31.1 // indirect
+	sigs.k8s.io/controller-runtime v0.19.0 // indirect
 )
 
 require (
@@ -63,7 +82,7 @@ require (
 	github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_golang v1.20.3 // indirect
+	github.com/prometheus/client_golang v1.20.5 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.55.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
@@ -73,15 +92,15 @@ require (
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
 	github.com/xdg-go/scram v1.1.2 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
-	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sys v0.25.0 // indirect
-	golang.org/x/term v0.21.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/net v0.28.0 // indirect
+	golang.org/x/oauth2 v0.22.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/term v0.23.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect
-	google.golang.org/grpc v1.65.0 // indirect
-	google.golang.org/protobuf v1.34.2
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240822170219-fc7c04adadcd // indirect
+	google.golang.org/grpc v1.67.1 // indirect
+	google.golang.org/protobuf v1.35.1
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/api v0.31.1 // indirect