NETOBSERV-2299: Automation CLI packet capture case (#411)

* CLI Packet Capture Test Cases

* cherrypick code

* removed tests and adding only single test and removed unwanted pcap helper function

* Update code for Pcap file name to be consistant with other test

* Solve Lint Error

Author: kapjain-rh

e2e/integration-tests/cli.go

@@ -156,3 +156,26 @@ func getFlowsJSONFile() (string, error) {
 	}
 	return absPath, nil
 }
+
+// get latest .pcapng file
+func getPcapngFile() (string, error) {
+	var files []string
+	outputDir := "./output/pcap/"
+	dirFS := os.DirFS(outputDir)
+	files, err := fs.Glob(dirFS, "*.pcapng")
+	if err != nil {
+		return "", err
+	}
+	// this could be problematic if two tests are running in parallel with --copy=true
+	var mostRecentFile fs.FileInfo
+	for _, file := range files {
+		fileInfo, err := os.Stat(outputDir + file)
+		if err != nil {
+			return "", nil
+		}
+		if mostRecentFile == nil || fileInfo.ModTime().After(mostRecentFile.ModTime()) {
+			mostRecentFile = fileInfo
+		}
+	}
+	return outputDir + mostRecentFile.Name(), nil
+}

e2e/integration-tests/integration_test.go

@@ -99,6 +99,47 @@ var _ = g.Describe("NetObserv CLI e2e integration test suite", g.Ordered, func()
 		o.Expect(allPods).To(o.HaveLen(totalExpectedPods), fmt.Sprintf("Number of CLI pods are not as expected %d", totalExpectedPods))
 	})
 
+	g.It("OCP-73458: Verify packet capture creates pcapng file and filters by port", g.Label("PacketCapture"), func() {
+		g.DeferCleanup(func() {
+			cleanup()
+		})
+
+		// Run packet capture with port 8080 filter
+		targetPort := uint16(8080)
+		cliArgs := []string{"packets", "--port=8080", "--copy=true", "--max-bytes=100000000", "--max-time=1m"}
+		out, err := e2e.RunCommand(ilog, ocNetObservBinPath, cliArgs...)
+		writeOutput(filePrefix+"-packetOutput", out)
+		o.Expect(err).NotTo(o.HaveOccurred(), fmt.Sprintf("Error running command %v", err))
+
+		_, err = isCLIDone(clientset, cliNS)
+		o.Expect(err).NotTo(o.HaveOccurred(), fmt.Sprintf("CLI didn't finish %v", err))
+
+		// Verify pcapng file is created
+		pcapngFile, err := getPcapngFile()
+		o.Expect(err).NotTo(o.HaveOccurred(), "Failed to get pcapng file")
+		o.Expect(pcapngFile).NotTo(o.BeEmpty(), "Pcapng file path should not be empty")
+
+		ilog.Infof("==> Pcapng file created at: %s", pcapngFile)
+
+		// Verify file exists and has content
+		fileInfo, err := os.Stat(pcapngFile)
+		o.Expect(err).NotTo(o.HaveOccurred(), fmt.Sprintf("Pcapng file should exist at %s", pcapngFile))
+		o.Expect(fileInfo.Size()).To(o.BeNumerically(">", 0), "Pcapng file should have content")
+
+		ilog.Infof("==> Pcapng file size: %d bytes", fileInfo.Size())
+
+		// Read and analyze packets from pcapng file
+		packets, err := ReadPcapngFile(pcapngFile)
+		o.Expect(err).NotTo(o.HaveOccurred(), fmt.Sprintf("Failed to read pcapng file: %v", err))
+		o.Expect(packets).NotTo(o.BeEmpty(), "Pcapng file should contain packets")
+
+		ilog.Infof("Found %d total packets in pcapng file", len(packets))
+		// Verify packets are filtered by port 8080
+		filteredPackets := FilterPacketsByPort(packets, targetPort)
+		o.Expect(filteredPackets).NotTo(o.BeEmpty(), fmt.Sprintf("Should have captured packets on port %d", targetPort))
+
+		ilog.Infof("Found %d packets on port %d", len(filteredPackets), targetPort)
+	})
 	g.It("OCP-73458: Verify regexes filters are applied", g.Label("Regexes"), func() {
 		g.DeferCleanup(func() {
 			cleanup()
@@ -138,7 +179,6 @@ var _ = g.Describe("NetObserv CLI e2e integration test suite", g.Ordered, func()
 		}
 		o.Expect(found).To(o.BeTrue(), fmt.Sprintf("Didn't found any flow matching SrcK8S_Namespace=~%s", nsfilter))
 	})
-
 	g.It("OCP-82597: Verify sampling value of 1 is applied in captured flows", g.Label("Sampling"), func() {
 
 		g.DeferCleanup(func() {
@@ -243,6 +283,7 @@ var _ = g.Describe("NetObserv CLI e2e integration test suite", g.Ordered, func()
 		o.Expect(err).NotTo(o.HaveOccurred(), fmt.Sprintf("Failed to query Prometheus for metrics: %v", err))
 		o.Expect(metricValue).To(o.BeNumerically(">=", 0), fmt.Sprintf("Prometheus should return a valid metric value, but got %v", metricValue))
 	})
+
 	g.Describe("OCP-84801: Verify CLI runs under correct privileges", g.Label("Privileges"), func() {
 
 		tests := []struct {

e2e/integration-tests/pcap_helper.go

@@ -0,0 +1,227 @@
+//go:build !e2e
+
+package integrationtests
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"github.com/gopacket/gopacket"
+	"github.com/gopacket/gopacket/layers"
+	"github.com/gopacket/gopacket/pcapgo"
+)
+
+// PacketInfo holds information about a captured packet
+type PacketInfo struct {
+	Timestamp   int64
+	Length      int
+	SrcIP       string
+	DstIP       string
+	SrcPort     uint16
+	DstPort     uint16
+	Protocol    string
+	Comments    []string
+	HasTCP      bool
+	HasUDP      bool
+	HasIPv4     bool
+	HasIPv6     bool
+	K8sMetadata map[string]string
+}
+
+// PacketFilter defines filtering criteria for packets
+type PacketFilter struct {
+	Port      *uint16 // Filter by port (source or destination)
+	SrcPort   *uint16 // Filter by source port
+	DstPort   *uint16 // Filter by destination port
+	Protocol  string  // Filter by protocol (TCP, UDP, ICMP, etc.)
+	SrcIP     string  // Filter by source IP
+	DstIP     string  // Filter by destination IP
+	MinLength int     // Minimum packet length
+	MaxLength int     // Maximum packet length
+}
+
+// ReadPcapngFile reads a pcapng file and returns all packets
+func ReadPcapngFile(filepath string) ([]PacketInfo, error) {
+	return ReadPcapngFileWithFilter(filepath, nil)
+}
+
+// ReadPcapngFileWithFilter reads a pcapng file and returns filtered packets
+func ReadPcapngFileWithFilter(filepath string, filter *PacketFilter) ([]PacketInfo, error) {
+	f, err := os.Open(filepath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open pcapng file: %w", err)
+	}
+	defer f.Close()
+
+	ngReader, err := pcapgo.NewNgReader(f, pcapgo.DefaultNgReaderOptions)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create pcapng reader: %w", err)
+	}
+
+	var packets []PacketInfo
+
+	for {
+		data, ci, opts, err := ngReader.ReadPacketDataWithOptions()
+		if err != nil {
+			if errors.Is(err, io.EOF) {
+				break
+			}
+			return nil, fmt.Errorf("error reading packet data: %w", err)
+		}
+
+		packet := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.Default)
+		packetInfo := extractPacketInfo(packet, ci, &opts)
+
+		// Apply filter if provided
+		if filter != nil && !matchesFilter(&packetInfo, filter) {
+			continue
+		}
+
+		packets = append(packets, packetInfo)
+	}
+
+	return packets, nil
+}
+
+// extractPacketInfo extracts information from a packet
+func extractPacketInfo(packet gopacket.Packet, ci gopacket.CaptureInfo, opts *pcapgo.NgPacketOptions) PacketInfo {
+	info := PacketInfo{
+		Timestamp:   ci.Timestamp.Unix(),
+		Length:      ci.Length,
+		K8sMetadata: make(map[string]string),
+	}
+
+	// Extract comments from NgPacketOptions (contains k8s metadata)
+	if len(opts.Comments) > 0 {
+		info.Comments = opts.Comments
+		extractK8sMetadata(&info)
+	}
+
+	// Check for IPv4 layer
+	if ipv4Layer := packet.Layer(layers.LayerTypeIPv4); ipv4Layer != nil {
+		ipv4, _ := ipv4Layer.(*layers.IPv4)
+		info.SrcIP = ipv4.SrcIP.String()
+		info.DstIP = ipv4.DstIP.String()
+		info.HasIPv4 = true
+		info.Protocol = ipv4.Protocol.String()
+	}
+
+	// Check for IPv6 layer
+	if ipv6Layer := packet.Layer(layers.LayerTypeIPv6); ipv6Layer != nil {
+		ipv6, _ := ipv6Layer.(*layers.IPv6)
+		info.SrcIP = ipv6.SrcIP.String()
+		info.DstIP = ipv6.DstIP.String()
+		info.HasIPv6 = true
+		info.Protocol = ipv6.NextHeader.String()
+	}
+
+	// Check for TCP layer
+	if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil {
+		tcp, _ := tcpLayer.(*layers.TCP)
+		info.SrcPort = uint16(tcp.SrcPort)
+		info.DstPort = uint16(tcp.DstPort)
+		info.HasTCP = true
+		if info.Protocol == "" {
+			info.Protocol = "TCP"
+		}
+	}
+
+	// Check for UDP layer
+	if udpLayer := packet.Layer(layers.LayerTypeUDP); udpLayer != nil {
+		udp, _ := udpLayer.(*layers.UDP)
+		info.SrcPort = uint16(udp.SrcPort)
+		info.DstPort = uint16(udp.DstPort)
+		info.HasUDP = true
+		if info.Protocol == "" {
+			info.Protocol = "UDP"
+		}
+	}
+
+	// Check for ICMP layers
+	if packet.Layer(layers.LayerTypeICMPv4) != nil {
+		info.Protocol = "ICMPv4"
+	}
+	if packet.Layer(layers.LayerTypeICMPv6) != nil {
+		info.Protocol = "ICMPv6"
+	}
+
+	return info
+}
+
+// extractK8sMetadata parses k8s metadata from packet comments
+func extractK8sMetadata(info *PacketInfo) {
+	for _, comment := range info.Comments {
+		lines := strings.Split(comment, "\n")
+		for _, line := range lines {
+			if strings.Contains(line, ":") {
+				parts := strings.SplitN(line, ":", 2)
+				if len(parts) == 2 {
+					key := strings.TrimSpace(parts[0])
+					value := strings.TrimSpace(parts[1])
+					info.K8sMetadata[key] = value
+				}
+			}
+		}
+	}
+}
+
+// matchesFilter checks if a packet matches the filter criteria
+func matchesFilter(info *PacketInfo, filter *PacketFilter) bool {
+	// Filter by port (either source or destination)
+	if filter.Port != nil {
+		if info.SrcPort != *filter.Port && info.DstPort != *filter.Port {
+			return false
+		}
+	}
+
+	// Filter by source port
+	if filter.SrcPort != nil && info.SrcPort != *filter.SrcPort {
+		return false
+	}
+
+	// Filter by destination port
+	if filter.DstPort != nil && info.DstPort != *filter.DstPort {
+		return false
+	}
+
+	// Filter by protocol
+	if filter.Protocol != "" && !strings.EqualFold(info.Protocol, filter.Protocol) {
+		return false
+	}
+
+	// Filter by source IP
+	if filter.SrcIP != "" && info.SrcIP != filter.SrcIP {
+		return false
+	}
+
+	// Filter by destination IP
+	if filter.DstIP != "" && info.DstIP != filter.DstIP {
+		return false
+	}
+
+	// Filter by minimum length
+	if filter.MinLength > 0 && info.Length < filter.MinLength {
+		return false
+	}
+
+	// Filter by maximum length
+	if filter.MaxLength > 0 && info.Length > filter.MaxLength {
+		return false
+	}
+
+	return true
+}
+
+// FilterPacketsByPort filters packets by port (source or destination)
+func FilterPacketsByPort(packets []PacketInfo, port uint16) []PacketInfo {
+	var filtered []PacketInfo
+	for _, p := range packets {
+		if p.SrcPort == port || p.DstPort == port {
+			filtered = append(filtered, p)
+		}
+	}
+	return filtered
+}