Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NETOBSERV-200: Basic eBPF agent that fetches flows' information #3

Merged
merged 1 commit into from
Mar 17, 2022
Merged

NETOBSERV-200: Basic eBPF agent that fetches flows' information #3

merged 1 commit into from
Mar 17, 2022

Conversation

mariomac
Copy link

This agent just prints flows in the standard output and does not forward to any other place.

Here is an example of the fetched flow information (the structure will change when we serialize it to a binary encoding):

{
  "Etype": 8,
  "Direction": "EGRESS",
  "DataLink": {
    "SrcMac": "08:00:27:23:e8:8a",
    "DstMac": "52:54:00:12:35:02"
  },
  "Network": {
    "SrcAddr": "10.0.2.15",
    "DstAddr": "10.0.2.2"
  },
  "Transport": {
    "SrcPort": 22,
    "DstPort": 51819,
    "Proto": "TCP"
  },
  "Bytes": 56320,
  "TimeFlowStart": "2022-03-17T07:42:12.414480074Z",
  "TimeFlowEnd": "2022-03-17T07:42:12.414849771Z",
  "Interface": "eth0",
  "Packets": 2
}

jpinsonneau
jpinsonneau approved these changes Mar 17, 2022
View reviewed changes
pkg/flow/record.go
Comment on lines +154 to +155
default:
return []byte(`"UNKNOWN"`), nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be impossible right ?

In general, I feel it would be better to remove some fields from JSON if input values are invalid than sending a default value that will make the parsing different for every fields.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. I left it there just to compile. Anyway consider that this was just to get a "nicer" demonstration of the flow information in JSON, but this will be removed in the next task, as long as we move to protobuf or any other binary encoding.

@mariomac mariomac merged commit 122996e into netobserv:main Mar 17, 2022
@mariomac mariomac deleted the refactor branch March 17, 2022 09:50
@eranra eranra mentioned this pull request May 12, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpinsonneau jpinsonneau jpinsonneau approved these changes

@jotak jotak Awaiting requested review from jotak

@OlivierCazade OlivierCazade Awaiting requested review from OlivierCazade

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mariomac @jpinsonneau