Skip to content

Commit

Permalink
enable multiple filters
Browse files Browse the repository at this point in the history
  • Loading branch information
@jpinsonneau
jpinsonneau committed Jan 10, 2025
1 parent 17e4f2e commit 63a698a
Show file tree
Hide file tree
Showing 8 changed files with 599 additions and 626 deletions.
63 changes: 63 additions & 0 deletions res/collector-pipeline-config.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
{
"log-level": "trace",
"metricsSettings": {
"disableGlobalServer": true
},
"parameters": [
{
"name": "enrich",
"transform": {
"type": "network",
"network": {
"rules": [
{
"type": "add_kubernetes",
"kubernetes": {
"add_zone": true,
"ipField": "SrcAddr",
"output": "SrcK8S"
}
},
{
"type": "add_kubernetes",
"kubernetes": {
"add_zone": true,
"ipField": "DstAddr",
"output": "DstK8S"
}
},
{
"type": "reinterpret_direction"
}
],
"directionInfo": {
"reporterIPField": "AgentIP",
"srcHostField": "SrcK8S_HostIP",
"dstHostField": "DstK8S_HostIP",
"flowDirectionField": "FlowDirection"
}
}
}
},
{
"name": "send",
"write": {
"type": "grpc",
"grpc": {
"targetHost": "{{TARGET_HOST}}",
"targetPort": 9999
}
}
}
],
"pipeline": [
{
"name": "enrich",
"follows": "preset-ingester"
},
{
"name": "send",
"follows": "enrich"
}
]
}
76 changes: 4 additions & 72 deletions res/flow-capture.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,81 +46,13 @@ spec:
- name: ENABLE_FLOW_FILTER
value: "false"
- name: FLOW_FILTER_RULES
value: >
[ { "direction": "", "ip_cidr": "0.0.0.0/0", "protocol": "", "source_port": 0,
"destination_port": 0, "port": 0, "source_port_range": "",
"source_ports": "", "destination_port_range": "",
"destination_ports": "", "port_range": "", "ports": "",
"icmp_type": 0, "icmp_code": 0, "peer_ip": "", "action": "Accept",
"tcp_flags": "", "drops": false }
]
value: >-
[]
- name: EXPORT
value: "direct-flp"
- name: FLP_CONFIG
value: >
{
"log-level": "trace",
"metricsSettings":{
"disableGlobalServer": true
},
"parameters":[
{
"name":"enrich",
"transform":{
"type":"network",
"network":{
"rules":[
{
"type":"add_kubernetes",
"kubernetes":{
"add_zone": true,
"ipField":"SrcAddr",
"output":"SrcK8S"
}
},
{
"type":"add_kubernetes",
"kubernetes":{
"add_zone": true,
"ipField":"DstAddr",
"output":"DstK8S"
}
},
{
"type":"reinterpret_direction"
}
],
"directionInfo":{
"reporterIPField":"AgentIP",
"srcHostField":"SrcK8S_HostIP",
"dstHostField":"DstK8S_HostIP",
"flowDirectionField":"FlowDirection"
}
}
}
},
{
"name":"send",
"write":{
"type":"grpc",
"grpc":{
"targetHost":"{{TARGET_HOST}}",
"targetPort":9999
}
}
}
],
"pipeline":[
{
"name":"enrich",
"follows":"preset-ingester"
},
{
"name":"send",
"follows":"enrich"
}
]
}
value: |
{}
volumeMounts:
- name: bpf-kernel-debug
mountPath: /sys/kernel/debug
Expand Down
20 changes: 20 additions & 0 deletions res/flow-filter.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"direction": "",
"ip_cidr": "0.0.0.0/0",
"protocol": "",
"source_port": 0,
"destination_port": 0,
"port": 0,
"source_port_range": "",
"source_ports": "",
"destination_port_range": "",
"destination_ports": "",
"port_range": "",
"ports": "",
"icmp_type": 0,
"icmp_code": 0,
"peer_ip": "",
"action": "Accept",
"tcp_flags": "",
"drops": false
}
Loading

0 comments on commit 63a698a

Please sign in to comment.