Skip to content

Commit

Permalink
Allow populaiting only single filter rules for cli usecase (#128)
Browse files Browse the repository at this point in the history
Signed-off-by: Mohamed Mahmoud <[email protected]>
  • Loading branch information
msherif1234 authored Dec 14, 2024
1 parent d773b37 commit d541d19
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 89 deletions.
45 changes: 9 additions & 36 deletions res/flow-capture.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,42 +45,15 @@ spec:
value: "false"
- name: ENABLE_FLOW_FILTER
value: "false"
- name: FILTER_DIRECTION
value: ""
- name: FILTER_IP_CIDR
value: "0.0.0.0/0"
- name: FILTER_PROTOCOL
value: ""
- name: FILTER_SOURCE_PORT
value: ""
- name: FILTER_DESTINATION_PORT
value: ""
- name: FILTER_PORT
value: ""
- name: FILTER_SOURCE_PORT_RANGE
value: ""
- name: FILTER_DESTINATION_PORT_RANGE
value: ""
- name: FILTER_PORT_RANGE
value: ""
- name: FILTER_SOURCE_PORTS
value: ""
- name: FILTER_DESTINATION_PORTS
value: ""
- name: FILTER_PORTS
value: ""
- name: FILTER_ICMP_TYPE
value: ""
- name: FILTER_ICMP_CODE
value: ""
- name: FILTER_PEER_IP
value: ""
- name: FILTER_TCP_FLAGS
value: ""
- name: FILTER_DROPS
value: "false"
- name: FILTER_ACTION
value: "Accept"
- name: FLOW_FILTER_RULES
value: >
[ { "direction": "", "ip_cidr": "0.0.0.0/0", "protocol": "", "source_port": 0,
"destination_port": 0, "port": 0, "source_port_range": "",
"source_ports": "", "destination_port_range": "",
"destination_ports": "", "port_range": "", "ports": "",
"icmp_type": 0, "icmp_code": 0, "peer_ip": "", "action": "Accept",
"tcp_flags": "", "drops": false }
]
- name: EXPORT
value: "direct-flp"
- name: FLP_CONFIG
Expand Down
43 changes: 9 additions & 34 deletions res/packet-capture.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,40 +31,15 @@ spec:
value: "false"
- name: LOG_LEVEL
value: info
- name: FILTER_DIRECTION
value: ""
- name: FILTER_IP_CIDR
value: "0.0.0.0/0"
- name: FILTER_PROTOCOL
value: ""
- name: FILTER_SOURCE_PORT
value: ""
- name: FILTER_DESTINATION_PORT
value: ""
- name: FILTER_PORT
value: ""
- name: FILTER_SOURCE_PORT_RANGE
value: ""
- name: FILTER_DESTINATION_PORT_RANGE
value: ""
- name: FILTER_PORT_RANGE
value: ""
- name: FILTER_SOURCE_PORTS
value: ""
- name: FILTER_DESTINATION_PORTS
value: ""
- name: FILTER_PORTS
value: ""
- name: FILTER_ICMP_TYPE
value: ""
- name: FILTER_ICMP_CODE
value: ""
- name: FILTER_PEER_IP
value: ""
- name: FILTER_DROPS
value: "false"
- name: FILTER_ACTION
value: "Accept"
- name: FLOW_FILTER_RULES
value: >
[ { "direction": "", "ip_cidr": "0.0.0.0/0", "protocol": "", "source_port": 0,
"destination_port": 0, "port": 0, "source_port_range": "",
"source_ports": "", "destination_port_range": "",
"destination_ports": "", "port_range": "", "ports": "",
"icmp_type": 0, "icmp_code": 0, "peer_ip": "", "action": "Accept",
"tcp_flags": "", "drops": false }
]
- name: EXPORT
value: "direct-flp"
- name: FLP_CONFIG
Expand Down
38 changes: 19 additions & 19 deletions scripts/functions.sh
Original file line number Diff line number Diff line change
Expand Up @@ -397,58 +397,58 @@ function edit_manifest() {
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"ENABLE_FLOW_FILTER\").value|=\"$2\"" "$3"
;;
"filter_direction")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_DIRECTION\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.direction = \"$2\")| tostring)" "$3"
;;
"filter_cidr")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_IP_CIDR\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.ip_cidr = \"$2\")| tostring)" "$3"
;;
"filter_protocol")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_PROTOCOL\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.protocol = \"$2\")| tostring)" "$3"
;;
"filter_sport")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_SOURCE_PORT\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.source_port = $2)| tostring)" "$3"
;;
"filter_dport")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_DESTINATION_PORT\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.destination_port = $2)| tostring)" "$3"
;;
"filter_port")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_PORT\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.port = $2)| tostring)" "$3"
;;
"filter_sport_range")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_SOURCE_PORT_RANGE\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.source_port_range = \"$2\")| tostring)" "$3"
;;
"filter_dport_range")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_DESTINATION_PORT_RANGE\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.destination_port_range = \"$2\")| tostring)" "$3"
;;
"filter_port_range")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_PORT_RANGE\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.port_range = \"$2\")| tostring)" "$3"
;;
"filter_sports")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_SOURCE_PORTS\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.source_ports = \"$2\")| tostring)" "$3"
;;
"filter_dportS")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_DESTINATION_PORTS\").value|=\"$2\"" "$3"
"filter_dports")
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.destination_ports = \"$2\")| tostring)" "$3"
;;
"filter_ports")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_PORTS\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.ports = \"$2\")| tostring)" "$3"
;;
"filter_icmp_type")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_ICMP_TYPE\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.icmp_type = $2)| tostring)" "$3"
;;
"filter_icmp_code")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_ICMP_CODE\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.icmp_code = $2)| tostring)" "$3"
;;
"filter_peer_ip")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_PEER_IP\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.peer_ip = \"$2\")| tostring)" "$3"
;;
"filter_action")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_ACTION\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.action = \"$2\")| tostring)" "$3"
;;
"filter_tcp_flags")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_TCP_FLAGS\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.tcp_flags = \"$2\")| tostring)" "$3"
;;
"filter_pkt_drops")
yq e --inplace ".spec.template.spec.containers[0].env[] |= select(.name==\"FILTER_DROPS\").value|=\"$2\"" "$3"
yq e --inplace " .spec.template.spec.containers[0].env[] |= select(.name == \"FLOW_FILTER_RULES\").value |=(fromjson | map(.drops = $2)| tostring)" "$3"
;;
"filter_regexes")
copyFLPConfig "$3"
Expand Down

0 comments on commit d541d19

Please sign in to comment.