search

netobserv / flowlogs-pipeline

Transform flow logs into metrics
Apache License 2.0
75 stars 23 forks source link

Make the protocol field configurable in conntrack #501

Open ronensc opened 1 year ago

ronensc commented 1 year ago

Currently, the conntrack module looks for the protocol in the field Proto to filter out non-transport flowlogs.

This breaks make ocp-deploy in a way that connections aren't being tracked. The reason is that Proto is missing (because it was renamed to proto) so all flowlogs are filtered out. https://github.com/netobserv/flowlogs-pipeline/blob/914d470447c1ff8d9bbf3bb371a74039d08bbf17/contrib/kubernetes/flowlogs-pipeline.conf.yaml#L42-L43

I suggest to add ProtocolFieldName setting to the conntrack configuration to allow specifying a custom field name for the protocol field other than Proto. If this setting is not set, Proto could be set as a default for backward compatibility.

jotak commented 1 year ago

sounds good to me Looks like there's also the "Duplicate" field being hardcoded the same way, in generic_map.go

ronensc commented 1 year ago

Correct. Thanks for bringing this up. I forgot to mention this.