Filter out sockets for loopback and unknown interfaces

msherif1234 commented 8 months ago

Description

filter out noise flows when RTT and/or pkt drop is enabled for lo interface

here is a sample of those waste flows we can see when enable RTT or pkt drop

{
  "AgentIP": "10.0.122.106",
  "Bytes": 32,
  "DnsErrno": 0,
  "Dscp": 0,
  "DstAddr": "127.0.0.1",
  "DstMac": "00:00:00:00:00:00",
  "DstPort": 80,
  "Duplicate": "false",
  "Etype": 2048,
  "Flags": 512,
  "FlowDirection": "0",
  "IfDirection": 0,
  "Interface": "lo",
  "K8S_FlowLayer": "infra",
  "Packets": 1,
  "Proto": 6,
  "SrcAddr": "127.0.0.1",
  "SrcMac": "00:00:00:00:00:00",
  "SrcPort": 60518,
  "TimeFlowEndMs": 1706717908848,
  "TimeFlowRttNs": 16000,
  "TimeFlowStartMs": 1706717908848,
  "TimeReceived": 1706717913,
  "app": "netobserv-flowcollector"
}

{
  "AgentIP": "10.0.31.177",
  "DnsErrno": 0,
  "Dscp": 0,
  "DstAddr": "::1",
  "DstMac": "00:00:00:00:00:00",
  "DstPort": 80,
  "Duplicate": "false",
  "Etype": 34525,
  "Flags": 2,
  "FlowDirection": "0",
  "IfDirection": 0,
  "Interface": "lo",
  "K8S_FlowLayer": "infra",
  "PktDropBytes": 40,
  "PktDropLatestDropCause": "SKB_DROP_REASON_NO_SOCKET",
  "PktDropLatestFlags": 2,
  "PktDropLatestState": "TCP_INVALID_STATE",
  "PktDropPackets": 1,
  "Proto": 6,
  "SrcAddr": "::1",
  "SrcMac": "00:00:00:00:00:00",
  "SrcPort": 37068,
  "TimeFlowEndMs": 1706722320508,
  "TimeFlowStartMs": 1706722320508,
  "TimeReceived": 1706722320,
  "app": "netobserv-flowcollector"
}

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

[ ] Will this change affect NetObserv / Network Observability operator? If not, you can ignore the rest of this checklist.
[ ] Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
[ ] Does this PR require product documentation?
- [ ] If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
[ ] Does this PR require a product release notes entry?
- [ ] If so, fill in "Release Note Text" in the JIRA.
[ ] Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
- [ ] If so, make sure it is described in the JIRA ticket.
QE requirements (check 1 from the list):
- [ ] Standard QE validation, with pre-merge tests unless stated otherwise.
- [ ] Regression tests only (e.g. refactoring with no user-facing change).
- [ ] No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

codecov[bot] commented 8 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (340f97c) 33.65% compared to head (f37a4f6) 33.65%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #260 +/- ## ======================================= Coverage 33.65% 33.65% ======================================= Files 40 40 Lines 3542 3542 ======================================= Hits 1192 1192 Misses 2281 2281 Partials 69 69 ``` | [Flag](https://app.codecov.io/gh/netobserv/netobserv-ebpf-agent/pull/260/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=netobserv) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/netobserv/netobserv-ebpf-agent/pull/260/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=netobserv) | `33.65% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=netobserv#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

msherif1234 commented 8 months ago

/ok-to-test

github-actions[bot] commented 8 months ago

New image: quay.io/netobserv/netobserv-ebpf-agent:57ade44

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=57ade44 make set-agent-image

jotak commented 8 months ago

/lgtm

msherif1234 commented 8 months ago

/approve

openshift-ci[bot] commented 8 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: msherif1234

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/netobserv/netobserv-ebpf-agent/blob/main/OWNERS)~~ [msherif1234] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

netobserv / netobserv-ebpf-agent