NETOBSERV-1703 Add enrichment in packet capture

[jpinsonneau]

Description

This PR allows pcap parsing to generic map. Check CLI implementation for usage.

Dependencies

netobserv/network-observability-cli#61

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Will this change affect NetObserv / Network Observability operator? If not, you can ignore the rest of this checklist.
• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 80 lines in your changes missing coverage. Please review.

Please upload report for BASE (main@434968e). Learn more about missing BASE report.
Report is 5 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #364   +/-   ##
=======================================
  Coverage        ?   32.16%           
=======================================
  Files           ?       48           
  Lines           ?     3666           
  Branches        ?        0           
=======================================
  Hits            ?     1179           
  Misses          ?     2386           
  Partials        ?      101           

Flag	Coverage Δ
unittests	32.16% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
pkg/agent/config.go	10.00% <ø> (ø)
pkg/agent/agent.go	35.97% <0.00%> (ø)
pkg/exporter/direct_flp.go	55.00% <0.00%> (ø)
pkg/exporter/grpc_packets.go	0.00% <0.00%> (ø)
pkg/agent/packets_agent.go	0.00% <0.00%> (ø)
pkg/utils/packets.go	0.00% <0.00%> (ø)
pkg/decode/decode_protobuf.go	24.36% <0.00%> (ø)

[jpinsonneau]

@eranra & @KalmanMeth you might be interested by this PR 👀

[msherif1234]

you are missing SCTP protocol support

[jpinsonneau]

sure I can add it !

[jpinsonneau]

b39afec

[msherif1234]

do we allow DNS in packet capture mode ? pca code doesn't enable any feature including DNS

[jpinsonneau]

We capture any packets as far as I saw

[msherif1234]

is this efficient I didn't look for any better alternative did u get a chance to explore other options ?

[jpinsonneau]

I'm considering to update the gRPC message to send flows and packets as two separate byte array but during the pipeline lifetime I feel that's the easiest solution.

On my local kind cluster it's super fast so for now I'm not looking deeper in this.

[msherif1234]

DNS enrichement not enabled with pca

[jpinsonneau]

see #364 (comment)

[msherif1234]

/lgtm

[github-actions]

New image:
quay.io/netobserv/netobserv-ebpf-agent:30c0f75

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=30c0f75 make set-agent-image

[Amoghrd]

/ok-to-test

[github-actions]

New image:
quay.io/netobserv/netobserv-ebpf-agent:95041fd

It will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=95041fd make set-agent-image

[Amoghrd]

/label qe-approved

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment