github.com/cilium/cilium@v1.16.2/pkg/hubble/filters/tcp.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Hubble 3 4 package filters 5 6 import ( 7 "context" 8 "fmt" 9 10 flowpb "github.com/cilium/cilium/api/v1/flow" 11 v1 "github.com/cilium/cilium/pkg/hubble/api/v1" 12 ) 13 14 func filterByTCPFlags(flags []*flowpb.TCPFlags) (FilterFunc, error) { 15 return func(ev *v1.Event) bool { 16 flowFlags := ev.GetFlow().GetL4().GetTCP().GetFlags() 17 if flowFlags == nil { 18 return false 19 } 20 // check if the TCP event has any of the flags mentioned in flowfilter 21 // example: if TCP event has flags SYN and ACK set and if the flowfilter 22 // only has SYN, then this event should be accepted by the filter. 23 for _, f := range flags { 24 switch { 25 case f.FIN && !flowFlags.FIN, 26 f.SYN && !flowFlags.SYN, 27 f.RST && !flowFlags.RST, 28 f.PSH && !flowFlags.PSH, 29 f.ACK && !flowFlags.ACK, 30 f.URG && !flowFlags.URG, 31 f.ECE && !flowFlags.ECE, 32 f.CWR && !flowFlags.CWR, 33 f.NS && !flowFlags.NS: 34 continue 35 } 36 return true 37 } 38 return false 39 }, nil 40 } 41 42 // TCPFilter implements filtering based on TCP protocol header 43 type TCPFilter struct{} 44 45 // OnBuildFilter builds a TCP protocol based filter 46 func (p *TCPFilter) OnBuildFilter(ctx context.Context, ff *flowpb.FlowFilter) ([]FilterFunc, error) { 47 var fs []FilterFunc 48 49 if ff.GetTcpFlags() != nil { 50 pf, err := filterByTCPFlags(ff.GetTcpFlags()) 51 if err != nil { 52 return nil, fmt.Errorf("invalid tcp flags filter: %w", err) 53 } 54 fs = append(fs, pf) 55 } 56 57 return fs, nil 58 }