github.com/cilium/cilium@v1.16.2/pkg/hubble/monitor/filter.go

github.com/cilium/cilium@v1.16.2/pkg/hubble/monitor/filter.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package monitor
     5  
     6  import (
     7  	"context"
     8  	"fmt"
     9  
    10  	"github.com/sirupsen/logrus"
    11  
    12  	observerTypes "github.com/cilium/cilium/pkg/hubble/observer/types"
    13  	"github.com/cilium/cilium/pkg/hubble/parser/errors"
    14  	monitorAPI "github.com/cilium/cilium/pkg/monitor/api"
    15  )
    16  
    17  // monitorFilter is an implementation of OnMonitorEvent interface that filters monitor events.
    18  type monitorFilter struct {
    19  	logger logrus.FieldLogger
    20  
    21  	drop          bool
    22  	debug         bool
    23  	capture       bool
    24  	trace         bool
    25  	l7            bool
    26  	agent         bool
    27  	policyVerdict bool
    28  	recCapture    bool
    29  	traceSock     bool
    30  }
    31  
    32  // NewMonitorFilter creates a new monitor filter.
    33  // If monitorEventFilters is empty, no events are allowed.
    34  func NewMonitorFilter(logger logrus.FieldLogger, monitorEventFilters []string) (*monitorFilter, error) {
    35  	monitorFilter := monitorFilter{logger: logger}
    36  
    37  	for _, filter := range monitorEventFilters {
    38  		switch filter {
    39  		case monitorAPI.MessageTypeNameDrop:
    40  			monitorFilter.drop = true
    41  		case monitorAPI.MessageTypeNameDebug:
    42  			monitorFilter.debug = true
    43  		case monitorAPI.MessageTypeNameCapture:
    44  			monitorFilter.capture = true
    45  		case monitorAPI.MessageTypeNameTrace:
    46  			monitorFilter.trace = true
    47  		case monitorAPI.MessageTypeNameL7:
    48  			monitorFilter.l7 = true
    49  		case monitorAPI.MessageTypeNameAgent:
    50  			monitorFilter.agent = true
    51  		case monitorAPI.MessageTypeNamePolicyVerdict:
    52  			monitorFilter.policyVerdict = true
    53  		case monitorAPI.MessageTypeNameRecCapture:
    54  			monitorFilter.recCapture = true
    55  		case monitorAPI.MessageTypeNameTraceSock:
    56  			monitorFilter.traceSock = true
    57  		default:
    58  			return nil, fmt.Errorf("unknown monitor event type: %s", filter)
    59  		}
    60  	}
    61  
    62  	logger.WithField("filters", monitorEventFilters).Info("Configured Hubble with monitor event filters")
    63  	return &monitorFilter, nil
    64  }
    65  
    66  // OnMonitorEvent implements observeroption.OnMonitorEvent interface
    67  // It returns true if an event is to be dropped, false otherwise.
    68  func (m *monitorFilter) OnMonitorEvent(ctx context.Context, event *observerTypes.MonitorEvent) (bool, error) {
    69  	switch payload := event.Payload.(type) {
    70  	case *observerTypes.PerfEvent:
    71  		if len(payload.Data) == 0 {
    72  			return true, errors.ErrEmptyData
    73  		}
    74  
    75  		switch payload.Data[0] {
    76  		case monitorAPI.MessageTypeDrop:
    77  			return !m.drop, nil
    78  		case monitorAPI.MessageTypeDebug:
    79  			return !m.debug, nil
    80  		case monitorAPI.MessageTypeCapture:
    81  			return !m.capture, nil
    82  		case monitorAPI.MessageTypeTrace:
    83  			return !m.trace, nil
    84  		case monitorAPI.MessageTypeAccessLog: // MessageTypeAccessLog maps to MessageTypeNameL7
    85  			return !m.l7, nil
    86  		case monitorAPI.MessageTypePolicyVerdict:
    87  			return !m.policyVerdict, nil
    88  		case monitorAPI.MessageTypeRecCapture:
    89  			return !m.recCapture, nil
    90  		case monitorAPI.MessageTypeTraceSock:
    91  			return !m.traceSock, nil
    92  		default:
    93  			return true, errors.ErrUnknownEventType
    94  		}
    95  	case *observerTypes.AgentEvent:
    96  		return !m.agent, nil
    97  	case nil:
    98  		return true, errors.ErrEmptyData
    99  	default:
   100  		return true, errors.ErrUnknownEventType
   101  	}
   102  }