NETOBSERV-2455 - Get DNS names

[jpinsonneau]

Description

Parse truncated DNS QNAME using per-CPU buffer and append it to the flows when available

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Will this change affect NetObserv / Network Observability operator? If not, you can ignore the rest of this checklist.
• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

To run a perfscale test, comment with: /test ebpf-node-density-heavy-25nodes

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign msherif1234 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jpinsonneau]

Tested on OCP 4.19 with CLI by adding the following column in the config:

  - id: DNSName
    group: DNS
    name: DNS Name
    tooltip: DNS query name.
    field: DnsName
    filter: dns_name
    default: false
    width: 15
    feature: dnsTracking

[github-actions]

New images:
quay.io/netobserv/ebpf-bytecode:34362e6
quay.io/netobserv/netobserv-ebpf-agent:34362e6

These will expire after two weeks.

To deploy this build, run from the operator repo, assuming the operator is running:

USER=netobserv VERSION=34362e6 make set-agent-image

[msherif1234]

we don't need this additional map, u can directly read dns name from dns record and added to metric

[jpinsonneau]

rebased to remove the map: e7fe3e5

[msherif1234]

pls make sure this math aligns for both DNS over UDP and DNS over TCP , IIRC the headers are of different format

[jpinsonneau]

Seems to work on both 🤔
I'll investigate more on that one

[msherif1234]

this is a good candidate for unit-test as it looks so convoluted

[msherif1234]

what is this 0xC0 magic number ?

[jpinsonneau]

That's a skip when a DNS messageg use compression to reduce its size (repeated domain name parts are using pointers).

l is the length byte of a DNS label.
0xC0 in binary is 11000000.
The bitwise AND l & 0xC0 isolates the top two bits of l.
If the result equals 0xC0, it indicates a compression pointer.

[msherif1234]

pls add comments with all the above details

[msherif1234]

another UT is needed for this

[openshift-ci]

@jpinsonneau: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/netobserv-cli-tests	e7fe3e5	link	false	/test netobserv-cli-tests
ci/prow/qe-e2e-tests	e7fe3e5	link	false	/test qe-e2e-tests

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[msherif1234]

not needed anymore