Support L4 protocol specific filters in PacketCapture

[hangyan]

Describe the problem/challenge you have

Besides the protocol filter, PacketCapture should also support protocol specific filters like

• tcp flags
• icmp echo/reply packet
• ...

Describe the solution you'd like

add new fields in the transportHeader section of PacketCapture spec.

Anything else you would like to add?

[devc007]

Hey, community!

This issue looks challenging, and I’d like to give it a try. However, I have a few questions before I proceed.

So far, my understanding of the issue is that we’re currently capturing data packets based on criteria like ports, source, destination, and possibly protocols (e.g., TCP, UDP, and ICMP). Now, the goal is to capture data packets that provide deeper insights, such as how a TCP connection is formed (e.g., the 3-way handshake involving SYN and ACK packets).

Here are my questions:

Did I understand the issue correctly?
Is the purpose of this issue to enhance monitoring capabilities?
Should I use tcpdump for this, or are there alternative methods I can consider?
Additionally, I don’t think I have enough knowledge right now to solve this effectively. I need to read and learn more, but I’m struggling to find the right documents or resources. Can you help me by suggesting some useful materials or resources?

[antoninbas]

@devc007 Thanks for your interest. I want to emphasize that this is not a very straightforward issue: it requires API changes, correct translation of the new filters to BPF, new e2e test cases, etc. I believe this issue has the right scope for a LFX mentorship term (10-12 weeks for a new contributor), but this would not constitute a "good first issue" that can be tackled by a new contributor in a matter of hours or even days.

If you are still interested, I would recommend first experimenting with the PacketCapture feature on an actual cluster (https://github.com/antrea-io/antrea/blob/main/docs/packetcapture-guide.md), and reading the antrea-agent code that implements the feature.