From 50ff74722fc848b1463ea34821222eb24fba2255 Mon Sep 17 00:00:00 2001 From: Fabian Fischer Date: Mon, 2 Oct 2023 13:25:15 +0200 Subject: [PATCH] Add HTTP URL filter We added support for filtering on HTTP URLs in https://github.com/cilium/cilium/pull/28275. This PR adds this feature in the CLI by adding a new flag `--http-url` Fixes: #925 Signed-off-by: Fabian Fischer --- cmd/observe/flows.go | 3 +++ cmd/observe/flows_filter.go | 5 +++++ cmd/observe/flows_filter_test.go | 17 +++++++++++++++++ cmd/observe_help.txt | 1 + 4 files changed, 26 insertions(+) diff --git a/cmd/observe/flows.go b/cmd/observe/flows.go index 67a4b8a2e..bb3816298 100644 --- a/cmd/observe/flows.go +++ b/cmd/observe/flows.go @@ -389,6 +389,9 @@ func newFlowsCmdHelper(usage cmdUsage, vp *viper.Viper, ofilter *flowFilter) *co filterFlags.Var(filterVar( "http-path", ofilter, `Show only flows which match this HTTP path regular expressions (e.g. "/page/\\d+")`)) + filterFlags.Var(filterVar( + "http-url", ofilter, + `Show only flows which match this HTTP URL regular expressions (e.g. "http://.*cilium\.io/page/\\d+")`)) filterFlags.Var(filterVar( "trace-id", ofilter, diff --git a/cmd/observe/flows_filter.go b/cmd/observe/flows_filter.go index 5b28077f8..1b0bbd04a 100644 --- a/cmd/observe/flows_filter.go +++ b/cmd/observe/flows_filter.go @@ -119,6 +119,7 @@ func newFlowFilter() *flowFilter { {"http-status"}, {"http-method"}, {"http-path"}, + {"http-url"}, {"protocol"}, {"port", "to-port"}, {"port", "from-port"}, @@ -435,6 +436,10 @@ func (of *flowFilter) set(f *filterTracker, name, val string, track bool) error f.apply(func(f *flowpb.FlowFilter) { f.HttpPath = append(f.HttpPath, val) }) + case "http-url": + f.apply(func(f *flowpb.FlowFilter) { + f.HttpUrl = append(f.HttpUrl, val) + }) case "type": if wipe { diff --git a/cmd/observe/flows_filter_test.go b/cmd/observe/flows_filter_test.go index 7af611c1d..6955eea6c 100644 --- a/cmd/observe/flows_filter_test.go +++ b/cmd/observe/flows_filter_test.go @@ -575,3 +575,20 @@ func TestTrafficDirection(t *testing.T) { }) } } + +func TestHTTPURL(t *testing.T) { + f := newFlowFilter() + cmd := newFlowsCmdWithFilter(viper.New(), f) + + require.NoError(t, cmd.Flags().Parse([]string{"--http-url", `http://.*cilium\.io/foo`, "--http-url", `http://www\.cilium\.io/bar`})) + if diff := cmp.Diff( + []*flowpb.FlowFilter{ + {HttpUrl: []string{`http://.*cilium\.io/foo`, `http://www\.cilium\.io/bar`}}, + }, + f.whitelist.flowFilters(), + cmpopts.IgnoreUnexported(flowpb.FlowFilter{}), + ); diff != "" { + t.Errorf("mismatch (-want +got):\n%s", diff) + } + assert.Nil(t, f.blacklist) +} diff --git a/cmd/observe_help.txt b/cmd/observe_help.txt index cebe02d01..55da75d8e 100644 --- a/cmd/observe_help.txt +++ b/cmd/observe_help.txt @@ -51,6 +51,7 @@ Filters Flags: --http-method filter Show only flows which match this HTTP method (e.g. "get", "post") --http-path filter Show only flows which match this HTTP path regular expressions (e.g. "/page/\\d+") --http-status filter Show only flows which match this HTTP status code prefix (e.g. "404", "5+") + --http-url filter Show only flows which match this HTTP URL regular expressions (e.g. "http://.*cilium\.io/page/\\d+") --identity filter Show all flows related to an endpoint with the given security identity --ip filter Show all flows related to the given IP address. Each of the IPs can be specified as an exact match (e.g. '1.1.1.1') or as a CIDR range (e.g.'1.1.1.0/24'). --ip-version filter Show only IPv4, IPv6 flows or non IP flows (e.g. ARP packets) (ie: "none", "v4", "v6")