more

Author: mazdakn

felix/collector/goldmane/client.go

@@ -41,9 +41,9 @@ type GoldmaneReporter struct {
 	once    sync.Once
 
 	// Fields related to goldmane unix socket
-	maySendToNodeSocket bool
-	nodeClient          *client.FlowClient
-	nodeClientLock      sync.RWMutex
+	mayReportToNodeSocket bool
+	nodeClient            *client.FlowClient
+	nodeClientLock        sync.RWMutex
 }
 
 func NewReporter(addr, cert, key, ca string) (*GoldmaneReporter, error) {
@@ -56,7 +56,7 @@ func NewReporter(addr, cert, key, ca string) (*GoldmaneReporter, error) {
 		client:  cli,
 
 		// Do not send flowlogs to node socket, if goldmane address set via FelixConfig is equal to node socket
-		maySendToNodeSocket: addr != LocalGoldmaneServer,
+		mayReportToNodeSocket: addr != LocalGoldmaneServer,
 	}, nil
 }
 
@@ -66,7 +66,7 @@ func (g *GoldmaneReporter) Start() error {
 		// We don't wait for the initial connection to start so we don't block the caller.
 		g.client.Connect(context.Background())
 
-		if g.maySendToNodeSocket {
+		if g.mayReportToNodeSocket {
 			go g.nodeSocketReporter()
 		}
 	})
@@ -97,6 +97,7 @@ func (g *GoldmaneReporter) nodeClientIsNil() bool {
 }
 
 func (g *GoldmaneReporter) mayStartNodeSocketReporter() {
+	// If node socket is already setup, do not try to set it up again.
 	if !g.nodeClientIsNil() {
 		return
 	}
@@ -110,19 +111,20 @@ func (g *GoldmaneReporter) mayStartNodeSocketReporter() {
 		logrus.WithError(err).Warn("Failed to create goldmane unix client")
 		return
 	}
-	logrus.Info("Created goldmane unix client")
+	logrus.Info("Created goldmane node client")
 	g.nodeClient.Connect(context.Background())
 }
 
 func (g *GoldmaneReporter) mayStopNodeSocketReporter() {
+	// If node socket is already closed, do not try to close it again.
 	if g.nodeClientIsNil() {
 		return
 	}
 
 	g.nodeClientLock.Lock()
 	defer g.nodeClientLock.Unlock()
 	g.nodeClient = nil
-	logrus.Info("Destroyed goldmane unix client")
+	logrus.Info("Destroyed goldmane node client")
 }
 
 func (g *GoldmaneReporter) Report(logSlice any) error {
@@ -135,8 +137,8 @@ func (g *GoldmaneReporter) Report(logSlice any) error {
 			goldmaneLog := convertFlowlogToGoldmane(l)
 			g.client.Push(goldmaneLog)
 
-			if g.maySendToNodeSocket {
-				// If goldmane local unix server exists, also send it flowlogs.
+			if g.mayReportToNodeSocket {
+				// If goldmane node server exists, also send flowlogs to it.
 				g.nodeClientLock.RLock()
 				if g.nodeClient != nil {
 					g.nodeClient.Push(goldmaneLog)

felix/collector/goldmane/local_server.go renamed to felix/collector/goldmane/node_server.go

@@ -101,7 +101,7 @@ func (s *NodeServer) Run() error {
 }
 
 func (s *NodeServer) Stop() {
-	s.grpcServer.GracefulStop()
+	s.grpcServer.Stop()
 }
 
 func (s *NodeServer) List() []*types.Flow {

goldmane/pkg/types/flow.go

@@ -122,6 +122,22 @@ func (k *FlowKey) DestPort() int64 {
 	return k.dest.Value().DestPort
 }
 
+func (k *FlowKey) DestServiceName() string {
+	return k.dest.Value().DestServiceName
+}
+
+func (k *FlowKey) DestServiceNamespace() string {
+	return k.dest.Value().DestServiceNamespace
+}
+
+func (k *FlowKey) DestServicePortName() string {
+	return k.dest.Value().DestServicePortName
+}
+
+func (k *FlowKey) DestServicePort() int64 {
+	return k.dest.Value().DestServicePort
+}
+
 // This struct should be an exact copy of the proto.Flow structure, but without the private fields.
 type Flow struct {
 	Key                     *FlowKey

node/cmd/calico-node/main.go

@@ -73,7 +73,7 @@ var runStatusReporter = flagSet.Bool("status-reporter", false, "Run node status
 var showStatus = flagSet.Bool("show-status", false, "Print out node status")
 
 // Options for node flowlogs.
-var watchFlowlogs = flagSet.Bool("watch-flowlogs", false, "Watch for node flowlogs")
+var fetchFlowlogs = flagSet.Int("flowlogs", 0, "Fetch a number of flowlogs. Use a negative value to watch forever.")
 
 // confd flags
 var runConfd = flagSet.Bool("confd", false, "Run confd")
@@ -176,8 +176,8 @@ func main() {
 	} else if *showStatus {
 		status.Show()
 		os.Exit(0)
-	} else if *watchFlowlogs {
-		flowlogs.StartServerAndWatch()
+	} else if *fetchFlowlogs != 0 {
+		flowlogs.StartServerAndWatch(*fetchFlowlogs)
 		os.Exit(0)
 	} else {
 		fmt.Println("No valid options provided. Usage:")

node/pkg/flowlogs/flowlogs.go

@@ -1,3 +1,17 @@
+// Copyright (c) 2025 Tigera, Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package flowlogs
 
 import (
@@ -15,7 +29,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-func StartServerAndWatch() {
+func StartServerAndWatch(num int) {
 	ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
 	defer stop()
 
@@ -31,29 +45,44 @@ func StartServerAndWatch() {
 		return
 	}
 
+	infinitLoop := num < 0
+	var count int
 	for {
-		if ctx.Err() != nil {
-			logrus.Info("Closing goldmane unix server")
+		if ctx.Err() != nil ||
+			(!infinitLoop && count >= num) {
+			logrus.Debug("Closing goldmane unix server")
+			nodeServer.Stop()
 			cleanupGoldmaneSocket()
 			return
 		}
+
 		flows := nodeServer.ListAndFlush()
 		for _, flow := range flows {
-			fmt.Printf("%s\n", flowToString(flow))
+			fmt.Printf("%s", flowToString(flow))
 		}
+		count = count + len(flows)
 		time.Sleep(time.Second)
 	}
 }
 
 func flowToString(f *types.Flow) string {
-	output := fmt.Sprintf("Src={%s(%s/%s) %vP %vB} Dst={%s(%s/%s) %vP %vB} Proto=%s(%v) Action=%v",
-		endpointTypeToString(f.Key.SourceType()), f.Key.SourceNamespace(), f.Key.SourceName(), f.PacketsIn, f.BytesIn,
-		endpointTypeToString(f.Key.DestType()), f.Key.DestNamespace(), f.Key.DestName(), f.PacketsOut, f.BytesOut,
-		f.Key.Proto(), f.Key.DestPort(),
-		f.Key.Action(),
+	startTime := time.Unix(f.StartTime, 0)
+	policyTrace := types.FlowLogPolicyToProto(f.Key.Policies())
+	return fmt.Sprintf(
+		"- Time=%v Reporter=%v Action=%v\n"+
+			"  Src=%s(%s/%s) Dst=%s(%s/%s) Svc=%s/%s Proto=%s(%v svc:%s/%v)\n"+
+			"  Counts={Ingress: %vPkts/%vBytes Egress:%vPkts/%vBytes} Connections={Started:%v Completed:%v Live:%v}\n"+
+			"  Enforced:\n%v\n"+
+			"  Pending:\n%v\n",
+		startTime, f.Key.Reporter(), f.Key.Action(),
+		endpointTypeToString(f.Key.SourceType()), f.Key.SourceNamespace(), f.Key.SourceName(),
+		endpointTypeToString(f.Key.DestType()), f.Key.DestNamespace(), f.Key.DestName(),
+		f.Key.DestServiceName(), f.Key.DestServiceNamespace(),
+		f.Key.Proto(), f.Key.DestPort(), f.Key.DestServicePortName(), f.Key.DestServicePort(),
+		f.PacketsIn, f.BytesIn, f.PacketsOut, f.BytesOut,
+		f.NumConnectionsStarted, f.NumConnectionsCompleted, f.NumConnectionsLive,
+		policyHitsToString(policyTrace.EnforcedPolicies), policyHitsToString(policyTrace.PendingPolicies),
 	)
-
-	return output
 }
 
 func endpointTypeToString(ep proto.EndpointType) string {
@@ -71,17 +100,25 @@ func endpointTypeToString(ep proto.EndpointType) string {
 	}
 }
 
+func policyHitsToString(policies []*proto.PolicyHit) string {
+	var out string
+	for _, p := range policies {
+		out = out + fmt.Sprintf("  - %v", p)
+	}
+	return out
+}
+
 func ensureGoldmaneSocketDirectory(addr string) error {
 	path := path.Dir(addr)
 	// Check if goldmane unix server exists at the expected location.
-	logrus.Info("Checking if goldmane unix server exists.")
+	logrus.Debug("Checking if goldmane unix server exists.")
 	if _, err := os.Stat(path); os.IsNotExist(err) {
-		logrus.WithField("path", path).Info("Goldmane unix socket directory does not exist.")
+		logrus.WithField("path", path).Debug("Goldmane unix socket directory does not exist.")
 		err := os.MkdirAll(path, 0o600)
 		if err != nil {
 			return err
 		}
-		logrus.WithField("path", path).Info("Created goldmane unix server directory.")
+		logrus.WithField("path", path).Debug("Created goldmane unix server directory.")
 	}
 	return nil
 }