[NETOBSERV-1379] DNS TCP flows have n/a values

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: Console Plugin, eBPF, FLP
Labels:
- documenation
- pre-merge-tested

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
dns-tracking-1.5
Feature Link:
OCPSTRAT-965 - DNS tracking improvements
Intelligence Requested:
Market:

Sprint:
NetObserv - Sprint 244
Severity:
Important

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Description of problem:DNS TCP flows show up n/a values for DNS related columns

Steps to Reproduce:

1.Deploy latest downstream operator
2.Create flowcollector with DNSTracking enabled
3.Deploy pod running DNS queries on TCP by following the steps in https://issues.redhat.com/browse/NETOBSERV-1245 description 
4.Go to netflow-traffic page and filter on SrcPort 53, DstNamespace <podNS> and protocol TCP

Actual results:

Some flows have DNS Id, Latency, Response Code fields as n/a

Expected results:

All flows should have DNS Id, Latency, Response Code fields should have non-n/a values

PTAL the screenshot below for reference

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Screenshot 2023-10-25 at 2.04.15 PM.png
457 kB
2023/10/25 6:14 PM
Screenshot 2023-11-06 at 4.49.37 PM.png
443 kB
2023/11/06 10:20 PM
tcp-dns.pcap
1 kB
2023/10/27 8:31 PM

links to

netobserv/flowlogs-pipeline#533: NETOBSERV-1379: enhance DNS debugging to dbg DNS over TCP

netobserv/flowlogs-pipeline#599: Bump github.com/netobserv/netobserv-ebpf-agent from 0.3.3-0.20240117144239-03bb6a38b3f0 to 0.3.3

netobserv/netobserv-ebpf-agent#218: NETOBSERV-1379: enhance DNS debugging to dbg DNS over TCP with NA fields

netobserv/netobserv-ebpf-agent#270: Bump github.com/netobserv/flowlogs-pipeline from 0.1.11-0.20231123152750-f3b03fa192aa to 0.1.11

netobserv/network-observability-console-plugin#425: NETOBSERV-1379: show DNS error number

mentioned on

Merge request - Updated 3 upstream sources

Merge request - Updated US source to: d69703f dbg DNS over TCP NA fields (#218)

(2 mentioned on)

GitLab CEE Bot added a comment - 2023/11/07 10:52 PM

CPaaS Service Account mentioned this issue in a merge request of netobserv-midstream / Network Observability Operator Midstream on branch network-observability-1.5.0-rhel-9_upstream_de8a35f8b06b8c50c4abe69ab3f0aefa:

Updated 3 upstream sources

GitLab CEE Bot added a comment - 2023/11/07 10:52 PM CPaaS Service Account mentioned this issue in a merge request of netobserv-midstream / Network Observability Operator Midstream on branch network-observability-1.5.0-rhel-9_ upstream _de8a35f8b06b8c50c4abe69ab3f0aefa : Updated 3 upstream sources

Julien Pinsonneau added a comment - 2023/11/07 8:44 AM

Merged FLP & Plugin PRs. Thanks for the team work !

Julien Pinsonneau added a comment - 2023/11/07 8:44 AM Merged FLP & Plugin PRs. Thanks for the team work !

GitLab CEE Bot added a comment - 2023/11/06 11:28 PM

CPaaS Service Account mentioned this issue in a merge request of netobserv-midstream / Network Observability Operator Midstream on branch network-observability-1.5.0-rhel-9_upstream_6c2209686e7bf2e3ef609af092f9840f:

Updated US source to: d69703f dbg DNS over TCP NA fields (#218)

GitLab CEE Bot added a comment - 2023/11/06 11:28 PM CPaaS Service Account mentioned this issue in a merge request of netobserv-midstream / Network Observability Operator Midstream on branch network-observability-1.5.0-rhel-9_ upstream _6c2209686e7bf2e3ef609af092f9840f : Updated US source to: d69703f dbg DNS over TCP NA fields (#218)

Amogh Rameshappa Devapura added a comment - 2023/11/06 10:21 PM

Verified the new DNSErr column and only flows which has non-zero error has DNSId and DNSLatency values for DNS on TCP as well as UDP. Works as expected!

Cluster details:

OCP: 4.13.0-0.nightly-2023-11-06-032945
NetObserv operator: v1.5.0
eBPF-agent: 9bed2e9
FLP: 02185c6
ConsolePlugin: 5e1c444

Amogh Rameshappa Devapura added a comment - 2023/11/06 10:21 PM Verified the new DNSErr column and only flows which has non-zero error has DNSId and DNSLatency values for DNS on TCP as well as UDP. Works as expected! Cluster details: OCP: 4.13.0-0.nightly-2023-11-06-032945 NetObserv operator: v1.5.0 eBPF-agent: 9bed2e9 FLP: 02185c6 ConsolePlugin: 5e1c444

Mohamed Mahmoud added a comment - 2023/10/27 8:32 PM

not all TCP flows have DNS headers that is very clear when collect pcap file tcp-dns.pcapas u can see TCP packets during handshake don't include DNS headers and those the one shows as NA in the console

users can use dns_id != 0 filter to avoid to ignore those entries

Mohamed Mahmoud added a comment - 2023/10/27 8:32 PM not all TCP flows have DNS headers that is very clear when collect pcap file tcp-dns.pcap as u can see TCP packets during handshake don't include DNS headers and those the one shows as NA in the console users can use dns_id != 0 filter to avoid to ignore those entries

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: GitLab CEE Bot added a comment - 2023/11/07 10:52 PM

Expand comment: GitLab CEE Bot added a comment - 2023/11/07 10:52 PM

Collapse comment: Julien Pinsonneau added a comment - 2023/11/07 8:44 AM

Expand comment: Julien Pinsonneau added a comment - 2023/11/07 8:44 AM

Collapse comment: GitLab CEE Bot added a comment - 2023/11/06 11:28 PM

Expand comment: GitLab CEE Bot added a comment - 2023/11/06 11:28 PM

Collapse comment: Amogh Rameshappa Devapura added a comment - 2023/11/06 10:21 PM

Expand comment: Amogh Rameshappa Devapura added a comment - 2023/11/06 10:21 PM

Collapse comment: Mohamed Mahmoud added a comment - 2023/10/27 8:32 PM

Expand comment: Mohamed Mahmoud added a comment - 2023/10/27 8:32 PM

People

Dates