For better troubleshooting, when there's no match for a given IP (no known pod/service/node), we should be able to provide some indication about the subnet that it belongs to. This is CNI/vendor-dependent, so as a first step we should focus on openshift:

Subnets are described in the cluster / cno config :

networking:
  clusterNetwork:
    - cidr: 10.128.0.0/14
      hostPrefix: 23
  machineNetwork:
    - cidr: 10.0.0.0/16
  networkType: OVNKubernetes
  serviceNetwork:
    - 172.30.0.0/16

Maybe the operator could grab that data and pass it down to FLP (as a new config parameter), so that FLP can check these CIDR.

Then, we can either create a new "Subnet" field for all IPs:

• "Cluster network"
• "Machine network"
• "Service network"
• "External"

or as an alternative, run it only for unmatched IPs and reuse the "Kind" field to show:

• "Unknown - cluster network"
• "Unknown - machine network"
• "Unknown - service network"
• "Unknown - external"

It would greatly help troubleshooting when trying to figure out what unknown unidentified traffic could be.

Example / pic of flow table while I'm trying to figure out unknown traffic:

As you can see there's many IPs that are unidentified, but still in the machine network