Support antctl command for packetcapture

docs/antctl.md

@@ -33,6 +33,7 @@ running in three different modes:
   - [Dumping OVS flows](#dumping-ovs-flows)
   - [OVS packet tracing](#ovs-packet-tracing)
   - [Traceflow](#traceflow)
+  - [PacketCapture](#packetcapture)
   - [Antctl Proxy](#antctl-proxy)
   - [Flow Aggregator commands](#flow-aggregator-commands)
     - [Dumping flow records](#dumping-flow-records)
@@ -571,6 +572,47 @@ $ antctl traceflow -S pod1 -D svc1 -f tcp --live-traffic -t 1m
 $ antctl traceflow -D pod1 -f tcp,tcp_dst=80 --live-traffic --dropped-only -t 10m
 ```
 
+### PacketCapture
+
+`antctl packetcapture` (or  `antctl pc`) command is used to start a `PacketCapture`
+and retrieve the captured result. After the result packet file is copied out,
+the PacketCapture will be deleted. Users can also create a PacketCapture with `kubectl`,
+but `antctl` provide a simpler way. For more information about PacketCapture,
+refer to [PacketCapture guide](packetcapture-guide.md).
+
+To start a PacketCapture, users must provide the following arguments:
+
+* `--source` (or `-S`)
+* `--destination` (or `-D`)
+* `--number` (or `-n`)
+
+Note: one of `--source` and `--destination` must be a pod.
+
+The `--flow` (or `-f`) argument can be used to specify the PacketCapture packet
+headers with the [ovs-ofctl](http://www.openvswitch.org//support/dist-docs/ovs-ofctl.8.txt)
+flow syntax(This argument works similar as Traceflow). The supported flow fields
+include: IP protocol (`icmp`, `tcp`, `udp`), source and destination ports
+(`tcp_src`, `tcp_dst`, `udp_src`, `udp_dst`).
+
+By default, the command will wait for the PacketCapture to succeed or fail, or
+timeout. The default timeout is 10 seconds, but can be changed with the
+`--timeout` (or `-t`) argument. Add the `--no-wait` flag to start a PacketCapture
+without waiting for its results. In this case, the command will not delete the
+PacketCapture resource.
+
+More examples of `antctl packetcapture`:
+
+```bash
+Start capturing packets from pod1 to pod2, both Pods are in Namespace default
+$ antctl packetcaputre -S pod1 -D pod2
+Start capturing packets from pod1 in Namespace ns1 to a destination IP
+$ antctl packetcapture -S ns1/pod1 -D 192.168.123.123
+Start capturing UDP packets from pod1 to pod2, with destination port 1234
+$ antctl packetcapture -S pod1 -D pod2 -f udp,udp_dst=1234
+Save the packets file to a specified directory
+$ antctl packetcapture -S 192.168.123.123 -D pod2 -f tcp,tcp_dst=80 -o /tmp
+```
+
 ### Antctl Proxy
 
 antctl can run as a reverse proxy for the Antrea API (Controller or arbitrary

pkg/antctl/antctl.go

@@ -23,6 +23,7 @@ import (
 	checkinstallation "antrea.io/antrea/pkg/antctl/raw/check/installation"
 	"antrea.io/antrea/pkg/antctl/raw/featuregates"
 	"antrea.io/antrea/pkg/antctl/raw/multicluster"
+	"antrea.io/antrea/pkg/antctl/raw/packetcapture"
 	"antrea.io/antrea/pkg/antctl/raw/proxy"
 	"antrea.io/antrea/pkg/antctl/raw/set"
 	"antrea.io/antrea/pkg/antctl/raw/supportbundle"
@@ -750,6 +751,11 @@ $ antctl get podmulticaststats pod -n namespace`,
 			supportAgent:      true,
 			supportController: true,
 		},
+		{
+			cobraCommand:      packetcapture.Command,
+			supportAgent:      false,
+			supportController: true,
+		},
 		{
 			cobraCommand:      proxy.Command,
 			supportAgent:      false,

pkg/antctl/command_list_test.go

@@ -65,7 +65,7 @@ func TestGetDebugCommands(t *testing.T) {
 		{
 			name:     "Antctl running against controller mode",
 			mode:     "controller",
-			expected: [][]string{{"version"}, {"get", "networkpolicy"}, {"get", "appliedtogroup"}, {"get", "addressgroup"}, {"get", "controllerinfo"}, {"supportbundle"}, {"traceflow"}, {"get", "featuregates"}},
+			expected: [][]string{{"version"}, {"get", "networkpolicy"}, {"get", "appliedtogroup"}, {"get", "addressgroup"}, {"get", "controllerinfo"}, {"supportbundle"}, {"traceflow"}, {"packetcapture"}, {"get", "featuregates"}},
 		},
 		{
 			name:     "Antctl running against agent mode",

pkg/antctl/raw/helper.go

@@ -18,8 +18,11 @@ import (
 	"context"
 	"fmt"
 	"net"
+	"path/filepath"
 	"strconv"
+	"strings"
 
+	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
 	"golang.org/x/mod/semver"
 	corev1 "k8s.io/api/core/v1"
@@ -28,11 +31,13 @@ import (
 	"k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 
+	"antrea.io/antrea/pkg/antctl/raw/check"
 	"antrea.io/antrea/pkg/antctl/runtime"
 	"antrea.io/antrea/pkg/apis"
 	"antrea.io/antrea/pkg/apis/crd/v1beta1"
 	antrea "antrea.io/antrea/pkg/client/clientset/versioned"
 	antreascheme "antrea.io/antrea/pkg/client/clientset/versioned/scheme"
+	"antrea.io/antrea/pkg/util/compress"
 	"antrea.io/antrea/pkg/util/ip"
 	"antrea.io/antrea/pkg/util/k8s"
 )
@@ -220,3 +225,26 @@ func CreateControllerClientCfg(
 	cfg.Host = fmt.Sprintf("https://%s", net.JoinHostPort(nodeIP, fmt.Sprint(controllerInfo.APIPort)))
 	return cfg, nil
 }
+
+type PodFileCopy interface {
+	CopyFromPod(ctx context.Context, fs afero.Fs, namespace, name, containerName, srcPath, dstDir string) error
+}
+
+type PodFile struct {
+	RestConfig *rest.Config
+	Client     kubernetes.Interface
+}
+
+func (p *PodFile) CopyFromPod(ctx context.Context, fs afero.Fs, namespace, name, containerName, srcPath, dstDir string) error {
+	dir, fileName := filepath.Split(srcPath)
+	cmd := fmt.Sprintf("cd %s; tar cf - %s", dir, fileName)
+	if dir == "" {
+		cmd = fmt.Sprintf("tar cf - %s", fileName)
+	}
+	cmdArr := []string{"/bin/sh", "-c", cmd}
+	output, _, err := check.ExecInPod(ctx, p.Client, p.RestConfig, namespace, name, containerName, cmdArr)
+	if err != nil {
+		return err
+	}
+	return compress.UnpackReader(fs, strings.NewReader(output), false, dstDir)
+}