feat(plugins): add experimental pktmon plugin for Windows

.gitignore

@@ -37,3 +37,4 @@ dist/
 bin/
 
 image-metadata-*.json
+*packetmonitorsupport*/

.golangci.yaml

@@ -2,6 +2,18 @@ issues:
   max-same-issues: 0
   max-issues-per-linter: 0
   new-from-rev: origin/main
+  exclude-rules:
+    # some type names are caps/underscore to map OS primitive types
+    - path: pkg/metrics/types_windows.go
+      linters:
+        - revive
+        - gomnd
+        - var-naming
+    - path: pkg/metrics/types_linux.go
+      linters:
+        - revive
+        - gomnd
+        - var-naming
 linters:
   presets: 
   - bugs

.pipelines/cg-pipeline.yaml

@@ -189,7 +189,7 @@ stages:
               targetType: "inline"
               script: |
                 Import-Module -Name "$(Build.SourcesDirectory)\windows\docker\DockerBuildModule.psm1" -Force
-                Build-RetinaAgentImage -fullBuilderImageName $(WINDOWS_BUILDER_IMAGE) -registry $(BUILD_REGISTRY)
+                Build-RetinaAgentImage -fullBuilderImageName $(WINDOWS_BUILDER_IMAGE) -registry $(BUILD_REGISTRY) -appInsightsID $(PROD_AI)
                 Save-Image -imageName retina-agent -registry $(BUILD_REGISTRY)
 
           - task: PublishBuildArtifacts@1

Makefile

@@ -458,6 +458,7 @@ helm-install-advanced-local-context: manifests
 helm-install-hubble:
 	helm upgrade --install retina ./deploy/hubble/manifests/controller/helm/retina/ \
 		--namespace kube-system \
+		--set os.windows=true \
 		--set operator.enabled=true \
 		--set operator.repository=$(IMAGE_REGISTRY)/$(RETINA_OPERATOR_IMAGE) \
 		--set operator.tag=$(HELM_IMAGE_TAG) \
@@ -533,4 +534,3 @@ quick-deploy-hubble:
 .PHONY: simplify-dashboards
 simplify-dashboards:
 	cd deploy/legacy/grafana/dashboards && go test . -tags=dashboard,simplifydashboard -v && cd $(REPO_ROOT)
-

controller/Dockerfile.windows-2022

@@ -1,6 +1,4 @@
 FROM --platform=linux/amd64 mcr.microsoft.com/oss/go/microsoft/golang:1.21 as builder
-
-# Build args
 ARG VERSION
 ARG APP_INSIGHTS_ID
 
@@ -15,7 +13,7 @@ RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /usr/bin/co
 RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /usr/bin/captureworkload.exe ./captureworkload/
 
 # Copy into final image
-FROM  mcr.microsoft.com/windows/servercore:ltsc2022 as final
+FROM  --platform=windows/amd64 mcr.microsoft.com/windows/servercore:ltsc2022 as final
 COPY --from=builder /usr/src/retina/windows/kubeconfigtemplate.yaml kubeconfigtemplate.yaml
 COPY --from=builder /usr/src/retina/windows/setkubeconfigpath.ps1 setkubeconfigpath.ps1
 COPY --from=builder /usr/bin/controller.exe controller.exe

controller/Dockerfile.windows-native

@@ -2,34 +2,31 @@
 # It can't be placed in the other Windows Dockerfile, as those use
 # buildx targets, and this one requires legacy build.
 # Maybe one day: https://github.com/moby/buildkit/issues/616
-
 ARG BUILDER_IMAGE
-FROM --platform=windows/amd64 ${BUILDER_IMAGE} as builder
-# Build args
+FROM  --platform=windows/amd64 mcr.microsoft.com/oss/go/microsoft/golang:1.22-windowsservercore-ltsc2022 as builder
 WORKDIR C:\\retina
-RUN gcc.exe --version
-RUN go version
 COPY go.mod .
 COPY go.sum .
 ENV CGO_ENABLED=1
 RUN go mod download
 RUN go mod verify
 ADD . .
-RUN cp -r c:/pktmon/ pkg/plugin/windows/pktmon/packetmonitorsupport/
-RUN ls pkg/plugin/windows/pktmon/packetmonitorsupport/
 ARG VERSION
 ARG APP_INSIGHTS_ID
 SHELL ["cmd", "/S", "/C"]
 ENV VERSION=$VERSION
-ENV APP_INSIGHTS_ID=$APP_INSIGHTS_ID
 
+ENV APP_INSIGHTS_ID=$APP_INSIGHTS_ID
 RUN go build -v -o controller.exe -ldflags="-X main.version=%VERSION% -X main.applicationInsightsID=%APP_INSIGHTS_ID%" .\controller
 RUN go build -v -o captureworkload.exe -ldflags="-X main.version=%VERSION% -X main.applicationInsightsID=%APP_INSIGHTS_ID%" .\captureworkload
 
+FROM --platform=windows/amd64 ${BUILDER_IMAGE} as pktmon-builder
+WORKDIR C:\\retina
 
 FROM --platform=windows/amd64 mcr.microsoft.com/windows/nanoserver:ltsc2022 as final
 ADD https://github.com/microsoft/etl2pcapng/releases/download/v1.10.0/etl2pcapng.exe /etl2pcapng.exe
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'Continue';"]
 COPY --from=builder C:\\retina\\controller.exe controller.exe
+COPY --from=pktmon-builder C:\\pktmon\\controller-pktmon.exe controller-pktmon.exe
 COPY --from=builder C:\\retina\\captureworkload.exe captureworkload.exe
 CMD ["controller.exe"]

controller/Dockerfile.windows-native.dockerignore

@@ -1,2 +1,2 @@
-pkg/plugin/windows/pktmon/packetmonitorsupport/*
-*.tar
+pkg/plugin/windows/pktmon/packetmonitorsupport/*
+*.tar

pkg/metrics/types.go

@@ -109,3 +109,5 @@ func ToPrometheusType(metric interface{}) prometheus.Collector {
 		return nil
 	}
 }
+
+type DropReasonType uint32

pkg/metrics/types_linux.go

@@ -0,0 +1,61 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+package metrics
+
+import "github.com/cilium/cilium/api/v1/flow"
+
+// Alert: this ordering should match the drop_reason_t enum ordering
+// in dropreason.h of DropReason plugin
+const (
+	IPTABLE_RULE_DROP DropReasonType = iota
+	IPTABLE_NAT_DROP
+	TCP_CONNECT_BASIC
+	TCP_ACCEPT_BASIC
+	TCP_CLOSE_BASIC
+	CONNTRACK_ADD_DROP
+	UNKNOWN_DROP
+)
+
+func GetDropType(value uint32) DropReasonType {
+	switch value {
+	case 0:
+		return IPTABLE_RULE_DROP
+	case 1:
+		return IPTABLE_NAT_DROP
+	case 2:
+		return TCP_CONNECT_BASIC
+	case 3:
+		return TCP_ACCEPT_BASIC
+	case 4:
+		return TCP_CLOSE_BASIC
+	case 5:
+		return CONNTRACK_ADD_DROP
+	default:
+		return UNKNOWN_DROP
+	}
+}
+
+func GetDropTypeFlowDropReason(dr flow.DropReason) string {
+	return GetDropType(uint32(dr)).String()
+}
+
+func (d DropReasonType) String() string {
+	switch d {
+	case IPTABLE_RULE_DROP:
+		return "IPTABLE_RULE_DROP"
+	case IPTABLE_NAT_DROP:
+		return "IPTABLE_NAT_DROP"
+	case TCP_CONNECT_BASIC:
+		return "TCP_CONNECT_BASIC"
+	case TCP_ACCEPT_BASIC:
+		return "TCP_ACCEPT_BASIC"
+	case TCP_CLOSE_BASIC:
+		return "TCP_CLOSE_BASIC"
+	case CONNTRACK_ADD_DROP:
+		return "CONNTRACK_ADD_DROP"
+	case UNKNOWN_DROP:
+		return "UNKNOWN_DROP"
+	default:
+		return "UNKNOWN_DROP"
+	}
+}