Skip to content

[Enhancement]: Add advanced ip filtering in connection tracker (conntracker) component #105

New issue
New issue
Open
Bug
0 of 1 issue completed
Open
[Enhancement]: Add advanced ip filtering in connection tracker (conntracker) component#105
Bug
0 of 1 issue completed
Assignees
LorenzoTettamanti
Labels
bugSomething isn't workingebpfeBPF related tasksenhancementNew feature or requestrustPull requests that update Rust code
Milestone
CortexBrain core v 0.1.0
@LorenzoTettamanti

Description

@LorenzoTettamanti
LorenzoTettamanti
opened on Jun 17, 2025

Is your feature request related to a problem?

  • Yes

    Problem Description:

    When a BPF program is attached to multiple Ethernet interfaces, the system cannot filter events, such as kube-system events, dashboard events, and cert-manager events. As the primary aim in this stage is to capture only internal pod to pod connections, this results in a large number of unwanted captured events. The simple solution will be to filter the source IP of the unwanted service, but this is not possible because in Kubernetes, the cluster IP can change, and naturally, it does every time a pod is restarted. Attached there's a demonstration of this IP change after a restart:

Image

Image

Image

Solution:

The ideal solution uses a low-level structure from the Linux kernel if possible. Using low-level structures or equivalent Rust crates will be great to avoid a lot of overhead. Also, a solution using the container runtime interface (CRI) needs to be investigated.

Additional info

I'm using minikube to host a local single-node Kubernetes cluster

Sub-issues

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingebpfeBPF related tasksenhancementNew feature or requestrustPull requests that update Rust code

Type

Bug

Projects

CortexFlow v0.1

Status

In Progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions