diff --git a/apis/flowcollector/v1beta1/flowcollector_types.go b/apis/flowcollector/v1beta1/flowcollector_types.go
index 7ddfd5c7b..7b4b09680 100644
--- a/apis/flowcollector/v1beta1/flowcollector_types.go
+++ b/apis/flowcollector/v1beta1/flowcollector_types.go
@@ -244,6 +244,10 @@ type EBPFFlowFilterRule struct {
// +optional
PeerIP string `json:"peerIP,omitempty"`
+ // `peerCIDR` defines the Peer IP CIDR to filter flows by.
+ // Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ PeerCIDR string `json:"peerCIDR,omitempty"`
+
// `icmpCode`, for Internet Control Message Protocol (ICMP) traffic, optionally defines the ICMP code to filter flows by.
// +optional
ICMPCode *int `json:"icmpCode,omitempty"`
diff --git a/apis/flowcollector/v1beta1/zz_generated.conversion.go b/apis/flowcollector/v1beta1/zz_generated.conversion.go
index 784d3a19e..96f30bc6b 100644
--- a/apis/flowcollector/v1beta1/zz_generated.conversion.go
+++ b/apis/flowcollector/v1beta1/zz_generated.conversion.go
@@ -563,6 +563,7 @@ func autoConvert_v1beta1_EBPFFlowFilterRule_To_v1beta2_EBPFFlowFilterRule(in *EB
out.DestPorts = in.DestPorts
out.Ports = in.Ports
out.PeerIP = in.PeerIP
+ out.PeerCIDR = in.PeerCIDR
out.ICMPCode = (*int)(unsafe.Pointer(in.ICMPCode))
out.ICMPType = (*int)(unsafe.Pointer(in.ICMPType))
out.PktDrops = (*bool)(unsafe.Pointer(in.PktDrops))
@@ -585,6 +586,7 @@ func autoConvert_v1beta2_EBPFFlowFilterRule_To_v1beta1_EBPFFlowFilterRule(in *v1
out.DestPorts = in.DestPorts
out.Ports = in.Ports
out.PeerIP = in.PeerIP
+ out.PeerCIDR = in.PeerCIDR
out.ICMPCode = (*int)(unsafe.Pointer(in.ICMPCode))
out.ICMPType = (*int)(unsafe.Pointer(in.ICMPType))
out.PktDrops = (*bool)(unsafe.Pointer(in.PktDrops))
diff --git a/apis/flowcollector/v1beta2/flowcollector_types.go b/apis/flowcollector/v1beta2/flowcollector_types.go
index 02057da06..d95f54cbe 100644
--- a/apis/flowcollector/v1beta2/flowcollector_types.go
+++ b/apis/flowcollector/v1beta2/flowcollector_types.go
@@ -267,6 +267,10 @@ type EBPFFlowFilterRule struct {
// +optional
PeerIP string `json:"peerIP,omitempty"`
+ // `peerCIDR` defines the Peer IP CIDR to filter flows by.
+ // Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ PeerCIDR string `json:"peerCIDR,omitempty"`
+
// `icmpCode`, for Internet Control Message Protocol (ICMP) traffic, optionally defines the ICMP code to filter flows by.
// +optional
ICMPCode *int `json:"icmpCode,omitempty"`
diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
index 7f6791517..c3d153394 100644
--- a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
+++ b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
@@ -203,6 +203,11 @@ spec:
description: '`icmpType`, for ICMP traffic, optionally
defines the ICMP type to filter flows by.'
type: integer
+ peerCIDR:
+ description: |-
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+ Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
@@ -282,6 +287,11 @@ spec:
description: '`icmpType`, for ICMP traffic, optionally
defines the ICMP type to filter flows by.'
type: integer
+ peerCIDR:
+ description: |-
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+ Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
@@ -4015,6 +4025,11 @@ spec:
description: '`icmpType`, for ICMP traffic, optionally
defines the ICMP type to filter flows by.'
type: integer
+ peerCIDR:
+ description: |-
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+ Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
@@ -4094,6 +4109,11 @@ spec:
description: '`icmpType`, for ICMP traffic, optionally
defines the ICMP type to filter flows by.'
type: integer
+ peerCIDR:
+ description: |-
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+ Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
index 6e348b6f8..30c09e2e6 100644
--- a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
+++ b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
@@ -179,6 +179,11 @@ spec:
icmpType:
description: '`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.'
type: integer
+ peerCIDR:
+ description: |-
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+ Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
@@ -244,6 +249,11 @@ spec:
icmpType:
description: '`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.'
type: integer
+ peerCIDR:
+ description: |-
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+ Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
@@ -3688,6 +3698,11 @@ spec:
icmpType:
description: '`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.'
type: integer
+ peerCIDR:
+ description: |-
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+ Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
@@ -3753,6 +3768,11 @@ spec:
icmpType:
description: '`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.'
type: integer
+ peerCIDR:
+ description: |-
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+ Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ type: string
peerIP:
description: |-
`peerIP` optionally defines the remote IP address to filter flows by.
diff --git a/config/samples/flows_v1beta2_flowcollector.yaml b/config/samples/flows_v1beta2_flowcollector.yaml
index 31df2805f..891864f04 100644
--- a/config/samples/flows_v1beta2_flowcollector.yaml
+++ b/config/samples/flows_v1beta2_flowcollector.yaml
@@ -32,6 +32,7 @@ spec:
# rules:
# - action: Accept
# cidr: 10.128.0.1/24
+ # peerCIDR: 0.0.0.0/0
# ports: 6443
# protocol: TCP
# sampling: 10
diff --git a/controllers/ebpf/agent_controller.go b/controllers/ebpf/agent_controller.go
index b52ec2af4..372bbb09b 100644
--- a/controllers/ebpf/agent_controller.go
+++ b/controllers/ebpf/agent_controller.go
@@ -538,6 +538,9 @@ func mapFlowFilterRuleToFilter(rule *flowslatest.EBPFFlowFilterRule) ebpfconfig.
if rule.PeerIP != "" {
f.FilterPeerIP = rule.PeerIP
}
+ if rule.PeerCIDR != "" {
+ f.FilterPeerCIDR = rule.PeerCIDR
+ }
if rule.TCPFlags != "" {
f.FilterTCPFlags = rule.TCPFlags
}
@@ -573,6 +576,9 @@ func mapFlowFilterToFilter(filter *flowslatest.EBPFFlowFilter) ebpfconfig.FlowFi
if filter.PeerIP != "" {
f.FilterPeerIP = filter.PeerIP
}
+ if filter.PeerCIDR != "" {
+ f.FilterPeerCIDR = filter.PeerCIDR
+ }
if filter.TCPFlags != "" {
f.FilterTCPFlags = filter.TCPFlags
}
diff --git a/docs/FlowCollector.md b/docs/FlowCollector.md
index 99f6db0f9..230f4d316 100644
--- a/docs/FlowCollector.md
+++ b/docs/FlowCollector.md
@@ -490,6 +490,14 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.
false |
+
+ | peerCIDR |
+ string |
+
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ |
+ false |
| peerIP |
string |
@@ -630,6 +638,14 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.
false |
+
+ | peerCIDR |
+ string |
+
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ |
+ false |
| peerIP |
string |
@@ -8216,6 +8232,14 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.
false |
+
+ | peerCIDR |
+ string |
+
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ |
+ false |
| peerIP |
string |
@@ -8356,6 +8380,14 @@ To filter two ports, use a "port1,port2" in string format. For example, `ports:
`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by.
false |
+
+ | peerCIDR |
+ string |
+
+ `peerCIDR` defines the Peer IP CIDR to filter flows by.
+Examples: `10.10.10.0/24` or `100:100:100:100::/64`
+ |
+ false |
| peerIP |
string |