feat(plugins): add experimental pktmon plugin for Windows (#235)

# Description

This is the first of many commits to add Windows flow support via pktmon
in the form of a Retina plugin.

## Related Issue

If this pull request is related to any issue, please mention it here.
Additionally, make sure that the issue is assigned to you before
submitting this pull request.

## Checklist

- [x] I have read the [contributing
documentation](https://retina.sh/docs/contributing).
- [x] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [x] I have correctly attributed the author(s) of the code.
- [x] I have tested the changes locally.
- [x] I have followed the project's style guidelines.
- [ ] I have updated the documentation, if necessary.
- [ ] I have added tests, if applicable.

## Screenshots (if applicable) or Testing Completed

Please add any relevant screenshots or GIFs to showcase the changes
made.

## Additional Notes

Add any additional notes or context about the pull request here.

This is an experimental build, and in the current form remains half
present. Omitting Windows cgo for the time being.

---

Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more
information on how to contribute to this project.

---------

Signed-off-by: Mathew Merrick <[email protected]>

Author: matmerr

.gitignore

@@ -37,3 +37,4 @@ dist/
 bin/
 
 image-metadata-*.json
+*packetmonitorsupport*/

.golangci.yaml

@@ -2,6 +2,18 @@ issues:
   max-same-issues: 0
   max-issues-per-linter: 0
   new-from-rev: origin/main
+  exclude-rules:
+    # some type names are caps/underscore to map OS primitive types
+    - path: pkg/metrics/types_windows.go
+      linters:
+        - revive
+        - gomnd
+        - var-naming
+    - path: pkg/metrics/types_linux.go
+      linters:
+        - revive
+        - gomnd
+        - var-naming
 linters:
   presets: 
   - bugs

.pipelines/cg-pipeline.yaml

@@ -189,7 +189,7 @@ stages:
               targetType: "inline"
               script: |
                 Import-Module -Name "$(Build.SourcesDirectory)\windows\docker\DockerBuildModule.psm1" -Force
-                Build-RetinaAgentImage -fullBuilderImageName $(WINDOWS_BUILDER_IMAGE) -registry $(BUILD_REGISTRY)
+                Build-RetinaAgentImage -fullBuilderImageName $(WINDOWS_BUILDER_IMAGE) -registry $(BUILD_REGISTRY) -appInsightsID $(PROD_AI)
                 Save-Image -imageName retina-agent -registry $(BUILD_REGISTRY)
 
           - task: PublishBuildArtifacts@1

Makefile

@@ -458,6 +458,7 @@ helm-install-advanced-local-context: manifests
 helm-install-hubble:
 	helm upgrade --install retina ./deploy/hubble/manifests/controller/helm/retina/ \
 		--namespace kube-system \
+		--set os.windows=true \
 		--set operator.enabled=true \
 		--set operator.repository=$(IMAGE_REGISTRY)/$(RETINA_OPERATOR_IMAGE) \
 		--set operator.tag=$(HELM_IMAGE_TAG) \
@@ -533,4 +534,3 @@ quick-deploy-hubble:
 .PHONY: simplify-dashboards
 simplify-dashboards:
 	cd deploy/legacy/grafana/dashboards && go test . -tags=dashboard,simplifydashboard -v && cd $(REPO_ROOT)
-

controller/Dockerfile.windows-2022

@@ -1,6 +1,4 @@
 FROM --platform=linux/amd64 mcr.microsoft.com/oss/go/microsoft/golang:1.21 as builder
-
-# Build args
 ARG VERSION
 ARG APP_INSIGHTS_ID
 
@@ -15,7 +13,7 @@ RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /usr/bin/co
 RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /usr/bin/captureworkload.exe ./captureworkload/
 
 # Copy into final image
-FROM  mcr.microsoft.com/windows/servercore:ltsc2022 as final
+FROM  --platform=windows/amd64 mcr.microsoft.com/windows/servercore:ltsc2022 as final
 COPY --from=builder /usr/src/retina/windows/kubeconfigtemplate.yaml kubeconfigtemplate.yaml
 COPY --from=builder /usr/src/retina/windows/setkubeconfigpath.ps1 setkubeconfigpath.ps1
 COPY --from=builder /usr/bin/controller.exe controller.exe

controller/Dockerfile.windows-native

@@ -2,34 +2,31 @@
 # It can't be placed in the other Windows Dockerfile, as those use
 # buildx targets, and this one requires legacy build.
 # Maybe one day: https://github.com/moby/buildkit/issues/616
-
 ARG BUILDER_IMAGE
-FROM --platform=windows/amd64 ${BUILDER_IMAGE} as builder
-# Build args
+FROM  --platform=windows/amd64 mcr.microsoft.com/oss/go/microsoft/golang:1.22-windowsservercore-ltsc2022 as builder
 WORKDIR C:\\retina
-RUN gcc.exe --version
-RUN go version
 COPY go.mod .
 COPY go.sum .
 ENV CGO_ENABLED=1
 RUN go mod download
 RUN go mod verify
 ADD . .
-RUN cp -r c:/pktmon/ pkg/plugin/windows/pktmon/packetmonitorsupport/
-RUN ls pkg/plugin/windows/pktmon/packetmonitorsupport/
 ARG VERSION
 ARG APP_INSIGHTS_ID
 SHELL ["cmd", "/S", "/C"]
 ENV VERSION=$VERSION
-ENV APP_INSIGHTS_ID=$APP_INSIGHTS_ID
 
+ENV APP_INSIGHTS_ID=$APP_INSIGHTS_ID
 RUN go build -v -o controller.exe -ldflags="-X main.version=%VERSION% -X main.applicationInsightsID=%APP_INSIGHTS_ID%" .\controller
 RUN go build -v -o captureworkload.exe -ldflags="-X main.version=%VERSION% -X main.applicationInsightsID=%APP_INSIGHTS_ID%" .\captureworkload
 
+FROM --platform=windows/amd64 ${BUILDER_IMAGE} as pktmon-builder
+WORKDIR C:\\retina
 
 FROM --platform=windows/amd64 mcr.microsoft.com/windows/nanoserver:ltsc2022 as final
 ADD https://github.com/microsoft/etl2pcapng/releases/download/v1.10.0/etl2pcapng.exe /etl2pcapng.exe
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'Continue';"]
 COPY --from=builder C:\\retina\\controller.exe controller.exe
+COPY --from=pktmon-builder C:\\pktmon\\controller-pktmon.exe controller-pktmon.exe
 COPY --from=builder C:\\retina\\captureworkload.exe captureworkload.exe
 CMD ["controller.exe"]

controller/Dockerfile.windows-native.dockerignore

@@ -1,2 +1,2 @@
-pkg/plugin/windows/pktmon/packetmonitorsupport/*
-*.tar
+pkg/plugin/windows/pktmon/packetmonitorsupport/*
+*.tar

pkg/metrics/types.go

@@ -109,3 +109,5 @@ func ToPrometheusType(metric interface{}) prometheus.Collector {
 		return nil
 	}
 }
+
+type DropReasonType uint32

pkg/metrics/types_linux.go

@@ -0,0 +1,61 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+package metrics
+
+import "github.com/cilium/cilium/api/v1/flow"
+
+// Alert: this ordering should match the drop_reason_t enum ordering
+// in dropreason.h of DropReason plugin
+const (
+	IPTABLE_RULE_DROP DropReasonType = iota
+	IPTABLE_NAT_DROP
+	TCP_CONNECT_BASIC
+	TCP_ACCEPT_BASIC
+	TCP_CLOSE_BASIC
+	CONNTRACK_ADD_DROP
+	UNKNOWN_DROP
+)
+
+func GetDropType(value uint32) DropReasonType {
+	switch value {
+	case 0:
+		return IPTABLE_RULE_DROP
+	case 1:
+		return IPTABLE_NAT_DROP
+	case 2:
+		return TCP_CONNECT_BASIC
+	case 3:
+		return TCP_ACCEPT_BASIC
+	case 4:
+		return TCP_CLOSE_BASIC
+	case 5:
+		return CONNTRACK_ADD_DROP
+	default:
+		return UNKNOWN_DROP
+	}
+}
+
+func GetDropTypeFlowDropReason(dr flow.DropReason) string {
+	return GetDropType(uint32(dr)).String()
+}
+
+func (d DropReasonType) String() string {
+	switch d {
+	case IPTABLE_RULE_DROP:
+		return "IPTABLE_RULE_DROP"
+	case IPTABLE_NAT_DROP:
+		return "IPTABLE_NAT_DROP"
+	case TCP_CONNECT_BASIC:
+		return "TCP_CONNECT_BASIC"
+	case TCP_ACCEPT_BASIC:
+		return "TCP_ACCEPT_BASIC"
+	case TCP_CLOSE_BASIC:
+		return "TCP_CLOSE_BASIC"
+	case CONNTRACK_ADD_DROP:
+		return "CONNTRACK_ADD_DROP"
+	case UNKNOWN_DROP:
+		return "UNKNOWN_DROP"
+	default:
+		return "UNKNOWN_DROP"
+	}
+}