diff --git a/apis/flowcollector/v1beta1/flowcollector_types.go b/apis/flowcollector/v1beta1/flowcollector_types.go
index 12624823e..08ef5b4a6 100644
--- a/apis/flowcollector/v1beta1/flowcollector_types.go
+++ b/apis/flowcollector/v1beta1/flowcollector_types.go
@@ -155,7 +155,8 @@ type FlowCollectorIPFIX struct {
// - `PacketTranslation`, to enrich flows with packets translation information.
// - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
// - `UDNMapping`, to enable interfaces mapping to udn [Developer Preview].
-// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager";"UDNMapping"
+// - `IPSec`, to track flows with IPsec encryption.
+// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager";"UDNMapping";"IPSec"
type AgentFeature string
const (
@@ -166,6 +167,7 @@ const (
PacketTranslation AgentFeature = "PacketTranslation"
EbpfManager AgentFeature = "EbpfManager"
UDNMapping AgentFeature = "UDNMapping"
+ IPSec AgentFeature = "IPSec"
)
// Name of an eBPF agent alert.
@@ -367,6 +369,7 @@ type FlowCollectorEBPF struct {
// - `PacketTranslation`: enable enriching flows with packet's translation information.
// - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
// - `UDNMapping`, to enable interfaces mapping to udn.
+ // - `IPSec`, to track flows with IPsec encryption.
// +optional
Features []AgentFeature `json:"features,omitempty"`
diff --git a/apis/flowcollector/v1beta2/flowcollector_types.go b/apis/flowcollector/v1beta2/flowcollector_types.go
index a0ee94773..5f260a435 100644
--- a/apis/flowcollector/v1beta2/flowcollector_types.go
+++ b/apis/flowcollector/v1beta2/flowcollector_types.go
@@ -178,7 +178,8 @@ type FlowCollectorIPFIX struct {
// - `PacketTranslation`, to enrich flows with packets translation information, such as Service NAT.
// - `EbpfManager`, to enable using eBPF Manager to manage NetObserv eBPF programs. [Unsupported (*)].
// - `UDNMapping`, to enable interfaces mapping to UDN. [Unsupported (*)].
-// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager";"UDNMapping"
+// - `IPSec`, to track flows with IPsec encryption.
+// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager";"UDNMapping";"IPSec"
type AgentFeature string
const (
@@ -189,6 +190,7 @@ const (
PacketTranslation AgentFeature = "PacketTranslation"
EbpfManager AgentFeature = "EbpfManager"
UDNMapping AgentFeature = "UDNMapping"
+ IPSec AgentFeature = "IPSec"
)
// Name of an eBPF agent alert.
@@ -395,6 +397,7 @@ type FlowCollectorEBPF struct {
// - `UDNMapping`: [Unsupported (*)]. Enable interfaces mapping to User Defined Networks (UDN).
// This feature requires mounting the kernel debug filesystem, so the eBPF agent pods must run as privileged.
// It requires using the OVN-Kubernetes network plugin with the Observability feature.
+ // - `IPSec`, to track flows with IPsec encryption.
// +optional
Features []AgentFeature `json:"features,omitempty"`
diff --git a/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go b/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go
index 81b343038..8bf8e9320 100644
--- a/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go
+++ b/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go
@@ -111,7 +111,7 @@ func (r *FlowCollector) validateAgent(_ context.Context, fc *FlowCollectorSpec)
warnings = append(warnings, fmt.Sprintf("The PacketDrop feature requires OpenShift 4.14 or above (version detected: %s)", CurrentClusterInfo.GetOpenShiftVersion()))
}
}
- if !fc.Agent.EBPF.Privileged {
+ if !fc.Agent.EBPF.Privileged && !slices.Contains(fc.Agent.EBPF.Features, EbpfManager) {
warnings = append(warnings, "The PacketDrop feature requires eBPF Agent to run in privileged mode")
}
}
diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
index d872ce874..9048da886 100644
--- a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
+++ b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml
@@ -138,6 +138,7 @@ spec:
- `PacketTranslation`: enable enriching flows with packet's translation information.
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
- `UDNMapping`, to enable interfaces mapping to udn.
+ - `IPSec`, to track flows with IPsec encryption.
items:
description: |-
Agent feature, can be one of:
@@ -148,6 +149,7 @@ spec:
- `PacketTranslation`, to enrich flows with packets translation information.
- `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
- `UDNMapping`, to enable interfaces mapping to udn [Developer Preview].
+ - `IPSec`, to track flows with IPsec encryption.
enum:
- PacketDrop
- DNSTracking
@@ -156,6 +158,7 @@ spec:
- PacketTranslation
- EbpfManager
- UDNMapping
+ - IPSec
type: string
type: array
flowFilter:
@@ -3966,6 +3969,7 @@ spec:
- `UDNMapping`: [Unsupported (*)]. Enable interfaces mapping to User Defined Networks (UDN).
This feature requires mounting the kernel debug filesystem, so the eBPF agent pods must run as privileged.
It requires using the OVN-Kubernetes network plugin with the Observability feature.
+ - `IPSec`, to track flows with IPsec encryption.
items:
description: |-
Agent feature, can be one of:
@@ -3976,6 +3980,7 @@ spec:
- `PacketTranslation`, to enrich flows with packets translation information, such as Service NAT.
- `EbpfManager`, to enable using eBPF Manager to manage NetObserv eBPF programs. [Unsupported (*)].
- `UDNMapping`, to enable interfaces mapping to UDN. [Unsupported (*)].
+ - `IPSec`, to track flows with IPsec encryption.
enum:
- PacketDrop
- DNSTracking
@@ -3984,6 +3989,7 @@ spec:
- PacketTranslation
- EbpfManager
- UDNMapping
+ - IPSec
type: string
type: array
flowFilter:
diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
index a1b8a5d43..d1b05fead 100644
--- a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
+++ b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml
@@ -123,6 +123,7 @@ spec:
- `PacketTranslation`: enable enriching flows with packet's translation information.
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
- `UDNMapping`, to enable interfaces mapping to udn.
+ - `IPSec`, to track flows with IPsec encryption.
items:
description: |-
Agent feature, can be one of:
@@ -133,6 +134,7 @@ spec:
- `PacketTranslation`, to enrich flows with packets translation information.
- `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
- `UDNMapping`, to enable interfaces mapping to udn [Developer Preview].
+ - `IPSec`, to track flows with IPsec encryption.
enum:
- PacketDrop
- DNSTracking
@@ -141,6 +143,7 @@ spec:
- PacketTranslation
- EbpfManager
- UDNMapping
+ - IPSec
type: string
type: array
flowFilter:
@@ -3649,6 +3652,7 @@ spec:
- `UDNMapping`: [Unsupported (*)]. Enable interfaces mapping to User Defined Networks (UDN).
This feature requires mounting the kernel debug filesystem, so the eBPF agent pods must run as privileged.
It requires using the OVN-Kubernetes network plugin with the Observability feature.
+ - `IPSec`, to track flows with IPsec encryption.
items:
description: |-
Agent feature, can be one of:
@@ -3659,6 +3663,7 @@ spec:
- `PacketTranslation`, to enrich flows with packets translation information, such as Service NAT.
- `EbpfManager`, to enable using eBPF Manager to manage NetObserv eBPF programs. [Unsupported (*)].
- `UDNMapping`, to enable interfaces mapping to UDN. [Unsupported (*)].
+ - `IPSec`, to track flows with IPsec encryption.
enum:
- PacketDrop
- DNSTracking
@@ -3667,6 +3672,7 @@ spec:
- PacketTranslation
- EbpfManager
- UDNMapping
+ - IPSec
type: string
type: array
flowFilter:
diff --git a/config/samples/flows_v1beta2_flowcollector.yaml b/config/samples/flows_v1beta2_flowcollector.yaml
index eefa02aa4..a6882664f 100644
--- a/config/samples/flows_v1beta2_flowcollector.yaml
+++ b/config/samples/flows_v1beta2_flowcollector.yaml
@@ -26,6 +26,7 @@ spec:
# - "PacketTranslation"
# - "EbpfManager"
# - "UDNMapping"
+ # - "IPSec"
interfaces: []
excludeInterfaces: ["lo"]
kafkaBatchSize: 1048576
diff --git a/controllers/consoleplugin/config/static-frontend-config.yaml b/controllers/consoleplugin/config/static-frontend-config.yaml
index 7bd8064b3..ec7869de2 100644
--- a/controllers/consoleplugin/config/static-frontend-config.yaml
+++ b/controllers/consoleplugin/config/static-frontend-config.yaml
@@ -657,6 +657,20 @@ columns:
default: false
width: 15
feature: packetTranslation
+ - id: IPSec
+ name: Is IPSec operation successful?
+ field: IPSecSuccess
+ filter: ipsec_success
+ default: true
+ width: 10
+ feature: ipsec
+ - id: IPSecCode
+ name: IPSec Return Code
+ field: IPSecRetCode
+ filter: ipsec_retcode
+ default: true
+ width: 10
+ feature: ipsec
filters:
- id: cluster_name
name: Cluster
@@ -1057,6 +1071,12 @@ filters:
component: autocomplete
category: destination
hint: Specify a single port number or name.
+ - id: ipsec_success
+ name: IPSec processing succeeded ?
+ component: number
+ - id: ipsec_retcode
+ name: IPSec processing return code
+ component: number
scopes:
- id: cluster
name: Cluster
@@ -1415,6 +1435,12 @@ fields:
- name: K8S_ClusterName
type: string
description: Cluster name or identifier
+ - name: IPSecRetCode
+ type: number
+ description: IPSec operation return code
+ - name: IPSecSuccess
+ type: boolean
+ description: IPSec processing succeeded
- name: _RecordType
type: string
description: "Type of record: `flowLog` for regular flow logs, or `newConnection`, `heartbeat`, `endConnection` for conversation tracking"
diff --git a/controllers/consoleplugin/consoleplugin_objects.go b/controllers/consoleplugin/consoleplugin_objects.go
index 53afe3424..b58c8cafb 100644
--- a/controllers/consoleplugin/consoleplugin_objects.go
+++ b/controllers/consoleplugin/consoleplugin_objects.go
@@ -465,6 +465,10 @@ func (b *builder) setFrontendConfig(fconf *cfg.FrontendConfig) error {
fconf.Features = append(fconf.Features, "udnMapping")
}
+ if helper.IsIPSecEnabled(&b.desired.Agent.EBPF) {
+ fconf.Features = append(fconf.Features, "ipsec")
+ }
+
if b.desired.Agent.EBPF.Advanced != nil {
if v, ok := b.desired.Agent.EBPF.Advanced.Env[ebpf.EnvDedupeJustMark]; ok {
dedupJustMark, err = strconv.ParseBool(v)
diff --git a/controllers/ebpf/agent_controller.go b/controllers/ebpf/agent_controller.go
index f946a2b69..7178a4de1 100644
--- a/controllers/ebpf/agent_controller.go
+++ b/controllers/ebpf/agent_controller.go
@@ -70,6 +70,7 @@ const (
envEnablePacketTranslation = "ENABLE_PKT_TRANSLATION"
envEnableEbpfMgr = "EBPF_PROGRAM_MANAGER_MODE"
envEnableUDNMapping = "ENABLE_UDN_MAPPING"
+ envEnableIPsec = "ENABLE_IPSEC_TRACKING"
envListSeparator = ","
)
@@ -296,8 +297,8 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol
}
volumeMounts = append(volumeMounts, volumeMount)
}
-
- if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.PacketDrop) {
+ // EBPF Manager takes care of mounting the kernel debug volume.
+ if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.PacketDrop) && !helper.IsEbpfManagerEnabled(&coll.Spec.Agent.EBPF) {
if !coll.Spec.Agent.EBPF.Privileged {
rlog.Error(fmt.Errorf("invalid configuration"), "To use PacketsDrop feature privileged mode needs to be enabled")
} else {
@@ -370,7 +371,8 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol
Driver: "csi.bpfman.io",
VolumeAttributes: map[string]string{
"csi.bpfman.io/program": "netobserv",
- "csi.bpfman.io/maps": "aggregated_flows,additional_flow_metrics,direct_flows,dns_flows,filter_map,peer_filter_map,global_counters,packet_record",
+ "csi.bpfman.io/maps": "aggregated_flows,additional_flow_metrics,direct_flows," +
+ "dns_flows,filter_map,peer_filter_map,global_counters,packet_record,ipsec_ingress_map,ipsec_egress_map",
},
},
},
@@ -752,6 +754,13 @@ func (c *AgentController) setEnvConfig(coll *flowslatest.FlowCollector) []corev1
})
}
+ if helper.IsIPSecEnabled(&coll.Spec.Agent.EBPF) {
+ config = append(config, corev1.EnvVar{
+ Name: envEnableIPsec,
+ Value: "true",
+ })
+ }
+
if helper.IsEBPFMetricsEnabled(&coll.Spec.Agent.EBPF) {
config = append(config, corev1.EnvVar{
Name: envEnableMetrics,
diff --git a/controllers/ebpf/bpfmanager-controller.go b/controllers/ebpf/bpfmanager-controller.go
index 6275b92d4..88060fa0f 100644
--- a/controllers/ebpf/bpfmanager-controller.go
+++ b/controllers/ebpf/bpfmanager-controller.go
@@ -87,7 +87,7 @@ func (c *AgentController) bpfmanAttachNetobserv(ctx context.Context, fc *flowsla
func prepareBpfApplication(bpfApp *bpfmaniov1alpha1.ClusterBpfApplication, fc *flowslatest.FlowCollector, netobservBCImage string) {
samplingValue := make([]byte, 4)
dnsPortValue := make([]byte, 2)
- var enableDNSValue, enableRTTValue, enableFLowFilterValue, enableNetworkEvents, traceValue, networkEventsGroupIDValue, enablePktTranslation []byte
+ var enableDNSValue, enableRTTValue, enableFLowFilterValue, enableNetworkEvents, traceValue, networkEventsGroupIDValue, enablePktTranslation, enableIPSecValue []byte
binary.NativeEndian.PutUint32(samplingValue, uint32(*fc.Spec.Agent.EBPF.Sampling))
@@ -115,6 +115,10 @@ func prepareBpfApplication(bpfApp *bpfmaniov1alpha1.ClusterBpfApplication, fc *f
enablePktTranslation = append(enablePktTranslation, uint8(1))
}
+ if helper.IsIPSecEnabled(&fc.Spec.Agent.EBPF) {
+ enableIPSecValue = append(enableIPSecValue, uint8(1))
+ }
+
bpfApp.Labels = map[string]string{
"app": netobservApp,
}
@@ -145,6 +149,7 @@ func prepareBpfApplication(bpfApp *bpfmaniov1alpha1.ClusterBpfApplication, fc *f
"enable_network_events_monitoring": enableNetworkEvents,
"network_events_monitoring_groupid": networkEventsGroupIDValue,
"enable_pkt_translation_tracking": enablePktTranslation,
+ "enable_ipsec": enableIPSecValue,
}
bpfApp.Spec.BpfAppCommon.ByteCode = bpfmaniov1alpha1.ByteCodeSelector{
@@ -252,6 +257,61 @@ func prepareBpfApplication(bpfApp *bpfmaniov1alpha1.ClusterBpfApplication, fc *f
},
}...)
}
+
+ if helper.IsIPSecEnabled(&fc.Spec.Agent.EBPF) {
+ bpfApp.Spec.Programs = append(bpfApp.Spec.Programs, []bpfmaniov1alpha1.ClBpfApplicationProgram{
+ {
+ Name: "xfrm_input_kprobe",
+ Type: bpfmaniov1alpha1.ProgTypeKprobe,
+ KProbe: &bpfmaniov1alpha1.ClKprobeProgramInfo{
+ Links: []bpfmaniov1alpha1.ClKprobeAttachInfo{
+ {
+ Function: "xfrm_input",
+ },
+ },
+ },
+ },
+ }...)
+ bpfApp.Spec.Programs = append(bpfApp.Spec.Programs, []bpfmaniov1alpha1.ClBpfApplicationProgram{
+ {
+ Name: "xfrm_input_kretprobe",
+ Type: bpfmaniov1alpha1.ProgTypeKretprobe,
+ KRetProbe: &bpfmaniov1alpha1.ClKretprobeProgramInfo{
+ Links: []bpfmaniov1alpha1.ClKretprobeAttachInfo{
+ {
+ Function: "xfrm_input",
+ },
+ },
+ },
+ },
+ }...)
+ bpfApp.Spec.Programs = append(bpfApp.Spec.Programs, []bpfmaniov1alpha1.ClBpfApplicationProgram{
+ {
+ Name: "xfrm_output_kprobe",
+ Type: bpfmaniov1alpha1.ProgTypeKprobe,
+ KProbe: &bpfmaniov1alpha1.ClKprobeProgramInfo{
+ Links: []bpfmaniov1alpha1.ClKprobeAttachInfo{
+ {
+ Function: "xfrm_output",
+ },
+ },
+ },
+ },
+ }...)
+ bpfApp.Spec.Programs = append(bpfApp.Spec.Programs, []bpfmaniov1alpha1.ClBpfApplicationProgram{
+ {
+ Name: "xfrm_output_kretprobe",
+ Type: bpfmaniov1alpha1.ProgTypeKretprobe,
+ KRetProbe: &bpfmaniov1alpha1.ClKretprobeProgramInfo{
+ Links: []bpfmaniov1alpha1.ClKretprobeAttachInfo{
+ {
+ Function: "xfrm_output",
+ },
+ },
+ },
+ },
+ }...)
+ }
}
func (c *AgentController) deleteBpfApplication(ctx context.Context, bpfApp *bpfmaniov1alpha1.ClusterBpfApplication) error {
diff --git a/docs/FlowCollector.md b/docs/FlowCollector.md
index e413c0e83..aca191fa9 100644
--- a/docs/FlowCollector.md
+++ b/docs/FlowCollector.md
@@ -294,7 +294,8 @@ If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.<
the kernel debug filesystem, so the eBPF pod has to run as privileged.
- `PacketTranslation`: enable enriching flows with packet's translation information.
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
-- `UDNMapping`, to enable interfaces mapping to udn.
+- `UDNMapping`, to enable interfaces mapping to udn.
+- `IPSec`, to track flows with IPsec encryption.
false |
@@ -6286,7 +6287,8 @@ IMPORTANT: This feature is available as a Technology Preview.
- `EbpfManager`: [Unsupported (*)]. Use eBPF Manager to manage NetObserv eBPF programs. Pre-requisite: the eBPF Manager operator (or upstream bpfman operator) must be installed.
- `UDNMapping`: [Unsupported (*)]. Enable interfaces mapping to User Defined Networks (UDN).
This feature requires mounting the kernel debug filesystem, so the eBPF agent pods must run as privileged.
-It requires using the OVN-Kubernetes network plugin with the Observability feature.
+It requires using the OVN-Kubernetes network plugin with the Observability feature.
+- `IPSec`, to track flows with IPsec encryption.
false |
diff --git a/helm/templates/flows.netobserv.io_flowcollectors.yaml b/helm/templates/flows.netobserv.io_flowcollectors.yaml
index 781150e64..d7a5959e9 100644
--- a/helm/templates/flows.netobserv.io_flowcollectors.yaml
+++ b/helm/templates/flows.netobserv.io_flowcollectors.yaml
@@ -137,6 +137,7 @@ spec:
- `PacketTranslation`: enable enriching flows with packet's translation information.
- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
- `UDNMapping`, to enable interfaces mapping to udn.
+ - `IPSec`, to track flows with IPsec encryption.
items:
description: |-
Agent feature, can be one of:
@@ -147,6 +148,7 @@ spec:
- `PacketTranslation`, to enrich flows with packets translation information.
- `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
- `UDNMapping`, to enable interfaces mapping to udn [Developer Preview].
+ - `IPSec`, to track flows with IPsec encryption.
enum:
- PacketDrop
- DNSTracking
@@ -155,6 +157,7 @@ spec:
- PacketTranslation
- EbpfManager
- UDNMapping
+ - IPSec
type: string
type: array
flowFilter:
@@ -3663,6 +3666,7 @@ spec:
- `UDNMapping`: [Unsupported (*)]. Enable interfaces mapping to User Defined Networks (UDN).
This feature requires mounting the kernel debug filesystem, so the eBPF agent pods must run as privileged.
It requires using the OVN-Kubernetes network plugin with the Observability feature.
+ - `IPSec`, to track flows with IPsec encryption.
items:
description: |-
Agent feature, can be one of:
@@ -3673,6 +3677,7 @@ spec:
- `PacketTranslation`, to enrich flows with packets translation information, such as Service NAT.
- `EbpfManager`, to enable using eBPF Manager to manage NetObserv eBPF programs. [Unsupported (*)].
- `UDNMapping`, to enable interfaces mapping to UDN. [Unsupported (*)].
+ - `IPSec`, to track flows with IPsec encryption.
enum:
- PacketDrop
- DNSTracking
@@ -3681,6 +3686,7 @@ spec:
- PacketTranslation
- EbpfManager
- UDNMapping
+ - IPSec
type: string
type: array
flowFilter:
diff --git a/pkg/helper/flowcollector.go b/pkg/helper/flowcollector.go
index 32d76ebf4..177204fc7 100644
--- a/pkg/helper/flowcollector.go
+++ b/pkg/helper/flowcollector.go
@@ -109,7 +109,7 @@ func IsPrivileged(spec *flowslatest.FlowCollectorEBPF) bool {
}
func IsPktDropEnabled(spec *flowslatest.FlowCollectorEBPF) bool {
- if IsPrivileged(spec) && IsAgentFeatureEnabled(spec, flowslatest.PacketDrop) {
+ if (IsPrivileged(spec) || IsEbpfManagerEnabled(spec)) && IsAgentFeatureEnabled(spec, flowslatest.PacketDrop) {
return true
}
return false
@@ -138,6 +138,10 @@ func IsUDNMappingEnabled(spec *flowslatest.FlowCollectorEBPF) bool {
return IsAgentFeatureEnabled(spec, flowslatest.UDNMapping)
}
+func IsIPSecEnabled(spec *flowslatest.FlowCollectorEBPF) bool {
+ return IsAgentFeatureEnabled(spec, flowslatest.IPSec)
+}
+
func IsConntrack(spec *flowslatest.FlowCollectorFLP) bool {
return spec != nil && spec.LogTypes != nil && *spec.LogTypes != flowslatest.LogTypeFlows
}