ovn-kubernetes · arkadeepsen · Jan 16, 2026 · Nov 28, 2025 · coderabbitai · Jan 8, 2026
diff --git a/cmd/ovnk-mcp-server/main.go b/cmd/ovnk-mcp-server/main.go
@@ -14,16 +14,19 @@ import (
 	kernelmcp "github.com/ovn-kubernetes/ovn-kubernetes-mcp/pkg/kernel/mcp"
 	kubernetesmcp "github.com/ovn-kubernetes/ovn-kubernetes-mcp/pkg/kubernetes/mcp"
 	mustgathermcp "github.com/ovn-kubernetes/ovn-kubernetes-mcp/pkg/must-gather/mcp"
+	nettoolsmcp "github.com/ovn-kubernetes/ovn-kubernetes-mcp/pkg/nettools/mcp"
 	ovnmcp "github.com/ovn-kubernetes/ovn-kubernetes-mcp/pkg/ovn/mcp"
 	ovsmcp "github.com/ovn-kubernetes/ovn-kubernetes-mcp/pkg/ovs/mcp"
 	sosreportmcp "github.com/ovn-kubernetes/ovn-kubernetes-mcp/pkg/sosreport/mcp"
 )
 
 type MCPServerConfig struct {
-	Mode       string
-	Transport  string
-	Port       string
-	Kubernetes kubernetesmcp.Config
+	Mode         string
+	Transport    string
+	Port         string
+	PwruImage    string
+	TcpdumpImage string
+	Kubernetes   kubernetesmcp.Config
 }
 
 // setupLiveCluster sets up the live cluster mode.
@@ -46,6 +49,10 @@ func setupLiveCluster(serverCfg *MCPServerConfig, server *mcp.Server) {
 	kernelMcpServer := kernelmcp.NewMCPServer(k8sMcpServer)
 	log.Println("Adding Kernel tools to OVN-K MCP server")
 	kernelMcpServer.AddTools(server)
+
+	netToolsServer := nettoolsmcp.NewMCPServer(k8sMcpServer, serverCfg.PwruImage, serverCfg.TcpdumpImage)
+	log.Println("Adding network tools to OVN-K MCP server")
+	netToolsServer.AddTools(server)
 }
 
 // setupOffline sets up the offline mode.
@@ -140,6 +147,8 @@ func parseFlags() *MCPServerConfig {
 	flag.StringVar(&cfg.Transport, "transport", "stdio", "Transport to use: stdio or http")
 	flag.StringVar(&cfg.Port, "port", "8080", "Port to use")
 	flag.StringVar(&cfg.Kubernetes.Kubeconfig, "kubeconfig", "", "Path to the kubeconfig file")
+	flag.StringVar(&cfg.PwruImage, "pwru-image", "docker.io/cilium/pwru:v1.0.10", "Container image for pwru operations")
+	flag.StringVar(&cfg.TcpdumpImage, "tcpdump-image", "nicolaka/netshoot:v0.13", "Container image for tcpdump operations")
 	flag.Parse()
 	return cfg
 }
diff --git a/pkg/kubernetes/client/nodes.go b/pkg/kubernetes/client/nodes.go
@@ -12,9 +12,9 @@ import (
 	"k8s.io/utils/ptr"
 )
 
-func (c *OVNKMCPServerClientSet) DebugNode(ctx context.Context, name, image string, command []string) (string, string, error) {
+func (c *OVNKMCPServerClientSet) DebugNode(ctx context.Context, name, image string, command []string, hostPath, mountPath string) (string, string, error) {
 	namespace := metav1.NamespaceDefault
-	debugPodName, cleanupPod, err := c.createPod(ctx, name, namespace, image)
+	debugPodName, cleanupPod, err := c.createPod(ctx, name, namespace, image, hostPath, mountPath)
 	if err != nil {
 		return "", "", err
 	}
@@ -32,10 +32,29 @@ func (c *OVNKMCPServerClientSet) DebugNode(ctx context.Context, name, image stri
 	return stdout, stderr, nil
 }
 
-func (c *OVNKMCPServerClientSet) createPod(ctx context.Context, node, namespace, image string) (string, func(), error) {
+func (c *OVNKMCPServerClientSet) createPod(ctx context.Context, node, namespace, image, hostPath, mountPath string) (string, func(), error) {
 	hostPathType := corev1.HostPathDirectory
 	sleepCommand := []string{"sleep", "infinity"}
 
+	if hostPath == "" {
+		hostPath = "/"
+	}
+
+	if mountPath == "" {
+		mountPath = "/host"
+	}
+
+	var envVars []corev1.EnvVar
+	if hostPath == "/" {
+		// to collect sos report requires this env var is set when hostPath is /
+		envVars = []corev1.EnvVar{
+			{
+				Name:  "HOST",
+				Value: mountPath,
+			},
+		}
+	}
+
 	// Create a host networked privileged debug pod.
 	debugPod := &corev1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
@@ -58,7 +77,7 @@ func (c *OVNKMCPServerClientSet) createPod(ctx context.Context, node, namespace,
 					Name: "host",
 					VolumeSource: corev1.VolumeSource{
 						HostPath: &corev1.HostPathVolumeSource{
-							Path: "/",
+							Path: hostPath,
 							Type: &hostPathType,
 						},
 					},
@@ -76,16 +95,10 @@ func (c *OVNKMCPServerClientSet) createPod(ctx context.Context, node, namespace,
 					VolumeMounts: []corev1.VolumeMount{
 						{
 							Name:      "host",
-							MountPath: "/host",
-						},
-					},
-					Env: []corev1.EnvVar{
-						{
-							// to collect more sos report requires this env var is set
-							Name:  "HOST",
-							Value: "/host",
+							MountPath: mountPath,
 						},
 					},
+					Env: envVars,
 				}},
 		},
 	}
@@ -115,7 +128,7 @@ func (c *OVNKMCPServerClientSet) createPod(ctx context.Context, node, namespace,
 	})
 	if err != nil {
 		cleanupPod()
-		return "", nil, fmt.Errorf("debug pod did not reach running state within timeout of 5 minutes: %w", err)
+		return "", nil, fmt.Errorf("debug pod did not reach running state within timeout of 1 minute: %w", err)
 	}
 
 	return createdDebugPod.Name, cleanupPod, nil

diff --git a/pkg/kubernetes/mcp/nodes.go b/pkg/kubernetes/mcp/nodes.go
@@ -2,14 +2,61 @@ package kubernetes
 
 import (
 	"context"
+	"fmt"
+	"path/filepath"
+	"strings"
 
 	"github.com/modelcontextprotocol/go-sdk/mcp"
 	"github.com/ovn-kubernetes/ovn-kubernetes-mcp/pkg/kubernetes/types"
 )
 
+// validatePath validates that a path is safe to use for mounting.
+// It ensures the path:
+// - Is absolute (starts with /)
+// - Does not contain path traversal patterns (..)
+// - Contains only safe characters
+func validatePath(path, pathType string) error {
+	if path == "" {
+		return nil // Empty paths are allowed and will be set to defaults
+	}
+
+	// Ensure path is absolute
+	if !filepath.IsAbs(path) {
+		return fmt.Errorf("%s must be an absolute path (start with /), got: %s", pathType, path)
+	}
+
+	// Check for path traversal patterns: reject any path element that is exactly ".."
+	for _, elem := range strings.Split(path, string(filepath.Separator)) {
+		if elem == ".." {
+			return fmt.Errorf("%s contains path traversal element '..': %s", pathType, path)
+		}
+	}
+
+	// Check for dangerous characters (null bytes, control characters, shell special characters)
+	for i, r := range path {
+		// Allow alphanumeric, /, -, _, ., ~
+		if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') ||
+			r == '/' || r == '-' || r == '_' || r == '.' || r == '~' {
+			continue
+		}
+		return fmt.Errorf("%s contains unsafe character at position %d: %c (U+%04X)", pathType, i, r, r)
+	}
+
+	return nil
+}
+
 // DebugNode debugs a node by name, image and command.
 func (s *MCPServer) DebugNode(ctx context.Context, req *mcp.CallToolRequest, in types.DebugNodeParams) (*mcp.CallToolResult, types.DebugNodeResult, error) {
-	stdout, stderr, err := s.clientSet.DebugNode(ctx, in.Name, in.Image, in.Command)
+	// Validate paths before creating the pod
+	if err := validatePath(in.HostPath, "hostPath"); err != nil {
+		return nil, types.DebugNodeResult{}, err
+	}
+
+	if err := validatePath(in.MountPath, "mountPath"); err != nil {
+		return nil, types.DebugNodeResult{}, err
+	}
+
+	stdout, stderr, err := s.clientSet.DebugNode(ctx, in.Name, in.Image, in.Command, in.HostPath, in.MountPath)
 	if err != nil {
 		return nil, types.DebugNodeResult{}, err
 	}

diff --git a/pkg/kubernetes/types/nodes.go b/pkg/kubernetes/types/nodes.go
@@ -2,9 +2,11 @@ package types
 
 // DebugNodeParams is a type that contains the name, image and command of a node.
 type DebugNodeParams struct {
-	Name    string   `json:"name"`
-	Image   string   `json:"image"`
-	Command []string `json:"command"`
+	Name      string   `json:"name"`
+	Image     string   `json:"image"`
+	Command   []string `json:"command"`
+	HostPath  string   `json:"hostPath,omitempty"`
+	MountPath string   `json:"mountPath,omitempty"`
 }
 
 // DebugNodeResult is a type that contains the stdout and stderr of the executed command.

diff --git a/pkg/nettools/mcp/mcp.go b/pkg/nettools/mcp/mcp.go
@@ -0,0 +1,76 @@
+package nettools
+
+import (
+	"github.com/modelcontextprotocol/go-sdk/mcp"
+	kubernetesmcp "github.com/ovn-kubernetes/ovn-kubernetes-mcp/pkg/kubernetes/mcp"
+)
+
+// MCPServer provides MCP server functionality for network tools operations.
+type MCPServer struct {
+	k8sMcpServer *kubernetesmcp.MCPServer
+	pwruImage    string
+	tcpdumpImage string
+}
+
+// NewMCPServer creates a new MCP server instance
+func NewMCPServer(k8sMcpServer *kubernetesmcp.MCPServer, pwruImage, tcpdumpImage string) *MCPServer {
+	return &MCPServer{
+		k8sMcpServer: k8sMcpServer,
+		pwruImage:    pwruImage,
+		tcpdumpImage: tcpdumpImage,
+	}
+}
+
+// AddTools registers network tools with the MCP server
+func (s *MCPServer) AddTools(server *mcp.Server) {
+	mcp.AddTool(server,
+		&mcp.Tool{
+			Name: "tcpdump",
+			Description: `Capture network packets on a node or inside a pod with strict safety controls.
+
+Supports both node-level and pod-level packet capture with BPF filtering.
+
+This tool creates a specialized debug pod on the specified node for node-level captures.
+The node image can be configured via --tcpdump-image flag or will default to nicolaka/netshoot:v0.13.
+The image must contain the tcpdump utility
+
+Parameters:
+- target_type: 'node' or 'pod' (required)
+- node_name: Name of the node (required when target_type is 'node')
+- pod_name: Name of the pod (required when target_type is 'pod')
+- pod_namespace: Namespace of the pod (required when target_type is 'pod')
+- container_name: Name of the container in the pod (optional, uses default container if not specified)
+- interface: Network interface name or 'any' (optional, uses default if not specified)
+- packet_count: Number of packets to capture (default: 100, max: 1000)
+- bpf_filter: BPF filter expression to match packets (optional, e.g., "tcp and dst port 8080", "host 10.0.0.1")
+- snaplen: Snapshot length in bytes (default: 96, max: 1500)
+
+Examples:
+- Capture on node: {"target_type": "node", "node_name": "worker-1", "interface": "eth0", "packet_count": 100, "bpf_filter": "tcp port 80"}
+- Capture in pod: {"target_type": "pod", "pod_name": "my-pod", "pod_namespace": "default", "interface": "eth0", "packet_count": 100, "bpf_filter": "host 10.0.0.1"}
+- Capture DNS: {"target_type": "node", "node_name": "worker-1", "interface": "any", "packet_count": 50, "bpf_filter": "port 53"}`,
+		}, s.Tcpdump)
+	mcp.AddTool(server,
+		&mcp.Tool{
+			Name: "pwru",
+			Description: `Trace packets through the Linux kernel networking stack using eBPF.
+
+pwru (packet, where are you?) shows which kernel functions process a packet, helping debug packet
+drops, routing issues, and understanding the kernel's packet processing path.
+
+This tool creates a specialized debug pod on the specified node with necessary eBPF capabilities
+to trace packets through kernel networking functions.
+The node image can be configured via --pwru-image flag or will default to docker.io/cilium/pwru:v1.0.10.
+The image must contain the pwru utility
+
+Parameters:
+- node_name: Name of the node to run pwru on (required)
+- bpf_filter: BPF filter expression to match packets (optional, e.g., "tcp and dst port 8080", "host 10.0.0.1")
+- output_limit_lines: Maximum number of trace events to capture (default: 100, max: 1000)
+
+Examples:
+- Basic trace: {"node_name": "worker-1", "bpf_filter": "host 10.244.0.5", "output_limit_lines": 100}
+- TCP traffic: {"node_name": "worker-1", "bpf_filter": "tcp and dst port 8080", "output_limit_lines": 50}
+- ICMP packets: {"node_name": "worker-1", "bpf_filter": "icmp", "output_limit_lines": 100}`,
+		}, s.Pwru)
+}
diff --git a/pkg/nettools/mcp/pwru.go b/pkg/nettools/mcp/pwru.go
@@ -0,0 +1,50 @@
+package nettools
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/modelcontextprotocol/go-sdk/mcp"
+	k8stypes "github.com/ovn-kubernetes/ovn-kubernetes-mcp/pkg/kubernetes/types"
+	"github.com/ovn-kubernetes/ovn-kubernetes-mcp/pkg/nettools/types"
+)
+
+const (
+	DefaultOutputLimitLines = 100
+	MaxOutputLimitLines     = 1000
+)
+
+// Pwru executes the pwru (packet, where are you?) tool to trace packets through the Linux kernel.
+// It creates a specialized debug pod with eBPF capabilities and traces packet processing paths.
+// This is useful for debugging packet drops, routing issues, and understanding kernel networking behavior.
+func (s *MCPServer) Pwru(ctx context.Context, req *mcp.CallToolRequest, in types.PwruParams) (*mcp.CallToolResult, types.CommandResult, error) {
+	outputLimitLines := in.OutputLimitLines
+	if outputLimitLines == 0 {
+		outputLimitLines = DefaultOutputLimitLines
+	}
+	if err := validateIntMax(outputLimitLines, MaxOutputLimitLines, "output_limit_lines", ""); err != nil {
+		return nil, types.CommandResult{}, err
+	}
+
+	if err := validatePacketFilter(in.BPFFilter); err != nil {
+		return nil, types.CommandResult{}, err
+	}
+
+	cmd := newCommand("pwru", "--output-limit-lines", strconv.Itoa(outputLimitLines))
+	// pwru accepts pcap filter as positional argument(s)
+	cmd.addIfNotEmpty(in.BPFFilter, in.BPFFilter)
+
+	target := k8stypes.DebugNodeParams{
+		Name:      in.NodeName,
+		Image:     s.pwruImage,
+		HostPath:  "/sys/kernel/debug",
+		MountPath: "/sys/kernel/debug",
+		Command:   cmd.build(),
+	}
+
+	result, err := s.runDebugNode(ctx, req, target)
+	if err != nil {
+		return nil, types.CommandResult{}, err
+	}
+	return nil, result, nil
+}