Conversation
arghosh93
force-pushed
the
kernel-layer
branch
3 times, most recently
from
6ec6936 to
fe88d1f
Compare
arkadeepsen
reviewed
Dec 5, 2025
Contributor
arkadeepsen
left a comment
arkadeepsen
left a comment
There was a problem hiding this comment.
A few comments after first round of review.
arghosh93
force-pushed
the
kernel-layer
branch
5 times, most recently
from
301e6e5 to
7e8a3fe
Compare
pperiyasamy
reviewed
Dec 9, 2025
arghosh93
force-pushed
the
kernel-layer
branch
from
7e8a3fe to
b1107c4
Compare
pperiyasamy
reviewed
Dec 15, 2025
arghosh93
force-pushed
the
kernel-layer
branch
from
b1107c4 to
52a5003
Compare
arghosh93
force-pushed
the
kernel-layer
branch
from
52a5003 to
d791592
Compare
Contributor
Author
|
I rebased on the Main branch after @pperiyasamy's LGTM. There was one merge conflict at cmd/main.go which occurred as Peri's OVS MCP PR merged meanwhile. |
arkadeepsen
reviewed
Dec 17, 2025
Contributor
arkadeepsen
left a comment
arkadeepsen
left a comment
There was a problem hiding this comment.
Great progress. I have a few more comments below.
arghosh93
force-pushed
the
kernel-layer
branch
from
d791592 to
76128dd
Compare
arkadeepsen
reviewed
Dec 17, 2025
Contributor
arkadeepsen
left a comment
arkadeepsen
left a comment
There was a problem hiding this comment.
Mostly looks good. Only a few remaining comments.
arghosh93
force-pushed
the
kernel-layer
branch
from
76128dd to
92abdc0
Compare
arkadeepsen
reviewed
Dec 18, 2025
pkg/kernel/mcp/mcp.go
Outdated
Comment on lines
146
to
147
| - xfrm state show : show Security Association Database. | ||
| - xfrm policy show : show Security Policy Database. |
Contributor
There was a problem hiding this comment.
Suggested change
| - xfrm state show : show Security Association Database. | |
| - xfrm policy show : show Security Policy Database. | |
| - xfrm state list : list Security Association Database. | |
| - xfrm policy list : list Security Policy Database. |
pkg/kernel/mcp/iptables.go
Outdated
Comment on lines
41
to
42
| // FilterParameters are invalid with -S command | ||
| cmd.addIf(in.FilterParameters != "" && in.Command != "-S", strings.Fields(in.FilterParameters)...) |
Contributor
There was a problem hiding this comment.
Suggested change
| // FilterParameters are invalid with -S command | |
| cmd.addIf(in.FilterParameters != "" && in.Command != "-S", strings.Fields(in.FilterParameters)...) | |
| // FilterParameters are invalid with -S/--list-rules command | |
| cmd.addIf(in.FilterParameters != "" && in.Command != "-S" && in.Command != "--list-rules", strings.Fields(in.FilterParameters)...) |
Both -S and --list-rules are needed to be checked here.
Implements MCP tools for inspecting kernel level networking configurations: - get-conntrack: retrieves connection tracking entries from a Kubernetes node. - get-iptables: retrieves iptables/ip6tables rules from a Kubernetes node. - get-nft: retrieves nftables configuration from a Kubernetes node. - get-ip: executes 'ip' utility commands on a node. Signed-off-by: Arnab Ghosh <arnabghosh89@gmail.com>
arghosh93
force-pushed
the
kernel-layer
branch
from
92abdc0 to
4255689
Compare
tssurya
approved these changes
Dec 18, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements MCP tools for inspecting kernel level networking configurations:
--> ovn-kubernetes - get-ip (MCP)(node: "worker-2.shrocp4upi420ovn.lab.upshift.rdu2.redhat.com", image: "registry.redhat.io/rhel9/support-tools", command: "route show")
⎿ {
"data": "default via 10.0.95.254 dev br-ex proto dhcp src 10.0.93.147 metric 48 \n10.0.88.0/21 dev br-ex proto kernel scope link src 10.0.93.147 me
tric 48 \n10.128.0.0/14 via 10.131.0.1 dev ovn-k8s-mp0 \n10.131.0.0/23 dev ovn-k8s-mp0 proto kernel scope link src 10.131.0.2 \n169.254.0.0/17 dev br
… +3 lines (ctrl+o to expand)
--> ● ovn-kubernetes - get-nft (MCP)(node: "worker-2.shrocp4upi420ovn.lab.upshift.rdu2.redhat.com", image: "registry.redhat.io/rhel9/support-tools", command: "list tables")
⎿ {
"data": "table ip filter\ntable ip mangle\ntable ip6 mangle\ntable ip nat\ntable ip6 nat\ntable ip6 filter\ntable ip raw\ntable ip6 raw\ntable inet
ovn-kubernetes\n"
}