whitelist the external networks associated with the node

main.go

@@ -74,6 +74,25 @@ func machineID() string {
 	return ""
 }
 
+func whitelistNodeExternalNetworks() {
+	netdevs, err := node.NetDevices()
+	if err != nil {
+		klog.Warningln("failed to get network interfaces:", err)
+		return
+	}
+	seenPrefixes := map[string]bool{}
+	for _, iface := range netdevs {
+		for _, p := range iface.IPPrefixes {
+			if p.IP().IsLoopback() || common.IsIpPrivate(p.IP()) || seenPrefixes[p.String()] {
+				continue
+			}
+			// if the node has an external network IP, whitelist that network
+			flags.ExternalNetworksWhitelist = append(flags.ExternalNetworksWhitelist, p)
+			seenPrefixes[p.String()] = true
+		}
+	}
+}
+
 func main() {
 	klog.LogToStderr(false)
 	klog.SetOutput(&RateLimitedLogOutput{limiter: rate.NewLimiter(10, 100)})
@@ -95,6 +114,8 @@ func main() {
 		klog.Exitf("the minimum Linux kernel version required is %s or later", minSupportedKernelVersion)
 	}
 
+	whitelistNodeExternalNetworks()
+
 	machineId := machineID()
 	tracing.Init(machineId, hostname, version)
 

node/collector.go

@@ -216,7 +216,7 @@ func (c *Collector) Collect(ch chan<- prometheus.Metric) {
 		}
 	}
 
-	netdev, err := netDevices()
+	netdev, err := NetDevices()
 	if err != nil {
 		klog.Errorln(err)
 	} else {
@@ -226,8 +226,8 @@ func (c *Collector) Collect(ch chan<- prometheus.Metric) {
 			ch <- counter(netRxPacketsDesc, dev.RxPackets, dev.Name)
 			ch <- counter(netTxPacketsDesc, dev.TxPackets, dev.Name)
 			ch <- gauge(netIfaceUpDesc, dev.Up, dev.Name)
-			for _, ip := range dev.Addresses {
-				ch <- gauge(ipDesc, 1, dev.Name, ip)
+			for _, p := range dev.IPPrefixes {
+				ch <- gauge(ipDesc, 1, dev.Name, p.IP().String())
 			}
 		}
 	}

node/net.go

@@ -4,22 +4,23 @@ import (
 	"github.com/coroot/coroot-node-agent/proc"
 	"github.com/vishvananda/netlink"
 	"golang.org/x/sys/unix"
+	"inet.af/netaddr"
 	"regexp"
 )
 
 var includeNetDev = regexp.MustCompile(`^(enp\d+s\d+(f\d+)?|eth\d+|eno\d+|ens\d+)`)
 
 type NetDeviceInfo struct {
-	Name      string
-	Up        float64
-	Addresses []string
-	RxBytes   float64
-	TxBytes   float64
-	RxPackets float64
-	TxPackets float64
+	Name       string
+	Up         float64
+	IPPrefixes []netaddr.IPPrefix
+	RxBytes    float64
+	TxBytes    float64
+	RxPackets  float64
+	TxPackets  float64
 }
 
-func netDevices() ([]NetDeviceInfo, error) {
+func NetDevices() ([]NetDeviceInfo, error) {
 	hostNs, err := proc.GetHostNetNs()
 	if err != nil {
 		return nil, err
@@ -60,7 +61,9 @@ func netDevices() ([]NetDeviceInfo, error) {
 			if ip.IsLinkLocalUnicast() || ip.IsMulticast() || ip.IsLinkLocalMulticast() {
 				continue
 			}
-			info.Addresses = append(info.Addresses, addr.IP.String())
+			if prefix, ok := netaddr.FromStdIPNet(addr.IPNet); ok {
+				info.IPPrefixes = append(info.IPPrefixes, prefix)
+			}
 		}
 		res = append(res, info)
 	}