tcp dissector enabled by default (#1591)

* tcp dissector enabled by default

* changing the readme

In support of having the `tcp` dissector enabled by default.

* Update values.yaml

* Update complete.yaml

* updated the defaultFilter default value

1. Start with some level of  "noise reduction" (`tcp` and `dns`).
2. Provide a hint how to use a display filter to filter out protocol aliases.

* Update values.yaml

filter out DNS and TCP

* Update complete.yaml

Filter out DNS and TCP

* Update README.md

Filter out TCP and DNS by default

config/configStruct.go

@@ -82,7 +82,7 @@ func CreateDefaultConfig() ConfigStruct {
 				"redis",
 				"sctp",
 				"syscall",
-				// "tcp",
+				"tcp",
 				"ws",
 			},
 		},

config/configStructs/tapConfig.go

@@ -199,7 +199,7 @@ type TapConfig struct {
 	Debug                        bool                  `yaml:"debug" json:"debug" default:"false"`
 	KernelModule                 KernelModuleConfig    `yaml:"kernelModule" json:"kernelModule"`
 	Telemetry                    TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
-	DefaultFilter                string                `yaml:"defaultFilter" json:"defaultFilter"`
+	DefaultFilter                string                `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !tcp"`
 	ScriptingDisabled            bool                  `yaml:"scriptingDisabled" json:"scriptingDisabled" default:"false"`
 	TargetedPodsUpdateDisabled   bool                  `yaml:"targetedPodsUpdateDisabled" json:"targetedPodsUpdateDisabled" default:"false"`
 	RecordingDisabled            bool                  `yaml:"recordingDisabled" json:"recordingDisabled" default:"false"`

helm-chart/README.md

@@ -170,11 +170,11 @@ Please refer to [metrics](./metrics.md) documentation for details.
 | `tap.kernelModule.image`                  | Container image containing PF_RING kernel module with supported kernel version([details](PF_RING.md))      | "kubeshark/pf-ring-module:all"                                                 |
 | `tap.kernelModule.unloadOnDestroy`        | Create additional container which watches for pod termination and unloads PF_RING kernel module. | `false`|
 | `tap.telemetry.enabled`                   | Enable anonymous usage statistics collection           | `true`                                                  |
-| `tap.defaultFilter`                       | Sets the default dashboard KFL filter (e.g. `http`)        | `""`                                                  |
+| `tap.defaultFilter`                       | Sets the default dashboard KFL filter (e.g. `http`). By default, this value is set to filter out DNS  and TCP entries. The user can easily change this in the Dashboard.         | `"!dns and !tcp"`                                                  |
 | `tap.globalFilter`                        | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic.      | `""`                                        |
 | `tap.metrics.port`                  | Pod port used to expose Prometheus metrics          | `49100`                                                  |
 | `tap.stopped`                             | A flag indicating whether to start Kubeshark with traffic processing stopped resulting in almost no resource consumption (e.g. Kubeshark is dormant). This property can be dynamically control via the dashboard.         | `true`                                                  |
-| `tap.enabledDissectors`                   | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list includes: amqp, dns , http, icmp, kafka, redis,sctp, syscall, ws. By design, it does not include the very powerful TCP dissector (`tcp`). Add this dissector to view all TCP messages (requires elevated amounts of CPU, memeory and storage).  |
+| `tap.enabledDissectors`                   | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list includes: amqp, dns , http, icmp, kafka, redis,sctp, syscall, tcp, ws.  |
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
 | `kube.configPath`                         | Path to the `kubeconfig` file (`$HOME/.kube/config`)            | `""`                                                    |
 | `kube.context`                            | Kubernetes context to use for the deployment  | `""`                                                    |

helm-chart/values.yaml

@@ -95,7 +95,7 @@ tap:
     unloadOnDestroy: false
   telemetry:
     enabled: true
-  defaultFilter: ""
+  defaultFilter: "!dns and !tcp"
   scriptingDisabled: false
   targetedPodsUpdateDisabled: false
   recordingDisabled: false
@@ -125,6 +125,7 @@ tap:
   - redis
   - sctp
   - syscall
+  - tcp
   - ws
   metrics:
     port: 49100

manifests/complete.yaml

@@ -249,7 +249,7 @@ data:
     TIMEZONE: ' '
     CLOUD_LICENSE_ENABLED: 'true'
     DUPLICATE_TIMEFRAME: '200ms'
-    ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,ws'
+    ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,tcp,ws'
 ---
 # Source: kubeshark/templates/02-cluster-role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -760,7 +760,7 @@ spec:
       containers:
         - env:
             - name: REACT_APP_DEFAULT_FILTER
-              value: ' '
+              value: '!dns and !tcp'
             - name: REACT_APP_AUTH_ENABLED
               value: 'true'
             - name: REACT_APP_AUTH_TYPE