From 6bf78e98022c6268dff3a2ef49c548bbb3a5297c Mon Sep 17 00:00:00 2001
From: Mario Macias <mario.macias@grafana.com>
Date: Fri, 19 Apr 2024 09:31:21 +0200
Subject: [PATCH] Document protocols filter (#753)

* Document protocols filter

* make vale happy
---
 docs/sources/network/config.md | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/docs/sources/network/config.md b/docs/sources/network/config.md
index 73a12dda5..f2a051ee1 100644
--- a/docs/sources/network/config.md
+++ b/docs/sources/network/config.md
@@ -66,7 +66,7 @@ network events with the `socket_filter` mode.
 
 When `socket_filter` is used as an event source, Beyla installs an eBPF Linux socket filter to
 capture the network events. This mode doesn't conflict with Cilium CNI or other eBPF programs, which
-use the Linux Traffic Control egress and ingress filters. 
+use the Linux Traffic Control egress and ingress filters.
 
 
 | YAML                 | Environment variable               | Type     | Default                                                                                                  |
@@ -161,6 +161,32 @@ If you set this property via environment variable each entry must be separated b
 BEYLA_NETWORK_EXCLUDE_INTERFACES=lo,/^veth/
 ```
 
+| YAML        | Environment variable      | Type     | Default |
+|-------------|---------------------------| -------- | ------- |
+| `protocols` | `BEYLA_NETWORK_PROTOCOLS` | []string | (empty) |
+
+If set, Beyla drops any network flow whose reported Internet Protocol is not in this list.
+
+The accepted values are defined in the Linux enumeration of
+[Standard well-defined IP protocols](https://elixir.bootlin.com/linux/v6.8.7/source/include/uapi/linux/in.h#L28),
+and can be:
+`TCP`, `UDP`, `IP`, `ICMP`, `IGMP`, `IPIP`, `EGP`, `PUP`, `IDP`, `TP`, `DCCP`, `IPV6`, `RSVP`, `GRE`, `ESP`, `AH`,
+`MTP`, `BEETPH`, `ENCAP`, `PIM`, `COMP`, `L2TP`, `SCTP`, `UDPLITE`, `MPLS`, `ETHERNET`, `RAW`
+
+| YAML                | Environment variable              | Type     | Default |
+|---------------------|-----------------------------------|----------|---------|
+| `exclude_protocols` | `BEYLA_NETWORK_EXCLUDE_PROTOCOLS` | []string | (empty) |
+
+If set, Beyla drops any network flow whose reported Internet Protocol is in this list.
+
+If the `protocols`/`BEYLA_NETWORK_PROTOCOLS` list is already set, this property is ignored.
+
+The accepted values are defined in the Linux enumeration of
+[Standard well-defined IP protocols](https://elixir.bootlin.com/linux/v6.8.7/source/include/uapi/linux/in.h#L28),
+and can be:
+`TCP`, `UDP`, `IP`, `ICMP`, `IGMP`, `IPIP`, `EGP`, `PUP`, `IDP`, `TP`, `DCCP`, `IPV6`, `RSVP`, `GRE`, `ESP`, `AH`,
+`MTP`, `BEETPH`, `ENCAP`, `PIM`, `COMP`, `L2TP`, `SCTP`, `UDPLITE`, `MPLS`, `ETHERNET`, `RAW`
+
 | YAML              | Environment variable            | Type    | Default |
 | ----------------- | ------------------------------- | ------- | ------- |
 | `cache_max_flows` | `BEYLA_NETWORK_CACHE_MAX_FLOWS` | integer | `5000`  |