Add L4 protocol filter in flow alerts. (#8358)

http_src/vue/page-alert-stats.vue

@@ -379,7 +379,7 @@ const map_table_def_columns = async (columns) => {
                 const title = proto.confidence;
                 (title == "DPI") ? confidence = `<span class="badge bg-success" title="${title}">${title}</span>` : confidence = `<span class="badge bg-warning" title="${title}">${title}</span>`
             }
-            return DataTableRenders.filterize('l7proto', proto.value, proto.label) + " " + `${confidence}`;
+            return DataTableRenders.filterize('l4proto', row.proto.value, row.proto.label) +":" +DataTableRenders.filterize('l7proto', proto.value, proto.label.split(":")[1]) + " " + `${confidence}`;
         },
         "info": (info, row) => {
             return `${DataTableRenders.filterize('info', info.value, info.label)}`;

scripts/lua/modules/alert_store/flow_alert_store.lua

@@ -610,6 +610,7 @@ function flow_alert_store:_add_additional_request_filters()
     local ja3_server = _GET["ja3_server"]
     local ja4_client = _GET["ja4_client"]
     local alert_domain = _GET["alert_domain"]
+    local l4_proto = _GET["l4proto"]
 
     self:format_traffic_direction(_GET["traffic_direction"])
     self:format_location()
@@ -632,6 +633,7 @@ function flow_alert_store:_add_additional_request_filters()
     self:add_filter_condition_list('flow_role', role)
     self:add_filter_condition_list('l7proto', l7proto, 'number')
     self:add_filter_condition_list('flow_risk', flow_risk, 'number')
+    self:add_filter_condition_list('proto', l4_proto)
 
     self:add_filter_condition_list('cli_host_pool_id', cli_host_pool_id, 'number')
     self:add_filter_condition_list('srv_host_pool_id', srv_host_pool_id, 'number')
@@ -697,7 +699,8 @@ function flow_alert_store:_get_additional_available_filters()
         cli_location = tag_utils.defined_tags.cli_location,
         srv_location = tag_utils.defined_tags.srv_location,
         last_server = tag_utils.defined_tags.last_server,
-        issuer_dn = tag_utils.defined_tags.issuer_dn
+        issuer_dn = tag_utils.defined_tags.issuer_dn,
+        l4proto = tag_utils.defined_tags.l4proto,
     }
 
     return filters

scripts/lua/modules/historical_flow_utils.lua

@@ -1356,6 +1356,7 @@ function historical_flow_utils.get_tags()
    flow_defined_tags["retransmissions"] = tag_utils.defined_tags["retransmissions"]
    flow_defined_tags["out_of_order"] = tag_utils.defined_tags["out_of_order"]
    flow_defined_tags["lost"] = tag_utils.defined_tags["lost"]
+   flow_defined_tags["l4proto"] = tag_utils.defined_tags["l4proto"]
 
 
    return flow_defined_tags

scripts/lua/modules/tag_utils.lua

@@ -792,6 +792,9 @@ tag_utils.formatters = {
     l4proto = function(proto)
         return l4_proto_to_string(proto)
     end,
+    l4_proto = function(proto)
+        return l4_proto_to_string(proto)
+    end,
     l7_proto = function(proto)
         return interface.getnDPIProtoName(tonumber(proto))
     end,
@@ -997,8 +1000,20 @@ function tag_utils.get_tag_info(id, entity, hide_exporters_name, restrict_filter
     elseif tag.value_type == "l4_proto" then
         filter.value_type = 'array'
         filter.options = {}
-        local l4_protocols = l4_proto_list()
-        for name, id in pairsByKeys(l4_protocols, asc) do
+        local l4_protocol_list = require "l4_protocol_list"
+
+        local l4_protocols = l4_protocol_list.l4_keys
+        
+        local list = {}
+
+        for _, proto in pairs(l4_protocols) do
+            -- add L4 proto only
+            if proto[2] ~= 'ip' and proto[2] ~= 'ipv6' then
+                list[proto[1]] = proto[3]
+            end
+        end
+
+        for name, id in pairsByKeys(list, asc) do
             filter.options[#filter.options + 1] = {
                 value = id,
                 label = name