kubeshark · corest · Feb 8, 2026 · Feb 8, 2026 · Feb 8, 2026 · Copilot
diff --git a/bpf/common.c b/bpf/common.c
@@ -172,7 +172,7 @@ static __always_inline struct ssl_info lookup_ssl_info(struct pt_regs* ctx, void
 static __always_inline int program_disabled(int program_domain) {
     __u32 zero = 0;
     struct configuration* s = bpf_map_lookup_elem(&settings, &zero);
-    if (s && (s->flags & CONFIGURATION_FLAG_CAPTURE_STOPPED)) {
+    if (s && !(s->flags & CONFIGURATION_FLAG_CAPTURE_ENABLED)) {
         return 1;
     }
 

diff --git a/bpf/include/maps.h b/bpf/include/maps.h
@@ -174,7 +174,7 @@ struct socket_cookie_data
     __u8 __pad2;
 };
 
-#define CONFIGURATION_FLAG_CAPTURE_STOPPED (1 << 0)
+#define CONFIGURATION_FLAG_CAPTURE_ENABLED (1 << 0)
 #define CONFIGURATION_PASS_ALL_CGROUPS (1 << 1)
 struct configuration
 {

diff --git a/pkg/kubernetes/config.go b/pkg/kubernetes/config.go
@@ -13,16 +13,16 @@ import (
 )
 
 const (
-	SUFFIX_CONFIG_MAP = "config-map"
-	CONFIG_POD_REGEX  = "POD_REGEX"
-	CONFIG_NAMESPACES = "NAMESPACES"
-	CONFIG_STOPPED    = "STOPPED"
+	SUFFIX_CONFIG_MAP         = "config-map"
+	CONFIG_POD_REGEX          = "POD_REGEX"
+	CONFIG_NAMESPACES         = "NAMESPACES"
+	CONFIG_DISSECTION_ENABLED = "DISSECTION_ENABLED"
 
-	CONFIG_RAW_CAPTURE = "RAW_CAPTURE"
+	CONFIG_RAW_CAPTURE_ENABLED = "RAW_CAPTURE_ENABLED"
 )
 
 const (
-	CONFIGURATION_FLAG_CAPTURE_STOPPED  = 1 << 0
+	CONFIGURATION_FLAG_CAPTURE_ENABLED  = 1 << 0
 	CONFIGURATION_FLAG_PASS_ALL_CGROUPS = 1 << 1
 )
 
@@ -37,16 +37,28 @@ func SyncConfig(configMap *v1.ConfigMap) (*regexp2.Regexp, []string, uint32) {
 	namespaces := strings.Split(configNamespaces, ",")
 
 	var settings uint32
-	var stopped bool
-	var rawCapture bool
-	if stopped, err = strconv.ParseBool(configMap.Data[CONFIG_STOPPED]); err != nil {
-		log.Error().Err(err).Str("config", CONFIG_STOPPED).Send()
+	dissectionEnabled := true
+	rawCaptureEnabled := true
+	if v, ok := configMap.Data[CONFIG_DISSECTION_ENABLED]; ok && v != "" {
+		if parsed, err := strconv.ParseBool(v); err != nil {
+			log.Warn().Err(err).Str("config", CONFIG_DISSECTION_ENABLED).Msg("invalid value, defaulting to true")
+		} else {
+			dissectionEnabled = parsed
+		}
+	} else {
+		log.Warn().Str("config", CONFIG_DISSECTION_ENABLED).Msg("missing or empty, defaulting to true")
 	}
-	if rawCapture, err = strconv.ParseBool(configMap.Data[CONFIG_RAW_CAPTURE]); err != nil {
-		log.Error().Err(err).Str("config", CONFIG_RAW_CAPTURE).Send()
+	if v, ok := configMap.Data[CONFIG_RAW_CAPTURE_ENABLED]; ok && v != "" {
+		if parsed, err := strconv.ParseBool(v); err != nil {
+			log.Warn().Err(err).Str("config", CONFIG_RAW_CAPTURE_ENABLED).Msg("invalid value, defaulting to true")
+		} else {
+			rawCaptureEnabled = parsed
+		}
+	} else {
+		log.Warn().Str("config", CONFIG_RAW_CAPTURE_ENABLED).Msg("missing or empty, defaulting to true")
 	}
-	if stopped && !rawCapture {
-		settings |= CONFIGURATION_FLAG_CAPTURE_STOPPED
+	if dissectionEnabled || rawCaptureEnabled {
+		settings |= CONFIGURATION_FLAG_CAPTURE_ENABLED
 	}
 
 	return regex, namespaces, settings