Skip to content

Commit 23db74a

Browse files
smagnani96pchaigno
smagnani96
authored and
pchaigno
committed
check-encryption-leaks: small change in formatting prints
This commit adjusts the formatting in our prints. In particular: * Inner IPv4/IPv6 packet: let's print protocol before length, to align to the outer packet print. This will still print also all the supplementary info, such as ifindex, netns, etc. We leave these info there given the inner packet is always reported, both in Native and Overlay mode. * L4 info: the whole `Detected TCP message, TCPFlags: ...` can be further simplified to just `TCP (TCPFlags: ...)`. The same applies to UDP and ICMP. This makes the print more compact and easier to read. * ICMP: let's print Type and Code before the other fields, given they are the most relevant ones and immediately refer to the ICMP message type. Example of an ICMP packet via VXLAN: ``` [10:49:50:268834] [0xffff8907af02e100] 172.18.0.3:36366 -> 172.18.0.4:8472 (proto: 17, encap: 1, skb: 0) [10:49:50:268834] [0xffff8907af02e100] ↳ 10.244.2.11:0 -> 10.244.0.43:0 (proto: 1, len: 84, ifindex: 7, netns: f0000000, srcPod: 1 (internal: 0), dstPod: 1 (internal: 0), proxy: 0 (masqueraded: 0)) [10:49:50:268834] [0xffff8907af02e100] ↳ ICMP (Type: 8, Code: 0, IPFlags: .D., FragOff: 0, FragID: 54072) ``` Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
1 parent ec2dab4 commit 23db74a

File tree

1 file changed

+13
-13
lines changed

1 file changed

+13
-13
lines changed

.github/actions/bpftrace/scripts/check-encryption-leaks.bt

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -160,14 +160,14 @@ kprobe:br_forward
160160
$encap, $skb->encapsulation);
161161
}
162162

163-
printf("[%s] [%p] ↳ %s:%d -> %s:%d (len: %d, proto: %d, ifindex: %d, netns: %x, srcPod: %d (internal: %d), dstPod: %d (internal: %d), proxy: %d (masqueraded: %d))\n",
163+
printf("[%s] [%p] ↳ %s:%d -> %s:%d (proto: %d, len: %d, ifindex: %d, netns: %x, srcPod: %d (internal: %d), dstPod: %d (internal: %d), proxy: %d (masqueraded: %d))\n",
164164
$time, $skb,
165165
ntop($ip4h->saddr),
166166
($ip4h->protocol == PROTO_UDP || $ip4h->protocol == PROTO_TCP) ? bswap($udph->source) : 0,
167167
ntop($ip4h->daddr),
168168
($ip4h->protocol == PROTO_UDP || $ip4h->protocol == PROTO_TCP) ? bswap($udph->dest) : 0,
169-
bswap($ip4h->tot_len),
170169
$ip4h->protocol,
170+
bswap($ip4h->tot_len),
171171
$skb->dev->ifindex,
172172
$skb->dev->nd_net.net->ns.inum,
173173
$src_is_pod, $src_is_internal,
@@ -176,7 +176,7 @@ kprobe:br_forward
176176
$pod_to_pod_via_proxy == PROXY_TRACED_AND_MASQUERADED);
177177

178178
if ($ip4h->protocol == PROTO_TCP) {
179-
printf("[%s] [%p] ↳ Detected TCP message, TCPFlags: %c%c%c%c%c%c%c%c, Seq: %u, Ack: %u\n",
179+
printf("[%s] [%p] ↳ TCP (TCPFlags: %c%c%c%c%c%c%c%c, Seq: %u, Ack: %u)\n",
180180
$time, $skb,
181181
$tcph->cwr ? CH_C : CH_DOT, $tcph->ece ? CH_E : CH_DOT,
182182
$tcph->urg ? CH_U : CH_DOT, $tcph->ack ? CH_A : CH_DOT,
@@ -188,7 +188,7 @@ kprobe:br_forward
188188
if ($ip4h->protocol == PROTO_UDP && (bswap($udph->source) == PORT_DNS || bswap($udph->dest) == PORT_DNS)) {
189189
$dns = (struct dnshdr*)($udph + 1);
190190
$query = (uint8 *)($dns + 1);
191-
printf("[%s] [%p] ↳ Detected DNS message, ID: %04x, flags %04x, QD: %d, AN: %d, NS: %d, AR: %d, query %s\n",
191+
printf("[%s] [%p] ↳ DNS (ID: %04x, flags %04x, QD: %d, AN: %d, NS: %d, AR: %d, query %s)\n",
192192
$time, $skb,
193193
bswap($dns->id), bswap($dns->flags), bswap($dns->qdcount),
194194
bswap($dns->ancount), bswap($dns->nscount), bswap($dns->arcount),
@@ -198,12 +198,12 @@ kprobe:br_forward
198198
if ($ip4h->protocol == PROTO_ICMP_IPV4) {
199199
$frag_off = bswap($ip4h->frag_off);
200200

201-
printf("[%s] [%p] ↳ Detected ICMP message, IPFlags: .%c%c, Type: %u, Code: %u, FragOff: %d, FragID: %d\n",
201+
printf("[%s] [%p] ↳ ICMP (Type: %u, Code: %u, IPFlags: .%c%c, FragOff: %d, FragID: %d)\n",
202202
$time, $skb,
203-
($frag_off & 0x4000) >> 14 ? CH_D : CH_DOT,
204-
($frag_off & 0x2000) >> 13 ? CH_M : CH_DOT,
205203
$icmph->type,
206204
$icmph->code,
205+
($frag_off & 0x4000) >> 14 ? CH_D : CH_DOT,
206+
($frag_off & 0x2000) >> 13 ? CH_M : CH_DOT,
207207
$frag_off & 0x1FFF,
208208
bswap($ip4h->id));
209209
}
@@ -253,14 +253,14 @@ kprobe:br_forward
253253
$encap, $skb->encapsulation);
254254
}
255255

256-
printf("[%s] [%p] ↳ %s:%d -> %s:%d (len: %d, proto: %d, ifindex: %d, netns: %x, srcPod: %d (internal: %d), dstPod: %d (internal: %d), proxy: %d (masqueraded: %d))\n",
256+
printf("[%s] [%p] ↳ %s:%d -> %s:%d (proto: %d, len: %d, ifindex: %d, netns: %x, srcPod: %d (internal: %d), dstPod: %d (internal: %d), proxy: %d (masqueraded: %d))\n",
257257
$time, $skb,
258258
ntop($ip6h->saddr.in6_u.u6_addr8),
259259
($ip6h->nexthdr == PROTO_UDP || $ip6h->nexthdr == PROTO_TCP) ? bswap($udph->source) : 0,
260260
ntop($ip6h->daddr.in6_u.u6_addr8),
261261
($ip6h->nexthdr == PROTO_UDP || $ip6h->nexthdr == PROTO_TCP) ? bswap($udph->dest) : 0,
262-
bswap($ip6h->payload_len),
263262
$ip6h->nexthdr,
263+
bswap($ip6h->payload_len),
264264
$skb->dev->ifindex,
265265
$skb->dev->nd_net.net->ns.inum,
266266
$src_is_pod, $src_is_internal,
@@ -269,7 +269,7 @@ kprobe:br_forward
269269
$pod_to_pod_via_proxy == PROXY_TRACED_AND_MASQUERADED);
270270

271271
if ($ip6h->nexthdr == PROTO_TCP) {
272-
printf("[%s] [%p] ↳ Detected TCP message, TCPFlags: %c%c%c%c%c%c%c%c, Seq: %u, Ack: %u\n",
272+
printf("[%s] [%p] ↳ TCP (TCPFlags: %c%c%c%c%c%c%c%c, Seq: %u, Ack: %u)\n",
273273
$time, $skb,
274274
$tcph->cwr ? CH_C : CH_DOT, $tcph->ece ? CH_E : CH_DOT,
275275
$tcph->urg ? CH_U : CH_DOT, $tcph->ack ? CH_A : CH_DOT,
@@ -281,7 +281,7 @@ kprobe:br_forward
281281
if ($ip6h->nexthdr == PROTO_UDP && (bswap($udph->source) == PORT_DNS || bswap($udph->dest) == PORT_DNS)) {
282282
$dns = (struct dnshdr*)($udph + 1);
283283
$query = (uint8 *)($dns + 1);
284-
printf("[%s] [%p] ↳ Detected DNS message, ID: %04x, flags %04x, QD: %d, AN: %d, NS: %d, AR: %d, query %s\n",
284+
printf("[%s] [%p] ↳ DNS (ID: %04x, flags %04x, QD: %d, AN: %d, NS: %d, AR: %d, query %s)\n",
285285
$time, $skb,
286286
bswap($dns->id), bswap($dns->flags), bswap($dns->qdcount),
287287
bswap($dns->ancount), bswap($dns->nscount), bswap($dns->arcount),
@@ -298,11 +298,11 @@ kprobe:br_forward
298298
$frag_off_res_m = bswap($frag_hdr->frag_off);
299299
}
300300

301-
printf("[%s] [%p] ↳ Detected ICMP message, IPFlags: ..%c, Type: %u, Code: %u, FragOff: %d, FragID: %d\n",
301+
printf("[%s] [%p] ↳ ICMP (Type: %u, Code: %u, IPFlags: ..%c, FragOff: %d, FragID: %d)\n",
302302
$time, $skb,
303-
$frag_off_res_m & 0x0001 ? CH_M : CH_DOT,
304303
$icmph->type,
305304
$icmph->code,
305+
$frag_off_res_m & 0x0001 ? CH_M : CH_DOT,
306306
$frag_off_res_m >> 3,
307307
$frag_id);
308308
}

0 commit comments

Comments
 (0)