check-encryption-leaks: fix indentation in leak report printfs

smagnani96 · pchaigno · commit ec2dab49d7cc · 2025-10-06T14:54:07.000Z
When printing leak reports, indent the lines related to general packet
information (ips, iface, etc.) and protocol-specific
information (e.g., TCP flags, DNS query) to improve readability.

Example of an ICMP packet via VXLAN:

```
[10:48:26:599698] [0xffff8909322c0d00] 172.18.0.3:36366 -&gt; 172.18.0.4:8472 (proto: 17, encap: 1, skb: 0)
[10:48:26:599698] [0xffff8909322c0d00]  ↳ 10.244.2.11:0 -&gt; 10.244.0.43:0 (len: 84, proto: 1, ifindex: 7, netns: f0000000, srcPod: 1 (internal: 0), dstPod: 1 (internal: 0), proxy: 0 (masqueraded: 0))
[10:48:26:599698] [0xffff8909322c0d00]   ↳ Detected ICMP message, IPFlags: .D., Type: 8, Code: 0, FragOff: 0, FragID: 28977
```

Signed-off-by: Simone Magnani &lt;simone.magnani@isovalent.com&gt;
diff --git a/.github/actions/bpftrace/scripts/check-encryption-leaks.bt b/.github/actions/bpftrace/scripts/check-encryption-leaks.bt
@@ -160,7 +160,7 @@ kprobe:br_forward
             $encap, $skb->encapsulation);
         }
 
-        printf("[%s] [%p] %s:%d -> %s:%d (len: %d, proto: %d, ifindex: %d, netns: %x, srcPod: %d (internal: %d), dstPod: %d (internal: %d), proxy: %d (masqueraded: %d))\n",
+        printf("[%s] [%p]  ↳ %s:%d -> %s:%d (len: %d, proto: %d, ifindex: %d, netns: %x, srcPod: %d (internal: %d), dstPod: %d (internal: %d), proxy: %d (masqueraded: %d))\n",
           $time, $skb,
           ntop($ip4h->saddr),
           ($ip4h->protocol == PROTO_UDP || $ip4h->protocol == PROTO_TCP) ? bswap($udph->source) : 0,
@@ -176,7 +176,7 @@ kprobe:br_forward
           $pod_to_pod_via_proxy == PROXY_TRACED_AND_MASQUERADED);
 
         if ($ip4h->protocol == PROTO_TCP) {
-          printf("[%s] [%p] ↳ Detected TCP message, TCPFlags: %c%c%c%c%c%c%c%c, Seq: %u, Ack: %u\n",
+          printf("[%s] [%p]   ↳ Detected TCP message, TCPFlags: %c%c%c%c%c%c%c%c, Seq: %u, Ack: %u\n",
             $time, $skb,
             $tcph->cwr ? CH_C : CH_DOT, $tcph->ece ? CH_E : CH_DOT,
             $tcph->urg ? CH_U : CH_DOT, $tcph->ack ? CH_A : CH_DOT,
@@ -188,7 +188,7 @@ kprobe:br_forward
         if ($ip4h->protocol == PROTO_UDP && (bswap($udph->source) == PORT_DNS || bswap($udph->dest) == PORT_DNS)) {
           $dns = (struct dnshdr*)($udph + 1);
           $query = (uint8 *)($dns + 1);
-          printf("[%s] [%p] ↳ Detected DNS message, ID: %04x, flags %04x, QD: %d, AN: %d, NS: %d, AR: %d, query %s\n",
+          printf("[%s] [%p]   ↳ Detected DNS message, ID: %04x, flags %04x, QD: %d, AN: %d, NS: %d, AR: %d, query %s\n",
             $time, $skb,
             bswap($dns->id), bswap($dns->flags), bswap($dns->qdcount),
             bswap($dns->ancount), bswap($dns->nscount), bswap($dns->arcount),
@@ -198,7 +198,7 @@ kprobe:br_forward
         if ($ip4h->protocol == PROTO_ICMP_IPV4) {
           $frag_off = bswap($ip4h->frag_off);
 
-          printf("[%s] [%p] ↳ Detected ICMP message, IPFlags: .%c%c, Type: %u, Code: %u, FragOff: %d, FragID: %d\n",
+          printf("[%s] [%p]   ↳ Detected ICMP message, IPFlags: .%c%c, Type: %u, Code: %u, FragOff: %d, FragID: %d\n",
             $time, $skb,
             ($frag_off & 0x4000) >> 14 ? CH_D : CH_DOT,
             ($frag_off & 0x2000) >> 13 ? CH_M : CH_DOT,
@@ -253,7 +253,7 @@ kprobe:br_forward
             $encap, $skb->encapsulation);
         }
 
-        printf("[%s] [%p] %s:%d -> %s:%d (len: %d, proto: %d, ifindex: %d, netns: %x, srcPod: %d (internal: %d), dstPod: %d (internal: %d), proxy: %d (masqueraded: %d))\n",
+        printf("[%s] [%p]  ↳ %s:%d -> %s:%d (len: %d, proto: %d, ifindex: %d, netns: %x, srcPod: %d (internal: %d), dstPod: %d (internal: %d), proxy: %d (masqueraded: %d))\n",
           $time, $skb,
           ntop($ip6h->saddr.in6_u.u6_addr8),
           ($ip6h->nexthdr == PROTO_UDP || $ip6h->nexthdr == PROTO_TCP) ? bswap($udph->source) : 0,
@@ -269,7 +269,7 @@ kprobe:br_forward
           $pod_to_pod_via_proxy == PROXY_TRACED_AND_MASQUERADED);
 
         if ($ip6h->nexthdr == PROTO_TCP) {
-          printf("[%s] [%p] ↳ Detected TCP message, TCPFlags: %c%c%c%c%c%c%c%c, Seq: %u, Ack: %u\n",
+          printf("[%s] [%p]   ↳ Detected TCP message, TCPFlags: %c%c%c%c%c%c%c%c, Seq: %u, Ack: %u\n",
             $time, $skb,
             $tcph->cwr ? CH_C : CH_DOT, $tcph->ece ? CH_E : CH_DOT,
             $tcph->urg ? CH_U : CH_DOT, $tcph->ack ? CH_A : CH_DOT,
@@ -281,7 +281,7 @@ kprobe:br_forward
         if ($ip6h->nexthdr == PROTO_UDP && (bswap($udph->source) == PORT_DNS || bswap($udph->dest) == PORT_DNS)) {
           $dns = (struct dnshdr*)($udph + 1);
           $query = (uint8 *)($dns + 1);
-          printf("[%s] [%p] ↳ Detected DNS message, ID: %04x, flags %04x, QD: %d, AN: %d, NS: %d, AR: %d, query %s\n",
+          printf("[%s] [%p]   ↳ Detected DNS message, ID: %04x, flags %04x, QD: %d, AN: %d, NS: %d, AR: %d, query %s\n",
             $time, $skb,
             bswap($dns->id), bswap($dns->flags), bswap($dns->qdcount),
             bswap($dns->ancount), bswap($dns->nscount), bswap($dns->arcount),
@@ -298,7 +298,7 @@ kprobe:br_forward
             $frag_off_res_m = bswap($frag_hdr->frag_off);
           }
 
-          printf("[%s] [%p] ↳ Detected ICMP message, IPFlags: ..%c, Type: %u, Code: %u, FragOff: %d, FragID: %d\n",
+          printf("[%s] [%p]   ↳ Detected ICMP message, IPFlags: ..%c, Type: %u, Code: %u, FragOff: %d, FragID: %d\n",
             $time, $skb,
             $frag_off_res_m & 0x0001 ? CH_M : CH_DOT,
             $icmph->type,
