sniff

Documentation

Index

• Constants
• type Mode
• type Sniffer
  • func Sniff(ctx context.Context, name string, target *check.Pod, iface string, ...) (*Sniffer, error)
  • func (sniffer *Sniffer) Validate(ctx context.Context, a *check.Action)

Constants

const TunnelFilter = "(udp and (udp[8:2] = 0x0800 or dst port 8472 or dst port 6081))"

TunnelFilter is a tcpdump filter which captures encapsulated packets.

Some explanations:

• "udp[8:2] = 0x0800" compares the first two bytes of an UDP payload against VXLAN commonly used flags. In addition we check against the default Cilium's VXLAN port (8472).
• To catch Geneve traffic we cannot use the "geneve" filter, as it shifts offset of a filtered packet, which invalidates a filter matching on the outer headers. Thus this poor UDP/6081 check.

Types

type Mode

type Mode string

Mode configures the Sniffer validation mode.

const (
	// ModeAssert: do not expect to observe any packets matching the filter.
	ModeAssert Mode = "assert"
	// ModeSanity: expect to observe packets matching the filter, to be
	// leveraged as a sanity check to verify that the filter is correct.
	ModeSanity Mode = "sanity"
)

type Sniffer

type Sniffer struct {
	// contains filtered or unexported fields
}

func Sniff

func Sniff(ctx context.Context, name string, target *check.Pod,
	iface string, filter string, mode Mode, dbg debugLogger,
) (*Sniffer, error)

Start starts a tcpdump capture on the given pod, listening to the specified interface. The mode configures whether Validate() will (not) expect any packet to match the filter.

func (*Sniffer) Validate

func (sniffer *Sniffer) Validate(ctx context.Context, a *check.Action)

Validate stops the tcpdump capture previously started by Sniff and asserts that no packets (or at least one packet when running in sanity mode) got captured. It additionally dumps the captured packets in case of failure if debug logs are enabled.