Output TCP flags alongside tuple #466

Asphaltt · 2024-12-06T14:35:10Z

It will be helpful to check receiving a RST packet when fail to run telnet.

# ./pwru --filter-func '.*tcp.*' tcp and host 192.168.241.1 and port 8080
2024/12/06 14:30:17 Attaching kprobes (via kprobe-multi)...
146 / 146 [------------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s
2024/12/06 14:30:17 Attached (ignored 0)
2024/12/06 14:30:17 Listening for events..
SKB                CPU PROCESS          NETNS      MARK/x        IFACE       PROTO  MTU   LEN   __sk_buff->cb[]                                          TUPLE FUNC
0xffff91e7c90a98e8 6   <empty>:0        4026531840 0            ens33:2      0x0800 1500  74    [0x00000000,0x00000000,0x00000000,0x00000000,0x00000000] 192.168.241.133:32956->192.168.241.1:8080(tcp:SYN) tcp_wfree
0xffff91e7cf0a3e00 6   <empty>:0        4026531840 0            ens33:2      0x0800 1500  46    [0x00000000,0x00000000,0x00000014,0x00000006,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp4_gro_receive
0xffff91e7cf0a3e00 6   <empty>:0        4026531840 0            ens33:2      0x0800 1500  46    [0x00000000,0x00000000,0x00000014,0x00000006,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_gro_receive
0xffff91e7cf0a3e00 6   <empty>:0        4026531840 0            ens33:2      0x0800 1500  40    [0x00000000,0x00000000,0x00000000,0x00000000,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_v4_early_demux
0xffff91e7cf0a3e00 6   <empty>:0        4026531840 0            ens33:2      0x0800 65536 20    [0x00000000,0x00000000,0x00000000,0x00000000,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_v4_rcv
0xffff91e7cf0a3e00 6   <empty>:0        4026531840 0            ens33:2      0x0800 65536 20    [0x00000000,0x00000000,0x00000000,0x00000000,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_filter
0xffff91e7cf0a3e00 6   <empty>:0        4026531840 0            ens33:2      0x0800 65536 20    [0x00000000,0x00000000,0x00000000,0x00000000,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_v4_fill_cb
0xffff91e7cf0a3e00 6   <empty>:0        0          0               0         0x0800 65536 20    [0x00000000,0x04000014,0x80E6EBB0,0x00000000,0x00000002] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_v4_do_rcv
0xffff91e7cf0a3e00 6   <empty>:0        0          0               0         0x0800 65536 20    [0x00000000,0x04000014,0x80E6EBB0,0x00000000,0x00000002] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_rcv_state_process
0xffff91e7cf0a3e00 6   <empty>:0        0          0               0         0x0800 65536 20    [0x00000000,0x04000014,0x80E6EBB0,0x00000000,0x00000002] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_rcv_synsent_state_process
0xffff91e7cf0a3e00 6   <empty>:0        0          0               0         0x0800 65536 20    [0x00000000,0x04000014,0x80E6EBB0,0x00000000,0x00000002] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_reset
^C2024/12/06 14:30:22 Received signal, exiting program..
2024/12/06 14:30:22 Detaching kprobes...
4 / 4 [---------------------------------------------------------------------------------------------------------------------------------------] 100.00% 22 p/s

brb

I like it, thanks! We are running out of screen space in the default output, maybe you could enable printing the tcp flags with --output-tcp-flags?

It will be helpful to check receiving a RST packet when fail to run `telnet`. ```bash $ sudo ./pwru --output-tcp-flags --filter-func '.*tcp.*' tcp and host 192.168.241.1 and port 8080 2024/12/06 14:30:17 Attaching kprobes (via kprobe-multi)... 146 / 146 [------------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s 2024/12/06 14:30:17 Attached (ignored 0) 2024/12/06 14:30:17 Listening for events.. SKB CPU PROCESS NETNS MARK/x IFACE PROTO MTU LEN __sk_buff->cb[] TUPLE FUNC 0xffff91e7c90a98e8 6 <empty>:0 4026531840 0 ens33:2 0x0800 1500 74 [0x00000000,0x00000000,0x00000000,0x00000000,0x00000000] 192.168.241.133:32956->192.168.241.1:8080(tcp:SYN) tcp_wfree 0xffff91e7cf0a3e00 6 <empty>:0 4026531840 0 ens33:2 0x0800 1500 46 [0x00000000,0x00000000,0x00000014,0x00000006,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp4_gro_receive 0xffff91e7cf0a3e00 6 <empty>:0 4026531840 0 ens33:2 0x0800 1500 46 [0x00000000,0x00000000,0x00000014,0x00000006,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_gro_receive 0xffff91e7cf0a3e00 6 <empty>:0 4026531840 0 ens33:2 0x0800 1500 40 [0x00000000,0x00000000,0x00000000,0x00000000,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_v4_early_demux 0xffff91e7cf0a3e00 6 <empty>:0 4026531840 0 ens33:2 0x0800 65536 20 [0x00000000,0x00000000,0x00000000,0x00000000,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_v4_rcv 0xffff91e7cf0a3e00 6 <empty>:0 4026531840 0 ens33:2 0x0800 65536 20 [0x00000000,0x00000000,0x00000000,0x00000000,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_filter 0xffff91e7cf0a3e00 6 <empty>:0 4026531840 0 ens33:2 0x0800 65536 20 [0x00000000,0x00000000,0x00000000,0x00000000,0x00060001] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_v4_fill_cb 0xffff91e7cf0a3e00 6 <empty>:0 0 0 0 0x0800 65536 20 [0x00000000,0x04000014,0x80E6EBB0,0x00000000,0x00000002] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_v4_do_rcv 0xffff91e7cf0a3e00 6 <empty>:0 0 0 0 0x0800 65536 20 [0x00000000,0x04000014,0x80E6EBB0,0x00000000,0x00000002] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_rcv_state_process 0xffff91e7cf0a3e00 6 <empty>:0 0 0 0 0x0800 65536 20 [0x00000000,0x04000014,0x80E6EBB0,0x00000000,0x00000002] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_rcv_synsent_state_process 0xffff91e7cf0a3e00 6 <empty>:0 0 0 0 0x0800 65536 20 [0x00000000,0x04000014,0x80E6EBB0,0x00000000,0x00000002] 192.168.241.1:8080->192.168.241.133:32956(tcp:RST|ACK) tcp_reset ^C2024/12/06 14:30:22 Received signal, exiting program.. 2024/12/06 14:30:22 Detaching kprobes... 4 / 4 [---------------------------------------------------------------------------------------------------------------------------------------] 100.00% 22 p/s ``` Signed-off-by: Leon Hwang <hffilwlqm@gmail.com>

jschwinger233 · 2025-01-16T10:23:30Z

Agree with --output-tcp-flags, also raise my concern about " running out of screen space" 😿

Asphaltt requested a review from a team as a code owner December 6, 2024 14:35

Asphaltt requested review from brb and removed request for a team December 6, 2024 14:35

Asphaltt force-pushed the feat/output-tcpflags branch from 84e15d5 to c14460f Compare December 6, 2024 14:55

brb reviewed Jan 15, 2025

View reviewed changes

Asphaltt force-pushed the feat/output-tcpflags branch from c14460f to e5c7181 Compare January 15, 2025 13:55

Asphaltt requested a review from brb January 15, 2025 13:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Output TCP flags alongside tuple #466

Output TCP flags alongside tuple #466

Asphaltt commented Dec 6, 2024 •

edited

Loading

brb left a comment

jschwinger233 commented Jan 16, 2025

Output TCP flags alongside tuple #466

Are you sure you want to change the base?

Output TCP flags alongside tuple #466

Conversation

Asphaltt commented Dec 6, 2024 • edited Loading

brb left a comment

Choose a reason for hiding this comment

jschwinger233 commented Jan 16, 2025

Asphaltt commented Dec 6, 2024 •

edited

Loading