wcnscripts/scripts/captureDnsPackets/DnsPktCapture2022.yaml at 73e1995c0dccf757ffa5d10b57ef15a863f49d73 · microsoft/wcnscripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: dns-pkt-capture
  labels:
    app: dns-pkt-capture
spec:
  selector:
    matchLabels:
      name: dns-pkt-capture
  template:
    metadata:
      labels:
        name: dns-pkt-capture
    spec:
      securityContext:
        windowsOptions:
          hostProcess: true
          runAsUserName: "NT AUTHORITY\\SYSTEM"
      hostNetwork: true
      containers:
      - name: dns-pkt-capture
        image: mcr.microsoft.com/windows/servercore:ltsc2022
        lifecycle:
          preStop:
            exec:
              command: ["pktmon", "stop"]
        command:
        - powershell.exe
        - -command
        - |
            $podPrefix = "tcp-server"
            $pktmonLogs = "C:\pktmonLogs"

            Write-Host "Stop pktmon if running..."
            pktmon stop

            $pods = (crictl pods -o json | ConvertFrom-Json).items
            $podIPs = @()
            $macAddrs = @()

            foreach($pod in $pods) {
              if($pod.metadata.name -like "$podPrefix*") {
                $podInspect = (crictl inspectp $pod.id | ConvertFrom-Json)
                $podIP = $podInspect.status.network.ip
                $podIPs += $podIP
                $macAddrs += (Get-HnsEndpoint | where IPAddress -EQ $podIP).MacAddress
              }
            }

            if(($macAddrs).Count -Eq 0) {
              Write-Host "No matching pods. No mac addresses found..."
              While($true) {
                Start-Sleep -Seconds 60
              }
              return
            }

            Write-Host "POD IPS : $podIPs"
            Write-Host "MAC ADDRESSES : $macAddrs"

            $compIds = ""

            foreach($mac in $macAddrs) {
              $grepped = pktmon list | Select-String $mac
              $compId = $grepped.ToString().Trim().Split(" ")[0]
              if($compId -ne "") {
                if($compIds -eq "") {
                  $compIds = $compId
                } else {
                  $compIds += ","
                  $compIds += $compId
                }
              }
            }

            if($compIds -Eq "") {
              Write-Host "No matching pods. No component IDs found..."
              While($true) {
                Start-Sleep -Seconds 60
              }
              return
            }

            Write-Host "COMPONENT IDS : $compIds"

            Write-Host "Removing all pktmon filters if anything existing..."
            pktmon filter remove

            Write-Host "Create DNS Port filter..."
            pktmon filter add DNSFilter -p 53

            Write-Host "Create a directory for pktmon logs..."
            remove-item -Recurse -Force $pktmonLogs -ErrorAction Ignore
            mkdir $pktmonLogs
            Set-Location $pktmonLogs

            Write-Host "Start pktmon. Command : [pktmon start -c --comp $compIds --pkt-size 0 -m multi-file] ..."
            pktmon start -c --comp $compIds --pkt-size 0 -m multi-file

            Write-Host "Logs will be available in $pktmonLogs"

            While($true) {
              Start-Sleep -Seconds 21600
              Write-Host "Stop pktmon if running..."
              pktmon stop
            }

        securityContext:
          privileged: true
      nodeSelector:
        kubernetes.azure.com/os-sku: Windows2022