adjust event description

Author: QxBytes

azure-iptables-monitor/README.md

@@ -29,11 +29,11 @@ Follow the steps below to build and run the program:
     ```
     - The `-input` flag specifies the directory containing allowed regex pattern files. Default: `/etc/config/`
     - The `-input6` flag specifies the directory containing allowed regex pattern files for IPv6 ip6tables. Default: `/etc/config6/`
-    - The `-interval` flag specifies how often to check iptables rules in seconds. Default: `300`
+    - The `-interval` flag specifies how often to check iptables rules and the bpf map in seconds. Default: `300`
     - The `-events` flag enables Kubernetes event creation for rule violations. Default: `false`
     - The `-ipv6` flag enables IPv6 ip6tables monitoring using the IPv6 allowlists. Default: `false`
     - The `-checkMap` flag enables checking the pinned bpf map specified in mapPath for increases. Default: `false`
-    - The `-mapPath` flag species the pinned bpf map path to check. Default: `/block-iptables/iptables_block_event_counter`
+    - The `-mapPath` flag specifies the pinned bpf map path to check. Default: `/block-iptables/iptables_block_event_counter`
     - The program must be in a k8s environment and `NODE_NAME` must be a set environment variable with the current node.
 
 5. The program will set the `kubernetes.azure.com/user-iptables-rules` label to `true` on the specified ciliumnode resource if unexpected rules are found, or `false` if all rules match expected patterns. Proper RBAC is required for patching (patch for ciliumnodes, create for events, get for nodes).

azure-iptables-monitor/iptables_monitor.go

@@ -30,7 +30,7 @@ var version string
 var (
 	configPath4   = flag.String("input", "/etc/config/", "Name of the directory with the ipv4 allowed regex files")
 	configPath6   = flag.String("input6", "/etc/config6/", "Name of directory with the ipv6 allowed regex files")
-	checkInterval = flag.Int("interval", 300, "How often to check iptables rules (in seconds)")
+	checkInterval = flag.Int("interval", 300, "How often to check for user iptables rules and bpf map increases (in seconds)")
 	sendEvents    = flag.Bool("events", false, "Whether to send node events if unexpected iptables rules are detected")
 	ipv6Enabled   = flag.Bool("ipv6", false, "Whether to check ip6tables using the ipv6 allowlists")
 	checkMap      = flag.Bool("checkMap", false, "Whether to check the bpf map at mapPath for increases")
@@ -351,7 +351,7 @@ func main() {
 		// if number of blocked rules increased since last time
 		blockedRulesIncreased := currentBlocks > previousBlocks
 		if *sendEvents && blockedRulesIncreased {
-			msg := fmt.Sprintf("Number of blocked iptables rules increased from %d to %d since last check", previousBlocks, currentBlocks)
+			msg := fmt.Sprintf("Number of blocked iptables rules increased from %d to %d since last check. EBPF Host Routing is enabled: aka.ms/acnsperformance", previousBlocks, currentBlocks)
 			err = createNodeEvent(clientset, currentNodeName, "BlockedIPTablesRule", msg, corev1.EventTypeWarning)
 			if err != nil {
 				klog.Errorf("failed to create iptables block event: %v", err)