scitix/gateway-diagnostics
skills/core/gateway-diagnostics/SKILL.md
Show and ping the gateway of a network interface, on a Kubernetes node or inside a pod's network namespace. Auto-detects the gateway from the routing table (ip -j route), reports interface type (RoCE / Ethernet / IB), and tests reachability with ping. Use for default-route / gateway questions, network reachability checks, RoCE/RDMA data-path validation, and "can this node/pod reach its gateway" investigations.
$ install --global
skillsauthnpx skillsauth add scitix/siclaw gateway-diagnosticsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 7, 2026, 4:29 AM42.2s4 files scanned
SKILL.md
- name:
- gateway-diagnostics
- description:
- >-
Gateway Diagnostics
Inspect and test the gateway of a network interface. Two operations, one script each; both run identically on a node or inside a pod — the only difference is how you launch them (see Targets below).
Router
| Need | Action |
| --- | --- |
| See the gateway / default route for an interface (with TYPE) | scripts/show-gateway.sh |
| Test whether the gateway is reachable | scripts/ping-gateway.sh |
| Target is a node (or a bound SSH host) | run directly — see Node target |
| Target is a pod | resolve the netns first — see Pod target |
| Switchdev PF caveat, or what RoCE/Ethernet/IB means | read references/switchdev-and-interface-types.md |
Targets
Node target
Prefer host_script when the node is a bound SSH host (check host_list) — it
runs over SSH with no debug pod. Fall back to node_script otherwise. Both take
the same skill / script / args.
host_script: host="<host>", skill="gateway-diagnostics", script="show-gateway.sh", args="<args>"
node_script: node="<node>", skill="gateway-diagnostics", script="show-gateway.sh", args="<args>"
Pod target
Runs in the pod's network namespace using host tools. Two steps:
- Resolve the pod's network namespace:
resolve_pod_netns: pod="<pod>", namespace="<ns>" - Run the script with the returned node and netns:
node_script: node="<node>", netns="<netns>", skill="gateway-diagnostics", script="ping-gateway.sh", args="<args>"
The script does not enter the namespace itself —
node_scriptdoes that via thenetns=param. The same script file serves both node and pod targets.
Parameters
show-gateway.sh
| Parameter | Required | Description |
|-----------|----------|-------------|
| --interface IFACE | no | Network interface name. If omitted, shows all. |
| --json | no | Output in JSON format (adds a type field per gateway). |
ping-gateway.sh
| Parameter | Required | Description |
|-----------|----------|-------------|
| --interface IFACE | yes | Network interface to find the gateway for |
| --source-ip | no | flag — auto-detect IP from the interface, use as ping source (-I <ip>) |
| --source-dev | no | flag — use the interface name as ping source (-I <iface>) |
| --count N | no | Number of ping packets (default: 3) |
--source-ip and --source-dev are mutually exclusive flags (no value needed).
Examples
Show all gateways on a node:
node_script: node="nodepool-061", skill="gateway-diagnostics", script="show-gateway.sh"
Show one interface's gateway on a bound host:
host_script: host="nodepool-061", skill="gateway-diagnostics", script="show-gateway.sh", args="--interface eth0"
Ping a node's gateway, sourcing from the interface IP:
node_script: node="nodepool-061", skill="gateway-diagnostics", script="ping-gateway.sh", args="--interface bond0 --source-ip"
Show / ping a pod's gateway (resolve netns first):
resolve_pod_netns: pod="rdma-pod", namespace="rdma-test"
→ node="worker-1", netns="abc123"
node_script: node="worker-1", netns="abc123", skill="gateway-diagnostics", script="show-gateway.sh", args="--interface net1 --json"
node_script: node="worker-1", netns="abc123", skill="gateway-diagnostics", script="ping-gateway.sh", args="--interface net1 --source-dev"
Interface types & switchdev
The output includes a TYPE column (RoCE / Ethernet / IB). If a target interface
is a PF in switchdev mode, gateway routes are not meaningful and ping will
always fail — this is expected, not a network problem. For the detection logic
and what to do instead (use a RoCE pod + the pod target), read
references/switchdev-and-interface-types.md.
Related Skills
scitix/skill-authoring
development
VerifiedTrustedCommunity
Guide for writing and improving Siclaw skills. Read this when creating or modifying a skill. Covers skill directory layout, SKILL.md format, script execution modes, and best practices.
209SKILL.mdUpdated Apr 23, 2026
scitix/node-logs
devops
VerifiedTrustedCommunity
Retrieve logs from a Kubernetes node. Supports journalctl (systemd units) and file-based logs. Use when you need to inspect node-level logs (containerd, kubelet, etc.). Run via host_script (preferred) or node_script.
209SKILL.mdUpdated Apr 12, 2026
scitix/manage-skill
development
VerifiedTrustedCommunity
Guides the user to the Siclaw Web page to manage Skills. Use this guide when the user requests to create, edit, or view a Skill in a Channel conversation.
88SKILL.mdUpdated Apr 12, 2026
scitix/volcano-scheduler-logs
development
VerifiedTrustedCommunity
Retrieve and analyze Volcano scheduler logs. Filter by keyword, time range, or pod name to debug scheduling decisions.
88SKILL.mdUpdated Apr 12, 2026