d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a simple port filter to SIFTR.

Browse Source 
SIFTR does not allow any kind of filtering, but captures every packet
processed by the TCP stack.
Often, only a specific session or service is of interest, and doing the
filtering in post-processing of the log adds to the overhead of SIFTR.

This adds a new sysctl net.inet.siftr.port_filter. When set to zero, all
packets get captured as previously. If set to any other value, only
packets where either the source or the destination ports match, are
captured in the log file.

Submitted by:	Richard Scheffenegger
Reviewed by:	Cheng Cui
Differential Revision:	https://reviews.freebsd.org/D18897
This commit is contained in:
Brooks Davis 2019-01-30 17:44:30 +00:00
parent 54cde30f92
commit 435a8c1560
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
sys/netinet/siftr.c
View File

@ -272,6 +272,7 @@ static volatile unsigned int siftr_exit_pkt_manager_thread = 0;
static unsigned int siftr_enabled = 0;
static unsigned int siftr_pkts_per_log = 1;
static unsigned int siftr_generate_hashes = 0;
static uint16_t siftr_port_filter = 0;
/* static unsigned int siftr_binary_log = 0; */
static char siftr_logfile[PATH_MAX] = "/var/log/siftr.log";
static char siftr_logfile_shadow[PATH_MAX] = "/var/log/siftr.log";
@ -317,6 +318,10 @@ SYSCTL_UINT(_net_inet_siftr, OID_AUTO, genhashes, CTLFLAG_RW,
&siftr_generate_hashes, 0,
"enable packet hash generation");
SYSCTL_U16(_net_inet_siftr, OID_AUTO, port_filter, CTLFLAG_RW,
&siftr_port_filter, 0,
"enable packet filter on a TCP port");
/* XXX: TODO
SYSCTL_UINT(_net_inet_siftr, OID_AUTO, binary, CTLFLAG_RW,
&siftr_binary_log, 0,
@ -907,6 +912,16 @@ siftr_chkpkt(void *arg, struct mbuf **m, struct ifnet *ifp, int dir,
goto inp_unlock;
}
/*
* Only pkts selected by the tcp port filter
* can be inserted into the pkt_queue
*/
if ((siftr_port_filter != 0) &&
(siftr_port_filter != ntohs(inp->inp_lport)) &&
(siftr_port_filter != ntohs(inp->inp_fport))) {
goto inp_unlock;
}
pn = malloc(sizeof(struct pkt_node), M_SIFTR_PKTNODE, M_NOWAIT|M_ZERO);
if (pn == NULL) {
@ -1083,6 +1098,16 @@ siftr_chkpkt6(void *arg, struct mbuf **m, struct ifnet *ifp, int dir,
goto inp_unlock6;
}
/*
* Only pkts selected by the tcp port filter
* can be inserted into the pkt_queue
*/
if ((siftr_port_filter != 0) &&
(siftr_port_filter != ntohs(inp->inp_lport)) &&
(siftr_port_filter != ntohs(inp->inp_fport))) {
goto inp_unlock6;
}
pn = malloc(sizeof(struct pkt_node), M_SIFTR_PKTNODE, M_NOWAIT|M_ZERO);
if (pn == NULL) {