From owner-svn-src-releng@freebsd.org Thu Oct 10 18:39:12 2019 Return-Path: Delivered-To: svn-src-releng@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 126831463C6; Thu, 10 Oct 2019 18:39:12 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46q0H36lSdz4Qs1; Thu, 10 Oct 2019 18:39:11 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CACF2613A; Thu, 10 Oct 2019 18:39:11 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x9AIdB53001627; Thu, 10 Oct 2019 18:39:11 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x9AIdBVZ001625; Thu, 10 Oct 2019 18:39:11 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <201910101839.x9AIdBVZ001625@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Thu, 10 Oct 2019 18:39:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r353412 - in releng/12.1: share/man/man4 sys/netinet X-SVN-Group: releng X-SVN-Commit-Author: tuexen X-SVN-Commit-Paths: in releng/12.1: share/man/man4 sys/netinet X-SVN-Commit-Revision: 353412 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Oct 2019 18:39:12 -0000 Author: tuexen Date: Thu Oct 10 18:39:11 2019 New Revision: 353412 URL: https://svnweb.freebsd.org/changeset/base/353412 Log: MFS r353402: In r343587 a simple port filter as sysctl tunable was added to siftr. The new sysctl was not added to the siftr.4 man page at the time. This updates the man page, and removes one left over trailing whitespace. Submitted by: Richard Scheffenegger Differential Revision: https://reviews.freebsd.org/D21619 Reviewed by: bcr@ Approved by: re (gjb@) Modified: releng/12.1/share/man/man4/siftr.4 releng/12.1/sys/netinet/siftr.c Directory Properties: releng/12.1/ (props changed) Modified: releng/12.1/share/man/man4/siftr.4 ============================================================================== --- releng/12.1/share/man/man4/siftr.4 Thu Oct 10 18:27:05 2019 (r353411) +++ releng/12.1/share/man/man4/siftr.4 Thu Oct 10 18:39:11 2019 (r353412) @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 18, 2015 +.Dd October 7, 2019 .Dt SIFTR 4 .Os .Sh NAME @@ -130,6 +130,14 @@ By default, the value is set to 0, which means no hash The hashes are useful to correlate which TCP packet triggered the generation of a particular log message, but calculating them adds additional computational overhead into the fast path. +.El +.Bl -tag -offset indent -width Va +.It Va net.inet.siftr.port_filter +controls on which source or destination port siftr should capture +.Nm . +By default, the value is set to 0, which means all ports are eligible for logging. +Set to any other value, only packets where either the source or destination +port is equal to this number are logged. .El .Ss Log Format A typical Modified: releng/12.1/sys/netinet/siftr.c ============================================================================== --- releng/12.1/sys/netinet/siftr.c Thu Oct 10 18:27:05 2019 (r353411) +++ releng/12.1/sys/netinet/siftr.c Thu Oct 10 18:39:11 2019 (r353412) @@ -916,7 +916,7 @@ siftr_chkpkt(void *arg, struct mbuf **m, struct ifnet * Only pkts selected by the tcp port filter * can be inserted into the pkt_queue */ - if ((siftr_port_filter != 0) && + if ((siftr_port_filter != 0) && (siftr_port_filter != ntohs(inp->inp_lport)) && (siftr_port_filter != ntohs(inp->inp_fport))) { goto inp_unlock;