From owner-svn-src-all@freebsd.org Mon Feb 4 22:38:35 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 193CE14B5148; Mon, 4 Feb 2019 22:38:35 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B53EC75C8C; Mon, 4 Feb 2019 22:38:34 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7F307C899; Mon, 4 Feb 2019 22:38:34 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x14McYdQ026776; Mon, 4 Feb 2019 22:38:34 GMT (envelope-from brooks@FreeBSD.org) Received: (from brooks@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x14McYi3026775; Mon, 4 Feb 2019 22:38:34 GMT (envelope-from brooks@FreeBSD.org) Message-Id: <201902042238.x14McYi3026775@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brooks set sender to brooks@FreeBSD.org using -f From: Brooks Davis Date: Mon, 4 Feb 2019 22:38:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r343756 - stable/12/sys/netinet X-SVN-Group: stable-12 X-SVN-Commit-Author: brooks X-SVN-Commit-Paths: stable/12/sys/netinet X-SVN-Commit-Revision: 343756 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: B53EC75C8C X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.93 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.93)[-0.931,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2019 22:38:35 -0000 Author: brooks Date: Mon Feb 4 22:38:34 2019 New Revision: 343756 URL: https://svnweb.freebsd.org/changeset/base/343756 Log: MFC r343587: Add a simple port filter to SIFTR. SIFTR does not allow any kind of filtering, but captures every packet processed by the TCP stack. Often, only a specific session or service is of interest, and doing the filtering in post-processing of the log adds to the overhead of SIFTR. This adds a new sysctl net.inet.siftr.port_filter. When set to zero, all packets get captured as previously. If set to any other value, only packets where either the source or the destination ports match, are captured in the log file. Submitted by: Richard Scheffenegger Reviewed by: Cheng Cui Differential Revision: https://reviews.freebsd.org/D18897 Modified: stable/12/sys/netinet/siftr.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netinet/siftr.c ============================================================================== --- stable/12/sys/netinet/siftr.c Mon Feb 4 21:28:25 2019 (r343755) +++ stable/12/sys/netinet/siftr.c Mon Feb 4 22:38:34 2019 (r343756) @@ -272,6 +272,7 @@ static volatile unsigned int siftr_exit_pkt_manager_th static unsigned int siftr_enabled = 0; static unsigned int siftr_pkts_per_log = 1; static unsigned int siftr_generate_hashes = 0; +static uint16_t siftr_port_filter = 0; /* static unsigned int siftr_binary_log = 0; */ static char siftr_logfile[PATH_MAX] = "/var/log/siftr.log"; static char siftr_logfile_shadow[PATH_MAX] = "/var/log/siftr.log"; @@ -317,6 +318,10 @@ SYSCTL_UINT(_net_inet_siftr, OID_AUTO, genhashes, CTLF &siftr_generate_hashes, 0, "enable packet hash generation"); +SYSCTL_U16(_net_inet_siftr, OID_AUTO, port_filter, CTLFLAG_RW, + &siftr_port_filter, 0, + "enable packet filter on a TCP port"); + /* XXX: TODO SYSCTL_UINT(_net_inet_siftr, OID_AUTO, binary, CTLFLAG_RW, &siftr_binary_log, 0, @@ -907,6 +912,16 @@ siftr_chkpkt(void *arg, struct mbuf **m, struct ifnet goto inp_unlock; } + /* + * Only pkts selected by the tcp port filter + * can be inserted into the pkt_queue + */ + if ((siftr_port_filter != 0) && + (siftr_port_filter != ntohs(inp->inp_lport)) && + (siftr_port_filter != ntohs(inp->inp_fport))) { + goto inp_unlock; + } + pn = malloc(sizeof(struct pkt_node), M_SIFTR_PKTNODE, M_NOWAIT|M_ZERO); if (pn == NULL) { @@ -1080,6 +1095,16 @@ siftr_chkpkt6(void *arg, struct mbuf **m, struct ifnet else ss->nskip_out_tcpcb++; + goto inp_unlock6; + } + + /* + * Only pkts selected by the tcp port filter + * can be inserted into the pkt_queue + */ + if ((siftr_port_filter != 0) && + (siftr_port_filter != ntohs(inp->inp_lport)) && + (siftr_port_filter != ntohs(inp->inp_fport))) { goto inp_unlock6; }