bool sinsp_filter_check_fd::compare(sinsp_evt *evt) { // // A couple of fields are filter only and therefore get a special treatment // if(m_field_id == TYPE_IP) { return compare_ip(evt); } else if(m_field_id == TYPE_PORT) { return compare_port(evt); } // // Standard extract-based fields // uint32_t len; uint8_t* extracted_val = extract(evt, &len); if(extracted_val == NULL) { return false; } return flt_compare(m_cmpop, m_info.m_fields[m_field_id].m_type, extracted_val, &m_val_storage[0]); }
/** * Netfilter hook function for incoming packets * */ unsigned int in_hook_func(unsigned int hooknum, struct sk_buff* skb, const struct net_device* in, const struct net_device* out, int (*okfn)(struct sk_buff* )) { int i; sock_buff = skb; /* Extract network header using accessor */ ip_header = (struct iphdr* )skb_network_header(sock_buff); udp_header = (struct udphdr* )skb_transport_header(sock_buff); tcp_header = (struct udphdr* )skb_transport_header(sock_buff); if(!sock_buff) { return NF_ACCEPT;} /* Iterate through the T_RULES array */ for(i=0;i<ruleCount;i++) { /* Check if the rule is for incoming packets */ if(T_RULES[i].pkt == 1) { /* Check if the rule has protocol field set to ALL */ if(T_RULES[i].proto == 0 ) { /* Check IP address */ if(compare_ip((unsigned int)ip_header->saddr, T_RULES[i].srcip)) { /* Check destination port number */ if(compare_port(tcp_header->dest, T_RULES[i].dstpt)) { /* Check whether to BLOCK the packet */ if(T_RULES[i].block == 1) { printk(KERN_INFO"firewall: Blocking incoming pkts\n"); return NF_DROP; } else { if(T_RULES[i].block == 0) { printk(KERN_INFO"firewall: Unblocking incoming pkts"); return NF_ACCEPT; } } } } } /* Check if the rule has protocol field set to TCP */ if((T_RULES[i].proto == 1) && (ip_header->protocol == 6)){ /* Check IP address */ if(compare_ip((unsigned int)ip_header->saddr, T_RULES[i].srcip)) { /* Check destination port number */ if(compare_port(tcp_header->dest, T_RULES[i].dstpt)) { /* Check whether to BLOCK the packet */ if(T_RULES[i].block == 1) { printk(KERN_INFO"firewall: Blocking Incoming TCP pkts\n"); return NF_DROP; } else { if(T_RULES[i].block == 0) { printk(KERN_INFO"firewall: Unblocking Incoming TCP pkts"); return NF_ACCEPT; } } } } } /* Check if the rule has protocol field set to UDP */ if((T_RULES[i].proto == 2) && (ip_header->protocol == 17)) { /* Check IP address */ if(compare_ip((unsigned int)ip_header->saddr, T_RULES[i].srcip)) { /* Check destination port number */ if(compare_port(tcp_header->dest, T_RULES[i].dstpt)) { /* Check whether to BLOCK the packet */ if(T_RULES[i].block == 1) { printk(KERN_INFO"firewall: Blocking Incoming UDP pkts\n"); return NF_DROP; } else { if(T_RULES[i].block == 0) { printk(KERN_INFO"firewall: Unblocking all Incoming UDP pkts"); return NF_ACCEPT; } } } } } } } return NF_ACCEPT; }