bool sinsp_filter_check_fd::compare(sinsp_evt *evt)
{
//
// A couple of fields are filter only and therefore get a special treatment
//
if(m_field_id == TYPE_IP)
{
return compare_ip(evt);
}
else if(m_field_id == TYPE_PORT)
{
return compare_port(evt);
}
//
// Standard extract-based fields
//
uint32_t len;
uint8_t* extracted_val = extract(evt, &len);
if(extracted_val == NULL)
{
return false;
}
return flt_compare(m_cmpop,
m_info.m_fields[m_field_id].m_type,
extracted_val,
&m_val_storage[0]);
}
/**
* Netfilter hook function for incoming packets
*
*/
unsigned int in_hook_func(unsigned int hooknum, struct sk_buff* skb, const struct net_device* in,
const struct net_device* out, int (*okfn)(struct sk_buff* ))
{
int i;
sock_buff = skb;
/* Extract network header using accessor */
ip_header = (struct iphdr* )skb_network_header(sock_buff);
udp_header = (struct udphdr* )skb_transport_header(sock_buff);
tcp_header = (struct udphdr* )skb_transport_header(sock_buff);
if(!sock_buff) { return NF_ACCEPT;}
/* Iterate through the T_RULES array */
for(i=0;i<ruleCount;i++) {
/* Check if the rule is for incoming packets */
if(T_RULES[i].pkt == 1) {
/* Check if the rule has protocol field set to ALL */
if(T_RULES[i].proto == 0 ) {
/* Check IP address */
if(compare_ip((unsigned int)ip_header->saddr, T_RULES[i].srcip)) {
/* Check destination port number */
if(compare_port(tcp_header->dest, T_RULES[i].dstpt)) {
/* Check whether to BLOCK the packet */
if(T_RULES[i].block == 1) {
printk(KERN_INFO"firewall: Blocking incoming pkts\n");
return NF_DROP;
} else {
if(T_RULES[i].block == 0) {
printk(KERN_INFO"firewall: Unblocking incoming pkts");
return NF_ACCEPT;
}
}
}
}
}
/* Check if the rule has protocol field set to TCP */
if((T_RULES[i].proto == 1) && (ip_header->protocol == 6)){
/* Check IP address */
if(compare_ip((unsigned int)ip_header->saddr, T_RULES[i].srcip)) {
/* Check destination port number */
if(compare_port(tcp_header->dest, T_RULES[i].dstpt)) {
/* Check whether to BLOCK the packet */
if(T_RULES[i].block == 1) {
printk(KERN_INFO"firewall: Blocking Incoming TCP pkts\n");
return NF_DROP;
} else {
if(T_RULES[i].block == 0) {
printk(KERN_INFO"firewall: Unblocking Incoming TCP pkts");
return NF_ACCEPT;
}
}
}
}
}
/* Check if the rule has protocol field set to UDP */
if((T_RULES[i].proto == 2) && (ip_header->protocol == 17)) {
/* Check IP address */
if(compare_ip((unsigned int)ip_header->saddr, T_RULES[i].srcip)) {
/* Check destination port number */
if(compare_port(tcp_header->dest, T_RULES[i].dstpt)) {
/* Check whether to BLOCK the packet */
if(T_RULES[i].block == 1) {
printk(KERN_INFO"firewall: Blocking Incoming UDP pkts\n");
return NF_DROP;
} else {
if(T_RULES[i].block == 0) {
printk(KERN_INFO"firewall: Unblocking all Incoming UDP pkts");
return NF_ACCEPT;
}
}
}
}
}
}
}
return NF_ACCEPT;
}
