bool sinsp_filter_check_fd::compare_port(sinsp_evt *evt)
{
if(!extract_fd(evt))
{
return false;
}
if(m_fdinfo != NULL)
{
scap_fd_type evt_type = m_fdinfo->m_type;
if(evt_type == SCAP_FD_IPV4_SOCK)
{
if(m_cmpop == CO_EQ)
{
if(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sport == *(uint16_t*)&m_val_storage[0] ||
m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dport == *(uint16_t*)&m_val_storage[0])
{
return true;
}
}
else if(m_cmpop == CO_NE)
{
if(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sport != *(uint16_t*)&m_val_storage[0] &&
m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dport != *(uint16_t*)&m_val_storage[0])
{
return true;
}
}
else
{
throw sinsp_exception("filter error: IP filter only supports '=' and '!=' operators");
}
}
else if(evt_type == SCAP_FD_IPV4_SERVSOCK)
{
if(m_fdinfo->m_sockinfo.m_ipv4serverinfo.m_port == *(uint16_t*)&m_val_storage[0])
{
return true;
}
}
else if(evt_type == SCAP_FD_IPV6_SOCK)
{
if(m_fdinfo->m_sockinfo.m_ipv6info.m_fields.m_sport == *(uint16_t*)&m_val_storage[0] ||
m_fdinfo->m_sockinfo.m_ipv6info.m_fields.m_dport == *(uint16_t*)&m_val_storage[0])
{
return true;
}
}
else if(evt_type == SCAP_FD_IPV6_SERVSOCK)
{
if(m_fdinfo->m_sockinfo.m_ipv6serverinfo.m_port == *(uint16_t*)&m_val_storage[0])
{
return true;
}
}
}
return false;
}
int main(int c, char** v) {
if (c < 3) {
fprintf(stderr, "usage: %s <chmfile> <outdir>\n", v[0]);
exit(1);
}
bool ok = extract_fd(v[1], v[2]);
if (!ok) {
printf(" *** ERROR ***\n");
}
return 0;
}
bool sinsp_filter_check_fd::compare_ip(sinsp_evt *evt)
{
if(!extract_fd(evt))
{
return false;
}
if(m_fdinfo != NULL)
{
scap_fd_type evt_type = m_fdinfo->m_type;
if(evt_type == SCAP_FD_IPV4_SOCK)
{
if(m_cmpop == CO_EQ)
{
if(flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sip, &m_val_storage[0]) ||
flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip, &m_val_storage[0]))
{
return true;
}
}
else if(m_cmpop == CO_NE)
{
if(flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sip, &m_val_storage[0]) &&
flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip, &m_val_storage[0]))
{
return true;
}
}
else
{
throw sinsp_exception("filter error: IP filter only supports '=' and '!=' operators");
}
}
else if(evt_type == SCAP_FD_IPV4_SERVSOCK)
{
if(m_fdinfo->m_sockinfo.m_ipv4serverinfo.m_ip == *(uint32_t*)&m_val_storage[0])
{
return true;
}
}
}
return false;
}
uint8_t* sinsp_filter_check_fd::extract(sinsp_evt *evt, OUT uint32_t* len)
{
ASSERT(evt);
if(!extract_fd(evt))
{
return NULL;
}
//
// TYPE_FDNUM doesn't need fdinfo
//
if(m_field_id == TYPE_FDNUM)
{
return (uint8_t*)&m_tinfo->m_lastevent_fd;
}
if(m_fdinfo == NULL)
{
return extract_from_null_fd(evt, len);
}
switch(m_field_id)
{
case TYPE_FDNAME:
m_tstr = m_fdinfo->m_name;
m_tstr.erase(remove_if(m_tstr.begin(), m_tstr.end(), g_invalidchar()), m_tstr.end());
return (uint8_t*)m_tstr.c_str();
case TYPE_FDTYPE:
return extract_fdtype(m_fdinfo);
case TYPE_DIRECTORY:
{
m_tstr = m_fdinfo->m_name;
m_tstr.erase(remove_if(m_tstr.begin(), m_tstr.end(), g_invalidchar()), m_tstr.end());
size_t pos = m_tstr.rfind('/');
if(pos != string::npos)
{
if(pos < m_tstr.size() - 1)
{
m_tstr.resize(pos + 1);
}
}
else
{
m_tstr = "/";
}
return (uint8_t*)m_tstr.c_str();
}
case TYPE_FDTYPECHAR:
m_tcstr[0] = m_fdinfo->get_typechar();
m_tcstr[1] = 0;
return m_tcstr;
case TYPE_CLIENTIP:
{
scap_fd_type evt_type = m_fdinfo->m_type;
if(m_fdinfo->is_role_none())
{
return NULL;
}
if(evt_type == SCAP_FD_IPV4_SOCK)
{
return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sip);
}
}
break;
case TYPE_SERVERIP:
{
scap_fd_type evt_type = m_fdinfo->m_type;
if(m_fdinfo->is_role_none())
{
return NULL;
}
if(evt_type == SCAP_FD_IPV4_SOCK)
{
return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip);
}
else if(evt_type == SCAP_FD_IPV4_SERVSOCK)
{
return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4serverinfo.m_ip);
}
}
break;
case TYPE_CLIENTPORT:
{
scap_fd_type evt_type = m_fdinfo->m_type;
if(m_fdinfo->is_role_none())
{
return NULL;
}
if(evt_type == SCAP_FD_IPV4_SOCK)
{
return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sport);
}
else if(evt_type == SCAP_FD_IPV6_SOCK)
{
return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv6info.m_fields.m_sport);
}
}
case TYPE_SERVERPORT:
{
scap_fd_type evt_type = m_fdinfo->m_type;
if(evt_type == SCAP_FD_IPV4_SOCK)
{
if(m_fdinfo->is_role_none())
{
return NULL;
}
return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dport);
}
else if(evt_type == SCAP_FD_IPV4_SERVSOCK)
{
return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4serverinfo.m_port);
}
else if(evt_type == SCAP_FD_IPV6_SOCK)
{
if(m_fdinfo->is_role_none())
{
return NULL;
}
return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv6info.m_fields.m_dport);
}
else if(evt_type == SCAP_FD_IPV6_SERVSOCK)
{
return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv6serverinfo.m_port);
}
else
{
return NULL;
}
}
case TYPE_L4PROTO:
{
scap_l4_proto l4p = m_fdinfo->get_l4proto();
switch(l4p)
{
case SCAP_L4_TCP:
m_tstr = "tcp";
break;
case SCAP_L4_UDP:
m_tstr = "udp";
break;
case SCAP_L4_ICMP:
m_tstr = "icmp";
break;
case SCAP_L4_RAW:
m_tstr = "raw";
break;
default:
m_tstr = "<NA>";
break;
}
return (uint8_t*)m_tstr.c_str();
}
case TYPE_IS_SERVER:
{
m_tbool =
m_inspector->get_ifaddr_list()->is_ipv4addr_in_local_machine(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip);
return (uint8_t*)&m_tbool;
}
break;
default:
ASSERT(false);
}
return NULL;
}
