bool sinsp_filter_check_fd::compare_port(sinsp_evt *evt) { if(!extract_fd(evt)) { return false; } if(m_fdinfo != NULL) { scap_fd_type evt_type = m_fdinfo->m_type; if(evt_type == SCAP_FD_IPV4_SOCK) { if(m_cmpop == CO_EQ) { if(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sport == *(uint16_t*)&m_val_storage[0] || m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dport == *(uint16_t*)&m_val_storage[0]) { return true; } } else if(m_cmpop == CO_NE) { if(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sport != *(uint16_t*)&m_val_storage[0] && m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dport != *(uint16_t*)&m_val_storage[0]) { return true; } } else { throw sinsp_exception("filter error: IP filter only supports '=' and '!=' operators"); } } else if(evt_type == SCAP_FD_IPV4_SERVSOCK) { if(m_fdinfo->m_sockinfo.m_ipv4serverinfo.m_port == *(uint16_t*)&m_val_storage[0]) { return true; } } else if(evt_type == SCAP_FD_IPV6_SOCK) { if(m_fdinfo->m_sockinfo.m_ipv6info.m_fields.m_sport == *(uint16_t*)&m_val_storage[0] || m_fdinfo->m_sockinfo.m_ipv6info.m_fields.m_dport == *(uint16_t*)&m_val_storage[0]) { return true; } } else if(evt_type == SCAP_FD_IPV6_SERVSOCK) { if(m_fdinfo->m_sockinfo.m_ipv6serverinfo.m_port == *(uint16_t*)&m_val_storage[0]) { return true; } } } return false; }
int main(int c, char** v) { if (c < 3) { fprintf(stderr, "usage: %s <chmfile> <outdir>\n", v[0]); exit(1); } bool ok = extract_fd(v[1], v[2]); if (!ok) { printf(" *** ERROR ***\n"); } return 0; }
bool sinsp_filter_check_fd::compare_ip(sinsp_evt *evt) { if(!extract_fd(evt)) { return false; } if(m_fdinfo != NULL) { scap_fd_type evt_type = m_fdinfo->m_type; if(evt_type == SCAP_FD_IPV4_SOCK) { if(m_cmpop == CO_EQ) { if(flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sip, &m_val_storage[0]) || flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip, &m_val_storage[0])) { return true; } } else if(m_cmpop == CO_NE) { if(flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sip, &m_val_storage[0]) && flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip, &m_val_storage[0])) { return true; } } else { throw sinsp_exception("filter error: IP filter only supports '=' and '!=' operators"); } } else if(evt_type == SCAP_FD_IPV4_SERVSOCK) { if(m_fdinfo->m_sockinfo.m_ipv4serverinfo.m_ip == *(uint32_t*)&m_val_storage[0]) { return true; } } } return false; }
uint8_t* sinsp_filter_check_fd::extract(sinsp_evt *evt, OUT uint32_t* len) { ASSERT(evt); if(!extract_fd(evt)) { return NULL; } // // TYPE_FDNUM doesn't need fdinfo // if(m_field_id == TYPE_FDNUM) { return (uint8_t*)&m_tinfo->m_lastevent_fd; } if(m_fdinfo == NULL) { return extract_from_null_fd(evt, len); } switch(m_field_id) { case TYPE_FDNAME: m_tstr = m_fdinfo->m_name; m_tstr.erase(remove_if(m_tstr.begin(), m_tstr.end(), g_invalidchar()), m_tstr.end()); return (uint8_t*)m_tstr.c_str(); case TYPE_FDTYPE: return extract_fdtype(m_fdinfo); case TYPE_DIRECTORY: { m_tstr = m_fdinfo->m_name; m_tstr.erase(remove_if(m_tstr.begin(), m_tstr.end(), g_invalidchar()), m_tstr.end()); size_t pos = m_tstr.rfind('/'); if(pos != string::npos) { if(pos < m_tstr.size() - 1) { m_tstr.resize(pos + 1); } } else { m_tstr = "/"; } return (uint8_t*)m_tstr.c_str(); } case TYPE_FDTYPECHAR: m_tcstr[0] = m_fdinfo->get_typechar(); m_tcstr[1] = 0; return m_tcstr; case TYPE_CLIENTIP: { scap_fd_type evt_type = m_fdinfo->m_type; if(m_fdinfo->is_role_none()) { return NULL; } if(evt_type == SCAP_FD_IPV4_SOCK) { return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sip); } } break; case TYPE_SERVERIP: { scap_fd_type evt_type = m_fdinfo->m_type; if(m_fdinfo->is_role_none()) { return NULL; } if(evt_type == SCAP_FD_IPV4_SOCK) { return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip); } else if(evt_type == SCAP_FD_IPV4_SERVSOCK) { return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4serverinfo.m_ip); } } break; case TYPE_CLIENTPORT: { scap_fd_type evt_type = m_fdinfo->m_type; if(m_fdinfo->is_role_none()) { return NULL; } if(evt_type == SCAP_FD_IPV4_SOCK) { return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sport); } else if(evt_type == SCAP_FD_IPV6_SOCK) { return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv6info.m_fields.m_sport); } } case TYPE_SERVERPORT: { scap_fd_type evt_type = m_fdinfo->m_type; if(evt_type == SCAP_FD_IPV4_SOCK) { if(m_fdinfo->is_role_none()) { return NULL; } return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dport); } else if(evt_type == SCAP_FD_IPV4_SERVSOCK) { return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv4serverinfo.m_port); } else if(evt_type == SCAP_FD_IPV6_SOCK) { if(m_fdinfo->is_role_none()) { return NULL; } return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv6info.m_fields.m_dport); } else if(evt_type == SCAP_FD_IPV6_SERVSOCK) { return (uint8_t*)&(m_fdinfo->m_sockinfo.m_ipv6serverinfo.m_port); } else { return NULL; } } case TYPE_L4PROTO: { scap_l4_proto l4p = m_fdinfo->get_l4proto(); switch(l4p) { case SCAP_L4_TCP: m_tstr = "tcp"; break; case SCAP_L4_UDP: m_tstr = "udp"; break; case SCAP_L4_ICMP: m_tstr = "icmp"; break; case SCAP_L4_RAW: m_tstr = "raw"; break; default: m_tstr = "<NA>"; break; } return (uint8_t*)m_tstr.c_str(); } case TYPE_IS_SERVER: { m_tbool = m_inspector->get_ifaddr_list()->is_ipv4addr_in_local_machine(m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip); return (uint8_t*)&m_tbool; } break; default: ASSERT(false); } return NULL; }