diff options
| author | Vadim Kochan <vadim4j@gmail.com> | 2015-08-04 11:00:00 +0300 |
|---|---|---|
| committer | Tobias Klauser <tklauser@distanz.ch> | 2015-08-04 10:25:12 +0200 |
| commit | 123b444d78337a8f00d3ba83de3af3cdc6891de8 (patch) | |
| tree | b6e088efc4058a93b1d30d141d51d0e9e7263347 | |
| parent | bc7a68b9230282d3d7acf65ec040f73688da920b (diff) | |
flowtop: Do not insert DNS flows into list
Just ignore DNS flows instead of insert it and then
filter it out by presenter.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
| -rw-r--r-- | flowtop.c | 29 |
1 files changed, 20 insertions, 9 deletions
@@ -205,6 +205,8 @@ static void signal_handler(int number) static void flow_entry_from_ct(struct flow_entry *n, struct nf_conntrack *ct); static void flow_entry_get_extended(struct flow_entry *n); +static bool nfct_is_dns(struct nf_conntrack *ct); + static void help(void) { printf("flowtop %s, top-like netfilter TCP/UDP/SCTP/.. flow tracking\n", @@ -264,7 +266,15 @@ static inline void flow_list_init(struct flow_list *fl) static void flow_list_new_entry(struct flow_list *fl, struct nf_conntrack *ct) { - struct flow_entry *n = flow_entry_xalloc(); + struct flow_entry *n; + + /* We don't want to analyze / display DNS itself, since we + * use it to resolve reverse dns. + */ + if (nfct_is_dns(ct)) + return; + + n = flow_entry_xalloc(); n->ct = nfct_clone(ct); @@ -522,12 +532,15 @@ enum flow_entry_direction { flow_entry_dst, }; -static inline bool flow_entry_get_extended_is_dns(struct flow_entry *n) +static bool nfct_is_dns(struct nf_conntrack *ct) { - /* We don't want to analyze / display DNS itself, since we - * use it to resolve reverse dns. - */ - return n->port_src == 53 || n->port_dst == 53; + struct flow_entry fl; + struct flow_entry *n = &fl; + + CP_NFCT(port_src, ATTR_ORIG_PORT_SRC, 16); + CP_NFCT(port_dst, ATTR_ORIG_PORT_DST, 16); + + return ntohs(n->port_src) == 53 || ntohs(n->port_dst) == 53; } #define SELFLD(dir,src_member,dst_member) \ @@ -670,7 +683,7 @@ static void flow_entry_get_extended_revdns(struct flow_entry *n, static void flow_entry_get_extended(struct flow_entry *n) { - if (n->flow_id == 0 || flow_entry_get_extended_is_dns(n)) + if (n->flow_id == 0) return; if (show_src) { @@ -945,8 +958,6 @@ static void presenter_screen_update(WINDOW *screen, struct flow_list *fl, for (; n; n = rcu_dereference(n->next)) { n->is_visible = false; - if (presenter_get_port(n->port_src, n->port_dst, false) == 53) - continue; if (presenter_flow_wrong_state(n)) continue; |