Skip to content

Commit

Permalink
changed -M output for ICMP Unreachable to require verbose mode and re…
Browse files Browse the repository at this point in the history 
…duced local ssh log verbosity
  • Loading branch information
@r-caamano
r-caamano committed Dec 26, 2023
1 parent e37ee06 commit f7e208b
Showing 1 changed file with 25 additions and 21 deletions.
46 changes: 25 additions & 21 deletions src/zfw_tc_ingress.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -745,17 +745,19 @@ int bpf_sk_splice(struct __sk_buff *skb){
sk = bpf_skc_lookup_tcp(skb, o_session, sizeof(o_session->ipv4),BPF_F_CURRENT_NETNS, 0);
if(sk){
if (sk->state == BPF_TCP_LISTEN){
event.proto = IPPROTO_ICMP;
event.saddr = iph->saddr;
event.daddr = o_session->ipv4.daddr;
event.tracking_code = icmph->code;
if(icmph->code == 4){
event.sport = icmph->un.frag.mtu;
}else{
event.sport = inner_iph->protocol;
if(local_diag->verbose){
event.proto = IPPROTO_ICMP;
event.saddr = iph->saddr;
event.daddr = o_session->ipv4.daddr;
event.tracking_code = icmph->code;
if(icmph->code == 4){
event.sport = icmph->un.frag.mtu;
}else{
event.sport = inner_iph->protocol;
}
event.dport = o_session->ipv4.dport;
send_event(&event);
}
event.dport = o_session->ipv4.dport;
send_event(&event);
bpf_sk_release(sk);
return TC_ACT_OK;
}
Expand All @@ -770,17 +772,19 @@ int bpf_sk_splice(struct __sk_buff *skb){
oudp_session.ipv4.sport = o_session->ipv4.dport;
sk = bpf_sk_lookup_udp(skb, &oudp_session, sizeof(oudp_session.ipv4), BPF_F_CURRENT_NETNS, 0);
if(sk){
event.proto = IPPROTO_ICMP;
event.saddr = iph->saddr;
event.daddr = o_session->ipv4.daddr;
event.tracking_code = icmph->code;
if(icmph->code == 4){
event.sport = icmph->un.frag.mtu;
}else{
event.sport = inner_iph->protocol;
if(local_diag->verbose){
event.proto = IPPROTO_ICMP;
event.saddr = iph->saddr;
event.daddr = o_session->ipv4.daddr;
event.tracking_code = icmph->code;
if(icmph->code == 4){
event.sport = icmph->un.frag.mtu;
}else{
event.sport = inner_iph->protocol;
}
event.dport = o_session->ipv4.dport;
send_event(&event);
}
event.dport = o_session->ipv4.dport;
send_event(&event);
bpf_sk_release(sk);
return TC_ACT_OK;
}
Expand Down Expand Up @@ -830,7 +834,7 @@ int bpf_sk_splice(struct __sk_buff *skb){
}
for(int x = 0; x < addresses; x++){
if((tuple->ipv4.daddr == local_ip4->ipaddr[x]) && !local_diag->ssh_disable){
if(local_diag->verbose){
if(local_diag->verbose && ((event.tstamp % 2) == 0)){
event.proto = IPPROTO_TCP;
send_event(&event);
}
Expand Down

0 comments on commit f7e208b

Please sign in to comment.