Introduce flag for tool testing: provide ability to disable ban hooks
This commit is contained in:
parent
020c87928d
commit
93336a6567
|
@ -244,6 +244,11 @@ DUMP_ALL_PACKETS will enable all packets dumping to console. It's very useful fo
|
|||
DUMP_ALL_PACKETS=yes ./fastnetmon eth3,eth4
|
||||
```
|
||||
|
||||
How I can disable ban for testing purposes?
|
||||
```bash
|
||||
DISABLE_BAN=1 ./fastnetmon eth3,eth4
|
||||
```
|
||||
|
||||
Recommended configuration options for ixgbe Intel X540 driver:
|
||||
```bash
|
||||
cat /etc/modprobe.d/ixgbe.conf
|
||||
|
|
|
@ -307,6 +307,9 @@ unsigned int MAP_INITIAL_SIZE = 2048;
|
|||
vector<subnet> our_networks;
|
||||
vector<subnet> whitelist_networks;
|
||||
|
||||
// Флаг управляющий поведением работы бана
|
||||
bool we_do_real_ban = true;
|
||||
|
||||
/*
|
||||
Тут кроется огромный баго-фич:
|
||||
В случае прослушивания any интерфейсов мы ловим фичу-баг, вместо эзернет хидера у нас тип 113, который LINUX SLL,
|
||||
|
@ -1123,7 +1126,8 @@ void process_packet(simple_packet& current_packet) {
|
|||
current_packet.length = 0;
|
||||
|
||||
// calculate hash
|
||||
uint64_t hash = MurmurHash64A(¤t_packet, sizeof(current_packet), 11);
|
||||
unsigned int seed = 11;
|
||||
uint64_t hash = MurmurHash64A(¤t_packet, sizeof(current_packet), seed);
|
||||
|
||||
flow_counter.lock();
|
||||
FlowCounter[hash]++;
|
||||
|
@ -1449,6 +1453,12 @@ int main(int argc,char **argv) {
|
|||
if (getenv("DUMP_ALL_PACKETS") != NULL) {
|
||||
DEBUG_DUMP_ALL_PACKETS = true;
|
||||
}
|
||||
|
||||
// We can disable ban with this flag
|
||||
if (getenv("DISABLE_BAN") != NULL) {
|
||||
logger<< log4cpp::Priority::INFO<<"User wants disable ban feature competely, do it!";
|
||||
we_do_real_ban = false;
|
||||
}
|
||||
|
||||
#ifdef PCAP
|
||||
char errbuf[PCAP_ERRBUF_SIZE];
|
||||
|
@ -1907,6 +1917,11 @@ void execute_ip_ban(uint32_t client_ip, unsigned int in_pps, unsigned int out_pp
|
|||
direction data_direction;
|
||||
unsigned int pps = 0;
|
||||
|
||||
if (!we_do_real_ban) {
|
||||
logger<<log4cpp::Priority::INFO<<"We do not ban: "<<convert_ip_as_uint_to_string(client_ip)<<" because ban disabled completely";
|
||||
return;
|
||||
}
|
||||
|
||||
// Check attack direction
|
||||
if (in_pps > out_pps) {
|
||||
data_direction = INCOMING;
|
||||
|
|
Loading…
Reference in New Issue