Introduce flag for tool testing: provide ability to disable ban hooks

2014-11-13 12:50:17 +04:00 · 2014-11-13 12:50:17 +04:00 · 93336a6567
parent 020c87928d
commit 93336a6567
2 changed files with 21 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -244,6 +244,11 @@ DUMP_ALL_PACKETS will enable all packets dumping to console. It's very useful fo
 DUMP_ALL_PACKETS=yes ./fastnetmon eth3,eth4
 ```

+How I can disable ban for testing purposes?
+```bash
+DISABLE_BAN=1 ./fastnetmon eth3,eth4
+```
+
 Recommended configuration options for ixgbe Intel X540 driver:
 ```bash
 cat /etc/modprobe.d/ixgbe.conf 
--- a/fastnetmon.cpp
+++ b/fastnetmon.cpp
@ -307,6 +307,9 @@ unsigned int MAP_INITIAL_SIZE = 2048;
 vector<subnet> our_networks;
 vector<subnet> whitelist_networks;

+// Флаг управляющий поведением работы бана
+bool we_do_real_ban = true;
+
 /* 
 Тут кроется огромный баго-фич:
  В случае прослушивания any интерфейсов мы ловим фичу-баг, вместо эзернет хидера у нас тип 113, который LINUX SLL,
@ -1123,7 +1126,8 @@ void process_packet(simple_packet& current_packet) {
        current_packet.length = 0;

        // calculate hash
-        uint64_t hash = MurmurHash64A(&current_packet, sizeof(current_packet), 11);
+        unsigned int seed = 11;
+        uint64_t hash = MurmurHash64A(&current_packet, sizeof(current_packet), seed);

        flow_counter.lock();
        FlowCounter[hash]++;
@ -1449,6 +1453,12 @@ int main(int argc,char **argv) {
    if (getenv("DUMP_ALL_PACKETS") != NULL) {
        DEBUG_DUMP_ALL_PACKETS = true;
    }
+
+    // We can disable ban with this flag
+    if (getenv("DISABLE_BAN") != NULL) {
+        logger<< log4cpp::Priority::INFO<<"User wants disable ban feature competely, do it!";
+        we_do_real_ban = false;
+    }
 
 #ifdef PCAP
    char errbuf[PCAP_ERRBUF_SIZE]; 
@ -1907,6 +1917,11 @@ void execute_ip_ban(uint32_t client_ip, unsigned int in_pps, unsigned int out_pp
    direction data_direction;
    unsigned int pps = 0;

+    if (!we_do_real_ban) {
+        logger<<log4cpp::Priority::INFO<<"We do not ban: "<<convert_ip_as_uint_to_string(client_ip)<<" because ban disabled completely";
+        return;
+    }
+
    // Check attack direction
    if (in_pps > out_pps) {
        data_direction = INCOMING;