Add more info to filter logging.

2025-02-26 12:16:33 -05:00
parent f27481fb3b
commit e54fb3fe79
5 changed files with 72 additions and 4 deletions
--- a/src/common/types.h
+++ b/src/common/types.h
@@ -139,9 +139,19 @@ struct filter_log_event
 {
    u64 ts;
    int filter_id;
+
    u32 src_ip;
    u32 src_ip6[4];
+
    u16 src_port;
+
+    u32 dst_ip;
+    u32 dst_ip6[4];
+
+    u16 dst_port;
+
+    u8 protocol;
+
    u64 pps;
    u64 bps;
 } typedef filter_log_event_t;
--- a/src/loader/utils/helpers.c
+++ b/src/loader/utils/helpers.c
@@ -57,6 +57,30 @@ ip_range_t ParseIpCidr(const char *ip)
    return ret;
 }

+/**
+ * Retrieves protocol name by ID.
+ * 
+ * @param id The protocol ID
+ * 
+ * @return The protocol string. 
+ */
+const char* GetProtocolStrById(int id)
+{
+    switch (id)
+    {
+        case IPPROTO_TCP:
+            return "TCP";
+
+        case IPPROTO_UDP:
+            return "UDP";
+        
+        case IPPROTO_ICMP:
+            return "ICMP";
+    }
+
+    return "N/A";
+}
+
 /**
 * Prints tool name and author.
 * 
--- a/src/loader/utils/helpers.h
+++ b/src/loader/utils/helpers.h
@@ -18,4 +18,5 @@ extern int cont;
 void PrintHelpMenu();
 void SignalHndl(int code);
 ip_range_t ParseIpCidr(const char* ip);
+const char* GetProtocolStrById(int id);
 void PrintToolInfo();
--- a/src/loader/utils/logging.c
+++ b/src/loader/utils/logging.c
@@ -101,6 +101,8 @@ void LogMsg(config__t* cfg, int req_lvl, int error, const char* msg, ...)
 * @param ctx The context (should be config__t*).
 * @param data The event data (should be filter_log_event_t*).
 * @param sz The event data size.
+ * 
+ * @return 0 on success or 1 on failure.
 */
 int HandleRbEvent(void* ctx, void* data, size_t sz)
 {
@@ -114,14 +116,17 @@ int HandleRbEvent(void* ctx, void* data, size_t sz)
        return 1;
    }

-    char ip_str[INET6_ADDRSTRLEN];
+    char src_ip_str[INET6_ADDRSTRLEN];
+    char dst_ip_str[INET_ADDRSTRLEN];

    if (memcmp(e->src_ip6, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16) != 0)
    {
-        inet_ntop(AF_INET6, e->src_ip6, ip_str, sizeof(ip_str));
+        inet_ntop(AF_INET6, e->src_ip6, src_ip_str, sizeof(src_ip_str));
+        inet_ntop(AF_INET6, e->dst_ip6, dst_ip_str, sizeof(dst_ip_str));
    } else
    {
-        inet_ntop(AF_INET, &e->src_ip, ip_str, sizeof(ip_str));
+        inet_ntop(AF_INET, &e->src_ip, src_ip_str, sizeof(src_ip_str));
+        inet_ntop(AF_INET, &e->dst_ip, dst_ip_str, sizeof(dst_ip_str));
    }

    char* action = "Dropped";
@@ -131,7 +136,9 @@ int HandleRbEvent(void* ctx, void* data, size_t sz)
        action = "Passed";
    }

-    LogMsg(cfg, 0, 0, "[FILTER %d] %s packet from '%s:%d' (PPS => %llu, BPS => %llu, Filter Block Time => %llu)...", e->filter_id, action, ip_str, e->src_port, e->pps, e->bps, filter->blocktime);
+    const char* protocol_str = GetProtocolStrById(e->protocol);
+
+    LogMsg(cfg, 0, 0, "[FILTER %d] %s %s packet '%s:%d' => '%s:%d' (PPS => %llu, BPS => %llu, Filter Block Time => %llu)...", e->filter_id, action, protocol_str, src_ip_str, htons(e->src_port), dst_ip_str, htons(e->dst_port), e->pps, e->bps, filter->blocktime);

    return 0;
 }
--- a/src/xdp/prog.c
+++ b/src/xdp/prog.c
@@ -136,6 +136,11 @@ int xdp_prog_main(struct xdp_md *ctx)
    struct icmp6hdr *icmp6h = NULL;

    u16 src_port = 0;
+
+#ifdef ENABLE_FILTER_LOGGING
+    u16 dst_port = 0;
+#endif
+
    u8 protocol = 0;
    
    if (iph6)
@@ -156,6 +161,10 @@ int xdp_prog_main(struct xdp_md *ctx)

                src_port = tcph->source;

+#ifdef ENABLE_FILTER_LOGGING
+                dst_port = tcph->dest;
+#endif
+
                break;

            case IPPROTO_UDP:
@@ -170,6 +179,10 @@ int xdp_prog_main(struct xdp_md *ctx)

                src_port = udph->source;

+#ifdef ENABLE_FILTER_LOGGING
+                dst_port = udph->dest;
+#endif
+
                break;

            case IPPROTO_ICMPV6:
@@ -203,6 +216,10 @@ int xdp_prog_main(struct xdp_md *ctx)

                src_port = tcph->source;

+#ifdef ENABLE_FILTER_LOGGING
+                dst_port = tcph->dest;
+#endif
+
                break;

            case IPPROTO_UDP:
@@ -217,6 +234,10 @@ int xdp_prog_main(struct xdp_md *ctx)

                src_port = udph->source;

+#ifdef ENABLE_FILTER_LOGGING
+                dst_port = udph->dest;
+#endif
+
                break;

            case IPPROTO_ICMP:
@@ -527,12 +548,17 @@ int xdp_prog_main(struct xdp_md *ctx)
                if (iph)
                {
                    e->src_ip = iph->saddr;
+                    e->dst_ip = iph->daddr;
                } else if (iph6)
                {
                    memcpy(&e->src_ip6, iph6->saddr.in6_u.u6_addr32, 4);
+                    memcpy(&e->dst_ip6, iph6->daddr.in6_u.u6_addr32, 4);
                }

                e->src_port = src_port;
+                e->dst_port = dst_port;
+
+                e->protocol = protocol;

                e->pps = pps;
                e->bps = bps;