nhorman
Interface or Protocol based Filtering feature for Packet Alert-mode
Added support for filtering based on protocol or interface. 1.To filter only drops of a particular protocol [only drops in a particular protocol packets will be captured]: Set Command : set filter protocol [protocol num in hex] Clear Command : set filter clear protocol
2.To filter only drops on a particular network interface [only drops in a particular interface will be captured]: Set Command : set filter ifindex [index of interface] Clear Command : set filter clear ifindex
3.To clear all filters: set filter clear
could you please improve the changelog messages? "Add files via upload" and "Merge Pull request 1" doesn't tell me anything about what those changes do
This also seems a little...specific. Filtering on ifindex seems like a fine idea, but there are several attributes that get attached to an alert message (NET_DM_ATTR_ORIGIN, IFINDEX, ORIG_LEN, PROTO, etc). If you want to add filtering, it seems like it would be nice to come up with a repeatable option/syntax match on any or all of those options. I.e provide command line syntax that lets you set a filter string of the form <ATTR> < [==] | [!=] | > ] | [<] ><VALUE> [&& | || ] .... That would give us the ability to filter on any of those attributes without having to update the userspace tool with new options any time we add a new attribute in the kernel
I agree with your point.Let me make this filtering generic, so as to make it more scalable for future options.Let me update this over the weekend.