diff options
| author | Yunchih Chen <yunchih.cat@gmail.com> | 2019-02-18 16:54:59 +0800 |
|---|---|---|
| committer | Yunchih Chen <yunchih.cat@gmail.com> | 2019-03-07 15:02:17 +0800 |
| commit | 1339866ff353dc120423441b00aaeae4ed64e98b (patch) | |
| tree | a6f476e49e5ea8e662b84e0fd504d18604eab465 | |
| parent | 9794706b676bdf70f68b253e1a2178f674a428a7 (diff) | |
| download | nfcollect-1339866ff353dc120423441b00aaeae4ed64e98b.tar.gz nfcollect-1339866ff353dc120423441b00aaeae4ed64e98b.tar.zst nfcollect-1339866ff353dc120423441b00aaeae4ed64e98b.zip | |
Prevent packet bursting by skipping consecutive ones
If a process (using the same source port) keeps
transmitting packets, only insert a log at the end of
a time interval
| -rw-r--r-- | lib/collect.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/collect.c b/lib/collect.c index 5ea673a..5f973be 100644 --- a/lib/collect.c +++ b/lib/collect.c @@ -42,7 +42,9 @@ Global g; static int handle_packet(__attribute__((unused)) struct nflog_g_handle *gh, __attribute__((unused)) struct nfgenmsg *nfmsg, struct nflog_data *nfa, void *_s) { -#define HASH_ENTRY(e) (e->sport ^ e->timestamp) +// log a bursting connection every `BURST_PERIOD` second +#define BURST_PERIOD 0x4 +#define HASH_ENTRY(e) (e->sport ^ (e->timestamp & ~(BURST_PERIOD - 1))) register const struct iphdr *iph; register Entry *entry; const struct tcphdr *tcph; |