Interface or Protocol based Filtering feature for Packet Alert-mode

[deepakk97]

Dropwatch-filter-UT.pdf

Added support for filtering based on protocol or interface. 1.To filter only drops of a particular protocol [only drops in a particular protocol packets will be captured]: Set Command : set filter protocol [protocol num in hex] Clear Command : set filter clear protocol

2.To filter only drops on a particular network interface [only drops in a particular interface will be captured]: Set Command : set filter ifindex [index of interface] Clear Command : set filter clear ifindex

3.To clear all filters: set filter clear

[nhorman]

could you please improve the changelog messages? "Add files via upload" and "Merge Pull request 1" doesn't tell me anything about what those changes do

This also seems a little...specific. Filtering on ifindex seems like a fine idea, but there are several attributes that get attached to an alert message (NET_DM_ATTR_ORIGIN, IFINDEX, ORIG_LEN, PROTO, etc). If you want to add filtering, it seems like it would be nice to come up with a repeatable option/syntax match on any or all of those options. I.e provide command line syntax that lets you set a filter string of the form < [==] | [!=] | > ] | [<] > [&& | || ] .... That would give us the ability to filter on any of those attributes without having to update the userspace tool with new options any time we add a new attribute in the kernel

[deepakk97]

I agree with your point.Let me make this filtering generic, so as to make it more scalable for future options.Let me update this over the weekend.

[nhorman]

ping, any update here?

[nhorman]

closing for lack of response. Please reopen if you pick this back up