Set the BPF Filter for Flow Export on a Shark


This script can be used to set the BPF Filter for an adapter port used to filter traffic for flow export.



The script can be used to list available adapters and the current BPF filter setting, or to set the BPF filter for one adapter.


Listing Adapters

python -u <username> -p <password> <sharkhost> --list


Setting the BPF Filter for an Adapter

python -u <username> -p <password> <sharkhost>

     --adapter <name> --filter <filterstring>


For example, to restrict flow export only tcp/80 traffic on mon0:

python -u admin -p foo

     --adapter mon0 --filter 'tcp port 80'


#!/usr/bin/env python

# Copyright (c) 2013 Riverbed Technology, Inc.
# This software is licensed under the terms and conditions of the
# MIT License set forth at:
# ("License").  
# This software is distributed "AS IS" as set forth in the License.

This script sets the BPF filter for a Shark adapter port assocated with
flow export to a Profiler.

from import SharkApp

class SharkFlowExport(SharkApp):

    def add_options(self, parser):
        parser.add_option('--list', action="store_true", dest="list", default=False,
                          help='list all adapter ports')

        parser.add_option('--adapter', dest="adapter", default=None,
                          help='port to install the BPF filter on')
        parser.add_option('--filter', dest="filter", default=None,
                          help='BPF filter string to install')
        parser.add_option('--enable', action="store_true", dest="enable", default=False,
                          help='Enable the adapter port if not already enabled')

    def list_adapters(self):
        '''List the available adapter ports and current BPF filter'''
        pe = self.shark.api.settings.get_profiler_export()

        print "%-10s %-7s  %s" % ("Adapter", "Enabled", "BPF Filter")
        for adapter in pe['adapter_ports']:
            f = '<no filter>'
            if 'bpf_filter' in adapter:
                f = adapter['bpf_filter']
            print "%-10s %-7s  %s" % (adapter['name'], adapter['enabled'], f)

    def main(self):
        '''The main loop, list adapter ports or set the BPF filter for one of them'''
        if self.options.list:

        if self.options.adapter is None:
            print "No adapter port specified, use --adapter <name> or --list to see adapter ports"

        found = False
        pe = self.shark.api.settings.get_profiler_export()
        for adapter in pe['adapter_ports']:
            if adapter['name'] == self.options.adapter:
                if adapter['enabled'] == False and not self.options.enable:
                    print "Adapter port '%s' is disabled, use --enable to enable it" % adapter['name']
                if self.options.filter is not None:
                    adapter['bpf_filter'] = self.options.filter
                    adapter['bpf_filter'] = None
                adapter['enabled'] = True
                found = True
        if not found:
            print "No such adapter port '%s'" % self.options.adapter
            print ""

        print "Applying updated profiler export settings"
        print ""
        pe = self.shark.api.settings.update_profiler_export(pe)