Set the BPF Filter for Flow Export on a Shark

Overview

This script can be used to set the BPF Filter for an adapter port used to filter traffic for flow export.

 

Usage

The script can be used to list available adapters and the current BPF filter setting, or to set the BPF filter for one adapter.

 

Listing Adapters

python shark_flow_export.py -u <username> -p <password> <sharkhost> --list

 

Setting the BPF Filter for an Adapter

python shark_flow_export.py -u <username> -p <password> <sharkhost>

     --adapter <name> --filter <filterstring>

 

For example, to restrict flow export only tcp/80 traffic on mon0:

python shark_flow_export.py -u admin -p foo 10.2.1.4

     --adapter mon0 --filter 'tcp port 80'

 

shark_flow_export.py

 

#!/usr/bin/env python

# Copyright (c) 2013 Riverbed Technology, Inc.
#
# This software is licensed under the terms and conditions of the
# MIT License set forth at:
#   https://github.com/riverbed/flyscript/blob/master/LICENSE ("License").  
# This software is distributed "AS IS" as set forth in the License.


'''
This script sets the BPF filter for a Shark adapter port assocated with
flow export to a Profiler.
'''

from rvbd.shark.app import SharkApp

class SharkFlowExport(SharkApp):

    def add_options(self, parser):
        parser.add_option('--list', action="store_true", dest="list", default=False,
                          help='list all adapter ports')

        parser.add_option('--adapter', dest="adapter", default=None,
                          help='port to install the BPF filter on')
        parser.add_option('--filter', dest="filter", default=None,
                          help='BPF filter string to install')
        parser.add_option('--enable', action="store_true", dest="enable", default=False,
                          help='Enable the adapter port if not already enabled')

    def list_adapters(self):
        '''List the available adapter ports and current BPF filter'''
        pe = self.shark.api.settings.get_profiler_export()

        print "%-10s %-7s  %s" % ("Adapter", "Enabled", "BPF Filter")
        for adapter in pe['adapter_ports']:
            f = '<no filter>'
            if 'bpf_filter' in adapter:
                f = adapter['bpf_filter']
             
            print "%-10s %-7s  %s" % (adapter['name'], adapter['enabled'], f)

    def main(self):
        '''The main loop, list adapter ports or set the BPF filter for one of them'''
     
        if self.options.list:
            self.list_adapters()
            return

        if self.options.adapter is None:
            print "No adapter port specified, use --adapter <name> or --list to see adapter ports"
            return

        found = False
        pe = self.shark.api.settings.get_profiler_export()
        for adapter in pe['adapter_ports']:
            if adapter['name'] == self.options.adapter:
                if adapter['enabled'] == False and not self.options.enable:
                    print "Adapter port '%s' is disabled, use --enable to enable it" % adapter['name']
                    return
                if self.options.filter is not None:
                    adapter['bpf_filter'] = self.options.filter
                else:
                    adapter['bpf_filter'] = None
                adapter['enabled'] = True
                found = True
                break
         
        if not found:
            print "No such adapter port '%s'" % self.options.adapter
            print ""
            self.list_adapters()
            return

        print "Applying updated profiler export settings"
        print ""
        pe = self.shark.api.settings.update_profiler_export(pe)
     
        self.list_adapters()

SharkFlowExport().run()