ignore ports of IPv4 and IPv6 loopback interfaces

diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c
index 97133e5..cc5ae3c 100644 (file)
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@@ -102,6 +102,8 @@ static bool do_netstat(ietf_attr_port_filter_t *attr)
        chunk_t line, token;
        int n = 0;
        bool success = FALSE;
+       const char loopback_v4[] = "127.0.0.1";
+       const char loopback_v6[] = "::1";
 
        /* Open a pipe stream for reading the output of the netstat commmand */
        file = popen("/bin/netstat -n -l -4 -6 --inet", "r");
@@ -173,6 +175,16 @@ static bool do_netstat(ietf_attr_port_filter_t *attr)
                        DBG1(DBG_IMC, "Local port field in netstat output not found");
                        goto end;
                }
+               token.len--;
+
+               /* ignore ports of IPv4 and IPv6 loopback interfaces */
+               if ((token.len == strlen(loopback_v4) &&
+                               memeq(loopback_v4, token.ptr, token.len)) ||
+                       (token.len == strlen(loopback_v6) &&
+                               memeq(loopback_v6, token.ptr, token.len)))
+               {
+                       continue;
+               }
 
                /* convert the port string to an integer */
                new_port = atoi(pos+1);