From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Tue, 5 Jul 2011 07:16:01 +0000 (+0200)
Subject: ignore ports of IPv4 and IPv6 loopback interfaces
X-Git-Tag: 4.5.3~89
X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=9b2b434fe763ef5c6753e8e93416c5a4f36015a6

ignore ports of IPv4 and IPv6 loopback interfaces
---

diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c
index 97133e5..cc5ae3c 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@@ -102,6 +102,8 @@ static bool do_netstat(ietf_attr_port_filter_t *attr)
 	chunk_t line, token;
 	int n = 0;
 	bool success = FALSE;
+	const char loopback_v4[] = "127.0.0.1";
+	const char loopback_v6[] = "::1";
 
 	/* Open a pipe stream for reading the output of the netstat commmand */
 	file = popen("/bin/netstat -n -l -4 -6 --inet", "r");
@@ -173,6 +175,16 @@ static bool do_netstat(ietf_attr_port_filter_t *attr)
 			DBG1(DBG_IMC, "Local port field in netstat output not found");
 			goto end;
 		}
+		token.len--;
+
+		/* ignore ports of IPv4 and IPv6 loopback interfaces */
+		if ((token.len == strlen(loopback_v4) &&
+				memeq(loopback_v4, token.ptr, token.len)) ||
+			(token.len == strlen(loopback_v6) &&
+				memeq(loopback_v6, token.ptr, token.len)))
+		{
+			continue;
+		}
 
 		/* convert the port string to an integer */
 		new_port = atoi(pos+1);