From 93fb552a5baeaf5174cb1404c5a3d49adeb42083 Mon Sep 17 00:00:00 2001
From: thiagoftsm <thiagoftsm@gmail.com>
Date: Fri, 11 Aug 2023 16:26:16 -0300
Subject: [PATCH] Restrict loopback addr (#345)

---
 includes/netdata_common.h |  5 +++--
 kernel/socket_kern.c      | 13 +++++++++----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/includes/netdata_common.h b/includes/netdata_common.h
index 197ef283..7e96dfbe 100644
--- a/includes/netdata_common.h
+++ b/includes/netdata_common.h
@@ -171,10 +171,11 @@ static __always_inline __u32 netdata_get_pid(void *ctrl_tbl)
             return netdata_get_parent_pid();
         else if (*level == NETDATA_APPS_LEVEL_ALL)
             return netdata_get_current_pid();
+        else if (*level == NETDATA_APPS_LEVEL_IGNORE) // Ignore PID
+            return 0;
     }
 
-    // I do not care for PID, so group them
-    return 0;
+    return netdata_get_real_parent_pid();
 }
 
 static __always_inline void *netdata_get_pid_structure(__u32 *store_pid, void *ctrl_tbl, void *pid_tbl)
diff --git a/kernel/socket_kern.c b/kernel/socket_kern.c
index 1441d116..9c6c1cd2 100644
--- a/kernel/socket_kern.c
+++ b/kernel/socket_kern.c
@@ -116,8 +116,8 @@ static __always_inline __u16 set_idx_value(netdata_socket_idx_t *nsi, struct ine
         bpf_probe_read(&nsi->saddr.addr32[0], sizeof(u32), &is->inet_rcv_saddr);
         bpf_probe_read(&nsi->daddr.addr32[0], sizeof(u32), &is->inet_daddr);
 
-        if (nsi->saddr.addr32[0] == 0 || nsi->daddr.addr32[0] == 0 || // Zero addr
-           nsi->saddr.addr64[0] == 16777343) // Loopback
+        if ((nsi->saddr.addr32[0] == 16777343 || nsi->daddr.addr32[0] == 16777343) || // Loopback
+            (nsi->saddr.addr32[0] == 0 || nsi->daddr.addr32[0] == 0)) // Zero
             return AF_UNSPEC;
     }
     // Check necessary according https://elixir.bootlin.com/linux/v5.6.14/source/include/net/sock.h#L199
@@ -129,8 +129,12 @@ static __always_inline __u16 set_idx_value(netdata_socket_idx_t *nsi, struct ine
         addr6 = &is->sk.sk_v6_daddr;
         bpf_probe_read(&nsi->daddr.addr8,  sizeof(__u8)*16, &addr6->s6_addr);
 
-        if ( ((nsi->saddr.addr64[0] == 0) && (nsi->saddr.addr64[1] == 0)) || ((nsi->daddr.addr64[0] == 0) && (nsi->daddr.addr64[1] == 0)) || // Zero addr
-             ((nsi->saddr.addr64[0] == 0) && (nsi->saddr.addr64[1] == 72057594037927936))) // Loopback
+        if (((nsi->saddr.addr64[0] == 0) && (nsi->saddr.addr64[1] == 72057594037927936)) ||  // Loopback
+            ((nsi->daddr.addr64[0] == 0) && (nsi->daddr.addr64[1] == 72057594037927936)))
+            return AF_UNSPEC;
+
+        if (((nsi->saddr.addr64[0] == 0) && (nsi->saddr.addr64[1] == 0)) ||
+            ((nsi->daddr.addr64[0] == 0) && (nsi->daddr.addr64[1] == 0))) // Zero addr
             return AF_UNSPEC;
     }
 #endif
@@ -147,6 +151,7 @@ static __always_inline __u16 set_idx_value(netdata_socket_idx_t *nsi, struct ine
     if (nsi->sport == 0 || nsi->dport == 0)
         return AF_UNSPEC;
 
+
     nsi->pid = netdata_get_pid(&socket_ctrl);
 
     return family;