bpf_comp.c

   1 /*
   2  * netsniff-ng - the packet sniffing beast
   3  * Copyright 2013 Daniel Borkmann.
   4  * Subject to the GPL, version 2.
   5  */
   6
   7 #include <pcap.h>
   8 #include <linux/filter.h>
   9
  10 #include "xmalloc.h"
  11 #include "config.h"
  12 #include "bpf.h"
  13 #include "die.h"
  14
  15 void bpf_try_compile(const char *rulefile, struct sock_fprog *bpf, uint32_t link_type)
  16 {
  17         int i, ret;
  18         pcap_t *pcap_handle;
  19         struct sock_filter *out;
  20         struct bpf_program _bpf;
  21         const struct bpf_insn *ins;
  22
  23         pcap_handle = pcap_open_dead(link_type, 65535);
  24         if (!pcap_handle)
  25                 panic("Cannot open fake pcap_t for compiling BPF code");
  26
  27         ret = pcap_compile(pcap_handle, &_bpf, rulefile, 1, PCAP_NETMASK_UNKNOWN);
  28         pcap_close(pcap_handle);
  29         if (ret < 0)
  30                 panic("Cannot compile filter: %s\n", rulefile);
  31
  32         bpf->len = _bpf.bf_len;
  33         bpf->filter = xrealloc(bpf->filter, bpf->len * sizeof(*out));
  34
  35         for (i = 0, ins = _bpf.bf_insns, out = bpf->filter; i < bpf->len;
  36              ++i, ++ins, ++out) {
  37                 out->code = ins->code;
  38                 out->jt = ins->jt;
  39                 out->jf = ins->jf;
  40                 out->k = ins->k;
  41
  42                 if (out->code == 0x06 && out->k > 0)
  43                         out->k = 0xFFFFFFFF;
  44         }
  45
  46         pcap_freecode(&_bpf);
  47
  48         if (__bpf_validate(bpf) == 0)
  49                 panic("This is not a valid BPF program!\n");
  50 }