Merge pull request #58 from electronjoe/a1cf780cccc4819eb360cda1e0e94e17935cb8c7
[netsniff-ng-old.git] / bpf_comp.c
blob27f7a0009748a394ade353f3a4fc72e3e3507b86
1 /*
2 * netsniff-ng - the packet sniffing beast
3 * Copyright 2013 Daniel Borkmann.
4 * Subject to the GPL, version 2.
5 */
7 #include <pcap.h>
8 #include <linux/filter.h>
10 #include "xmalloc.h"
11 #include "bpf.h"
12 #include "die.h"
14 void bpf_try_compile(const char *rulefile, struct sock_fprog *bpf, uint32_t link_type)
16 int i, ret;
17 const struct bpf_insn *ins;
18 struct sock_filter *out;
19 struct bpf_program _bpf;
21 ret = pcap_compile_nopcap(65535, link_type, &_bpf, rulefile, 1, 0xffffffff);
22 if (ret < 0)
23 panic("Cannot compile filter %s\n", rulefile);
25 bpf->len = _bpf.bf_len;
26 bpf->filter = xrealloc(bpf->filter, 1, bpf->len * sizeof(*out));
28 for (i = 0, ins = _bpf.bf_insns, out = bpf->filter; i < bpf->len; ++i, ++ins, ++out) {
30 out->code = ins->code;
31 out->jt = ins->jt;
32 out->jf = ins->jf;
33 out->k = ins->k;
35 if (out->code == 0x06 && out->k > 0)
36 out->k = 0xFFFFFFFF;
39 pcap_freecode(&_bpf);
41 if (__bpf_validate(bpf) == 0)
42 panic("This is not a valid BPF program!\n");