diff options
| author | Daniel Borkmann <dborkman@redhat.com> | 2013-05-23 11:08:03 +0200 |
|---|---|---|
| committer | Daniel Borkmann <dborkman@redhat.com> | 2013-05-23 11:10:55 +0200 |
| commit | 4584b955420cd8d2fcae767c86b853fde4bccc6e (patch) | |
| tree | a0a00667b54fd4d3b4bda48185ce5df98ca24bc5 /bpfc.8 | |
| parent | 4e497b9aa7e8635a9414021bd1bf31a9ff923566 (diff) | |
bpfc: allow bpf programs to be passed to cpp
This patch allows bpf programs to be passed to the C preprocessor
before handing over to bpfc. Example:
#define ETH_P_IP 0x800
ldh [12]
jne #ETH_P_IP, drop
ldb [23]
jneq #6, drop
ldh [20]
jset #0x1fff, drop
ldxb 4 * ([14] & 0xf)
ldh [x + 14]
jeq #0x16, pass
ldh [x + 16]
jne #0x16, drop
pass: ret #-1
drop: ret #0
Compile with: bpfc -i foo -p
Suggested-by: John Lange <JLange@trendium.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Diffstat (limited to 'bpfc.8')
| -rw-r--r-- | bpfc.8 | 11 |
1 files changed, 9 insertions, 2 deletions
@@ -57,6 +57,11 @@ source tree under: tools/net/bpf_jit_disasm.c .SS -i <source-file/->, --input <source-file/-> Read BPF assembly instruction from an input file or from stdin. .PP +.SS -p, --cpp +Pass the bpf program through the C preprocessor before reading it in +bpfc. This allows #define and #include directives (e.g. to include +definitions from system headers) to be used in the bpf program. +.PP .SS -f <format>, --format <format> Specify a different output format than the default that is netsniff-ng compatible. The <format> specifier can be: C, netsniff-ng, xt_bpf, tcpdump. @@ -284,9 +289,11 @@ words, some small example filter programs: Compile the source file ''fubar'' into BPF opcodes. Opcodes will be directed to stdout. .PP -.SS bpfc -f xt_bpf -b -i fubar, resp. iptables -A INPUT -m bpf --bytecode "`bpfc -f xt_bpf -i fubar`" -j LOG +.SS bpfc -f xt_bpf -b -p -i fubar, resp. iptables -A INPUT -m bpf --bytecode "`bpfc -f xt_bpf -i fubar`" -j LOG Compile the source file ''fubar'' into BPF opcodes, bypass basic filter -validation and emit opcodes in netfilter's xt_bpf readable format. +validation and emit opcodes in netfilter's xt_bpf readable format. Note +that the source file ''fubar'' is first passed to the C preprocessor for +textual replacments before handing over to the bpfc compiler. .PP .SS bpfc - Read bpfc instruction from stdin and emit opcodes to stdout. |