summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bpf.c9
-rw-r--r--netsniff-ng.85
-rw-r--r--netsniff-ng.c2
3 files changed, 11 insertions, 5 deletions
diff --git a/bpf.c b/bpf.c
index 2d769ec..66d1b6c 100644
--- a/bpf.c
+++ b/bpf.c
@@ -720,7 +720,11 @@ void bpf_parse_rules(char *rulefile, struct sock_fprog *bpf, uint32_t link_type)
return;
}
- fp = fopen(rulefile, "r");
+ if (!strcmp(rulefile, "-"))
+ fp = stdin;
+ else
+ fp = fopen(rulefile, "r");
+
if (!fp) {
bpf_try_compile(rulefile, bpf, link_type);
return;
@@ -753,7 +757,8 @@ void bpf_parse_rules(char *rulefile, struct sock_fprog *bpf, uint32_t link_type)
fmemset(buff, 0, sizeof(buff));
}
- fclose(fp);
+ if (fp != stdin)
+ fclose(fp);
if (unlikely(__bpf_validate(bpf) == 0))
panic("This is not a valid BPF program!\n");
diff --git a/netsniff-ng.8 b/netsniff-ng.8
index b51eba2..1da50c0 100644
--- a/netsniff-ng.8
+++ b/netsniff-ng.8
@@ -116,9 +116,9 @@ provides the same roll-over option as the \[lq]roll\[rq] fanout type, so that on
different fanout type being used (e.g. \[lq]qm\[rq]) the socket may temporarily roll
over to the next fanout group member in case the original one's queue is full.
.PP
-.SS -f, --filter <bpf-file|expr>
+.SS -f, --filter <bpf-file|-|expr>
Specifies to not dump all traffic, but to filter the network packet haystack.
-As a filter, either a bpfc(8) compiled file can be passed as a parameter or
+As a filter, either a bpfc(8) compiled file/stdin can be passed as a parameter or
a tcpdump(1)-like filter expression in quotes. For details regarding the
bpf-file have a look at bpfc(8), for details regarding a tcpdump(1)-like filter
have a look at section \[lq]filter example\[rq] or at pcap-filter(7). A filter
@@ -391,6 +391,7 @@ Low-level filters can be used with netsniff-ng in the following way:
.PP
1. bpfc foo > bar
2. netsniff-ng \-f bar
+ 3. bpfc foo | netsniff-ng -i nlmon0 -f -
.PP
Here, foo is the bpfc program that will be translated into a netsniff-ng
readable \[lq]opcodes\[rq] file and passed to netsniff-ng through the \-f
diff --git a/netsniff-ng.c b/netsniff-ng.c
index 5119ad5..a7aaae6 100644
--- a/netsniff-ng.c
+++ b/netsniff-ng.c
@@ -1193,7 +1193,7 @@ static void __noreturn help(void)
" -C|--fanout-group <id> Join packet fanout group\n"
" -K|--fanout-type <type> Apply fanout discipline: hash|lb|cpu|rnd|roll|qm\n"
" -L|--fanout-opts <opts> Additional fanout options: defrag|roll\n"
- " -f|--filter <bpf-file|expr> Use BPF filter file from bpfc or tcpdump-like expression\n"
+ " -f|--filter <bpf-file|-|expr> Use BPF filter from bpfc file/stdin or tcpdump-like expression\n"
" -t|--type <type> Filter for: host|broadcast|multicast|others|outgoing\n"
" -F|--interval <size|time> Dump interval if -o is a dir: <num>KiB/MiB/GiB/s/sec/min/hrs\n"
" -R|--rfraw Capture or inject raw 802.11 frames\n"