diff options
| -rw-r--r-- | bpf.c | 9 | ||||
| -rw-r--r-- | netsniff-ng.8 | 5 | ||||
| -rw-r--r-- | netsniff-ng.c | 2 |
3 files changed, 11 insertions, 5 deletions
@@ -720,7 +720,11 @@ void bpf_parse_rules(char *rulefile, struct sock_fprog *bpf, uint32_t link_type) return; } - fp = fopen(rulefile, "r"); + if (!strcmp(rulefile, "-")) + fp = stdin; + else + fp = fopen(rulefile, "r"); + if (!fp) { bpf_try_compile(rulefile, bpf, link_type); return; @@ -753,7 +757,8 @@ void bpf_parse_rules(char *rulefile, struct sock_fprog *bpf, uint32_t link_type) fmemset(buff, 0, sizeof(buff)); } - fclose(fp); + if (fp != stdin) + fclose(fp); if (unlikely(__bpf_validate(bpf) == 0)) panic("This is not a valid BPF program!\n"); diff --git a/netsniff-ng.8 b/netsniff-ng.8 index b51eba2..1da50c0 100644 --- a/netsniff-ng.8 +++ b/netsniff-ng.8 @@ -116,9 +116,9 @@ provides the same roll-over option as the \[lq]roll\[rq] fanout type, so that on different fanout type being used (e.g. \[lq]qm\[rq]) the socket may temporarily roll over to the next fanout group member in case the original one's queue is full. .PP -.SS -f, --filter <bpf-file|expr> +.SS -f, --filter <bpf-file|-|expr> Specifies to not dump all traffic, but to filter the network packet haystack. -As a filter, either a bpfc(8) compiled file can be passed as a parameter or +As a filter, either a bpfc(8) compiled file/stdin can be passed as a parameter or a tcpdump(1)-like filter expression in quotes. For details regarding the bpf-file have a look at bpfc(8), for details regarding a tcpdump(1)-like filter have a look at section \[lq]filter example\[rq] or at pcap-filter(7). A filter @@ -391,6 +391,7 @@ Low-level filters can be used with netsniff-ng in the following way: .PP 1. bpfc foo > bar 2. netsniff-ng \-f bar + 3. bpfc foo | netsniff-ng -i nlmon0 -f - .PP Here, foo is the bpfc program that will be translated into a netsniff-ng readable \[lq]opcodes\[rq] file and passed to netsniff-ng through the \-f diff --git a/netsniff-ng.c b/netsniff-ng.c index 5119ad5..a7aaae6 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -1193,7 +1193,7 @@ static void __noreturn help(void) " -C|--fanout-group <id> Join packet fanout group\n" " -K|--fanout-type <type> Apply fanout discipline: hash|lb|cpu|rnd|roll|qm\n" " -L|--fanout-opts <opts> Additional fanout options: defrag|roll\n" - " -f|--filter <bpf-file|expr> Use BPF filter file from bpfc or tcpdump-like expression\n" + " -f|--filter <bpf-file|-|expr> Use BPF filter from bpfc file/stdin or tcpdump-like expression\n" " -t|--type <type> Filter for: host|broadcast|multicast|others|outgoing\n" " -F|--interval <size|time> Dump interval if -o is a dir: <num>KiB/MiB/GiB/s/sec/min/hrs\n" " -R|--rfraw Capture or inject raw 802.11 frames\n" |