Age | Commit message (Collapse) | Author | Files | Lines |
|
Add the example in bpfc code from http://outflux.net/teach-seccomp/
to the man page, so that people can also experiment with seccomp
bpf and to demonstrate that there are no limits on bpfc when it
comes to this. Actually this code is even more efficient than the
one given in the example URL above.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Seccomp-BPF is used for syscall sandboxing. bpfc can also be used for
creating such filters without any problems.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Some fixes all over, part 1.
Signed-off-by: Kartik Mistry <kartik@debian.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This patch allows bpf programs to be passed to the C preprocessor
before handing over to bpfc. Example:
#define ETH_P_IP 0x800
ldh [12]
jne #ETH_P_IP, drop
ldb [23]
jneq #6, drop
ldh [20]
jset #0x1fff, drop
ldxb 4 * ([14] & 0xf)
ldh [x + 14]
jeq #0x16, pass
ldh [x + 16]
jne #0x16, drop
pass: ret #-1
drop: ret #0
Compile with: bpfc -i foo -p
Suggested-by: John Lange <JLange@trendium.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Conflicts resolved by hand:
bpfc.8
ifpps.8
netsniff-ng.8
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Replace "on default" by "by default", make it a bit more clear what the
seed in the -E/--seed option is for and mention exit after display of
information on --version and --help.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Only have Makefile specific folders in the project root where the
binaries are stored, the rest should be part of the repository root.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|