From 84bf18621169ff4292707bcdcfa0552825757f60 Mon Sep 17 00:00:00 2001 From: Vadim Kochan Date: Tue, 10 Nov 2015 10:28:08 +0200 Subject: netsniff-ng: Allow to specify compiled BPF from stdin Allow read compiled BPF instructions from stdin by via '-f -' option. Signed-off-by: Vadim Kochan Signed-off-by: Tobias Klauser --- bpf.c | 9 +++++++-- netsniff-ng.8 | 5 +++-- netsniff-ng.c | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/bpf.c b/bpf.c index 2d769ec..66d1b6c 100644 --- a/bpf.c +++ b/bpf.c @@ -720,7 +720,11 @@ void bpf_parse_rules(char *rulefile, struct sock_fprog *bpf, uint32_t link_type) return; } - fp = fopen(rulefile, "r"); + if (!strcmp(rulefile, "-")) + fp = stdin; + else + fp = fopen(rulefile, "r"); + if (!fp) { bpf_try_compile(rulefile, bpf, link_type); return; @@ -753,7 +757,8 @@ void bpf_parse_rules(char *rulefile, struct sock_fprog *bpf, uint32_t link_type) fmemset(buff, 0, sizeof(buff)); } - fclose(fp); + if (fp != stdin) + fclose(fp); if (unlikely(__bpf_validate(bpf) == 0)) panic("This is not a valid BPF program!\n"); diff --git a/netsniff-ng.8 b/netsniff-ng.8 index b51eba2..1da50c0 100644 --- a/netsniff-ng.8 +++ b/netsniff-ng.8 @@ -116,9 +116,9 @@ provides the same roll-over option as the \[lq]roll\[rq] fanout type, so that on different fanout type being used (e.g. \[lq]qm\[rq]) the socket may temporarily roll over to the next fanout group member in case the original one's queue is full. .PP -.SS -f, --filter +.SS -f, --filter Specifies to not dump all traffic, but to filter the network packet haystack. -As a filter, either a bpfc(8) compiled file can be passed as a parameter or +As a filter, either a bpfc(8) compiled file/stdin can be passed as a parameter or a tcpdump(1)-like filter expression in quotes. For details regarding the bpf-file have a look at bpfc(8), for details regarding a tcpdump(1)-like filter have a look at section \[lq]filter example\[rq] or at pcap-filter(7). A filter @@ -391,6 +391,7 @@ Low-level filters can be used with netsniff-ng in the following way: .PP 1. bpfc foo > bar 2. netsniff-ng \-f bar + 3. bpfc foo | netsniff-ng -i nlmon0 -f - .PP Here, foo is the bpfc program that will be translated into a netsniff-ng readable \[lq]opcodes\[rq] file and passed to netsniff-ng through the \-f diff --git a/netsniff-ng.c b/netsniff-ng.c index 5119ad5..a7aaae6 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -1193,7 +1193,7 @@ static void __noreturn help(void) " -C|--fanout-group Join packet fanout group\n" " -K|--fanout-type Apply fanout discipline: hash|lb|cpu|rnd|roll|qm\n" " -L|--fanout-opts Additional fanout options: defrag|roll\n" - " -f|--filter Use BPF filter file from bpfc or tcpdump-like expression\n" + " -f|--filter Use BPF filter from bpfc file/stdin or tcpdump-like expression\n" " -t|--type Filter for: host|broadcast|multicast|others|outgoing\n" " -F|--interval Dump interval if -o is a dir: KiB/MiB/GiB/s/sec/min/hrs\n" " -R|--rfraw Capture or inject raw 802.11 frames\n" -- cgit v1.2.3-54-g00ecf