1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
/*
* netsniff-ng - the packet sniffing beast
* Copyright 2009, 2010 Daniel Borkmann.
* Subject to the GPL, version 2.
*/
#ifndef BPF_I_H
#define BPF_I_H
#include <linux/filter.h>
#include <stdint.h>
#include <stdlib.h>
#include "xmalloc.h"
extern void bpf_dump_op_table(void);
extern void bpf_dump_all(struct sock_fprog *bpf);
extern int __bpf_validate(const struct sock_fprog *bpf);
extern uint32_t bpf_run_filter(const struct sock_fprog *bpf, uint8_t *packet,
size_t plen);
extern void bpf_attach_to_sock(int sock, struct sock_fprog *bpf);
extern void bpf_detach_from_sock(int sock);
extern int enable_kernel_bpf_jit_compiler(void);
extern void bpf_parse_rules(char *rulefile, struct sock_fprog *bpf, uint32_t link_type);
#ifdef __WITH_TCPDUMP_LIKE_FILTER
extern void bpf_try_compile(const char *rulefile, struct sock_fprog *bpf,
uint32_t link_type);
#else
static inline void bpf_try_compile(const char *rulefile,
struct sock_fprog *bpf __maybe_unused,
uint32_t link_type __maybe_unused)
{
panic("Cannot open file %s!\n", rulefile);
}
#endif
static inline void bpf_release(struct sock_fprog *bpf)
{
free(bpf->filter);
}
#define BPF_CLASS(code) ((code) & 0x07)
#define BPF_LD 0x00
#define BPF_LDX 0x01
#define BPF_ST 0x02
#define BPF_STX 0x03
#define BPF_ALU 0x04
#define BPF_JMP 0x05
#define BPF_RET 0x06
#define BPF_MISC 0x07
#define BPF_SIZE(code) ((code) & 0x18)
#define BPF_W 0x00
#define BPF_H 0x08
#define BPF_B 0x10
#define BPF_MODE(code) ((code) & 0xe0)
#define BPF_IMM 0x00
#define BPF_ABS 0x20
#define BPF_IND 0x40
#define BPF_MEM 0x60
#define BPF_LEN 0x80
#define BPF_MSH 0xa0
#define BPF_OP(code) ((code) & 0xf0)
#define BPF_ADD 0x00
#define BPF_SUB 0x10
#define BPF_MUL 0x20
#define BPF_DIV 0x30
#define BPF_OR 0x40
#define BPF_AND 0x50
#define BPF_LSH 0x60
#define BPF_RSH 0x70
#define BPF_NEG 0x80
#define BPF_MOD 0x90
#define BPF_XOR 0xa0
#define BPF_JA 0x00
#define BPF_JEQ 0x10
#define BPF_JGT 0x20
#define BPF_JGE 0x30
#define BPF_JSET 0x40
#define BPF_SRC(code) ((code) & 0x08)
#define BPF_K 0x00
#define BPF_X 0x08
/* ret - BPF_K and BPF_X also apply */
#define BPF_RVAL(code) ((code) & 0x18)
#define BPF_A 0x10
#define BPF_MISCOP(code) ((code) & 0xf8)
#define BPF_TAX 0x00
#define BPF_TXA 0x80
#ifndef SKF_AD_OFF
# define SKF_AD_OFF (-0x1000)
#endif
#ifndef SKF_AD_PROTOCOL
# define SKF_AD_PROTOCOL 0
#endif
#ifndef SKF_AD_PKTTYPE
# define SKF_AD_PKTTYPE 4
#endif
#ifndef SKF_AD_IFINDEX
# define SKF_AD_IFINDEX 8
#endif
#ifndef SKF_AD_NLATTR
# define SKF_AD_NLATTR 12
#endif
#ifndef SKF_AD_NLATTR_NEST
# define SKF_AD_NLATTR_NEST 16
#endif
#ifndef SKF_AD_MARK
# define SKF_AD_MARK 20
#endif
#ifndef SKF_AD_QUEUE
# define SKF_AD_QUEUE 24
#endif
#ifndef SKF_AD_HATYPE
# define SKF_AD_HATYPE 28
#endif
#ifndef SKF_AD_RXHASH
# define SKF_AD_RXHASH 32
#endif
#ifndef SKF_AD_CPU
# define SKF_AD_CPU 36
#endif
#ifndef SKF_AD_VLAN_TAG
# define SKF_AD_VLAN_TAG 44
#endif
#ifndef SKF_AD_VLAN_TAG_PRESENT
# define SKF_AD_VLAN_TAG_PRESENT 48
#endif
#ifndef SKF_AD_PAY_OFFSET
# define SKF_AD_PAY_OFFSET 52
#endif
#endif /* BPF_I_H */
|