search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
die: removed info(), since gcc can throw compile warnings with printf, not with info
[netsniff-ng.git] / src / bpf.h
blob5ba3ac0383bea740c77d647eda88c92db5a079a9
1 /*
2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2009, 2010 Daniel Borkmann.
5 * Subject to the GPL, version 2.
6 */
7
8 #ifndef BPF_H
9 #define BPF_H
10
11 #include <linux/filter.h>
12 #include <stdint.h>
13 #include <unistd.h>
14 #include <sys/types.h>
15 #include <sys/stat.h>
16 #include <fcntl.h>
17
18 #include "die.h"
19
20 typedef uint32_t bpf_u_int32;
21
22 extern void bpf_dump_all(struct sock_fprog *bpf);
23 extern int bpf_validate(const struct sock_fprog *bpf);
24 extern uint32_t bpf_run_filter(const struct sock_fprog *bpf, uint8_t *packet,
25 size_t plen);
26 extern void bpf_attach_to_sock(int sock, struct sock_fprog *bpf);
27 extern void bpf_detach_from_sock(int sock);
28 extern void bpf_parse_rules(char *rulefile, struct sock_fprog *bpf);
29
30 /* For bleeding edge kernels! A JIT compiler for BPF. */
31 static inline void enable_kernel_bpf_jit_compiler(void)
32 {
33 int fd;
34 ssize_t ret;
35 char *file = "/proc/sys/net/core/bpf_jit_enable";
36 fd = open(file, O_WRONLY);
37 if (fd < 0)
38 return;
39 ret = write(fd, "1", strlen("1"));
40 if (ret > 0) {
41 printf("BPF JIT\n");
42 }
43 close(fd);
44 }
45
46 /*
47 * The instruction encodings.
48 */
49 /* instruction classes */
50 #define BPF_CLASS(code) ((code) & 0x07)
51 #define BPF_LD 0x00
52 #define BPF_LDX 0x01
53 #define BPF_ST 0x02
54 #define BPF_STX 0x03
55 #define BPF_ALU 0x04
56 #define BPF_JMP 0x05
57 #define BPF_RET 0x06
58 #define BPF_MISC 0x07
59
60 /* ld/ldx fields */
61 #define BPF_SIZE(code) ((code) & 0x18)
62 #define BPF_W 0x00
63 #define BPF_H 0x08
64 #define BPF_B 0x10
65 #define BPF_MODE(code) ((code) & 0xe0)
66 #define BPF_IMM 0x00
67 #define BPF_ABS 0x20
68 #define BPF_IND 0x40
69 #define BPF_MEM 0x60
70 #define BPF_LEN 0x80
71 #define BPF_MSH 0xa0
72
73 /* alu/jmp fields */
74 #define BPF_OP(code) ((code) & 0xf0)
75 #define BPF_ADD 0x00
76 #define BPF_SUB 0x10
77 #define BPF_MUL 0x20
78 #define BPF_DIV 0x30
79 #define BPF_OR 0x40
80 #define BPF_AND 0x50
81 #define BPF_LSH 0x60
82 #define BPF_RSH 0x70
83 #define BPF_NEG 0x80
84 #define BPF_JA 0x00
85 #define BPF_JEQ 0x10
86 #define BPF_JGT 0x20
87 #define BPF_JGE 0x30
88 #define BPF_JSET 0x40
89 #define BPF_SRC(code) ((code) & 0x08)
90 #define BPF_K 0x00
91 #define BPF_X 0x08
92
93 /* ret - BPF_K and BPF_X also apply */
94 #define BPF_RVAL(code) ((code) & 0x18)
95 #define BPF_A 0x10
96
97 /* misc */
98 #define BPF_MISCOP(code) ((code) & 0xf8)
99 #define BPF_TAX 0x00
100 #define BPF_TXA 0x80
101
102 /* Hidden Linux kernel BPF extensions */
103 /*
104 * RATIONALE. Negative offsets are invalid in BPF.
105 * We use them to reference ancillary data.
106 * Unlike introduction new instructions, it does not break
107 * existing compilers/optimizers.
108 */
109
110 #ifndef SKF_AD_OFF
111 # define SKF_AD_OFF (-0x1000)
112 #endif
113 #ifndef SKF_AD_PROTOCOL
114 # define SKF_AD_PROTOCOL 0
115 #endif
116 #ifndef SKF_AD_PKTTYPE
117 # define SKF_AD_PKTTYPE 4
118 #endif
119 #ifndef SKF_AD_IFINDEX
120 # define SKF_AD_IFINDEX 8
121 #endif
122 #ifndef SKF_AD_NLATTR
123 # define SKF_AD_NLATTR 12
124 #endif
125 #ifndef SKF_AD_NLATTR_NEST
126 # define SKF_AD_NLATTR_NEST 16
127 #endif
128 #ifndef SKF_AD_MARK
129 # define SKF_AD_MARK 20
130 #endif
131 #ifndef SKF_AD_QUEUE
132 # define SKF_AD_QUEUE 24
133 #endif
134 #ifndef SKF_AD_HATYPE
135 # define SKF_AD_HATYPE 28
136 #endif
137 #ifndef SKF_AD_RXHASH
138 # define SKF_AD_RXHASH 32
139 #endif
140 #ifndef SKF_AD_CPU
141 # define SKF_AD_CPU 36
142 #endif
143
144 #endif /* BPF_H */
netsniff-ng toolkit, the packet sniffing beast, staging tree