src/bpf.h

   1 /*
   2  * netsniff-ng - the packet sniffing beast
   3  * By Daniel Borkmann <daniel@netsniff-ng.org>
   4  * Copyright 2009, 2010 Daniel Borkmann.
   5  * Subject to the GPL, version 2.
   6  */
   7
   8 #ifndef BPF_H
   9 #define BPF_H
  10
  11 #include <linux/filter.h>
  12 #include <stdint.h>
  13 #include <stdlib.h>
  14
  15 #include "xmalloc.h"
  16
  17 extern void bpf_dump_op_table(void);
  18 extern void bpf_dump_all(struct sock_fprog *bpf);
  19 extern int bpf_validate(const struct sock_fprog *bpf);
  20 extern uint32_t bpf_run_filter(const struct sock_fprog *bpf, uint8_t *packet,
  21                                size_t plen);
  22 extern void bpf_attach_to_sock(int sock, struct sock_fprog *bpf);
  23 extern void bpf_detach_from_sock(int sock);
  24 extern void enable_kernel_bpf_jit_compiler(void);
  25 extern void bpf_parse_rules(char *rulefile, struct sock_fprog *bpf);
  26
  27 static inline void bpf_release(struct sock_fprog *bpf)
  28 {
  29         free(bpf->filter);
  30 }
  31
  32 /*
  33  * The instruction encodings.
  34  */
  35 /* instruction classes */
  36 #define BPF_CLASS(code) ((code) & 0x07)
  37 #define BPF_LD          0x00
  38 #define BPF_LDX         0x01
  39 #define BPF_ST          0x02
  40 #define BPF_STX         0x03
  41 #define BPF_ALU         0x04
  42 #define BPF_JMP         0x05
  43 #define BPF_RET         0x06
  44 #define BPF_MISC        0x07
  45
  46 /* ld/ldx fields */
  47 #define BPF_SIZE(code)  ((code) & 0x18)
  48 #define BPF_W           0x00
  49 #define BPF_H           0x08
  50 #define BPF_B           0x10
  51 #define BPF_MODE(code)  ((code) & 0xe0)
  52 #define BPF_IMM         0x00
  53 #define BPF_ABS         0x20
  54 #define BPF_IND         0x40
  55 #define BPF_MEM         0x60
  56 #define BPF_LEN         0x80
  57 #define BPF_MSH         0xa0
  58
  59 /* alu/jmp fields */
  60 #define BPF_OP(code)    ((code) & 0xf0)
  61 #define BPF_ADD         0x00
  62 #define BPF_SUB         0x10
  63 #define BPF_MUL         0x20
  64 #define BPF_DIV         0x30
  65 #define BPF_OR          0x40
  66 #define BPF_AND         0x50
  67 #define BPF_LSH         0x60
  68 #define BPF_RSH         0x70
  69 #define BPF_NEG         0x80
  70 #define BPF_MOD         0x90
  71 #define BPF_XOR         0xa0
  72
  73 #define BPF_JA          0x00
  74 #define BPF_JEQ         0x10
  75 #define BPF_JGT         0x20
  76 #define BPF_JGE         0x30
  77 #define BPF_JSET        0x40
  78 #define BPF_SRC(code)   ((code) & 0x08)
  79 #define BPF_K           0x00
  80 #define BPF_X           0x08
  81
  82 /* ret - BPF_K and BPF_X also apply */
  83 #define BPF_RVAL(code)  ((code) & 0x18)
  84 #define BPF_A           0x10
  85
  86 /* misc */
  87 #define BPF_MISCOP(code) ((code) & 0xf8)
  88 #define BPF_TAX         0x00
  89 #define BPF_TXA         0x80
  90
  91 /* Hidden Linux kernel BPF extensions */
  92 /*
  93  * RATIONALE. Negative offsets are invalid in BPF.
  94  * We use them to reference ancillary data.
  95  * Unlike introduction new instructions, it does not break
  96  * existing compilers/optimizers.
  97  */
  98
  99 #ifndef SKF_AD_OFF
 100 # define SKF_AD_OFF             (-0x1000)
 101 #endif
 102 #ifndef SKF_AD_PROTOCOL
 103 # define SKF_AD_PROTOCOL        0
 104 #endif
 105 #ifndef SKF_AD_PKTTYPE
 106 # define SKF_AD_PKTTYPE         4
 107 #endif
 108 #ifndef SKF_AD_IFINDEX
 109 # define SKF_AD_IFINDEX         8
 110 #endif
 111 #ifndef SKF_AD_NLATTR
 112 # define SKF_AD_NLATTR          12
 113 #endif
 114 #ifndef SKF_AD_NLATTR_NEST
 115 # define SKF_AD_NLATTR_NEST     16
 116 #endif
 117 #ifndef SKF_AD_MARK
 118 # define SKF_AD_MARK            20
 119 #endif
 120 #ifndef SKF_AD_QUEUE
 121 # define SKF_AD_QUEUE           24
 122 #endif
 123 #ifndef SKF_AD_HATYPE
 124 # define SKF_AD_HATYPE          28
 125 #endif
 126 #ifndef SKF_AD_RXHASH
 127 # define SKF_AD_RXHASH          32
 128 #endif
 129 #ifndef SKF_AD_CPU
 130 # define SKF_AD_CPU             36
 131 #endif
 132
 133 #endif /* BPF_H */