search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
src: setfsuid / setfsgid
[netsniff-ng.git] / src / bpfc.c
blob16143ae861b5f568554d61a8eeb696aae7f68e64
1 /*
2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2011 Daniel Borkmann <dborkma@tik.ee.ethz.ch>,
5 * Swiss federal institute of technology (ETH Zurich)
6 * Subject to the GPL, version 2.
7 *
8 * This is a tiny Berkeley Packet Filter compiler that understands the
9 * Syntax / Semantic from the USENIX paper {"The BSD Packet Filter: A New
10 * Architecture for User-level Packet Capture", McCanne, Steven and
11 * Jacobson, Van, Lawrence Berkeley Laboratory}. With this, BPFs can be
12 * written the good old way and understood by the Linux kernel and *BSD
13 * kernels where Berkeley Packet Filters are used.
14 *
15 * The one small garden of a free gardener was all his need and due, not
16 * a garden swollen to a realm; his own hands to use, not the hands of
17 * others to command.
18 *
19 * -- The Lord of the Rings, Sam, Chapter 'The Tower of Cirith Ungol'.
20 */
21
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <getopt.h>
25 #include <ctype.h>
26 #include <unistd.h>
27 #include <sys/fsuid.h>
28
29 #include "xmalloc.h"
30 #include "xutils.h"
31 #include "die.h"
32 #include "bpf.h"
33
34 static const char *short_options = "vhi:VdbHLg";
35 static const struct option long_options[] = {
36 {"input", required_argument, NULL, 'i'},
37 {"verbose", no_argument, NULL, 'V'},
38 {"hla", no_argument, NULL, 'H'},
39 {"lla", no_argument, NULL, 'L'},
40 {"hla-debug", no_argument, NULL, 'g'},
41 {"bypass", no_argument, NULL, 'b'},
42 {"dump", no_argument, NULL, 'd'},
43 {"version", no_argument, NULL, 'v'},
44 {"help", no_argument, NULL, 'h'},
45 {NULL, 0, NULL, 0}
46 };
47
48 extern int compile_filter(char *file, int verbose, int bypass);
49 extern int compile_hla_filter(char *file, int verbose, int debug);
50
51 static void help(void)
52 {
53 printf("\nbpfc %s, a tiny BPF compiler\n", VERSION_STRING);
54 puts("http://www.netsniff-ng.org\n\n"
55 "Usage: bpfc [options] || bpfc <program>\n"
56 "Options:\n"
57 " -i|--input <program/-> Berkeley Packet Filter file/stdin\n"
58 " -H|--hla Compile high-level BPF\n"
59 " -L|--lla Compile low-level BPF\n"
60 " -V|--verbose Be more verbose\n"
61 " -b|--bypass Bypass filter validation (e.g. for bug testing)\n"
62 " -g|--hla-debug Print BPF expressions to stdout\n"
63 " -d|--dump Dump supported instruction table\n"
64 " -v|--version Print version\n"
65 " -h|--help Print this help\n\n"
66 "Examples:\n"
67 " bpfc -Hi fubar\n"
68 " bpfc -Hgi fubar\n"
69 " bpfc -Li fubar\n"
70 " bpfc -Lbi fubar\n"
71 " bpfc -Li - (read from stdin)\n\n"
72 "Please report bugs to <bugs@netsniff-ng.org>\n"
73 "Copyright (C) 2011-2012 Daniel Borkmann <dborkma@tik.ee.ethz.ch>,\n"
74 "Swiss federal institute of technology (ETH Zurich)\n"
75 "License: GNU GPL version 2.0\n"
76 "This is free software: you are free to change and redistribute it.\n"
77 "There is NO WARRANTY, to the extent permitted by law.\n");
78 die();
79 }
80
81 static void version(void)
82 {
83 printf("\nbpfc %s, a tiny BPF compiler\n", VERSION_STRING);
84 puts("http://www.netsniff-ng.org\n\n"
85 "Please report bugs to <bugs@netsniff-ng.org>\n"
86 "Copyright (C) 2011-2012 Daniel Borkmann <dborkma@tik.ee.ethz.ch>,\n"
87 "Swiss federal institute of technology (ETH Zurich)\n"
88 "License: GNU GPL version 2.0\n"
89 "This is free software: you are free to change and redistribute it.\n"
90 "There is NO WARRANTY, to the extent permitted by law.\n");
91 die();
92 }
93
94 int main(int argc, char **argv)
95 {
96 int ret, verbose = 0, c, opt_index, bypass = 0, hla = 0, debug = 0;
97 char *file = NULL;
98
99 setfsuid(getuid());
100 setfsgid(getgid());
101
102 if (argc == 1)
103 help();
104
105 while ((c = getopt_long(argc, argv, short_options,
106 long_options, &opt_index)) != EOF) {
107 switch (c) {
108 case 'h':
109 help();
110 break;
111 case 'v':
112 version();
113 break;
114 case 'H':
115 hla = 1;
116 break;
117 case 'L':
118 hla = 0;
119 break;
120 case 'g':
121 debug = 1;
122 break;
123 case 'V':
124 verbose = 1;
125 break;
126 case 'b':
127 bypass = 1;
128 break;
129 case 'd':
130 bpf_dump_op_table();
131 die();
132 case 'i':
133 file = xstrdup(optarg);
134 break;
135 case '?':
136 switch (optopt) {
137 case 'i':
138 panic("Option -%c requires an argument!\n",
139 optopt);
140 default:
141 if (isprint(optopt))
142 whine("Unknown option character "
143 "`0x%X\'!\n", optopt);
144 die();
145 }
146 default:
147 break;
148 }
149 }
150 if (argc == 2)
151 file = xstrdup(argv[1]);
152
153 if (!file)
154 panic("No Berkeley Packet Filter program specified!\n");
155
156 if (hla) {
157 ret = compile_hla_filter(file, verbose, debug);
158 if (!ret) {
159 char file_tmp[128];
160
161 slprintf(file_tmp, sizeof(file_tmp), ".%s", file);
162 ret = compile_filter(file_tmp, verbose, bypass);
163 unlink(file_tmp);
164 }
165 } else {
166 ret = compile_filter(file, verbose, bypass);
167 }
168
169 xfree(file);
170 return ret;
171 }
netsniff-ng toolkit, the packet sniffing beast, staging tree