2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2009, 2010 Daniel Borkmann.
5 * Subject to the GPL, version 2.
11 #include <linux/filter.h>
17 extern void bpf_dump_op_table(void);
18 extern void bpf_dump_all(struct sock_fprog
*bpf
);
19 extern int bpf_validate(const struct sock_fprog
*bpf
);
20 extern uint32_t bpf_run_filter(const struct sock_fprog
*bpf
, uint8_t *packet
,
22 extern void bpf_attach_to_sock(int sock
, struct sock_fprog
*bpf
);
23 extern void bpf_detach_from_sock(int sock
);
24 extern int enable_kernel_bpf_jit_compiler(void);
25 extern void bpf_parse_rules(char *rulefile
, struct sock_fprog
*bpf
);
27 static inline void bpf_release(struct sock_fprog
*bpf
)
33 * The instruction encodings.
35 /* instruction classes */
36 #define BPF_CLASS(code) ((code) & 0x07)
47 #define BPF_SIZE(code) ((code) & 0x18)
52 #define BPF_MODE(code) ((code) & 0xe0)
61 #define BPF_OP(code) ((code) & 0xf0)
80 #define BPF_SRC(code) ((code) & 0x08)
84 /* ret - BPF_K and BPF_X also apply */
85 #define BPF_RVAL(code) ((code) & 0x18)
89 #define BPF_MISCOP(code) ((code) & 0xf8)
93 /* Hidden Linux kernel BPF extensions */
95 * RATIONALE. Negative offsets are invalid in BPF.
96 * We use them to reference ancillary data.
97 * Unlike introduction new instructions, it does not break
98 * existing compilers/optimizers.
102 # define SKF_AD_OFF (-0x1000)
104 #ifndef SKF_AD_PROTOCOL
105 # define SKF_AD_PROTOCOL 0
107 #ifndef SKF_AD_PKTTYPE
108 # define SKF_AD_PKTTYPE 4
110 #ifndef SKF_AD_IFINDEX
111 # define SKF_AD_IFINDEX 8
113 #ifndef SKF_AD_NLATTR
114 # define SKF_AD_NLATTR 12
116 #ifndef SKF_AD_NLATTR_NEST
117 # define SKF_AD_NLATTR_NEST 16
120 # define SKF_AD_MARK 20
123 # define SKF_AD_QUEUE 24
125 #ifndef SKF_AD_HATYPE
126 # define SKF_AD_HATYPE 28
128 #ifndef SKF_AD_RXHASH
129 # define SKF_AD_RXHASH 32
132 # define SKF_AD_CPU 36
134 #ifndef SKF_AD_VLAN_TAG
135 # define SKF_AD_VLAN_TAG 44
137 #ifndef SKF_AD_VLAN_TAG_PRESENT
138 # define SKF_AD_VLAN_TAG_PRESENT 48