2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2009, 2010 Daniel Borkmann.
5 * Subject to the GPL, version 2.
11 #include <linux/filter.h>
14 #include <sys/types.h>
20 typedef uint32_t bpf_u_int32
;
22 extern void bpf_dump_all(struct sock_fprog
*bpf
);
23 extern int bpf_validate(const struct sock_fprog
*bpf
);
24 extern uint32_t bpf_run_filter(const struct sock_fprog
*bpf
, uint8_t *packet
,
26 extern void bpf_attach_to_sock(int sock
, struct sock_fprog
*bpf
);
27 extern void bpf_detach_from_sock(int sock
);
28 extern void bpf_parse_rules(char *rulefile
, struct sock_fprog
*bpf
);
30 /* For bleeding edge kernels! A JIT compiler for BPF. */
31 static inline void enable_kernel_bpf_jit_compiler(void)
35 char *file
= "/proc/sys/net/core/bpf_jit_enable";
36 fd
= open(file
, O_WRONLY
);
39 ret
= write(fd
, "1", strlen("1"));
47 * The instruction encodings.
49 /* instruction classes */
50 #define BPF_CLASS(code) ((code) & 0x07)
61 #define BPF_SIZE(code) ((code) & 0x18)
65 #define BPF_MODE(code) ((code) & 0xe0)
74 #define BPF_OP(code) ((code) & 0xf0)
89 #define BPF_SRC(code) ((code) & 0x08)
93 /* ret - BPF_K and BPF_X also apply */
94 #define BPF_RVAL(code) ((code) & 0x18)
98 #define BPF_MISCOP(code) ((code) & 0xf8)
102 /* Hidden Linux kernel BPF extensions */
104 * RATIONALE. Negative offsets are invalid in BPF.
105 * We use them to reference ancillary data.
106 * Unlike introduction new instructions, it does not break
107 * existing compilers/optimizers.
111 # define SKF_AD_OFF (-0x1000)
113 #ifndef SKF_AD_PROTOCOL
114 # define SKF_AD_PROTOCOL 0
116 #ifndef SKF_AD_PKTTYPE
117 # define SKF_AD_PKTTYPE 4
119 #ifndef SKF_AD_IFINDEX
120 # define SKF_AD_IFINDEX 8
122 #ifndef SKF_AD_NLATTR
123 # define SKF_AD_NLATTR 12
125 #ifndef SKF_AD_NLATTR_NEST
126 # define SKF_AD_NLATTR_NEST 16
129 # define SKF_AD_MARK 20
132 # define SKF_AD_QUEUE 24
134 #ifndef SKF_AD_HATYPE
135 # define SKF_AD_HATYPE 28
137 #ifndef SKF_AD_RXHASH
138 # define SKF_AD_RXHASH 32
141 # define SKF_AD_CPU 36