static int afpacket_daq_set_filter(void *handle, const char *filter)
{
AFPacket_Context_t *afpc = (AFPacket_Context_t *) handle;
struct sfbpf_program fcode;
if (afpc->filter)
free(afpc->filter);
afpc->filter = strdup(filter);
if (!afpc->filter)
{
DPE(afpc->errbuf, "%s: Couldn't allocate memory for the filter string!", __FUNCTION__);
return DAQ_ERROR;
}
if (sfbpf_compile(afpc->snaplen, DLT_EN10MB, &fcode, afpc->filter, 1, 0) < 0)
{
DPE(afpc->errbuf, "%s: BPF state machine compilation failed!", __FUNCTION__);
return DAQ_ERROR;
}
sfbpf_freecode(&afpc->fcode);
afpc->fcode.bf_len = fcode.bf_len;
afpc->fcode.bf_insns = fcode.bf_insns;
return DAQ_SUCCESS;
}
static int pfring_daq_set_filter(void *handle, const char *filter) {
Pfring_Context_t *context = (Pfring_Context_t *) handle;
int ret, i;
struct sfbpf_program fcode;
if(context->ring_handles[DAQ_PF_RING_PASSIVE_DEV_IDX]) {
if(sfbpf_compile(context->snaplen, DLT_EN10MB, &fcode,
filter, 0 /* 1: optimize */, htonl(context->netmask)) < 0) {
DPE(context->errbuf, "%s: BPF state machine compilation failed!", __FUNCTION__);
return DAQ_ERROR;
}
ret = DAQ_SUCCESS;
for (i = 0; i < context->num_devices; i++) {
if(setsockopt(pfring_get_selectable_fd(context->ring_handles[i]), 0,
SO_ATTACH_FILTER, &fcode, sizeof(fcode)) != 0) {
ret = DAQ_ERROR;
}
}
sfbpf_freecode(&fcode);
} else {
/* Just check if the filter is valid */
if(sfbpf_compile(context->snaplen, DLT_EN10MB, &fcode,
filter, 0 /* 1: optimize */, 0 /* netmask */) < 0) {
DPE(context->errbuf, "%s: BPF state machine compilation failed!", __FUNCTION__);
return DAQ_ERROR;
}
ret = DAQ_SUCCESS;
if(context->filter_string)
free(context->filter_string);
context->filter_string = strdup(filter);
if(!context->filter_string) {
DPE(context->errbuf, "%s: Couldn't allocate memory for the filter string!",
__FUNCTION__);
ret = DAQ_ERROR;
}
sfbpf_freecode(&fcode);
}
return ret;
}
int
main()
{
struct sfbpf_program fcode;
const char *filter = "tcp";
char data[1514];
int len = 1514;
memset(data, 0, sizeof(data));
if (sfbpf_compile(1514, DLT_EN10MB, &fcode, filter, 1, 0) < 0) {
fprintf(stderr, "%s: BPF state machine compilation failed!", __FUNCTION__);
return EXIT_FAILURE;
}
if (fcode.bf_insns && sfbpf_filter(fcode.bf_insns, data, len, len) == 0) {
fprintf(stderr, "Packet ignored!\n");
}
sfbpf_freecode(&fcode);
return EXIT_SUCCESS;
}
static int ipq_daq_set_filter (void* handle, const char* filter)
{
IpqImpl* impl = (IpqImpl*)handle;
struct sfbpf_program fcode;
if (sfbpf_compile(impl->snaplen, DLT_RAW, &fcode, filter, 1, 0) < 0)
{
DPE(impl->error, "%s: failed to compile '%s'",
__FUNCTION__, filter);
return DAQ_ERROR;
}
if ( impl->filter )
free((void *)impl->filter);
if ( impl->fcode.bf_insns )
free(impl->fcode.bf_insns);
impl->filter = strdup(filter);
impl->fcode = fcode;
return DAQ_SUCCESS;
}
static int nfq_daq_set_filter (void* handle, const char* filter)
{
NfqImpl* impl = (NfqImpl*)handle;
struct sfbpf_program fcode;
int dlt = IP4(impl) ? DLT_IPV4 : DLT_IPV6;
if (sfbpf_compile(impl->snaplen, dlt, &fcode, filter, 1, 0) < 0)
{
DPE(impl->error, "%s: failed to compile bpf '%s'",
__FUNCTION__, filter);
return DAQ_ERROR;
}
if ( impl->filter )
free((void *)impl->filter);
if ( impl->fcode.bf_insns )
free(impl->fcode.bf_insns);
impl->filter = strdup(filter);
impl->fcode = fcode;
return DAQ_SUCCESS;
}
