Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minimal BPF support #8

Open
nbareil opened this issue Jul 12, 2013 · 0 comments
Open

Minimal BPF support #8

nbareil opened this issue Jul 12, 2013 · 0 comments
Labels
wishlist

Comments

@nbareil
Copy link
Owner

nbareil commented Jul 12, 2013

It would be convenient to support BPF filters in a minimal way, where the user provides directly the BPF opcodes.

Most of the work is already done by the tcpdump compiler, which can dump raw opcodes on stdout. We just need some glue (the following bpf2binary.py code) to import it into net2pcap through a setsockopt(s, SO_ATTACH_FILTER. ...)

#! /usr/bin/env python

import fileinput
import struct

out=[]
for line in fileinput.input():
    digits = map(int, line.split())
    if len(digits) != 4: # skip first line
        continue
    binary = struct.pack('=hbbI', *digits)
    out.append(binary)
print ''.join(out)

And then:

bpf_isn=$(tcpdump -i eth0 -ddd port 25 | ./bpf2binary.py)
net2pcap -i eth0 -F "$bpf_isn"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wishlist
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nbareil