Re: [PATCH] utils: bpf_compile

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Feb 20, 2013 at 5:38 AM, Daniel Borkmann <dborkman@xxxxxxxxxx> wrote:
> On 02/18/2013 04:44 AM, Willem de Bruijn wrote:
>>
>> A BPF compiler to convert tcpudmp expressions to the decimal format
>> accepted
>> by the libxt_bpf.
>
>
> [...]
>
>
>> --- /dev/null
>> +++ b/utils/bpf_compile.c
>> @@ -0,0 +1,55 @@
>> +/*
>> + * BPF program compilation tool
>> + *
>> + * Generates decimal output, similar to `tcpdump -ddd ...`.
>> + * Unlike tcpdump, will generate for any given link layer type.
>> + *
>> + * There is no makefile:
>> + * compile with `gcc -Wall -o bpf2decimal bpf2decimal.c -lpcap` or
>> similar.
>> + *
>> + * Written by Willem de Bruijn (willemb@xxxxxxxxxx)
>> + * Copyright Google, Inc. 2013
>> + * Licensed under the GNU General Public License version 2 (GPLv2)
>> +*/
>> +
>> +#include <pcap.h>
>> +#include <stdio.h>
>> +
>> +int main(int argc, char **argv)
>> +{
>> +       struct bpf_program program;
>> +       struct bpf_insn *ins;
>> +       int i, dlt = DLT_RAW;
>> +
>> +       if (argc < 2 || argc > 3) {
>> +               fprintf(stderr, "Usage:    %s [link] '<program>'\n\n"
>> +                               "          link is a pcap linklayer
>> type:\n"
>> +                               "          one of EN10MB, RAW, SLIP,
>> ...\n\n"
>> +                               "Examples: %s RAW 'tcp and greater 100'\n"
>> +                               "          %s EN10MB 'ip proto 47'\n'",
>> +                               argv[0], argv[0], argv[0]);
>> +               return 1;
>> +       }
>> +
>> +       if (argc == 3) {
>> +               dlt = pcap_datalink_name_to_val(argv[1]);
>> +               if (dlt == -1) {
>> +                       fprintf(stderr, "Unknown datalinktype: %s\n",
>> argv[1]);
>> +                       return 1;
>> +               }
>> +       }
>> +
>> +       if (pcap_compile_nopcap(65535, dlt, &program, argv[argc - 1], 1,
>> +                               PCAP_NETMASK_UNKNOWN)) {
>> +               fprintf(stderr, "Compilation error\n");
>> +               return 1;
>> +       }
>> +
>> +       printf("%d\n", program.bf_len);
>> +       ins = program.bf_insns;
>> +       for (i = 0; i < program.bf_len; ++ins, ++i)
>> +               printf("%u %u %u %u\n", ins->code, ins->jt, ins->jf,
>> ins->k);
>
>
> Here I think you should release the internally allocated memory by adding a:
>
>         pcap_freecode(&program);

Thanks for catching that, Daniel. I'll hold off respinning the patch
to see if there is other feedback, but will fix this in the next
revision.

>
>> +       return 0;
>> +}
>> +
>>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux