Re: [PATCH] utils: bpf_compile

[Daniel Borkmann <dborkman@xxxxxxxxxx>]

On 02/21/2013 05:35 AM, Willem de Bruijn wrote:
> On Wed, Feb 20, 2013 at 5:38 AM, Daniel Borkmann <dborkman@xxxxxxxxxx> wrote:
> > On 02/18/2013 04:44 AM, Willem de Bruijn wrote:
> > > A BPF compiler to convert tcpudmp expressions to the decimal format
> > > accepted
> > > by the libxt_bpf.
> >
> > [...]
> >
> > > --- /dev/null
> > > +++ b/utils/bpf_compile.c
> > > @@ -0,0 +1,55 @@
> > > +/*
> > > + * BPF program compilation tool
> > > + *
> > > + * Generates decimal output, similar to `tcpdump -ddd ...`.
> > > + * Unlike tcpdump, will generate for any given link layer type.
> > > + *
> > > + * There is no makefile:
> > > + * compile with `gcc -Wall -o bpf2decimal bpf2decimal.c -lpcap` or
> > > similar.
> > > + *
> > > + * Written by Willem de Bruijn (willemb@xxxxxxxxxx)
> > > + * Copyright Google, Inc. 2013
> > > + * Licensed under the GNU General Public License version 2 (GPLv2)
> > > +*/
> > > +
> > > +#include <pcap.h>
> > > +#include <stdio.h>
> > > +
> > > +int main(int argc, char **argv)
> > > +{
> > > +       struct bpf_program program;
> > > +       struct bpf_insn *ins;
> > > +       int i, dlt = DLT_RAW;
> > > +
> > > +       if (argc < 2 || argc > 3) {
> > > +               fprintf(stderr, "Usage:    %s [link] '<program>'\n\n"
> > > +                               "          link is a pcap linklayer
> > > type:\n"
> > > +                               "          one of EN10MB, RAW, SLIP,
> > > ...\n\n"
> > > +                               "Examples: %s RAW 'tcp and greater 100'\n"
> > > +                               "          %s EN10MB 'ip proto 47'\n'",
> > > +                               argv[0], argv[0], argv[0]);
> > > +               return 1;
> > > +       }
> > > +
> > > +       if (argc == 3) {
> > > +               dlt = pcap_datalink_name_to_val(argv[1]);
> > > +               if (dlt == -1) {
> > > +                       fprintf(stderr, "Unknown datalinktype: %s\n",
> > > argv[1]);
> > > +                       return 1;
> > > +               }
> > > +       }
> > > +
> > > +       if (pcap_compile_nopcap(65535, dlt, &program, argv[argc - 1], 1,
> > > +                               PCAP_NETMASK_UNKNOWN)) {
> > > +               fprintf(stderr, "Compilation error\n");
> > > +               return 1;
> > > +       }
> > > +
> > > +       printf("%d\n", program.bf_len);
> > > +       ins = program.bf_insns;
> > > +       for (i = 0; i < program.bf_len; ++ins, ++i)
> > > +               printf("%u %u %u %u\n", ins->code, ins->jt, ins->jf,
> > > ins->k);
> >
> >
> > Here I think you should release the internally allocated memory by adding a:
> >
> >          pcap_freecode(&program);
>
> Thanks for catching that, Daniel. I'll hold off respinning the patch
> to see if there is other feedback, but will fix this in the next
> revision.

Thanks, otherwise I think the user space utility looks good.

I've also just added support for this output format into bpfc
(netsniff-ng Git tree), in case low-level filter devel/debugging
is needed, e.g. bpfc -Di <file>.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html