Esempio n. 1
0
// SetBPFFilter compiles and sets a BPF filter for the pcap handle.
func (p *Handle) SetBPFFilter(expr string) (err error) {
	bpf, err := p.compileBPFFilter(expr)
	defer C.pcap_freecode(&bpf)
	if err != nil {
		return err
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Error()
	}

	return nil
}
Esempio n. 2
0
// SetBPFInstructionFilter may be used to apply a filter in BPF asm byte code format.
//
// Simplest way to generate BPF asm byte code is with tcpdump:
//     tcpdump -dd 'udp'
//
// The output may be used directly to add a filter, e.g.:
//     bpfInstructions := []pcap.BpfInstruction{
//			{0x28, 0, 0, 0x0000000c},
//			{0x15, 0, 9, 0x00000800},
//			{0x30, 0, 0, 0x00000017},
//			{0x15, 0, 7, 0x00000006},
//			{0x28, 0, 0, 0x00000014},
//			{0x45, 5, 0, 0x00001fff},
//			{0xb1, 0, 0, 0x0000000e},
//			{0x50, 0, 0, 0x0000001b},
//			{0x54, 0, 0, 0x00000012},
//			{0x15, 0, 1, 0x00000012},
//			{0x6, 0, 0, 0x0000ffff},
//			{0x6, 0, 0, 0x00000000},
//		}
//
// An other posibility is to write the bpf code in bpf asm.
// Documentation: https://www.kernel.org/doc/Documentation/networking/filter.txt
//
// To compile the code use bpf_asm from
// https://github.com/torvalds/linux/tree/master/tools/net
//
// The following command may be used to convert bpf_asm output to c/go struct, usable for SetBPFFilterByte:
// bpf_asm -c tcp.bpf
func (p *Handle) SetBPFInstructionFilter(bpfInstructions []BPFInstruction) (err error) {
	bpf, err := bpfInstructionFilter(bpfInstructions)
	if err != nil {
		return err
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Error()
	}

	C.pcap_freecode(&bpf)

	return nil
}
Esempio n. 3
0
func (p *Pcap) Setfilter(expr string) (err string) {
	var bpf _Ctype_struct_bpf_program

	if -1 == C.pcap_compile(p.cptr, &bpf, C.CString(expr), 1, 0) {
		return p.Geterror()
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Geterror()
	}

	C.pcap_freecode(&bpf)
	return ""
}
Esempio n. 4
0
func (p *Pcap) SetFilter(expr string) (err error) {
	var bpf _Ctype_struct_bpf_program
	cexpr := C.CString(expr)
	defer C.free(unsafe.Pointer(cexpr))

	if -1 == C.pcap_compile(p.cptr, &bpf, cexpr, 1, 0) {
		return p.Geterror()
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Geterror()
	}
	C.pcap_freecode(&bpf)
	return nil
}
Esempio n. 5
0
// SetBPFFilter compiles and sets a BPF filter for the pcap handle.
func (p *Handle) SetBPFFilter(expr string) (err error) {
	p.activate.Do(p.activation)
	var bpf _Ctype_struct_bpf_program
	cexpr := C.CString(expr)
	defer C.free(unsafe.Pointer(cexpr))

	if -1 == C.pcap_compile(p.cptr, &bpf, cexpr, 1, 0) {
		return p.Error()
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Error()
	}
	C.pcap_freecode(&bpf)
	return nil
}
Esempio n. 6
0
// SetBPFFilter compiles and sets a BPF filter for the pcap handle.
func (p *Handle) SetBPFFilter(expr string) (err error) {
	errorBuf := (*C.char)(C.calloc(errorBufferSize, 1))
	defer C.free(unsafe.Pointer(errorBuf))

	var netp uint32
	var maskp uint32

	// Only do the lookup on network interfaces.
	// No device indicates we're handling a pcap file.
	if len(p.device) > 0 {
		dev := C.CString(p.device)
		defer C.free(unsafe.Pointer(dev))
		if -1 == C.pcap_lookupnet(
			dev,
			(*C.bpf_u_int32)(unsafe.Pointer(&netp)),
			(*C.bpf_u_int32)(unsafe.Pointer(&maskp)),
			errorBuf,
		) {
			// We can't lookup the network, but that could be because the interface
			// doesn't have an IPv4.
		}
	}

	var bpf _Ctype_struct_bpf_program
	cexpr := C.CString(expr)
	defer C.free(unsafe.Pointer(cexpr))

	if -1 == C.pcap_compile(p.cptr, &bpf, cexpr, 1, C.bpf_u_int32(maskp)) {
		return p.Error()
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Error()
	}

	C.pcap_freecode(&bpf)

	return nil
}
Esempio n. 7
0
// Setfilter compiles a filter string into a bpf program and sets the filter.
func (p *Pcap) Setfilter(expr string) error {
	cexpr := C.CString(expr)
	defer C.free(unsafe.Pointer(cexpr))

	var bpf C.struct_bpf_program
	res := C.pcap_compile(p.cptr, &bpf, cexpr, C.int(OptimizeFilters),
		C.PCAP_NETMASK_UNKNOWN)
	if res == C.PCAP_ERROR {
		return p.GetErr()
	}

	res = C.pcap_setfilter(p.cptr, &bpf)
	if res == C.PCAP_ERROR {
		C.pcap_freecode(&bpf)
		return p.GetErr()
	}

	p.Filters = append(p.Filters, expr)

	C.pcap_freecode(&bpf)
	return nil
}
Esempio n. 8
0
func (p *Pcap) Setfilter(expr string) os.Error {
	var bpf C.struct_bpf_program
	cexpr := C.CString(expr)
	defer C.free(unsafe.Pointer(cexpr))

	if C.pcap_compile(p.cptr, &bpf, cexpr, 1, 0) == -1 {
		return os.NewError(p.Geterror())
	}
	defer C.pcap_freecode(&bpf)

	if C.pcap_setfilter(p.cptr, &bpf) == -1 {
		return os.NewError(p.Geterror())
	}

	return nil
}
Esempio n. 9
0
// CompileBPFFilter compiles and returns a BPF filter for the pcap handle.
func (p *Handle) CompileBPFFilter(expr string) ([]BPFInstruction, error) {
	bpf, err := p.compileBPFFilter(expr)
	defer C.pcap_freecode(&bpf)
	if err != nil {
		return nil, err
	}

	bpfInsn := (*[bpfInstructionBufferSize]_Ctype_struct_bpf_insn)(unsafe.Pointer(bpf.bf_insns))[0:bpf.bf_len:bpf.bf_len]
	bpfInstruction := make([]BPFInstruction, len(bpfInsn), len(bpfInsn))

	for i, v := range bpfInsn {
		bpfInstruction[i].Code = uint16(v.code)
		bpfInstruction[i].Jt = uint8(v.jt)
		bpfInstruction[i].Jf = uint8(v.jf)
		bpfInstruction[i].K = uint32(v.k)
	}

	return bpfInstruction, nil
}
Esempio n. 10
0
func destroyBPF(bpf *BPF) {
	C.pcap_freecode(&bpf.bpf)
}