Esempio n. 1
0
	"fmt"
	"net"
	"os"
	"runtime"
	"syscall"
	"time"
)

var bpf *os.File
var bpfFd int
var buflen int

var bpfArpFilter = []syscall.BpfInsn{
	// make sure this is an arp packet
	*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, 12),
	*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x0806, 0, 1),
	// if we passed all the tests, ask for the whole packet.
	*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, -1),
	// otherwise, drop it.
	*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),
}

func initialize(iface net.Interface) (err error) {
	verboseLog.Println("search available /dev/bpfX")
	for i := 0; i <= 10; i++ {
		bpfPath := fmt.Sprintf("/dev/bpf%d", i)
		bpf, err = os.OpenFile(bpfPath, os.O_RDWR, 0666)
		if err != nil {
			verboseLog.Printf("  open failed: %s - %s\n", bpfPath, err.Error())
		} else {
			verboseLog.Printf("  open success: %s\n", bpfPath)
Esempio n. 2
0
 BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, 0x1fff, 6, 0),
 BPF_STMT(BPF_LDX+BPF_B+BPF_MSH, 14),
 BPF_STMT(BPF_LD+BPF_H+BPF_IND, 14),
 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 79, 2, 0),
 BPF_STMT(BPF_LD+BPF_H+BPF_IND, 16),
 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 79, 0, 1),
 BPF_STMT(BPF_RET+BPF_K, (u_int)-1),
 BPF_STMT(BPF_RET+BPF_K, 0),
}
*/

// tcp and dst port 80
var bpfHTTPFilterProg = []syscall.BpfInsn{
	// if EtherType is IPv4 (at offset (2*6), with VLAN tag (2*6+4))
	*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, 12),
	*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x0800, 2, 0),
	// if EtherType is IPv6 (= 0x86DD)
	*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x86DD, 8, 0),
	// drop it.
	*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),

	// if IPProto is TCP over IPv4
	*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_B+syscall.BPF_ABS, (14 + 9)),
	*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 6, 1, 0),
	// drop it.
	*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),
	// if dst port is 80
	*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, (14 + 20 + 2)),
	*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 80, 1, 0),
	// drop it.
	*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),
Esempio n. 3
0
package main

import (
	"fmt"
	"log"
	"net"
	"os"
	"syscall"
	"unsafe"
)

var ipv6OverEthernet = []syscall.BpfInsn{
	// make sure this is an IPv6 packet.
	*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, 12),
	*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x86dd, 0, 1),
	// if we passed all the tests, ask for the whole packet.
	*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, -1),
	// otherwise, drop it.
	*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),
}

func bpfFile() (*os.File, error) {
	for i := 0; i < 10; i++ {
		f, err := os.OpenFile(fmt.Sprintf("/dev/bpf%d", i), os.O_RDWR, 0666)
		if err == nil {
			return f, nil
		}
	}
	return nil, syscall.ENOENT
}