"fmt" "net" "os" "runtime" "syscall" "time" ) var bpf *os.File var bpfFd int var buflen int var bpfArpFilter = []syscall.BpfInsn{ // make sure this is an arp packet *syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, 12), *syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x0806, 0, 1), // if we passed all the tests, ask for the whole packet. *syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, -1), // otherwise, drop it. *syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0), } func initialize(iface net.Interface) (err error) { verboseLog.Println("search available /dev/bpfX") for i := 0; i <= 10; i++ { bpfPath := fmt.Sprintf("/dev/bpf%d", i) bpf, err = os.OpenFile(bpfPath, os.O_RDWR, 0666) if err != nil { verboseLog.Printf(" open failed: %s - %s\n", bpfPath, err.Error()) } else { verboseLog.Printf(" open success: %s\n", bpfPath)
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, 0x1fff, 6, 0), BPF_STMT(BPF_LDX+BPF_B+BPF_MSH, 14), BPF_STMT(BPF_LD+BPF_H+BPF_IND, 14), BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 79, 2, 0), BPF_STMT(BPF_LD+BPF_H+BPF_IND, 16), BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 79, 0, 1), BPF_STMT(BPF_RET+BPF_K, (u_int)-1), BPF_STMT(BPF_RET+BPF_K, 0), } */ // tcp and dst port 80 var bpfHTTPFilterProg = []syscall.BpfInsn{ // if EtherType is IPv4 (at offset (2*6), with VLAN tag (2*6+4)) *syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, 12), *syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x0800, 2, 0), // if EtherType is IPv6 (= 0x86DD) *syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x86DD, 8, 0), // drop it. *syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0), // if IPProto is TCP over IPv4 *syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_B+syscall.BPF_ABS, (14 + 9)), *syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 6, 1, 0), // drop it. *syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0), // if dst port is 80 *syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, (14 + 20 + 2)), *syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 80, 1, 0), // drop it. *syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),
package main import ( "fmt" "log" "net" "os" "syscall" "unsafe" ) var ipv6OverEthernet = []syscall.BpfInsn{ // make sure this is an IPv6 packet. *syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, 12), *syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x86dd, 0, 1), // if we passed all the tests, ask for the whole packet. *syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, -1), // otherwise, drop it. *syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0), } func bpfFile() (*os.File, error) { for i := 0; i < 10; i++ { f, err := os.OpenFile(fmt.Sprintf("/dev/bpf%d", i), os.O_RDWR, 0666) if err == nil { return f, nil } } return nil, syscall.ENOENT }