BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 20),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, 0x1fff, 6, 0),
BPF_STMT(BPF_LDX+BPF_B+BPF_MSH, 14),
BPF_STMT(BPF_LD+BPF_H+BPF_IND, 14),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 79, 2, 0),
BPF_STMT(BPF_LD+BPF_H+BPF_IND, 16),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 79, 0, 1),
BPF_STMT(BPF_RET+BPF_K, (u_int)-1),
BPF_STMT(BPF_RET+BPF_K, 0),
}
*/
// tcp and dst port 80
var bpfHTTPFilterProg = []syscall.BpfInsn{
// if EtherType is IPv4 (at offset (2*6), with VLAN tag (2*6+4))
*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, 12),
*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x0800, 2, 0),
// if EtherType is IPv6 (= 0x86DD)
*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x86DD, 8, 0),
// drop it.
*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),
// if IPProto is TCP over IPv4
*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_B+syscall.BPF_ABS, (14 + 9)),
*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 6, 1, 0),
// drop it.
*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),
// if dst port is 80
*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, (14 + 20 + 2)),
*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 80, 1, 0),
// drop it.
"errors"
"fmt"
"net"
"os"
"runtime"
"syscall"
"time"
)
var bpf *os.File
var bpfFd int
var buflen int
var bpfArpFilter = []syscall.BpfInsn{
// make sure this is an arp packet
*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, 12),
*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x0806, 0, 1),
// if we passed all the tests, ask for the whole packet.
*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, -1),
// otherwise, drop it.
*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),
}
func initialize(iface net.Interface) (err error) {
verboseLog.Println("search available /dev/bpfX")
for i := 0; i <= 10; i++ {
bpfPath := fmt.Sprintf("/dev/bpf%d", i)
bpf, err = os.OpenFile(bpfPath, os.O_RDWR, 0666)
if err != nil {
verboseLog.Printf(" open failed: %s - %s\n", bpfPath, err.Error())
} else {