示例#1
0
 BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 20),
 BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, 0x1fff, 6, 0),
 BPF_STMT(BPF_LDX+BPF_B+BPF_MSH, 14),
 BPF_STMT(BPF_LD+BPF_H+BPF_IND, 14),
 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 79, 2, 0),
 BPF_STMT(BPF_LD+BPF_H+BPF_IND, 16),
 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 79, 0, 1),
 BPF_STMT(BPF_RET+BPF_K, (u_int)-1),
 BPF_STMT(BPF_RET+BPF_K, 0),
}
*/

// tcp and dst port 80
var bpfHTTPFilterProg = []syscall.BpfInsn{
	// if EtherType is IPv4 (at offset (2*6), with VLAN tag (2*6+4))
	*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, 12),
	*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x0800, 2, 0),
	// if EtherType is IPv6 (= 0x86DD)
	*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x86DD, 8, 0),
	// drop it.
	*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),

	// if IPProto is TCP over IPv4
	*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_B+syscall.BPF_ABS, (14 + 9)),
	*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 6, 1, 0),
	// drop it.
	*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),
	// if dst port is 80
	*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, (14 + 20 + 2)),
	*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 80, 1, 0),
	// drop it.
示例#2
0
	"errors"
	"fmt"
	"net"
	"os"
	"runtime"
	"syscall"
	"time"
)

var bpf *os.File
var bpfFd int
var buflen int

var bpfArpFilter = []syscall.BpfInsn{
	// make sure this is an arp packet
	*syscall.BpfStmt(syscall.BPF_LD+syscall.BPF_H+syscall.BPF_ABS, 12),
	*syscall.BpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, 0x0806, 0, 1),
	// if we passed all the tests, ask for the whole packet.
	*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, -1),
	// otherwise, drop it.
	*syscall.BpfStmt(syscall.BPF_RET+syscall.BPF_K, 0),
}

func initialize(iface net.Interface) (err error) {
	verboseLog.Println("search available /dev/bpfX")
	for i := 0; i <= 10; i++ {
		bpfPath := fmt.Sprintf("/dev/bpf%d", i)
		bpf, err = os.OpenFile(bpfPath, os.O_RDWR, 0666)
		if err != nil {
			verboseLog.Printf("  open failed: %s - %s\n", bpfPath, err.Error())
		} else {