|
|
|
@ -85,6 +85,8 @@ struct bpf_program {
|
|
|
|
#include <pcap/pcap.h>
|
|
|
|
#include <pcap/pcap.h>
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#include "util-bpf.h"
|
|
|
|
|
|
|
|
|
|
|
|
#if HAVE_LINUX_IF_ETHER_H
|
|
|
|
#if HAVE_LINUX_IF_ETHER_H
|
|
|
|
#include <linux/if_ether.h>
|
|
|
|
#include <linux/if_ether.h>
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
@ -177,9 +179,6 @@ TmEcode NoAFPSupportExit(ThreadVars *tv, const void *initdata, void **data)
|
|
|
|
#define TP_STATUS_VLAN_VALID (1 << 4)
|
|
|
|
#define TP_STATUS_VLAN_VALID (1 << 4)
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
/** protect pfring_set_bpf_filter, as it is not thread safe */
|
|
|
|
|
|
|
|
static SCMutex afpacket_bpf_set_filter_lock = SCMUTEX_INITIALIZER;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
enum {
|
|
|
|
enum {
|
|
|
|
AFP_READ_OK,
|
|
|
|
AFP_READ_OK,
|
|
|
|
AFP_READ_FAILURE,
|
|
|
|
AFP_READ_FAILURE,
|
|
|
|
@ -2206,7 +2205,6 @@ static int AFPCreateSocket(AFPThreadVars *ptv, char *devname, int verbose)
|
|
|
|
|
|
|
|
|
|
|
|
TmEcode rc = AFPSetBPFFilter(ptv);
|
|
|
|
TmEcode rc = AFPSetBPFFilter(ptv);
|
|
|
|
if (rc == TM_ECODE_FAILED) {
|
|
|
|
if (rc == TM_ECODE_FAILED) {
|
|
|
|
SCLogError(SC_ERR_AFP_CREATE, "Set AF_PACKET bpf filter \"%s\" failed.", ptv->bpf_filter);
|
|
|
|
|
|
|
|
ret = AFP_FATAL_ERROR;
|
|
|
|
ret = AFP_FATAL_ERROR;
|
|
|
|
goto socket_err;
|
|
|
|
goto socket_err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -2249,27 +2247,22 @@ TmEcode AFPSetBPFFilter(AFPThreadVars *ptv)
|
|
|
|
if (!ptv->bpf_filter)
|
|
|
|
if (!ptv->bpf_filter)
|
|
|
|
return TM_ECODE_OK;
|
|
|
|
return TM_ECODE_OK;
|
|
|
|
|
|
|
|
|
|
|
|
SCMutexLock(&afpacket_bpf_set_filter_lock);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SCLogInfo("Using BPF '%s' on iface '%s'",
|
|
|
|
SCLogInfo("Using BPF '%s' on iface '%s'",
|
|
|
|
ptv->bpf_filter,
|
|
|
|
ptv->bpf_filter,
|
|
|
|
ptv->iface);
|
|
|
|
ptv->iface);
|
|
|
|
if (pcap_compile_nopcap(default_packet_size, /* snaplen_arg */
|
|
|
|
|
|
|
|
|
|
|
|
char errbuf[PCAP_ERRBUF_SIZE];
|
|
|
|
|
|
|
|
if (SCBPFCompile(default_packet_size, /* snaplen_arg */
|
|
|
|
ptv->datalink, /* linktype_arg */
|
|
|
|
ptv->datalink, /* linktype_arg */
|
|
|
|
&filter, /* program */
|
|
|
|
&filter, /* program */
|
|
|
|
ptv->bpf_filter, /* const char *buf */
|
|
|
|
ptv->bpf_filter, /* const char *buf */
|
|
|
|
1, /* optimize */
|
|
|
|
1, /* optimize */
|
|
|
|
0 /* mask */
|
|
|
|
0, /* mask */
|
|
|
|
) == -1) {
|
|
|
|
errbuf,
|
|
|
|
SCLogError(SC_ERR_AFP_CREATE, "Filter compilation failed.");
|
|
|
|
sizeof(errbuf)) == -1) {
|
|
|
|
SCMutexUnlock(&afpacket_bpf_set_filter_lock);
|
|
|
|
SCLogError(SC_ERR_AFP_CREATE, "Failed to compile BPF \"%s\": %s",
|
|
|
|
return TM_ECODE_FAILED;
|
|
|
|
ptv->bpf_filter,
|
|
|
|
}
|
|
|
|
errbuf);
|
|
|
|
SCMutexUnlock(&afpacket_bpf_set_filter_lock);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (filter.bf_insns == NULL) {
|
|
|
|
|
|
|
|
SCLogError(SC_ERR_AFP_CREATE, "Filter badly setup.");
|
|
|
|
|
|
|
|
pcap_freecode(&filter);
|
|
|
|
|
|
|
|
return TM_ECODE_FAILED;
|
|
|
|
return TM_ECODE_FAILED;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@ -2278,7 +2271,7 @@ TmEcode AFPSetBPFFilter(AFPThreadVars *ptv)
|
|
|
|
|
|
|
|
|
|
|
|
rc = setsockopt(ptv->socket, SOL_SOCKET, SO_ATTACH_FILTER, &fcode, sizeof(fcode));
|
|
|
|
rc = setsockopt(ptv->socket, SOL_SOCKET, SO_ATTACH_FILTER, &fcode, sizeof(fcode));
|
|
|
|
|
|
|
|
|
|
|
|
pcap_freecode(&filter);
|
|
|
|
SCBPFFree(&filter);
|
|
|
|
if(rc == -1) {
|
|
|
|
if(rc == -1) {
|
|
|
|
SCLogError(SC_ERR_AFP_CREATE, "Failed to attach filter: %s", strerror(errno));
|
|
|
|
SCLogError(SC_ERR_AFP_CREATE, "Failed to attach filter: %s", strerror(errno));
|
|
|
|
return TM_ECODE_FAILED;
|
|
|
|
return TM_ECODE_FAILED;
|
|
|
|
|
Eric Leblond
7 years ago