util-bpf: introduce custom BPF compile functions

We can't get error from pcap_compile_nopcap() so let's get our own function and output message.
7 years ago · 3c566e0f89
parent e98b5e4946
commit 3c566e0f89
3 changed files with 107 additions and 0 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -405,6 +405,7 @@ util-atomic.c util-atomic.h \
 util-base64.c util-base64.h \
 util-bloomfilter-counting.c util-bloomfilter-counting.h \
 util-bloomfilter.c util-bloomfilter.h \
+util-bpf.c util-bpf.h \
 util-buffer.c util-buffer.h \
 util-byte.c util-byte.h \
 util-checksum.c util-checksum.h \
--- a/src/util-bpf.c
+++ b/src/util-bpf.c
@ -0,0 +1,73 @@
+/* Copyright (C) 2018 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Eric Leblond <eric@regit.org>
+ */
+
+
+#include "suricata-common.h"
+#include "config.h"
+#include "suricata.h"
+#include "util-bpf.h"
+
+
+/** protect bpf filter build, as it is not thread safe */
+static SCMutex bpf_set_filter_lock = SCMUTEX_INITIALIZER;
+
+void SCBPFFree(struct bpf_program *program)
+{
+    if (program)
+        pcap_freecode(program);
+}
+
+int SCBPFCompile(int snaplen_arg, int linktype_arg, struct bpf_program *program,
+                 const char *buf, int optimize, uint32_t mask,
+                 char *errbuf, size_t errbuf_len)
+{
+    pcap_t *p;
+    int ret;
+
+    p = pcap_open_dead(linktype_arg, snaplen_arg);
+    if (p == NULL)
+        return (-1);
+
+    SCMutexLock(&bpf_set_filter_lock);
+    ret = pcap_compile(p, program, buf, optimize, mask);
+    if (ret == -1) {
+        if (errbuf) {
+            snprintf(errbuf, errbuf_len, "%s", pcap_geterr(p));
+        }
+        pcap_close(p);
+        SCMutexUnlock(&bpf_set_filter_lock);
+        return (-1);
+    }
+    pcap_close(p);
+    SCMutexUnlock(&bpf_set_filter_lock);
+
+    if (program->bf_insns == NULL) {
+        if (errbuf) {
+            snprintf(errbuf, errbuf_len, "Filter badly setup");
+        }
+        SCBPFFree(program);
+        return (-1);
+    }
+
+    return (ret);
+}
--- a/src/util-bpf.h
+++ b/src/util-bpf.h
@ -0,0 +1,33 @@
+/* Copyright (C) 2018 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Eric Leblond <eric@regit.org>
+ */
+
+#ifndef __UTIL_BPF_H__
+#define __UTIL_BPF_H__
+
+int SCBPFCompile(int snaplen_arg, int linktype_arg, struct bpf_program *program,
+                 const char *buf, int optimize, uint32_t mask,
+                 char *errbuf, size_t errbuf_len);
+
+void SCBPFFree(struct bpf_program *program);
+
+#endif /* __UTIL_BPF_H__ */