suricata
util-bpf.c
Go to the documentation of this file.
1/* Copyright (C) 2018 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Eric Leblond <eric@regit.org>
22 */
23
24#include "suricata-common.h"
25#include "util-bpf.h"
26#include "threads.h"
27#include "conf.h"
28#include "util-debug.h"
29
30void ConfSetBPFFilter(
31 SCConfNode *if_root, SCConfNode *if_default, const char *iface, const char **bpf_filter)
32{
33 if (*bpf_filter != NULL) {
34 SCLogInfo("BPF filter already configured");
35 return;
36 }
37
38 /* command line value has precedence */
39 if (SCConfGet("bpf-filter", bpf_filter) == 1) {
40 if (strlen(*bpf_filter) > 0) {
41 SCLogConfig("%s: using command-line provided bpf filter '%s'", iface, *bpf_filter);
42 }
43 } else if (SCConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", bpf_filter) ==
44 1) { // reading from a file
45 if (strlen(*bpf_filter) > 0) {
46 SCLogConfig("%s: using file provided bpf filter %s", iface, *bpf_filter);
47 }
48 } else {
49 SCLogDebug("No BPF filter found, skipping");
50 }
51}
52
53/** protect bpf filter build, as it is not thread safe */
54static SCMutex bpf_set_filter_lock = SCMUTEX_INITIALIZER;
55
56void SCBPFFree(struct bpf_program *program)
57{
58 if (program)
59 pcap_freecode(program);
60}
61
62int SCBPFCompile(int snaplen_arg, int linktype_arg, struct bpf_program *program,
63 const char *buf,
64 int optimize, uint32_t mask,
65 char *errbuf, size_t errbuf_len)
66{
67 pcap_t *p;
68 int ret;
69
70 p = pcap_open_dead(linktype_arg, snaplen_arg);
71 if (p == NULL)
72 return (-1);
73
74 SCMutexLock(&bpf_set_filter_lock);
75 ret = pcap_compile(p, program, buf, optimize, mask);
76 if (ret == -1) {
77 if (errbuf) {
78 snprintf(errbuf, errbuf_len, "%s", pcap_geterr(p));
79 }
80 pcap_close(p);
81 SCMutexUnlock(&bpf_set_filter_lock);
82 return (-1);
83 }
84 pcap_close(p);
85 SCMutexUnlock(&bpf_set_filter_lock);
86
87 if (program->bf_insns == NULL) {
88 if (errbuf) {
89 snprintf(errbuf, errbuf_len, "Filter badly setup");
90 }
91 SCBPFFree(program);
92 return (-1);
93 }
94
95 return (ret);
96}
SCConfGetChildValueWithDefault
int SCConfGetChildValueWithDefault(const SCConfNode *base, const SCConfNode *dflt, const char *name, const char **vptr)
Definition conf.c:393
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition conf.c:350
SCConfNode_
Definition conf.h:37
SCMUTEX_INITIALIZER
#define SCMUTEX_INITIALIZER
Definition threads-debug.h:121
SCMutex
#define SCMutex
Definition threads-debug.h:114
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition threads-debug.h:119
SCMutexLock
#define SCMutexLock(mut)
Definition threads-debug.h:117
SCBPFFree
void SCBPFFree(struct bpf_program *program)
Definition util-bpf.c:56
SCBPFCompile
int SCBPFCompile(int snaplen_arg, int linktype_arg, struct bpf_program *program, const char *buf, int optimize, uint32_t mask, char *errbuf, size_t errbuf_len)
Definition util-bpf.c:62
ConfSetBPFFilter
void ConfSetBPFFilter(SCConfNode *if_root, SCConfNode *if_default, const char *iface, const char **bpf_filter)
Definition util-bpf.c:30
SCLogDebug
#define SCLogDebug(...)
Definition util-debug.h:275
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition util-debug.h:225
SCLogConfig
#define SCLogConfig(...)
Definition util-debug.h:229