git.ipfire.org Git - thirdparty/iptables.git/commit

author	Willem de Bruijn <willemb@google.com>
	Tue, 12 Mar 2013 05:44:12 +0000 (05:44 +0000)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 1 Apr 2013 22:08:49 +0000 (00:08 +0200)
commit	1ac30c97c339957b6e3c5cf571de7bc38c827730
tree	d00e6f632b49a2a3ffcae1aa8d38701db9e1ee33	tree
parent	e0a0dd703b3448f0f07fc59b7232bf1f1cce7b86	commit \| diff

utils: nfbpf_compile

A BPF compiler to convert tcpdump expressions to the decimal format
accepted by the libxt_bpf.

Generate a file and pass that to iptables:

  nfbpf_compile RAW 'udp dst port 9000' > test.bpf
  iptables -A OUTPUT -m bpf --bytecode-file test.bpf -j LOG

Or pass the output directly to iptables using backticks:

  iptables -A INPUT -m bpf --bytecode \
      "`./nfbpf_compile RAW 'udp dst port 9000'" -j LOG

This utility depends on libpcap. The library is only compiled if the option
--enable-bpf-compiler is explicitly passed to ./configure and libpcap is
found.

Pablo has mangled the original patch to rename the utility to
nfbpf_compile. Also modified the output to match exactly what
-m bpf --bytecode needs.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Makefile.am		diff \| blob \| blame \| history
configure.ac		diff \| blob \| blame \| history
utils/Makefile.am		diff \| blob \| blame \| history
utils/nfbpf_compile.c	[new file with mode: 0644]	blob