From: Eric Leblond Date: Wed, 10 Oct 2018 22:10:54 +0000 (+0200) Subject: util-bpf: introduce custom BPF compile functions X-Git-Tag: suricata-4.1.1~34 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c566e0f8981cd0cb5266e47fb21f216c6b71e6d;p=thirdparty%2Fsuricata.git util-bpf: introduce custom BPF compile functions We can't get error from pcap_compile_nopcap() so let's get our own function and output message. --- diff --git a/src/Makefile.am b/src/Makefile.am index 9a9f7ed88a..d8b1fe92f1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -405,6 +405,7 @@ util-atomic.c util-atomic.h \ util-base64.c util-base64.h \ util-bloomfilter-counting.c util-bloomfilter-counting.h \ util-bloomfilter.c util-bloomfilter.h \ +util-bpf.c util-bpf.h \ util-buffer.c util-buffer.h \ util-byte.c util-byte.h \ util-checksum.c util-checksum.h \ diff --git a/src/util-bpf.c b/src/util-bpf.c new file mode 100644 index 0000000000..7a23d0b565 --- /dev/null +++ b/src/util-bpf.c @@ -0,0 +1,73 @@ +/* Copyright (C) 2018 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Eric Leblond + */ + + +#include "suricata-common.h" +#include "config.h" +#include "suricata.h" +#include "util-bpf.h" + + +/** protect bpf filter build, as it is not thread safe */ +static SCMutex bpf_set_filter_lock = SCMUTEX_INITIALIZER; + +void SCBPFFree(struct bpf_program *program) +{ + if (program) + pcap_freecode(program); +} + +int SCBPFCompile(int snaplen_arg, int linktype_arg, struct bpf_program *program, + const char *buf, int optimize, uint32_t mask, + char *errbuf, size_t errbuf_len) +{ + pcap_t *p; + int ret; + + p = pcap_open_dead(linktype_arg, snaplen_arg); + if (p == NULL) + return (-1); + + SCMutexLock(&bpf_set_filter_lock); + ret = pcap_compile(p, program, buf, optimize, mask); + if (ret == -1) { + if (errbuf) { + snprintf(errbuf, errbuf_len, "%s", pcap_geterr(p)); + } + pcap_close(p); + SCMutexUnlock(&bpf_set_filter_lock); + return (-1); + } + pcap_close(p); + SCMutexUnlock(&bpf_set_filter_lock); + + if (program->bf_insns == NULL) { + if (errbuf) { + snprintf(errbuf, errbuf_len, "Filter badly setup"); + } + SCBPFFree(program); + return (-1); + } + + return (ret); +} diff --git a/src/util-bpf.h b/src/util-bpf.h new file mode 100644 index 0000000000..88e2f1a03b --- /dev/null +++ b/src/util-bpf.h @@ -0,0 +1,33 @@ +/* Copyright (C) 2018 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Eric Leblond + */ + +#ifndef __UTIL_BPF_H__ +#define __UTIL_BPF_H__ + +int SCBPFCompile(int snaplen_arg, int linktype_arg, struct bpf_program *program, + const char *buf, int optimize, uint32_t mask, + char *errbuf, size_t errbuf_len); + +void SCBPFFree(struct bpf_program *program); + +#endif /* __UTIL_BPF_H__ */