Context Navigation

← Previous Change
Next Change →

Changeset 3a14f3b for lib

Timestamp:

09/14/07 16:05:43 (15 years ago)

Author:

Scott Raynel <smr26@…>

Branches:

4.0.1-hotfixes, cachetimestamps, develop, dpdk-ndag, etsilive, getfragoff, help, libtrace4, master, ndag_format, pfring, rc-4.0.1, rc-4.0.2, rc-4.0.3, rc-4.0.4, ringdecrementfix, ringperformance, ringtimestampfixes

Children:

Parents:

Message:

Allow libtrace applications to create filters based on pre-compiled BPF
bytecode as well as filterstrings. See trace_create_filter_from_bytecode()

Location:

Files:

: 4 edited

format_linux.c (modified) (3 diffs)
format_pcap.c (modified) (1 diff)
libtrace.h.in (modified) (2 diffs)
trace.c (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

lib/format_linux.c

-                      r394706e
+                      r3a14f3b
 #include <errno.h>
+#include <assert.h>
 struct libtrace_format_data_t {
 …
+        }
+        /* Push BPF filter into the kernel.
+        /* Push BPF filter into the kernel. At this stage we can safely assume
+         * that the filterstring has been compiled, or the filter was supplied
+         * pre-compiled.
          */
         if (filter != NULL) {
+                assert(filter->flag == 1);
                 if (setsockopt(FORMAT(libtrace->format_data)->fd,
                                         SOL_SOCKET,
 …
         pcap_t *pcap;
+        /* We've been passed a filter, which hasn't been compiled yet. We need
+         * to figure out the linktype of the socket, compile the filter, check
+         * to make sure it's sane, then save it for trace_start() to push down
+         * into the kernel.
+         */
+        sock = socket(PF_INET, SOCK_STREAM, 0);
+        memset(&ifr, 0, sizeof(struct ifreq));
+        strncpy(ifr.ifr_name, libtrace->uridata, IF_NAMESIZE);
+        if (ioctl(sock, SIOCGIFHWADDR, &ifr) != 0) {
+                perror("Can't get HWADDR for interface");
+                return -1;
+        }
+        close(socket);
+        arphrd = ifr.ifr_hwaddr.sa_family;
+        dlt = libtrace_to_pcap_dlt(arphrd_type_to_libtrace(arphrd));
+        /* Take a copy of the filter object as it was passed in */
         f = (libtrace_filter_t *) malloc(sizeof(libtrace_filter_t));
         memcpy(f, filter, sizeof(libtrace_filter_t));
-        pcap = pcap_open_dead(dlt, FORMAT(libtrace->format_data)->snaplen);
+        if (pcap_compile(pcap, &f->filter, f->filterstring, 0, 0) == -1) {
+                perror("PCAP failed to compile the filterstring");
+                return -1;
+        }
+        pcap_close(pcap);
+        /* If we are passed a filter with "flag" set to zero, then we must
+         * compile the filterstring before continuing. This involves
+         * determining the linktype, passing the filterstring to libpcap to
+         * compile, and saving the result for trace_start() to push into the
+         * kernel.
+         * If flag is set to one, then the filter was probably generated using
+         * trace_create_filter_from_bytecode() and so we don't need to do
+         * anything (we've just copied it above).
+         */
+        if (f->flag == 0) {
+                sock = socket(PF_INET, SOCK_STREAM, 0);
+                memset(&ifr, 0, sizeof(struct ifreq));
+                strncpy(ifr.ifr_name, libtrace->uridata, IF_NAMESIZE);
+                if (ioctl(sock, SIOCGIFHWADDR, &ifr) != 0) {
+                        perror("Can't get HWADDR for interface");
+                        return -1;
+                }
+                close(socket);
+                arphrd = ifr.ifr_hwaddr.sa_family;
+                dlt = libtrace_to_pcap_dlt(arphrd_type_to_libtrace(arphrd));
+                pcap = pcap_open_dead(dlt,
+                                FORMAT(libtrace->format_data)->snaplen);
+                if (pcap_compile(pcap, &f->filter, f->filterstring, 0, 0) == -1) {
+                        perror("PCAP failed to compile the filterstring");
+                        return -1;
+                }
+                pcap_close(pcap);
+                /* Set the "flag" to indicate that the filterstring has been
+                 * compiled
+                 */
+                f->flag = 1;
+        }
         if (FORMAT(libtrace->format_data)->filter != NULL)
                 free(FORMAT(libtrace->format_data)->filter);
         FORMAT(libtrace->format_data)->filter = f;
         return 0;
 #else

lib/format_pcap.c

-                      r9bc4689
+                      r3a14f3b
+        }
         if (DATA(libtrace)->filter) {
+                pcap_compile(INPUT.pcap, &DATA(libtrace)->filter->filter,
+                                DATA(libtrace)->filter->filterstring, 1, 0);
+                if (DATA(libtrace)->filter->flag == 0) {
+                        pcap_compile(INPUT.pcap,
+                                        &DATA(libtrace)->filter->filter,
+                                        DATA(libtrace)->filter->filterstring,
+, 0);
+                        DATA(libtrace)->filter->flag = 1;
+                }
                 if (pcap_setfilter(INPUT.pcap,&DATA(libtrace)->filter->filter)
                                 == -1) {

lib/libtrace.h.in

-                      r4c1302b
+                      r3a14f3b
 libtrace_filter_t *trace_create_filter(const char *filterstring);
+/** apply a BPF filter
+/** Setup a BPF filter based on pre-compiled byte-code.
+ * @param bf_insns      A pointer to the start of the byte-code
+ * @param bf_len        The number of BPF instructions
+ * @returns             an opaque pointer to a libtrace_filter_t object
+ * @note                The supplied byte-code is not checked for correctness.
+ * @author              Scott Raynel
+ */
+DLLEXPORT libtrace_filter_t *
+trace_create_filter_from_bytecode(void *bf_insns, unsigned int bf_len);
+/** Apply a BPF filter to a packet
  * @param filter        the filter opaque pointer
  * @param packet        the packet opaque pointer
 …
                 const libtrace_packet_t *packet);
 /** destory of BPF filter
+/** Destroy a BPF filter
  * @param filter        the filter opaque pointer
  * Deallocate all the resources associated with a BPF filter

lib/trace.c

-                      r9e6b38b
+                      r3a14f3b
+}
+/** Setup a BPF filter based on pre-compiled byte-code.
+ * @param bf_insns      A pointer to the start of the byte-code
+ * @param bf_len        The number of BPF instructions
+ * @returns             an opaque pointer to a libtrace_filter_t object
+ * @note                The supplied byte-code is not checked for correctness.
+ * @author              Scott Raynel
+ */
+DLLEXPORT libtrace_filter_t *
+trace_create_filter_from_bytecode(void *bf_insns, unsigned int bf_len)
+{
+#ifndef HAVE_BPF
+        fprintf(stderr, "This version of libtrace does not have BPF support\n");
+        return NULL;
+#else
+        struct libtrace_filter_t *filter = (struct libtrace_filter_t *)
+                malloc(sizeof(struct libtrace_filter_t));
+        filter->filter.bf_insns = (struct bpf_insn *)
+                malloc(sizeof(struct bpf_insn) * bf_len);
+        memcpy(filter->filter.bf_insns, bf_insns,
+                        bf_len * sizeof(struct bpf_insn));
+        filter->filter.bf_len = bf_len;
+        filter->filterstring = NULL;
+        /* "flag" indicates that the filter member is valid */
+        filter->flag = 1;
+        return filter;
+#endif
+}
 /* setup a BPF filter
  * @param filterstring a char * containing the bpf filter string

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: