suricata
util-bpf.c
Go to the documentation of this file.
1 /* Copyright (C) 2018 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Eric Leblond <eric@regit.org>
22  */
23 
24 
25 #include "suricata-common.h"
26 #include "config.h"
27 #include "suricata.h"
28 #include "util-bpf.h"
29 
30 #if !defined __OpenBSD__
31 
32 /** protect bpf filter build, as it is not thread safe */
33 static SCMutex bpf_set_filter_lock = SCMUTEX_INITIALIZER;
34 
35 void SCBPFFree(struct bpf_program *program)
36 {
37  if (program)
38  pcap_freecode(program);
39 }
40 
41 int SCBPFCompile(int snaplen_arg, int linktype_arg, struct bpf_program *program,
42  const char *buf,
43  int optimize, uint32_t mask,
44  char *errbuf, size_t errbuf_len)
45 {
46  pcap_t *p;
47  int ret;
48 
49  p = pcap_open_dead(linktype_arg, snaplen_arg);
50  if (p == NULL)
51  return (-1);
52 
53  SCMutexLock(&bpf_set_filter_lock);
54  ret = pcap_compile(p, program, buf, optimize, mask);
55  if (ret == -1) {
56  if (errbuf) {
57  snprintf(errbuf, errbuf_len, "%s", pcap_geterr(p));
58  }
59  pcap_close(p);
60  SCMutexUnlock(&bpf_set_filter_lock);
61  return (-1);
62  }
63  pcap_close(p);
64  SCMutexUnlock(&bpf_set_filter_lock);
65 
66  if (program->bf_insns == NULL) {
67  if (errbuf) {
68  snprintf(errbuf, errbuf_len, "Filter badly setup");
69  }
70  SCBPFFree(program);
71  return (-1);
72  }
73 
74  return (ret);
75 }
76 
77 #endif /* Not __OpenBSD__ */
bpf_program::bf_insns
struct bpf_insn * bf_insns
Definition: source-af-packet.c:80
util-bpf.h
SCMutexLock
#define SCMutexLock(mut)
Definition: threads-debug.h:117
SCMUTEX_INITIALIZER
#define SCMUTEX_INITIALIZER
Definition: threads-debug.h:121
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition: threads-debug.h:119
suricata-common.h
SCBPFFree
void SCBPFFree(struct bpf_program *program)
Definition: util-bpf.c:35
bpf_program
Definition: source-af-packet.c:78
SCBPFCompile
int SCBPFCompile(int snaplen_arg, int linktype_arg, struct bpf_program *program, const char *buf, int optimize, uint32_t mask, char *errbuf, size_t errbuf_len)
Definition: util-bpf.c:41
suricata.h
SCMutex
#define SCMutex
Definition: threads-debug.h:114