suricata
util-bpf.c
Go to the documentation of this file.
1 /* Copyright (C) 2018 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Eric Leblond <eric@regit.org>
22  */
23 
24 
25 #include "suricata-common.h"
26 #include "suricata.h"
27 #include "util-bpf.h"
28 
29 #if !defined __OpenBSD__
30 
31 /** protect bpf filter build, as it is not thread safe */
32 static SCMutex bpf_set_filter_lock = SCMUTEX_INITIALIZER;
33 
34 void SCBPFFree(struct bpf_program *program)
35 {
36  if (program)
37  pcap_freecode(program);
38 }
39 
40 int SCBPFCompile(int snaplen_arg, int linktype_arg, struct bpf_program *program,
41  const char *buf,
42  int optimize, uint32_t mask,
43  char *errbuf, size_t errbuf_len)
44 {
45  pcap_t *p;
46  int ret;
47 
48  p = pcap_open_dead(linktype_arg, snaplen_arg);
49  if (p == NULL)
50  return (-1);
51 
52  SCMutexLock(&bpf_set_filter_lock);
53  ret = pcap_compile(p, program, buf, optimize, mask);
54  if (ret == -1) {
55  if (errbuf) {
56  snprintf(errbuf, errbuf_len, "%s", pcap_geterr(p));
57  }
58  pcap_close(p);
59  SCMutexUnlock(&bpf_set_filter_lock);
60  return (-1);
61  }
62  pcap_close(p);
63  SCMutexUnlock(&bpf_set_filter_lock);
64 
65  if (program->bf_insns == NULL) {
66  if (errbuf) {
67  snprintf(errbuf, errbuf_len, "Filter badly setup");
68  }
69  SCBPFFree(program);
70  return (-1);
71  }
72 
73  return (ret);
74 }
75 
76 #endif /* Not __OpenBSD__ */
bpf_program::bf_insns
struct bpf_insn * bf_insns
Definition: source-af-packet.c:79
util-bpf.h
SCMutexLock
#define SCMutexLock(mut)
Definition: threads-debug.h:117
SCMUTEX_INITIALIZER
#define SCMUTEX_INITIALIZER
Definition: threads-debug.h:121
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition: threads-debug.h:119
suricata-common.h
SCBPFFree
void SCBPFFree(struct bpf_program *program)
Definition: util-bpf.c:34
bpf_program
Definition: source-af-packet.c:77
SCBPFCompile
int SCBPFCompile(int snaplen_arg, int linktype_arg, struct bpf_program *program, const char *buf, int optimize, uint32_t mask, char *errbuf, size_t errbuf_len)
Definition: util-bpf.c:40
suricata.h
SCMutex
#define SCMutex
Definition: threads-debug.h:114