1 /* 2 * BPF program compilation tool 3 * 4 * Generates decimal output, similar to `tcpdump -ddd ...`. 5 * Unlike tcpdump, will generate for any given link layer type. 6 * 7 * Written by Willem de Bruijn (willemb (at) google.com) 8 * Copyright Google, Inc. 2013 9 * Licensed under the GNU General Public License version 2 (GPLv2) 10 */ 11 12 #include <pcap.h> 13 #include <stdio.h> 14 15 int main(int argc, char **argv) 16 { 17 struct bpf_program program; 18 struct bpf_insn *ins; 19 int i, dlt = DLT_RAW; 20 21 if (argc < 2 || argc > 3) { 22 fprintf(stderr, "Usage: %s [link] '<program>'\n\n" 23 " link is a pcap linklayer type:\n" 24 " one of EN10MB, RAW, SLIP, ...\n\n" 25 "Examples: %s RAW 'tcp and greater 100'\n" 26 " %s EN10MB 'ip proto 47'\n'", 27 argv[0], argv[0], argv[0]); 28 return 1; 29 } 30 31 if (argc == 3) { 32 dlt = pcap_datalink_name_to_val(argv[1]); 33 if (dlt == -1) { 34 fprintf(stderr, "Unknown datalinktype: %s\n", argv[1]); 35 return 1; 36 } 37 } 38 39 if (pcap_compile_nopcap(65535, dlt, &program, argv[argc - 1], 1, 40 PCAP_NETMASK_UNKNOWN)) { 41 fprintf(stderr, "Compilation error\n"); 42 return 1; 43 } 44 45 printf("%d,", program.bf_len); 46 ins = program.bf_insns; 47 for (i = 0; i < program.bf_len-1; ++ins, ++i) 48 printf("%u %u %u %u,", ins->code, ins->jt, ins->jf, ins->k); 49 50 printf("%u %u %u %u\n", ins->code, ins->jt, ins->jf, ins->k); 51 52 pcap_freecode(&program); 53 return 0; 54 } 55 56