tracedump
single application IP packet sniffer
Defines | Functions | Variables

pcap.c File Reference

#include <pthread.h>
#include <sys/socket.h>
#include <net/ethernet.h>
#include <linux/filter.h>
#include <linux/if_packet.h>
#include <sys/time.h>
#include <sys/ioctl.h>
#include "tracedump.h"

Go to the source code of this file.

Defines

#define __ACCEPT   ((uint8_t) -1)
#define __DROP   ((uint8_t) -2)
#define __RET1   ((uint8_t) -3)
#define __RET2   ((uint8_t) -4)
#define SUBST_JMP(from, to)

Functions

static void * sniffer_thread (void *arg)
static int gencode_check_ports (thash *ports, bool outbound, struct sock_filter *filter, int loc_drop, int loc_accept)
static struct sock_fprog * gencode_alloc (struct tracedump *td)
void pcap_init (struct tracedump *td)
 Initialize PCAP and set the "null filter".
void pcap_deinit (struct tracedump *td)
 Reverse of pcap_init()
void pcap_update (struct tracedump *td)
 Update the BPF filter on the sniffer socket.

Variables

static struct sock_filter check_ip []
static struct sock_filter check_type_outbound []
static struct sock_filter check_type_inbound []
static struct sock_filter check_ports [3]
static struct sock_filter end []

Define Documentation

#define __ACCEPT   ((uint8_t) -1)

Definition at line 216 of file pcap.c.

#define __DROP   ((uint8_t) -2)

Definition at line 217 of file pcap.c.

Referenced by gencode_alloc().

#define __RET1   ((uint8_t) -3)

Definition at line 218 of file pcap.c.

Referenced by gencode_alloc().

#define __RET2   ((uint8_t) -4)

Definition at line 219 of file pcap.c.

Referenced by gencode_alloc().

#define SUBST_JMP (   from,
  to 
)
Value:
if (fp->filter[i+j].jt == (from))          \
                fp->filter[i+j].jt = (to) - i - j - 1; \
        if (fp->filter[i+j].jf == (from))          \
                fp->filter[i+j].jf = (to) - i - j - 1;

Referenced by gencode_alloc().

Function Documentation

static struct sock_fprog * gencode_alloc ( struct tracedump td) [static, read]

Definition at line 324 of file pcap.c.

Referenced by pcap_update().

static int gencode_check_ports ( thash *  ports,
bool  outbound,
struct sock_filter *  filter,
int  loc_drop,
int  loc_accept 
) [static]

Definition at line 268 of file pcap.c.

Referenced by gencode_alloc().

void pcap_deinit ( struct tracedump td)

Reverse of pcap_init()

Definition at line 79 of file pcap.c.

Referenced by main().

void pcap_init ( struct tracedump td)

Initialize PCAP and set the "null filter".

Definition at line 29 of file pcap.c.

Referenced by main().

void pcap_update ( struct tracedump td)

Update the BPF filter on the sniffer socket.

Definition at line 92 of file pcap.c.

Referenced by gc_thread(), handle_socket(), and pcap_init().

void * sniffer_thread ( void *  arg) [static]

Definition at line 117 of file pcap.c.

Referenced by pcap_init().

Variable Documentation

struct sock_filter check_ip[] [static]
Initial value:
 {
        
        BPF_STMT(BPF_LD  + BPF_ABS,           SKF_AD_OFF + SKF_AD_PROTOCOL),
        BPF_JUMP(BPF_JMP + BPF_JEQ,           ETH_P_IP, 0, __DROP),

        
        BPF_STMT(BPF_LD  + BPF_H + BPF_ABS,   SKF_NET_OFF + 6),
        BPF_JUMP(BPF_JMP + BPF_JSET,          0x1fff, __DROP, 0),

        
        BPF_STMT(BPF_LDX + BPF_B + BPF_MSH,   SKF_NET_OFF + 0),
}

Definition at line 221 of file pcap.c.

Referenced by gencode_alloc().

struct sock_filter check_ports[3] [static]
Initial value:
 {
        BPF_STMT(BPF_LD  + BPF_H + BPF_IND,   SKF_NET_OFF + 0),
        BPF_JUMP(BPF_JMP + BPF_JEQ,           0, __ACCEPT, 0),
        BPF_STMT(BPF_JMP + BPF_JA,            __DROP),
}

Definition at line 257 of file pcap.c.

Referenced by gencode_alloc(), and gencode_check_ports().

struct sock_filter check_type_inbound[] [static]
Initial value:
 {
        BPF_STMT(BPF_LD  + BPF_H + BPF_ABS,   SKF_AD_OFF + SKF_AD_PKTTYPE),
        BPF_JUMP(BPF_JMP + BPF_JEQ,           PACKET_HOST,      2, __DROP),
        BPF_JUMP(BPF_JMP + BPF_JEQ,           PACKET_BROADCAST, 1, __DROP),
        BPF_JUMP(BPF_JMP + BPF_JEQ,           PACKET_MULTICAST, 0, __DROP),

        BPF_STMT(BPF_LD  + BPF_B + BPF_ABS,   SKF_NET_OFF + 9),
        BPF_JUMP(BPF_JMP + BPF_JEQ,           IPPROTO_TCP, __RET1, 0),
        BPF_JUMP(BPF_JMP + BPF_JEQ,           IPPROTO_UDP, 0, __DROP),
}

Definition at line 245 of file pcap.c.

Referenced by gencode_alloc().

struct sock_filter check_type_outbound[] [static]
Initial value:
 {
        
        BPF_STMT(BPF_LD  + BPF_H + BPF_ABS,   SKF_AD_OFF + SKF_AD_PKTTYPE),
        BPF_JUMP(BPF_JMP + BPF_JEQ,           PACKET_OUTGOING, 0, __RET1),

        
        BPF_STMT(BPF_LD  + BPF_B + BPF_ABS,   SKF_NET_OFF + 9),
        BPF_JUMP(BPF_JMP + BPF_JEQ,           IPPROTO_TCP, __RET2, 0),
        BPF_JUMP(BPF_JMP + BPF_JEQ,           IPPROTO_UDP, 0, __DROP),
}

Definition at line 234 of file pcap.c.

Referenced by gencode_alloc().

struct sock_filter end[] [static]
Initial value:
 {
        BPF_STMT(BPF_RET,                     UINT16_MAX),

}

Definition at line 263 of file pcap.c.

Referenced by gencode_alloc().

 All Data Structures Files Functions Variables Enumerations Enumerator Defines
Generated on Mon Feb 6 2012 14:57:52 for tracedump by  doxygen 1.7.3