def attach_filter(fd, iface, bpf_filter_string): # GV: move to a method of _L2bpfSocket
"""Attach a BPF filter to the BPF file descriptor"""
# Retrieve the BPF byte code in decimal
command = "%s -i %s -ddd -s 1600 '%s'" % (conf.prog.tcpdump, iface, bpf_filter_string)
try:
f = os.popen(command)
except OSError, msg:
raise Scapy_Exception("Failed to execute tcpdump: (%s)" % msg)
# Convert the byte code to a BPF program structure
lines = f.readlines()
if lines == []:
raise Scapy_Exception("Got an empty BPF filter from tcpdump !")
# Allocate BPF instructions
size = int(lines[0])
bpf_insn_a = bpf_insn * size
bip = bpf_insn_a()
# Fill the BPF instruction structures with the byte code
lines = lines[1:]
for i in xrange(len(lines)):
values = [int(v) for v in lines[i].split()]
bip[i].code = c_ushort(values[0])
bip[i].jt = c_ubyte(values[1])
bip[i].j = c_ubyte(values[2])
bip[i].k = c_uint(values[3])
# Create the BPF program and assign it to the interface
bp = bpf_program(size, bip)
ret = LIBC.ioctl(c_int(fd), BIOCSETF, cast(pointer(bp), c_char_p))
if ret < 0:
raise Scapy_Exception("Can't attach the BPF filter !")
# Interface manipulation functions
评论列表
文章目录
