| 1 | #include <arpa/inet.h> |
| 2 | #include <sys/types.h> |
| 3 | #include <sys/time.h> |
| 4 | #include <string.h> |
| 5 | #include <stdint.h> |
| 6 | #include <stdlib.h> |
| 7 | |
| 8 | #include <pcap.h> |
| 9 | #include <pcap-bpf.h> |
| 10 | |
| 11 | struct wprobe_filter_hdr { |
| 12 | char name[32]; |
| 13 | uint32_t len; |
| 14 | } hdr; |
| 15 | |
| 16 | int main (int argc, char ** argv) |
| 17 | { |
| 18 | struct bpf_program filter; |
| 19 | pcap_t *pc; |
| 20 | int i; |
| 21 | |
| 22 | if (argc != 3) |
| 23 | { |
| 24 | fprintf(stderr, "Usage: %s <name> <expression>\n", argv[0]); |
| 25 | return 1; |
| 26 | } |
| 27 | |
| 28 | pc = pcap_open_dead(DLT_IEEE802_11_RADIO, 256); |
| 29 | if (pcap_compile(pc, &filter, argv[2], 1, 0) != 0) |
| 30 | { |
| 31 | pcap_perror(pc, argv[0]); |
| 32 | exit(1); |
| 33 | } |
| 34 | |
| 35 | /* fix up for linux */ |
| 36 | for (i = 0; i < filter.bf_len; i++) { |
| 37 | struct bpf_insn *bi = &filter.bf_insns[i]; |
| 38 | switch(BPF_CLASS(bi->code)) { |
| 39 | case BPF_RET: |
| 40 | if (BPF_MODE(bi->code) == BPF_K) { |
| 41 | if (bi->k != 0) |
| 42 | bi->k = 65535; |
| 43 | } |
| 44 | break; |
| 45 | } |
| 46 | bi->code = ntohs(bi->code); |
| 47 | bi->k = ntohl(bi->k); |
| 48 | } |
| 49 | |
| 50 | memset(&hdr, 0, sizeof(hdr)); |
| 51 | strncpy(hdr.name, argv[1], sizeof(hdr.name)); |
| 52 | hdr.len = htonl(filter.bf_len); |
| 53 | fwrite(&hdr, sizeof(hdr), 1, stdout); |
| 54 | fwrite(filter.bf_insns, 8, filter.bf_len, stdout); |
| 55 | fflush(stdout); |
| 56 | |
| 57 | return 0; |
| 58 | } |
| 59 | |
