path: root/
diff options
authorWillem de Bruijn <>2013-03-12 05:44:12 +0000
committerPablo Neira Ayuso <>2013-04-02 00:08:49 +0200
commit1ac30c97c339957b6e3c5cf571de7bc38c827730 (patch)
treed00e6f632b49a2a3ffcae1aa8d38701db9e1ee33 /
parente0a0dd703b3448f0f07fc59b7232bf1f1cce7b86 (diff)
utils: nfbpf_compile
A BPF compiler to convert tcpdump expressions to the decimal format accepted by the libxt_bpf. Generate a file and pass that to iptables: nfbpf_compile RAW 'udp dst port 9000' > test.bpf iptables -A OUTPUT -m bpf --bytecode-file test.bpf -j LOG Or pass the output directly to iptables using backticks: iptables -A INPUT -m bpf --bytecode \ "`./nfbpf_compile RAW 'udp dst port 9000'" -j LOG This utility depends on libpcap. The library is only compiled if the option --enable-bpf-compiler is explicitly passed to ./configure and libpcap is found. Pablo has mangled the original patch to rename the utility to nfbpf_compile. Also modified the output to match exactly what -m bpf --bytecode needs. Signed-off-by: Willem de Bruijn <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to '')
1 files changed, 4 insertions, 0 deletions
diff --git a/ b/
index 2ba5cecb..06204665 100644
--- a/
+++ b/
@@ -50,6 +50,9 @@ AC_ARG_ENABLE([devel],
[enable_devel="$enableval"], [enable_devel="yes"])
AS_HELP_STRING([--enable-libipq], [Build and install libipq]))
+ AS_HELP_STRING([--enable-bpf-compiler], [Build bpf compiler]),
+ [enable_bpfc="yes"])
AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
[Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]),
[pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig'])
@@ -88,6 +91,7 @@ AM_CONDITIONAL([ENABLE_IPV6], [test "$enable_ipv6" = "yes"])
AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"])
AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"])
AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"])
+AM_CONDITIONAL([ENABLE_BPFC], [test "$enable_bpfc" = "yes"])
PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
[nfnetlink=1], [nfnetlink=0])