summaryrefslogtreecommitdiffstats
path: root/utils/nfbpf_compile.8.in
blob: d02979a5143ef1ff5a19b8941563eaf04de99185 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
.TH NFBPF_COMPILE 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"

.SH NAME
nfbpf_compile \- generate bytecode for use with xt_bpf
.SH SYNOPSIS

.ad l
.in +8
.ti -8
.B nfbpf_compile
[
.I LLTYPE
]
.I PROGRAM

.ti -8
.I LLTYPE
:= {
.BR EN10MB " | " RAW " | " SLIP " | "
.I ...
}

.SH DESCRIPTION
The
.B nfbpf_compile
utility aids in generating BPF byte code suitable for passing to
the iptables
.B bpf
match.

.SH OPTIONS

.TP
.I LLTYPE
Link-layer header type to operate on. This is a name as defined in
.RB < pcap/dlt.h >
but with the leading
.B DLT_
prefix stripped. For use with iptables,
.B RAW
should be the right choice (it's also the default if not specified).

.TP
.I PROGRAM
The BPF expression to compile, see
.BR pcap-filter (7)
for a description of the language.

.SH EXIT STATUS
The program returns 0 on success, 1 otherwise.

.SH EXAMPLE
Match incoming TCP packets with size bigger than 100 bytes:
.P
.in +8
.EE
bpf=$(nfbpf_compile 'tcp and greater 100')
.br
iptables -A INPUT -m bpf --bytecode "$bpf" -j ACCEPT
.RE
.P
The description of
.B bpf
match in
.BR iptables-extensions (8)
lists a few more examples.

.SH SEE ALSO
.BR iptables-extensions (8),
.BR pcap-filter (7)