Blame utils/nfbpf_compile.8.in
|
Packit |
7b22a4 |
.TH NFBPF_COMPILE 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH NAME
|
|
Packit |
7b22a4 |
nfbpf_compile \- generate bytecode for use with xt_bpf
|
|
Packit |
7b22a4 |
.SH SYNOPSIS
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.ad l
|
|
Packit |
7b22a4 |
.in +8
|
|
Packit |
7b22a4 |
.ti -8
|
|
Packit |
7b22a4 |
.B nfbpf_compile
|
|
Packit |
7b22a4 |
[
|
|
Packit |
7b22a4 |
.I LLTYPE
|
|
Packit |
7b22a4 |
]
|
|
Packit |
7b22a4 |
.I PROGRAM
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.ti -8
|
|
Packit |
7b22a4 |
.I LLTYPE
|
|
Packit |
7b22a4 |
:= {
|
|
Packit |
7b22a4 |
.BR EN10MB " | " RAW " | " SLIP " | "
|
|
Packit |
7b22a4 |
.I ...
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH DESCRIPTION
|
|
Packit |
7b22a4 |
The
|
|
Packit |
7b22a4 |
.B nfbpf_compile
|
|
Packit |
7b22a4 |
utility aids in generating BPF byte code suitable for passing to
|
|
Packit |
7b22a4 |
the iptables
|
|
Packit |
7b22a4 |
.B bpf
|
|
Packit |
7b22a4 |
match.
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH OPTIONS
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
.I LLTYPE
|
|
Packit |
7b22a4 |
Link-layer header type to operate on. This is a name as defined in
|
|
Packit |
7b22a4 |
.RB < pcap/dlt.h >
|
|
Packit |
7b22a4 |
but with the leading
|
|
Packit |
7b22a4 |
.B DLT_
|
|
Packit |
7b22a4 |
prefix stripped. For use with iptables,
|
|
Packit |
7b22a4 |
.B RAW
|
|
Packit |
7b22a4 |
should be the right choice (it's also the default if not specified).
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
.I PROGRAM
|
|
Packit |
7b22a4 |
The BPF expression to compile, see
|
|
Packit |
7b22a4 |
.BR pcap-filter (7)
|
|
Packit |
7b22a4 |
for a description of the language.
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH EXIT STATUS
|
|
Packit |
7b22a4 |
The program returns 0 on success, 1 otherwise.
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH EXAMPLE
|
|
Packit |
7b22a4 |
Match incoming TCP packets with size bigger than 100 bytes:
|
|
Packit |
7b22a4 |
.P
|
|
Packit |
7b22a4 |
.in +8
|
|
Packit |
7b22a4 |
.EE
|
|
Packit |
7b22a4 |
bpf=$(nfbpf_compile 'tcp and greater 100')
|
|
Packit |
7b22a4 |
.br
|
|
Packit |
7b22a4 |
iptables -A INPUT -m bpf --bytecode "$bpf" -j ACCEPT
|
|
Packit |
7b22a4 |
.RE
|
|
Packit |
7b22a4 |
.P
|
|
Packit |
7b22a4 |
The description of
|
|
Packit |
7b22a4 |
.B bpf
|
|
Packit |
7b22a4 |
match in
|
|
Packit |
7b22a4 |
.BR iptables-extensions (8)
|
|
Packit |
7b22a4 |
lists a few more examples.
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH SEE ALSO
|
|
Packit |
7b22a4 |
.BR iptables-extensions (8),
|
|
Packit |
7b22a4 |
.BR pcap-filter (7)
|