Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members

BPF_Program.h

Go to the documentation of this file.
00001 // $Id: BPF_Program.h,v 1.2 2004/09/17 03:52:27 vern Exp $
00002 //
00003 // Copyright (c) 1996-2004
00004 //      The Regents of the University of California.  All rights reserved.
00005 //
00006 // Redistribution and use in source and binary forms, with or without
00007 // modification, are permitted provided that: (1) source code distributions
00008 // retain the above copyright notice and this paragraph in its entirety, (2)
00009 // distributions including binary code include the above copyright notice and
00010 // this paragraph in its entirety in the documentation or other materials
00011 // provided with the distribution, and (3) all advertising materials mentioning
00012 // features or use of this software display the following acknowledgement:
00013 // ``This product includes software developed by the University of California,
00014 // Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
00015 // the University nor the names of its contributors may be used to endorse
00016 // or promote products derived from this software without specific prior
00017 // written permission.
00018 // THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
00019 // WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
00020 // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
00021 
00022 #ifndef bpf_program_h
00023 #define bpf_program_h
00024 
00025 extern "C" {
00026 #include <pcap.h>
00027 }
00028 
00029 #include "util.h"
00030 
00031 // BPF_Programs are an abstraction around struct bpf_program,
00032 // to create a clean facility for creating, compiling, and
00033 // freeing such programs.
00034 
00035 class BPF_Program {
00036 public:
00037         // Creates an empty, uncompiled BPF program.
00038         BPF_Program();
00039         ~BPF_Program();
00040 
00041         // Creates a BPF program for the given pcap handle.
00042         // Parameters are like in pcap_compile(). Returns true
00043         // for successful compilation, false otherwise.
00044         bool Compile(pcap_t* pcap, const char* filter, uint32 netmask,
00045                  char* errbuf = 0, unsigned int errbuf_len = 0,
00046                  bool optimize = true);
00047 
00048         // Creates a BPF program when no pcap handle is around,
00049         // similarly to pcap_compile_nopcap(). Parameters are
00050         // similar. Returns true on success.
00051         bool Compile(int snaplen, int linktype, const char* filter,
00052                 uint32 netmask, char* errbuf = 0, bool optimize = true);
00053 
00054         // Returns true if this program currently contains compiled
00055         // code, false otherwise.
00056         bool IsCompiled()       { return m_compiled; }
00057 
00058         // Accessor to the compiled program. Returns nil when
00059         // no program is currently compiled.
00060         bpf_program* GetProgram();
00061 
00062 protected:
00063         void FreeCode();
00064 
00065         // (I like to prefix member variables with m_, makes it clear
00066         // in the implementation whether it's a global or not. --ck)
00067         bool m_compiled;
00068         struct bpf_program m_program;
00069 };
00070 
00071 #endif
Generated on Wed Sep 14 02:55:58 2005 for bro_docs by doxygen 1.3.5