isisd: pfpacket BPF filter with IS-IS over tunnel support

Signed-off-by: Josef Miegl <josef@miegl.cz>

diff --git a/isisd/isis_pfpacket.c b/isisd/isis_pfpacket.c
index 4f8ea4a5e70bff1a8fa923b269064562303c343f..af69fac1cd9a0177c37be17d4af7ac51fd224a1d 100644 (file)
--- a/isisd/isis_pfpacket.c
+++ b/isisd/isis_pfpacket.c
@@ -35,14 +35,25 @@
 /* tcpdump -i eth0 'isis' -dd */
 static const struct sock_filter isisfilter[] = {
        /* NB: we're in SOCK_DGRAM, so src/dst mac + length are stripped
-        * off!
-        * (OTOH it's a bit more lower-layer agnostic and might work
-        * over GRE?) */
-       /*      { 0x28, 0, 0, 0x0000000c - 14 }, */
-       /*      { 0x25, 5, 0, 0x000005dc }, */
-       {0x28, 0, 0, 0x0000000e - 14}, {0x15, 0, 3, 0x0000fefe},
-       {0x30, 0, 0, 0x00000011 - 14}, {0x15, 0, 1, 0x00000083},
-       {0x6, 0, 0, 0x00040000},       {0x6, 0, 0, 0x00000000},
+        * off! */
+       /* The following BPF filter accepts IS-IS over LLC and IS-IS over
+        * ethertype 0x00fe.
+        * BPF assembly:
+        * l0: ldh [0]
+        * l1: jeq #0xfefe, l2, l4
+        * l2: ldb [3]
+        * l3: jmp l7
+        * l4: ldh proto
+        * l5: jeq #0x00fe, l6, l9
+        * l6: ldb [0]
+        * l7: jeq #0x83, l8, l9
+        * l8: ret #0x40000
+        * l9: ret #0 */
+       {0x28, 0, 0, 0000000000}, {0x15, 0, 2, 0x0000fefe},
+       {0x30, 0, 0, 0x00000003}, {0x05, 0, 0, 0x00000003},
+       {0x28, 0, 0, 0xfffff000}, {0x15, 0, 3, 0x000000fe},
+       {0x30, 0, 0, 0000000000}, {0x15, 0, 1, 0x00000083},
+       {0x06, 0, 0, 0x00040000}, {0x06, 0, 0, 0000000000},
 };
 
 static const struct sock_fprog bpf = {