rayroot
diff --git a/‎README.md
+8-7 b/‎README.md
+8-7
diff --git a/‎bpf_dns_validate.py
-120 b/‎bpf_dns_validate.py
-120
diff --git a/‎bpf_suffix.py
-96 b/‎bpf_suffix.py
-96
diff --git a/‎bpfgen
+78 b/‎bpfgen
+78
diff --git a/‎bpftools/__init__.py
+44 b/‎bpftools/__init__.py
+44
@@ -1,4 +1,4 @@
-Floodgate
+BPF Tools
 =========
 
 Here you can find a set of tool for analyzing and processing of pcap
@@ -7,14 +7,15 @@ that will match (and drop) malicious traffic.
 
 To run these scripts you will need:
 
- - kernel 3.10+ (we need a decent <linux/netfilter.h> header)
- - sudo apt-get install python-setuptools
- - sudo easy_install pcappy
- - sudo apt-get install binutils-dev libreadline-dev python-scapy
+ - recent kernel headers (3.10? we need a decent <linux/netfilter.h>)
+ - install the dependencies:
 
-To build:
+      sudo apt-get install python-setuptools binutils-dev libreadline-dev python-scapy
+      sudo easy_install pcappy
 
-    $ make
+ - build binary tools in `linux_tools` directory:
+
+      make
 
 
 iptables_bpf.py
 
@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+
+import argparse
+import os
+import stat
+import string
+import sys
+
+import bpftools
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        description=r'''
+
+This tool creates a Berkeley Packet Filter (BPF) bytecode that will
+match packets based on given criteria. Right now we support the
+following generators:
+
+ dns          - matches dns queries for given domains
+ dns_validate - matches dns malformed requests
+ suffix       - matches packets with given suffix
+
+Generators can take arbitrary parameters and command line options. To
+read more on their usage pass '--help' option to the genrator (not to
+this wrapper), for example:
+
+    %(prog)s dns -- --help
+
+Example of use:
+
+    %(prog)s dns -- -i *.example.com
+    %(prog)s dns -- -i example.com *.example.com *.*.example.com
+    %(prog)s dns_validate
+    %(prog)s dns_validate -- --strict
+    %(prog)s suffix -- 010203
+
+Note that some common options are accepted by this wrapper, not by the
+BPF generators, for example:
+
+    %(prog)s -s suffix -- 010203
+    %(prog)s -s -n suffix -- 010203
+    %(prog)s -s -n -o 14 suffix -- 010203
+    %(prog)s -s -n -o 14 -6 suffix -- 010203
+    ''')
+
+    parser.add_argument('-6', '--inet6', action='store_true',
+                        help='generate script for IPv6')
+    parser.add_argument('-n', '--negate', action='store_true',
+                        help='negate the logic')
+    parser.add_argument('-o', '--offset', type=int, default=0,
+                        help='offset of an L3 header')
+    parser.add_argument('-s', '--assembly', action='store_true',
+                        help='print readable assembly, not numeric bytecode')
+    parser.add_argument('type', nargs=1, choices=bpftools.generator_names,
+                        help='BPF generator type')
+    parser.add_argument('parameters', nargs='*',
+                        help='parameters passed to the BPF generator')
+
+    args = parser.parse_args()
+
+    if len(args.type) != 1:
+        parser.print_help()
+        sys.exit(-1)
+
+    name, ret = bpftools.gen(args.type[0],
+                             args.parameters,
+                             assembly=args.assembly,
+                             l3_off=args.offset,
+                             ipversion=4 if not args.inet6 else 6,
+                             negate=args.negate,
+                             )
+    print ret
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,44 @@
+import StringIO as stringio
+import os
+import sys
+
+from . import gen_dns
+from . import gen_dns_validate
+from . import gen_suffix
+from . import utils
+
+
+name_to_gen = {
+    'dns': gen_dns.gen,
+    'dns_validate': gen_dns_validate.gen,
+    'suffix': gen_suffix.gen,
+    }
+
+generator_names = name_to_gen.keys()
+
+
+def gen(typename, params, **kwargs):
+    gentype = name_to_gen[typename]
+
+    assembly = kwargs.get('assembly', False)
+    del kwargs['assembly']
+
+    sys.stdout, saved_stdout = stringio.StringIO(), sys.stdout
+    def new_exit(s):
+        sys.stdout.seek(0)
+        data = sys.stdout.read()
+        sys.stdout = saved_stdout
+        print data
+        os._exit(s)
+    sys.exit, saved_exit = new_exit, sys.exit
+
+    name = gentype(params, **kwargs)
+
+    data = sys.stdout.seek(0)
+    data = sys.stdout.read()
+    sys.stdout = saved_stdout
+    sys.exit = saved_exit
+
+    if assembly:
+        return name, data
+    return name, utils.bpf_compile(data)