Lib.rs

Parser implementations | Network programming
#bpf #assembly #filter #packet #cbpf #berkley #ret

bpfasm

Berkley Packet Filter (BPF) assembler

by Alex Forster

2 releases (1 stable)

1.0.0 Apr 18, 2022

#2076 in Parser implementations

MIT/Apache

83KB
743 lines

bpfasm

Berkley Packet Filter (BPF) assembler

Author: Alex Forster <alex@alexforster.com>
License: MIT OR Apache-2.0

crates.io version docs.rs

Example Usage

let source = r#"
    ldh [12]            ; load ethertype into accumulator
    jne #0x0800, drop   ; if accumulator != 0x0800: goto drop
    ldb [23]            ; load ipproto into accumulator
    jneq #0x06, drop    ; if accumulator != 0x06: goto drop
    pass: ret #-1       ; pass
    drop: ret #0        ; drop
"#;

let extensions = bpfasm::extensions::linux();

let instructions = bpfasm::assemble(source, &extensions).expect("syntax error");

println!(
    "{},{}",
    instructions.len(),
    instructions.iter().map(|s| s.to_string()).collect::<Vec<_>>().join(",")
);

// Output:
// 6,40 0 0 12,21 0 3 2048,48 0 0 23,21 0 1 6,6 0 0 4294967295,6 0 0 0

Dependencies

~1.8–2.6MB
~52K SLoC