BPF patch for addition of good feature linux packet(7)

[Vladimir Yu. Stepanov]

     Hello!

I made a modernization of bpf realization. It have a mind when we are 
trying to use bpf to account network statistic. When packets is catching 
by filter thereis imposible to determine the direction of packets flows. 
Due to this problem statistic accounts two times when packets is routes 
by the same interface, because this packets counts  as incoming  and 
outgoing traffic. The prototype of this patch is packet(7) on linux.

This patch is fully compatible with all program uses the bpf. It adds
the tags means traffic direction to the struct bpf_hdr.


struct bpf_hdr {
         struct timeval  bh_tstamp;      /* time stamp */
         bpf_u_int32     bh_caplen;      /* length of captured portion */
         bpf_u_int32     bh_datalen;     /* original length of packet */
         u_short         bh_hdrlen;      /* length of bpf header (this 
struct
                                            plus alignment padding) */
         u_short         bh_pkttype;     /* packet type */
};
/*
  * Packet types.
  * For help to get some extra information.
  * It is taken from the description packet(7) in Linux system.
  */
#define BPFPKTTYPE_HOST         0       /* To us */
#define BPFPKTTYPE_BROADCAST    1       /* To all */
#define BPFPKTTYPE_MULTICAST    2       /* To group */
#define BPFPKTTYPE_OTHERHOST    3       /* To someone else */
#define BPFPKTTYPE_OUTGOING     4       /* Outgoing of any type */
#define BPFPKTTYPE_LOOPBACK     5       /* MC/BRD frame looped back */
#define BPFPKTTYPE_FASTROUTE    6       /* Fastrouted frame (if cannot 
detect MC/BRD type) */