[CDBUG-talk] BPF Berkeley Packet Filter Question
Steve Moon
steve.moon at gmail.com
Wed Dec 30 05:56:03 EST 2015
ip [2:2] is the packet length. So ip [2:2] > 650 would filter for packets
greater than length 650.
If you google ip [2:2] you should find various bpf resources explaining how
to look at other ip fields.
On Tue, Dec 29, 2015 at 11:45 PM, Juan Herrera <mybsdmailing at gmail.com>
wrote:
> Hello BSD folks,
>
> I am developing a networking application in C and I have a question
> regarding BPF (Berkeley Packet Filters), I will give you an idea of the app
> first, I need to send a packet from machine A to machine B (any kind of
> packet) so for this I wrote a packet generator application which will send
> a packet to machine B, but before sending the packet I need to append some
> metadata values at the end of the packet, already done, so in machine B I
> have a raw socket listener app ready to receive incoming packets from
> machine A, however I want to implement filtering with BPF on machine B, but
> as my metadata was appended at the end of the packet (have to be at the
> end), I need to read the packet length with(using) Berkeley Packet Filter
> to match a specific field to filter one of the bytes at the end of my
> packet (metadata appended), in other words I need to know the incoming
> packet length to filtered against one of the metadatas fields and be able
> to drop the packet before reaching user space applications(drop it in
> kernel space).
>
> So my question is, Can I use BPF to read the packet length ?
>
> TIA!
>
>
>
>
> _______________________________________________
> CDBUG-talk mailing list
> CDBUG-talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/cdbug-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/cdbug-talk/attachments/20151230/98af152c/attachment.html>
More information about the CDBUG-talk
mailing list