[CDBUG-talk] BPF Berkeley Packet Filter Question

Greg Troxel gdt at lexort.com
Wed Dec 30 10:09:26 EST 2015


First, it's not clear from your mail that what you are doing is
sensible.  You seem to be skipping IP and perhaps using raw Ethernet,
and insisting on adding fields at the end vs encapsulating.   But you
didn't explain and didn't ask...

The bpf language is fairly powerful, but you'll have to write in BPF
assembler because libpcap doesn't already have compilation support to do
what you need.  See bpf(4) - I suspect it is adequate to find the
metadata field based on length.  Certainly it can find the UDP header
based on IP header length, and things like that.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.nycbug.org/pipermail/cdbug-talk/attachments/20151230/c3e6646c/attachment.bin>


More information about the CDBUG-talk mailing list