Re: only outbound traffic

[Guy Harris <guy () alum mit edu>]

On Apr 28, 2011, at 6:42 PM, Andrej van der Zee wrote:

> Yes it does. Makes me wonder though why BPF was not extended with an "offset" keyword.

Why would an "offset" keyword be better in the filtering language than, say, the "vlan" keyword it already has?  You'd 
still have to do the same sort of special stuff, but it'd be a more manual operation.  (I.e., why would saying "offset 
{length of VLAN tag}" be better than "vlan"?)

The ideal would be a filtering language wherein having the filter code in the kernel skip past VLAN tags automatically 
was cheap.  Perhaps a language (not a language for users to express filters, but a language into which to compile the 
filters the user expresses) that makes it impossible to specify infinite loops, combined with a JIT to make loops 
reasonably efficient (there already exist JITs for x86-32 and x86-64 on some platforms, e.g. Windows and FreeBSD), 
would be the right way to handle VLANs and IPv6 protocol chains and perhaps even filters at higher protocol levels.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.