tcpdump mailing list archives

Re: BPF Extended: addressing BPF's shortcomings

From: "Paul \"LeoNerd\" Evans" <leonerd () leonerd org uk>
Date: Thu, 11 Jun 2015 14:33:52 +0100

On Thu, 11 Jun 2015 20:12:00 +1000
Darren Reed <darrenr () netbsd org> wrote:

  2) A few more AD constants added to the Linux "auxdata" area,
giving information about the transport layer.


Can you please expand on this?


See the SKF_NET_OFF and SKF_LL_OFF constants.
I wanted to simply add another, SKF_TRANS_OFF

This would give an offset into a virtual view of the "transport" layer;
i.e. the start of the TCP/UDP/whatever header, regardless where it
starts in the packet.

Now, filtering for a given TCP port only needs to compare the value of
SKF_AD_TRANSPORT (which we'd also have to add), and then look at
certain indexes into SKF_TRANS_OFF; it doesn't have to *find* the TCP
header at all, doesn't care if it's IPv4 or IPv6 or whatever...

-- 
Paul "LeoNerd" Evans

leonerd () leonerd org uk
http://www.leonerd.org.uk/  |  https://metacpan.org/author/PEVANS
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

BPF Extended: addressing BPF's shortcomings Darren Reed (Jun 10)
- Re: BPF Extended: addressing BPF's shortcomings Paul "LeoNerd" Evans (Jun 10)
  - Re: BPF Extended: addressing BPF's shortcomings Darren Reed (Jun 11)
    - Re: BPF Extended: addressing BPF's shortcomings Paul "LeoNerd" Evans (Jun 11)
    - Re: BPF Extended: addressing BPF's shortcomings Michael Richardson (Jun 11)
- Re: BPF Extended: addressing BPF's shortcomings Mindaugas Rasiukevicius (Jun 10)
  - Re: BPF Extended: addressing BPF's shortcomings Guy Harris (Jun 10)
    - Re: BPF Extended: addressing BPF's shortcomings Paul "LeoNerd" Evans (Jun 11)
  - Re: BPF Extended: addressing BPF's shortcomings Darren Reed (Jun 11)
    - Re: BPF Extended: addressing BPF's shortcomings Paul "LeoNerd" Evans (Jun 11)