[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: BPF Berkeley Packet Filter Question
From: Julian Elischer <julian () freebsd ! org>
Date: 2015-12-30 16:43:20
Message-ID: 568409A8.40508 () freebsd ! org
[Download RAW message or body]
On 30/12/2015 8:11 PM, Daniel Janzon wrote:
> Hello Julian,
It's not me that was asking, but Juan
I'm sure that he's reading though..
>
> I'm not sure I follow what you want to do but maybe I can help you
> get in the right direction.
>
> You can define a BPF program with macros, like
>
> struct bpf_insn instructions[] = {
> ...
> BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, proto, 0, 1),
> BPF_STMT(BPF_RET + BPF_K, (uint16_t)-1),
> BPF_STMT(BPF_RET + BPF_K, 0)
> };
>
> struct bpf_program bpf_program = { 4, (struct bpf_insn*)&instructions };
> ioctl(fd, BIOCSETF, (struct bpf_program*)&bpf_program);
>
> etc, google for a complete example.
>
> Then you can use the -d option of tcpdump to get some help to find
> the right instructions, for instance
>
> tcpdump -i em0 -d host 10.10.10.1 and greater 150 # capture packets
> greater than 150
>
> You will probably have to modify the output a bit to get what you
> want so you will have to learn a bit how it works. See the section
> Filter machine in the bpf manual (man 4 bpf).
>
> Hope that helps.
>
> All the best,
> Daniel Janzon
>
>
> On Wed, Dec 30, 2015 at 9:58 AM Julian Elischer <julian@freebsd.org
> <mailto:julian@freebsd.org>> wrote:
>
> On 30/12/2015 12:46 PM, Juan Herrera wrote:
> > Hello BSD folks,
> >
> > I am developing a networking application in C and I have a
> question
> > regarding BPF (Berkeley Packet Filters), I will give you an
> idea of the app
> > first, I need to send a packet from machine A to machine B
> (any kind of
> > packet) so for this I wrote a packet generator application
> which will send
> > a packet to machine B, but before sending the packet I need to
> append some
> > metadata values at the end of the packet, already done, so in
> machine B I
> > have a raw socket listener app ready to receive incoming
> packets from
> > machine A, however I want to implement filtering with BPF on
> machine B, but
> > as my metadata was appended at the end of the packet (have to
> be at the
> > end), I need to read the packet length with(using) Berkeley
> Packet Filter
> > to match a specific field to filter one of the bytes at the
> end of my
> > packet (metadata appended), in other words I need to know the
> incoming
> > packet length to filtered against one of the metadatas fields
> and be able
> > to drop the packet before reaching user space
> applications(drop it in
> > kernel space).
> >
> > So my question is, Can I use BPF to read the packet length ?
> to continue on my previous mail.
>
> you can also use netgraph to do this in several ways as well.
> But I'd need more information to be able to explain what to do.
>
> >
> > TIA!
> > _______________________________________________
> > freebsd-hackers@freebsd.org
> <mailto:freebsd-hackers@freebsd.org> mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> > To unsubscribe, send any mail to
> "freebsd-hackers-unsubscribe@freebsd.org
> <mailto:freebsd-hackers-unsubscribe@freebsd.org>"
> >
>
> _______________________________________________
> freebsd-hackers@freebsd.org <mailto:freebsd-hackers@freebsd.org>
> mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to
> "freebsd-hackers-unsubscribe@freebsd.org
> <mailto:freebsd-hackers-unsubscribe@freebsd.org>"
>
_______________________________________________
freebsd-hackers@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic