From owner-freebsd-hackers@freebsd.org Wed Dec 30 12:11:16 2015 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03C6EA567F8 for ; Wed, 30 Dec 2015 12:11:16 +0000 (UTC) (envelope-from janzon@gmail.com) Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9797E1954; Wed, 30 Dec 2015 12:11:15 +0000 (UTC) (envelope-from janzon@gmail.com) Received: by mail-wm0-x230.google.com with SMTP id f206so64527970wmf.0; Wed, 30 Dec 2015 04:11:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-type; bh=dN3TUGL436z0LFY8JK8BdSOWK2bLtNZRVN4ulV5OboE=; b=STZhN5dp4E6kC8AqLKEBvwyVrIY6lEwZZ2fXlqDhhtwqlvEdxdsB2+4z+IkxxZfH1y V0wqVpNl2NKYUGt8UGnkc72BwhSE/suYImyB1+y4kUlK8zzKYDKKogPuaojT1exWK/cX +YJMZCi0cD0+BNq+49/gQY7JmKbi6CH/FoOtiT/pLG2RxOVBnE56+ae2byeKtVIGFY/g +8r1hd/a1zkWnjvYA2QXcd1N8/5skhRL9APD6cf30QGvTZuScS/OuG8X8veQwkinJojw 9zG+6iPH20M5NF3QiUUiEY3Z8frWl6psFnav5hDZS/lNaUSfS6sbFQLc+RLckJvDaP0b TyvA== X-Received: by 10.194.118.162 with SMTP id kn2mr22144423wjb.148.1451477473525; Wed, 30 Dec 2015 04:11:13 -0800 (PST) MIME-Version: 1.0 References: <56839C88.3090708@freebsd.org> In-Reply-To: <56839C88.3090708@freebsd.org> From: Daniel Janzon Date: Wed, 30 Dec 2015 12:11:03 +0000 Message-ID: Subject: Re: BPF Berkeley Packet Filter Question To: Julian Elischer , Juan Herrera , freebsd-hackers@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2015 12:11:16 -0000 Hello Julian, I'm not sure I follow what you want to do but maybe I can help you get in the right direction. You can define a BPF program with macros, like struct bpf_insn instructions[] = { ... BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, proto, 0, 1), BPF_STMT(BPF_RET + BPF_K, (uint16_t)-1), BPF_STMT(BPF_RET + BPF_K, 0) }; struct bpf_program bpf_program = { 4, (struct bpf_insn*)&instructions }; ioctl(fd, BIOCSETF, (struct bpf_program*)&bpf_program); etc, google for a complete example. Then you can use the -d option of tcpdump to get some help to find the right instructions, for instance tcpdump -i em0 -d host 10.10.10.1 and greater 150 # capture packets greater than 150 You will probably have to modify the output a bit to get what you want so you will have to learn a bit how it works. See the section Filter machine in the bpf manual (man 4 bpf). Hope that helps. All the best, Daniel Janzon On Wed, Dec 30, 2015 at 9:58 AM Julian Elischer wrote: > On 30/12/2015 12:46 PM, Juan Herrera wrote: > > Hello BSD folks, > > > > I am developing a networking application in C and I have a question > > regarding BPF (Berkeley Packet Filters), I will give you an idea of the > app > > first, I need to send a packet from machine A to machine B (any kind of > > packet) so for this I wrote a packet generator application which will > send > > a packet to machine B, but before sending the packet I need to append > some > > metadata values at the end of the packet, already done, so in machine B I > > have a raw socket listener app ready to receive incoming packets from > > machine A, however I want to implement filtering with BPF on machine B, > but > > as my metadata was appended at the end of the packet (have to be at the > > end), I need to read the packet length with(using) Berkeley Packet Filter > > to match a specific field to filter one of the bytes at the end of my > > packet (metadata appended), in other words I need to know the incoming > > packet length to filtered against one of the metadatas fields and be able > > to drop the packet before reaching user space applications(drop it in > > kernel space). > > > > So my question is, Can I use BPF to read the packet length ? > to continue on my previous mail. > > you can also use netgraph to do this in several ways as well. > But I'd need more information to be able to explain what to do. > > > > > TIA! > > _______________________________________________ > > freebsd-hackers@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to " > freebsd-hackers-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >