Date: Thu, 31 Dec 2015 00:43:20 +0800 From: Julian Elischer <julian@freebsd.org> To: Daniel Janzon <janzon@gmail.com>, Juan Herrera <mybsdmailing@gmail.com>, freebsd-hackers@freebsd.org Subject: Re: BPF Berkeley Packet Filter Question Message-ID: <568409A8.40508@freebsd.org> In-Reply-To: <CAAGHsvCNUGn10xYwg-hu-H__5=AQceWQ-5-dsyunF1=2h633_Q@mail.gmail.com> References: <CAAN2wCD7vXDzShb35J6Ok20iU2Z4WpUYU%2BaLf9xOKuG1yDRA=Q@mail.gmail.com> <56839C88.3090708@freebsd.org> <CAAGHsvCNUGn10xYwg-hu-H__5=AQceWQ-5-dsyunF1=2h633_Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30/12/2015 8:11 PM, Daniel Janzon wrote: > Hello Julian, It's not me that was asking, but Juan I'm sure that he's reading though.. > > I'm not sure I follow what you want to do but maybe I can help you > get in the right direction. > > You can define a BPF program with macros, like > > struct bpf_insn instructions[] = { > ... > BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, proto, 0, 1), > BPF_STMT(BPF_RET + BPF_K, (uint16_t)-1), > BPF_STMT(BPF_RET + BPF_K, 0) > }; > > struct bpf_program bpf_program = { 4, (struct bpf_insn*)&instructions }; > ioctl(fd, BIOCSETF, (struct bpf_program*)&bpf_program); > > etc, google for a complete example. > > Then you can use the -d option of tcpdump to get some help to find > the right instructions, for instance > > tcpdump -i em0 -d host 10.10.10.1 and greater 150 # capture packets > greater than 150 > > You will probably have to modify the output a bit to get what you > want so you will have to learn a bit how it works. See the section > Filter machine in the bpf manual (man 4 bpf). > > Hope that helps. > > All the best, > Daniel Janzon > > > On Wed, Dec 30, 2015 at 9:58 AM Julian Elischer <julian@freebsd.org > <mailto:julian@freebsd.org>> wrote: > > On 30/12/2015 12:46 PM, Juan Herrera wrote: > > Hello BSD folks, > > > > I am developing a networking application in C and I have a > question > > regarding BPF (Berkeley Packet Filters), I will give you an > idea of the app > > first, I need to send a packet from machine A to machine B > (any kind of > > packet) so for this I wrote a packet generator application > which will send > > a packet to machine B, but before sending the packet I need to > append some > > metadata values at the end of the packet, already done, so in > machine B I > > have a raw socket listener app ready to receive incoming > packets from > > machine A, however I want to implement filtering with BPF on > machine B, but > > as my metadata was appended at the end of the packet (have to > be at the > > end), I need to read the packet length with(using) Berkeley > Packet Filter > > to match a specific field to filter one of the bytes at the > end of my > > packet (metadata appended), in other words I need to know the > incoming > > packet length to filtered against one of the metadatas fields > and be able > > to drop the packet before reaching user space > applications(drop it in > > kernel space). > > > > So my question is, Can I use BPF to read the packet length ? > to continue on my previous mail. > > you can also use netgraph to do this in several ways as well. > But I'd need more information to be able to explain what to do. > > > > > TIA! > > _______________________________________________ > > freebsd-hackers@freebsd.org > <mailto:freebsd-hackers@freebsd.org> mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to > "freebsd-hackers-unsubscribe@freebsd.org > <mailto:freebsd-hackers-unsubscribe@freebsd.org>" > > > > _______________________________________________ > freebsd-hackers@freebsd.org <mailto:freebsd-hackers@freebsd.org> > mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to > "freebsd-hackers-unsubscribe@freebsd.org > <mailto:freebsd-hackers-unsubscribe@freebsd.org>" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?568409A8.40508>