From owner-freebsd-questions  Mon Feb  4 18:30: 4 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from segfault.monkeys.com (246.dsl6660157.rstatic.surewest.net [66.60.157.246])
	by hub.freebsd.org (Postfix) with ESMTP id EB08837B405
	for <freebsd-questions@freebsd.org>; Mon,  4 Feb 2002 18:29:58 -0800 (PST)
Received: from monkeys.com (localhost [127.0.0.1])
	by segfault.monkeys.com (Postfix) with ESMTP id 8C99C660B
	for <freebsd-questions@freebsd.org>; Mon,  4 Feb 2002 18:29:53 -0800 (PST)
To: freebsd-questions@freebsd.org
Subject: Need a simple Berkeley Packet Filter state machine `program'
Date: Mon, 04 Feb 2002 18:29:53 -0800
Message-ID: <8743.1012876193@monkeys.com>
From: "Ronald F. Guilmette" <rfg@monkeys.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG



Greetings,

Is there anyone who is already well and truly familiar with BPF
programming around here who might be willing to give me some help
writing a small filter?

Here's what I need... I need a BPF state machine program that will
filter out all incoming packets on an interface _except_ ones that
are _TCP_ packets and that have both the SYN and ACK bits set.  All
TCP packets with SYN+ACK set should be allowed through the filter.

For extra credit, it would also be peachy if the filter program
could also filter out and ignore any of those SYN+ACK TCP packets
that come from sources IPv4 addresses that fall outside of a given 
block designated by two 32-bit quantities such as:

	unsigned long	base_address;
	unsigned long	netmask;

where `base_address' would be some base IP address, already in network
byte order, and where `netmask' would be a value like 0xffffff00
(but stored in network byte order) to indicate the whole /24 netblock
starting at the address designated by `base_address'.

I could probably figure out how to do this all myself, but my sense
of it is that it would take me some time, and I'd have to look at a LOT
of other BPF examples first.

If somebody who is already fluent in the BPF state machine language
could just give me the appropriate state-machine code, that would
probably save me quite a lot of time.

Thanks in advance.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message