Date: Fri, 11 Oct 1996 00:18:46 +0300 (AST) From: ShadowS <shadows@whitefang.com> To: questions@freebsd.org Subject: bpf filter and PPP Message-ID: <Pine.NEB.3.95.961011000933.2128e-100000@broken.whitefang.com>
next in thread | raw e-mail | index | archive | help
I've been playing with bpf, and I noticed that under PPP I can receive
both compressed and normal packets. Here's the instructions i used.. and
both filtered out packets fine.
struct bpf_insn inst[] = { BPF_STMT(BPF_LD+BPF_H+BPF_ABS,2),
BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K,PPP_IP,1,0),
BPF_STMT(BPF_RET+BPF_K,0),
BPF_STMT(BPF_RET+BPF_K,500),
struct bpf_insn inst[] = { BPF_STMT(BPF_LD+BPF_H+BPF_ABS,2),
BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K,PPP_VJC_COMP ,1,0),
BPF_STMT(BPF_RET+BPF_K,0),
BPF_STMT(BPF_RET+BPF_K,500),
now both returned the same amount of packets.. the return of 500 was just
a hack to see if i got any.
Another thing.. PPP packet headers vary in size, it depends on the way its
negotiated so the protocol field may or may not be 1 byte (may be 2). This
is confusing since the man page said "It can capture packets from
interfaces which return a fixed header". I.e. Ethernet, but PPP is
supported as well.
anyone clear this up please?
-------------------------------------------------------------------------------
ShadowS WhiteFang Unix Software Development
Thamer Al-Herbish And Consultancy.
shadows@whitefang.com
shadows@kuwait.net Specialising in Custom Network Applications
for Unix Systems.
-------------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.961011000933.2128e-100000>