Date: Fri, 8 Mar 2013 11:02:20 +0200 From: Viktor Penkoff <vpenkoff@gmail.com> To: freebsd-net@freebsd.org Subject: BPF data representation Message-ID: <CAE-a5gZrmW174%2BcEJ2FTEK9e5vo2m22NDVdJMyN19TUTHPwHKw@mail.gmail.com> In-Reply-To: <CAE-a5gbis9RaNy6R3rOtGnvF_a0goy392O-_kmvLK2LqD_Bv%2BQ@mail.gmail.com> References: <CAE-a5gbis9RaNy6R3rOtGnvF_a0goy392O-_kmvLK2LqD_Bv%2BQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi guys. I'm diggin some bpf stuff and i can't figure out, why there are 3 types of data representations: words, halfwords and bytes? I mean how can i know, which one is best in a place to use? In some basic example, e.g. for packet capturing, considering BPF's manual, i use for ETHERTYPE in the ethernet header a halfword representation, but for a IP address - word representation. Let's say we have some read instructions: BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 12), BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ETHERTYPE_IP, X, Y), .... BPF_STMT(BPF_LD+BPF_W+BPF_ABS, 26), BPF_JUMP(BPF_JMP+BPF+JEQ+BPF_K, 0xABABABAB, X,Y) Can someone explain? Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE-a5gZrmW174%2BcEJ2FTEK9e5vo2m22NDVdJMyN19TUTHPwHKw>