Date: Wed, 30 Dec 2015 12:11:03 +0000 From: Daniel Janzon <janzon@gmail.com> To: Julian Elischer <julian@freebsd.org>, Juan Herrera <mybsdmailing@gmail.com>, freebsd-hackers@freebsd.org Subject: Re: BPF Berkeley Packet Filter Question Message-ID: <CAAGHsvCNUGn10xYwg-hu-H__5=AQceWQ-5-dsyunF1=2h633_Q@mail.gmail.com> In-Reply-To: <56839C88.3090708@freebsd.org> References: <CAAN2wCD7vXDzShb35J6Ok20iU2Z4WpUYU%2BaLf9xOKuG1yDRA=Q@mail.gmail.com> <56839C88.3090708@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Julian,
I'm not sure I follow what you want to do but maybe I can help you get in
the right direction.
You can define a BPF program with macros, like
struct bpf_insn instructions[] = {
...
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, proto, 0, 1),
BPF_STMT(BPF_RET + BPF_K, (uint16_t)-1),
BPF_STMT(BPF_RET + BPF_K, 0)
};
struct bpf_program bpf_program = { 4, (struct bpf_insn*)&instructions };
ioctl(fd, BIOCSETF, (struct bpf_program*)&bpf_program);
etc, google for a complete example.
Then you can use the -d option of tcpdump to get some help to find the
right instructions, for instance
tcpdump -i em0 -d host 10.10.10.1 and greater 150 # capture packets
greater than 150
You will probably have to modify the output a bit to get what you want so
you will have to learn a bit how it works. See the section Filter machine
in the bpf manual (man 4 bpf).
Hope that helps.
All the best,
Daniel Janzon
On Wed, Dec 30, 2015 at 9:58 AM Julian Elischer <julian@freebsd.org> wrote:
> On 30/12/2015 12:46 PM, Juan Herrera wrote:
> > Hello BSD folks,
> >
> > I am developing a networking application in C and I have a question
> > regarding BPF (Berkeley Packet Filters), I will give you an idea of the
> app
> > first, I need to send a packet from machine A to machine B (any kind of
> > packet) so for this I wrote a packet generator application which will
> send
> > a packet to machine B, but before sending the packet I need to append
> some
> > metadata values at the end of the packet, already done, so in machine B I
> > have a raw socket listener app ready to receive incoming packets from
> > machine A, however I want to implement filtering with BPF on machine B,
> but
> > as my metadata was appended at the end of the packet (have to be at the
> > end), I need to read the packet length with(using) Berkeley Packet Filter
> > to match a specific field to filter one of the bytes at the end of my
> > packet (metadata appended), in other words I need to know the incoming
> > packet length to filtered against one of the metadatas fields and be able
> > to drop the packet before reaching user space applications(drop it in
> > kernel space).
> >
> > So my question is, Can I use BPF to read the packet length ?
> to continue on my previous mail.
>
> you can also use netgraph to do this in several ways as well.
> But I'd need more information to be able to explain what to do.
>
> >
> > TIA!
> > _______________________________________________
> > freebsd-hackers@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> > To unsubscribe, send any mail to "
> freebsd-hackers-unsubscribe@freebsd.org"
> >
>
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAGHsvCNUGn10xYwg-hu-H__5=AQceWQ-5-dsyunF1=2h633_Q>