Date: Wed, 30 Dec 2015 12:11:03 +0000 From: Daniel Janzon <janzon@gmail.com> To: Julian Elischer <julian@freebsd.org>, Juan Herrera <mybsdmailing@gmail.com>, freebsd-hackers@freebsd.org Subject: Re: BPF Berkeley Packet Filter Question Message-ID: <CAAGHsvCNUGn10xYwg-hu-H__5=AQceWQ-5-dsyunF1=2h633_Q@mail.gmail.com> In-Reply-To: <56839C88.3090708@freebsd.org> References: <CAAN2wCD7vXDzShb35J6Ok20iU2Z4WpUYU%2BaLf9xOKuG1yDRA=Q@mail.gmail.com> <56839C88.3090708@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Julian, I'm not sure I follow what you want to do but maybe I can help you get in the right direction. You can define a BPF program with macros, like struct bpf_insn instructions[] = { ... BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, proto, 0, 1), BPF_STMT(BPF_RET + BPF_K, (uint16_t)-1), BPF_STMT(BPF_RET + BPF_K, 0) }; struct bpf_program bpf_program = { 4, (struct bpf_insn*)&instructions }; ioctl(fd, BIOCSETF, (struct bpf_program*)&bpf_program); etc, google for a complete example. Then you can use the -d option of tcpdump to get some help to find the right instructions, for instance tcpdump -i em0 -d host 10.10.10.1 and greater 150 # capture packets greater than 150 You will probably have to modify the output a bit to get what you want so you will have to learn a bit how it works. See the section Filter machine in the bpf manual (man 4 bpf). Hope that helps. All the best, Daniel Janzon On Wed, Dec 30, 2015 at 9:58 AM Julian Elischer <julian@freebsd.org> wrote: > On 30/12/2015 12:46 PM, Juan Herrera wrote: > > Hello BSD folks, > > > > I am developing a networking application in C and I have a question > > regarding BPF (Berkeley Packet Filters), I will give you an idea of the > app > > first, I need to send a packet from machine A to machine B (any kind of > > packet) so for this I wrote a packet generator application which will > send > > a packet to machine B, but before sending the packet I need to append > some > > metadata values at the end of the packet, already done, so in machine B I > > have a raw socket listener app ready to receive incoming packets from > > machine A, however I want to implement filtering with BPF on machine B, > but > > as my metadata was appended at the end of the packet (have to be at the > > end), I need to read the packet length with(using) Berkeley Packet Filter > > to match a specific field to filter one of the bytes at the end of my > > packet (metadata appended), in other words I need to know the incoming > > packet length to filtered against one of the metadatas fields and be able > > to drop the packet before reaching user space applications(drop it in > > kernel space). > > > > So my question is, Can I use BPF to read the packet length ? > to continue on my previous mail. > > you can also use netgraph to do this in several ways as well. > But I'd need more information to be able to explain what to do. > > > > > TIA! > > _______________________________________________ > > freebsd-hackers@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to " > freebsd-hackers-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAGHsvCNUGn10xYwg-hu-H__5=AQceWQ-5-dsyunF1=2h633_Q>