kjh63 <kjh63@cantva.canterbury.ac.nz> writes:
> > How Linux Kernel and BPF relate to each other:
> >
> > a) linux has BPF (I don't think so).
It has LSF, the Linux Socket Filter.
> > b) Linux has own equivalent of BPF (part of NAT?)
Yes, the LSF.
> > c) linux does not have anything like BPF
BPF opcodes works on LSF. LSF has some extensions to BSF, like
fetching which interface the packet came from.
> > d) something else (if so, then what?)
>
> a) The Documentation/networking/filters.txt may say so but i dont think so
> either:
>
> [root@localhost networking]# ls -al /dev/bpf0
> ls: /dev/bpf0: No such file or directory
> [root@localhost networking]# cd /dev/
> [root@localhost /dev]# sh MAKEDEV bpf0
> MAKEDEV: don't know how to make device "bpf0"
LSF does not work with devices nodes, it works with setsockopt:
struct bpf_program bpfp;
/* Fill bpfp */
setsockopt(SOL_SOCKET, SO_ATTACH_FILTER, &bpfp, sizeof(bpfp));
> How can I make ethereal (or libpcap) work with LSF?
Last time I checked libpcap was emulating BPF in user space. Which is
bad of course because all packets are copied...
Ideally, libpcap should be extended to support the LPFisms. A LSF
filtering some ethernet traffic does not have to be bound to an
interface. You can filter all the packets coming in.
I can send you an example if you need so.
Phil.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Sep 23 2000 - 21:00:19 EST