Re: cBPF socket filters failing - inexplicably?

From: Tom Cook
Date: Fri Jan 15 2021 - 17:47:14 EST

Next message: Mathieu Poirier: "Re: [PATCH v1 3/7] perf cs-etm: Calculate per CPU metadata array size"
Previous message: Stephen Boyd: "Re: [PATCH] Input: cros_ec_keyb: Add support for a front proximity switch"
In reply to: Eric Dumazet: "Re: cBPF socket filters failing - inexplicably?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 15, 2021 at 2:16 PM Eric Dumazet <edumazet@xxxxxxxxxx> wrote:
[snip]
> > My wild guess is that as soon as socket got created:
> > socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
> > the packets were already queued to it.
> > So later setsockopt() is too late to filter.
> >
> > Eric, thoughts?
>
> Exactly, this is what happens.

I understand. Thanks for the explanation.

> I do not know how tcpdump and other programs deal with this.
>
> Maybe by setting a small buffer size, or draining the queue.

libpcap has its own cBPF implementation which it applies after it
receives the packets from the queue.

Thanks again,
Tom Cook

Next message: Mathieu Poirier: "Re: [PATCH v1 3/7] perf cs-etm: Calculate per CPU metadata array size"
Previous message: Stephen Boyd: "Re: [PATCH] Input: cros_ec_keyb: Add support for a front proximity switch"
In reply to: Eric Dumazet: "Re: cBPF socket filters failing - inexplicably?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]