> patch-2.1.79.gz, netsyms.c
> -#ifdef CONFIG_FILTER
> -EXPORT_SYMBOL(sk_run_filter);
> -#endif
>
> why this? this makes compiling af_packet as module impossible..
>
> also, net/core/filter.c does not show up anywhere in the makefiles
> anymore.
That was an accident. It is already fixed in 2.1.80-pre
>
> another question: I´ve hacked tcpdump to use the new
> bpf filters (they work fine!), but I´m not sure on
> which kind of socket they should be attached...
Nice. Could you publish these patches somewhere?
>
> the kernel complains:
> Jan 8 02:51:54 cerebro kernel: tcpdump uses obsolete (AF_INET,SOCK_PACKET)
>
> but I couldn not find another socket type that I could create (socket())
> that would also give me packets back (and Documentation/networking/filters
> only says they work on all sockets, but doesn´t mention how I actually
> get packets on these sockets). Which socket type should I use to get, say,
> all packets on interface eth0?
Use socket(SOCK_PACKET, SOCK_RAW, ...). SOCK_PACKET is independent from IPv4
now so it got its own socket type. It also has a few other nice new features,
see the comments in net/packet/af_packet.c for details.
tcpdump/libpcap patches for the new conventions are in
ftp.inr.ac.ru:/ip-routing/lbl-tools . One big advantage of the new
socket packet interface is that it works with all low level interfaces,
no more special patches for e.g. isdn4linux tcpdump required.
-Andi