On Mon, Oct 14, 2002 at 10:23:57AM +0100, Richard Urwin wrote: > 4. People often ask if they can capture-filter on a field in a packet > which is at varying offsets from packet to packet, or on a string which > can exist anywhere in the packet. > 5. These filters are possible in BPF,
Really? What would the BPF code be to check for a string anywhere in the packet? (Note that BPF does *NOT* support loops; BPF branches can only branch forward. That was done so that BPF programs cannot loop infinitely, so that the kernel's BPF-program-checking code has fewer things to worry about. This means that a BPF program that loops checking multiple offsets is impossible, so that's not a valid BPF filter to check for a string that can exist anywhere in the packet.)
