On 02/10/2013 12:30 PM, Daniel Borkmann wrote:
On 02/09/2013 06:08 AM, Jon Schipp wrote:
~/netsniff-ng/Documentation/Bpfc: "Furthermore, the Linux kernel has
undocumented BPF filter extensions that can be found in the virtual
machine source code [123]" Link isn't listed for the reference point.
Is there any sort of reference for the undocumented kernel extensions?
Yes, I know they're officially undocumented but maybe someone has
written about them?. What kernel source file has the code for these?
I'm interested in these two at the moment.
#type Packet class1 , e.g. Broadcast, Multicast, Outgoing, ...
#ifidx Network device index the packet was received on
ifidx:
You see which ifindex what netdevice has via: ip a (the number
followed by the colon). This option might be useful if you use
the "any" device and want to see traffic originating from two or
more devices, bit not all of them.
type:
The definitions are part of linux/if_packet.h:
/* Packet types */
#define PACKET_HOST 0 /* To us */
#define PACKET_BROADCAST 1 /* To all */
#define PACKET_MULTICAST 2 /* To group */
#define PACKET_OTHERHOST 3 /* To someone else */
#define PACKET_OUTGOING 4 /* Outgoing of any type */
/* These ones are invisible by user level */
#define PACKET_LOOPBACK 5 /* MC/BRD frame looped back */
#define PACKET_FASTROUTE 6 /* Fastrouted frame */
So you can use sth like (uncompiled, untested):
ld #type
jneq #0, drop
jneq #1, drop
s/jneq/jeq/a
ret #-1
drop:
ret #0
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
