I would like to use bpf filters in a custom pfring based application. I see 2 alternatives to this:
1. using one complex bpf filter. 2. using pfring's dynamic filters. As far as I understand so far: The first option is easier to implement, has a well known syntax and has some capabilities the second one doesn't . The second option requires writing code to parse and set filters, but will allow dynamic addition and removal later if needed. My question's are: 1. How can I use bpf filters with pfring, without using lpcap, I prefer using pfring directly, but can't find where to set a ring's bpf filter? 2. Do I need to change anything to perform the filtering in kernel? 3. Does anyone have any benchmarks comparing dynamic filters with bpf filters in kernel? Any help will be greatly appreciated, Joe M.
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
