Hi Joe, On Aug 25, 2008, at 1:53 PM, joe m wrote:
> I would like to use bpf filters in a custom pfring based application. > I see 2 alternatives to this: > • using one complex bpf filter. > • using pfring's dynamic filters. > As far as I understand so far: > > The first option is easier to implement, has a well known syntax and > has some capabilities the second one doesn't . > > The second option requires writing code to parse and set filters, > but will allow dynamic addition and removal later if needed. > > > > My question's are: > • How can I use bpf filters with pfring, without using lpcap, I > prefer using pfring directly, but can't find where to set a ring's > bpf filter? In this case you need to use libpcap-over-pfring > • Do I need to change anything to perform the filtering in kernel? no pf_ring does it already > > • Does anyone have any benchmarks comparing dynamic filters with > bpf filters in kernel? Filtering with bpf or pf_ring are different in nature. If you need one (1) arbitrary complex filter then you need BPF. If you want to have many filters, either precise or wildcarded, then you need pf_ring. Later this year we'll publish a voip toolkit that allows you to track calls using pf-ring filters, thing that's impossible to do with BPF. Cheers Luca > > Any help will be greatly appreciated, > > Joe M. > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
