Re: BPF in the kernel

2000-09-21 Thread Marc Lehmann 

On Mon, Sep 18, 2000 at 10:55:20PM -0700, Philippe Troin <[EMAIL PROTECTED]> wrote:
> Ideally, libpcap should be extended to support the LPFisms. A LSF

Indeed, and I sent a patch to do so about 4 weeks after LSF was in the
kernel, but nothing happened so far. ("Hey, the -s option suddenly works ;")

-- 
  -==- |
  ==-- _   |
  ---==---(_)__  __   __   Marc Lehmann  +--
  --==---/ / _ \/ // /\ \/ /   [EMAIL PROTECTED] |e|
  -=/_/_//_/\_,_/ /_/\_\   XX11-RIPE --+
The choice of a GNU generation   |
 |
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/

Re: BPF in the kernel

2000-09-18 Thread Philippe Troin 

kjh63 <[EMAIL PROTECTED]> writes:

> > How Linux Kernel and BPF relate to each other:
> >
> > a) linux has BPF (I don't think so).

It has LSF, the Linux Socket Filter.

> > b) Linux has own equivalent of BPF (part of NAT?)

Yes, the LSF.

> > c) linux does not have anything like BPF

BPF opcodes works on LSF. LSF has some extensions to BSF, like
fetching which interface the packet came from.

> > d) something else (if so, then what?)
> 
> a) The Documentation/networking/filters.txt may say so but i dont think so
> either:
> 
> [root@localhost networking]# ls -al /dev/bpf0
> ls: /dev/bpf0: No such file or directory
> [root@localhost networking]# cd /dev/
> [root@localhost /dev]# sh MAKEDEV bpf0
> MAKEDEV: don't know how to make device "bpf0"

LSF does not work with devices nodes, it works with setsockopt:

struct bpf_program bpfp;
/* Fill bpfp */
setsockopt(SOL_SOCKET, SO_ATTACH_FILTER, &bpfp, sizeof(bpfp));

> How can I make ethereal (or libpcap) work with LSF?

Last time I checked libpcap was emulating BPF in user space. Which is
bad of course because all packets are copied...

Ideally, libpcap should be extended to support the LPFisms. A LSF
filtering some ethernet traffic does not have to be bound to an
interface. You can filter all the packets coming in.

I can send you an example if you need so.

Phil.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/

BPF in the kernel

2000-09-18 Thread kjh63 

> How Linux Kernel and BPF relate to each other:
>
> a) linux has BPF (I don't think so).
> b) Linux has own equivalent of BPF (part of NAT?)
> c) linux does not have anything like BPF
> d) something else (if so, then what?)

a) The Documentation/networking/filters.txt may say so but i dont think so
either:

[root@localhost networking]# ls -al /dev/bpf0
ls: /dev/bpf0: No such file or directory

[root@localhost networking]# cd /dev/
[root@localhost /dev]# sh MAKEDEV bpf0
MAKEDEV: don't know how to make device "bpf0"

How can I make ethereal (or libpcap) work with LSF?

Thanks

Kurt

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/