Please take this discussion to the tcpdump-workers list.
shohamp writes:
> This commit by @yuguy explains this issue very well. yacc parsers the
> bpf from left to right without saving the state, and doesn't provide a
> tree of some kind, which would allow an easy solution. @yuguy says that
> OR'ing vlans in the current parsing methodology is impossible.
> But there might be a solution, if GCC used yacc in previous version to
> parse C code, a state can be saved. We simply want yacc to parse
> parenthesis, and using them to increment the offset, and with each 'OR'
> it encounters, resetting the offset to it's last state. Let me explain:
> tcpdump -d 'vlan and (vlan or arp) or ip' means: 1. filter vlan with
> the current offset (0) and increment offset ( = 4) 2. open
> parenthesis. push the offset in a stack 3. filter vlan with the current
> offset (0) and increment offset ( = 8) 4. or. reset the offset to it's
> state in the last parenthesis from the offset stack ( = 4) 5. filter
> arp with the current offset (4) 6. close parenthesis. pop the offset's
> state 7. or. reset the offset to it's state in the last parenthesis
> from the offset stack ( = 0) 8. filter ip with the current offset (0)
> As it seems to me, this will solve the issue, and would allow OR'ing
> vlans.
> What do you say?
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
