On Sep 10, 2012, at 10:50 AM, Guy Harris <g...@alum.mit.edu> wrote: > > On Sep 10, 2012, at 3:41 AM, "David Laight" <david.lai...@aculab.com> wrote: > >>>> What about the other OS - eg all the BSDs? >>>> I had a vague idea that BPF was supposed to be reasonable portable. >>> >>> Yes, does it mean BPF is frozen ? >>> >>> Or is BSD so hard to update these days ? >> >> Not really - but it some other places that need updating in order >> to make this useful for cross-platform tools (like tcpdump). >> >> The 'real fun (tm)' happens when NetBSD tries to run Linux binaries >> that include the Linux libpcap. > > Additional fun happens when a Linux system with a kernel that doesn't have > the mod instruction tries to run Linux binaries that include a Linux libpcap > that generates code using the mod instruction; this is not a BSD-vs.-Linux > issue, it's a "kernel that lacks the mod instruction vs. libpcap that > generates code that includes the mod instruction" issue. > > BSD/OS X, Linux, Solaris, and the WinPcap driver need, if they adopt new BPF > instructions, to have a mechanism by which libpcap (or anything else using > BPF filtering) can inquire about the capabilities of the OS BPF interpreter; > libpcap would use that to determine what code to generate if generating code > for the in-kernel BPF interpreter.
In this particular case, there's no choice about what to generate - either you have mod and XOR instructions or you don't. Furthermore, if the kernel rejects a particular BPF program, libpcap just falls back on filtering in userland, so we can support % and ^ operators in libpcap on all platforms, albeit with a performance hit on Linux prior to 3.7 and, currently, on other platforms. I don't think there's anything inherently troublesome about BPF_MOD and BPF_XOR, so I'll file bugs against the various BSDs and OS X suggesting that they be added. So I've checked in a change to libpcap to implement BPF_MOD and BPF_XOR and to add % and ^ operators (yes, the same zero-divide checks in bpf_validate() done for BPF_DIV are done for BPF_MOD, and the optimizer was updated to handle BPF_MOD like BPF_DIV and to handle BPF_XOR like BPF_OR). The pcap-filter man page documents it, but warns that filters using them might be run in userland on pre-3.7 Linux and non-Linux platforms. _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
