Re: Variable length mac headers and gencode.c (and

[Darren Reed <darren.reed () oracle com>]

To follow this on, looking at the output of "tcpdump -d",
it became obvious that the opcodes could be optimised.
The optimised would need to be seriously smarter than
it currently is to detect that it has a repeating group of
six statements, of which the second can be eliminated.
That's completely out of scope for what I'm doing.

One solution to that is to add another BPF opcode, that
is an indirect version of BPF_MSH - call it BPF_MSHM.

The attached patch introduces a "ldxbi" to complement
the "ldxb". With the patches attached applied, the
output of "tcpdump -d" becomes much more reasonable:

# tcpdump -d -vi net0 ip and tcp port 80
(000) ldh      [2]
(001) st       M[0]
(002) ldh      [8]
(003) jeq      #0x800           jt 4    jf 15
(004) ldx      M[0]
(005) ldb      [x + 9]
(006) jeq      #0x6             jt 7    jf 15
(007) ldh      [x + 6]
(008) jset     #0x1fff          jt 15   jf 9
(009) ldxbi    4*([[2]]&0xf)
(010) ldh      [x + 0]
(011) jeq      #0x50            jt 14   jf 12
(012) ldh      [x + 2]
(013) jeq      #0x50            jt 14   jf 15
(014) ret      #65535
(015) ret      #0

FWIW, BPF_MSHM equates to BPF_LEN|BPF_IND|BPF_ABS,
whereas BPF_MSH (ldxb) is BPF_LEN|BPF_ABS. Thus
this seems to be the right mneumonic/opcode for
the operation at hand.

Darren

Attachment: DLT_LINK.patch
Description:

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.