Re: BPF in hardware

[Livio Ricciulli <livio () metanetworks org>]

Guy Harris wrote:
> On Nov 22, 2004, at 1:26 PM, Livio Ricciulli wrote:
>
> > The idea is to automatically translate the BPF expressions passed to
> > libpcap into MTP macrocode and load it into the card on the fly
> > ___in_addition_to___ the normal BPF software matching.
>
>
> By "BPF expressions" do you mean "BPF programs" or do you mean "filter 
> expressions"?

Sorry I meant "filter expressions"

> > 1) What's the best way to do this from a coding architecture point of
> > view? Any suggestions where to put the code? Add the entry of the
> > MTP-specific code in pcap_compile?
>
>
> ...what should ultimately be done is to have a new API for setting filters:
>
>     a routine that takes a filter string and generates a parse tree, 
> with *no* code generation;
>
>     a routine that takes a parse tree and a pcap_t pointer, and 
> translates that parse tree into filter code and installs the filter on 
> the pcap_t in question.
>
> The latter routine doesn't supply any BPF code to its caller - it just 
> installs the filter.  It might generate BPF code and install that, it 
> might generate CMU/Stanford packet filter code and install that (e.g., 
> on Solaris), it might generate BPF code and run that in userland, or it 
> might generate MTP code and install that.
I see, it makes sense.
How far is the current implementation from this architecture?
Or is it already there?

Livio.






-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.