tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BPF in hardware

From: "Jefferson Ogata" <Jefferson.Ogata () noaa gov>
Date: Mon, 22 Nov 2004 20:39:18 -0500
Guy Harris wrote:
That obviates the need to design the expression tree representation (as I'd like to be able to hand expression trees *not* constructed by libpcap's parser to the filter installer, that should be designed well enough to be usable and extensible as necessary), but does mean you'd have to do a lot of work on the *existing* code generator to make it emit stuff other than a BPF program, and it might be a bit more intrusive than having separate code generators (code generator routines are called from the parser).
The obvious approach is to simply write a BPF-to-MTP assembler/compiler, crunch the result of pcap_compile(), and stuff that into the interface. This would be a lot easier than hacking on the code generator. 

--
Jefferson Ogata <Jefferson.Ogata () noaa gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov>

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: