Re: Does libpcap/tcpdump support "SKF_AD_QUEUE"

[Jon Zhou <Jon.Zhou () jdsu com>]

I found some bpf examples

Such as: 
http://code.google.com/p/ldd6410/source/browse/trunk/training/pcap-example/socket_raw_filter.c?spec=svn161&r=161

This filter is aim to check packet offset, but how to check the other information (or set the other criteria, i.e. the 
queue "SKF_AD_QUEUE")

Can you give me more examples?

Thanks!
jon


-----Original Message-----
From: tcpdump-workers-owner () lists tcpdump org [mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of Guy 
Harris
Sent: Friday, November 12, 2010 11:38 AM
To: tcpdump-workers () lists tcpdump org
Subject: Re: [tcpdump-workers] Does libpcap/tcpdump support "SKF_AD_QUEUE" instruction ?


On Nov 11, 2010, at 6:55 PM, Jon Zhou wrote:

> Does libpcap/tcpdump support "SKF_AD_QUEUE" instruction and BPF filter?

I presume you mean "does libpcap support generating the SKF_AD_QUEUE special packet offset in BPF filter programs?"  If 
so, the answer is "no"; there's probably no reason why there couldn't be a keyword in the libpcap filter language 
("queue {N}" or something such as that) to support it, although, of course, filters with that keyword would be rejected 
if either

        1) you're trying to do a live capture on anything other than a Linux PF_PACKET socket

or

        2) you're trying to read a savefile.

pcap_compile() is, of course, not the only way to get a BPF program; a library or application could, for example, 
generate the filter program by hand, which wouldn't be too bad if you weren't trying to filter on arbitrary 
expressions.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.