tcpdump and BPF filters

["Geoffrey Sisson" <geoff () geoff co uk>]

Is there any way to use BPF filters directly from tcpdump, i.e., supply
tcpdump with a filter in BPF psuedo-machine format?  I had a cursory
look at the code and couldn't find any obvious way to do this.  What I'd
like to be able to do is supply a BPF filter in bpf_insn struct format, e.g.:

        # cat filter.txt
        0x28 0 0 12
        0x15 0 8 0x0800
        0x30 0 0 23
        0x15 0 6 17
        0x28 0 0 20
        0x45 4 0 0x1fff
        0xb1 0 0 14
        0x48 0 0 16
        0x15 0 1 123
        0x06 0 0 0xffff
        0x06 0 0 0

        # tcpdump -n -s 0 -F filter.txt

(It would be even better to be able to use McCanne and Jacobsons's
assembler syntax -- like what's returned by bpf_image() in libpcap --
but I realize this would probably involve writing another compiler.)

Apologies if this has been asked before.

Geoff


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.