tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BPF Extended: addressing BPF's shortcomings

From: Michael Richardson <mcr () sandelman ca>
Date: Thu, 11 Jun 2015 09:50:20 -0400

"Paul \"LeoNerd\" Evans" <leonerd () leonerd org uk> wrote:
    >> >   2) A few more AD constants added to the Linux "auxdata" area,
    >> > giving information about the transport layer.
    >>
    >> Can you please expand on this?

    > See the SKF_NET_OFF and SKF_LL_OFF constants.
    > I wanted to simply add another, SKF_TRANS_OFF

    > This would give an offset into a virtual view of the "transport" layer;
    > i.e. the start of the TCP/UDP/whatever header, regardless where it
    > starts in the packet.

    > Now, filtering for a given TCP port only needs to compare the value of
    > SKF_AD_TRANSPORT (which we'd also have to add), and then look at
    > certain indexes into SKF_TRANS_OFF; it doesn't have to *find* the TCP
    > header at all, doesn't care if it's IPv4 or IPv6 or whatever...

Is Linux even going to set that if it's for a VLAN or an IP address that
is not recognized as local?

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [



_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: