tcpdump mailing list archives
BPF Exam
From: Denis Ovsienko via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Sun, 5 Jun 2022 18:11:19 +0100
--- Begin Message --- From: Denis Ovsienko <denis () ovsienko info>
Date: Sun, 5 Jun 2022 18:11:19 +0100
Hello list. A while ago I tried to comprehend a few BPF-related bug reports in libpcap and found it difficult to follow the logic of filter compilation and optimization. On one hand, there is the universally available, but basic "tcpdump -d" pseudocode listing. On the other, there is the off-by-default optimizer debug mode in libpcap and the associated visopts.py script (and the C source code, of course). But it seemed as if something in between of these levels of detail would be more convenient in some cases. One of the bug reports (798) contained a block of BPF bytecode disassembly with visualized conditional jump instructions, which seemed useful and led me to discover Radare2. After some experimentation and integration it became possible to produce several different types of debugging information easily on one page (called "BPF Exam"): https://www.tcpdump.org/bpfexam/ As usual, there is some space for future improvements, but this revision looks ready for general use. Currently the page allows at most 1 form submission per second to limit the impact on the server resources, other than that everything should be self-explanatory. Feedback is welcome on the list. Cheers. -- Denis Ovsienko
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- BPF Exam Denis Ovsienko via tcpdump-workers (Jun 05)