Wireshark mailing list archives
Re: dumpcap and bpf assembler
From: Richard Stearn <richard () rns-stearn demon co uk>
Date: Thu, 28 May 2015 09:44:03 +0100
Sake Blok wrote: Hi Sake
I think I misunderstood you then. I thought you were looking for a
> way to write some assembly/machine code for the BPF pseudo processor. You understood me perfectly. That exactly what I wish to do.
Which of course works only on the content of a packet (link layer
> data and upwards). I believe that anything the BPF engine can do can
In Linux there are some extensions to BPF that allow access to a few
Linux internal variables:
https://www.kernel.org/doc/Documentation/networking/filter.txt
I just need to find or code a method of passing the assembler source
to the kernel within dumpcap.
--
Regards
Richard
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- dumpcap and bpf assembler Richard Stearn (May 26)
- Re: dumpcap and bpf assembler Sake Blok (May 27)
- Re: dumpcap and bpf assembler Richard Stearn (May 27)
- Re: dumpcap and bpf assembler Sake Blok (May 27)
- Re: dumpcap and bpf assembler Richard Stearn (May 28)
- Re: dumpcap and bpf assembler Guy Harris (May 28)
- Re: dumpcap and bpf assembler Sake Blok (May 29)
- Re: dumpcap and bpf assembler Richard Stearn (May 27)
- Re: dumpcap and bpf assembler Sake Blok (May 27)