Sweet, that's exactly what I wanted. Thanks! On Sun, Feb 10, 2013 at 6:35 AM, Daniel Borkmann <[email protected]> wrote: > On 02/10/2013 12:30 PM, Daniel Borkmann wrote: >> >> On 02/09/2013 06:08 AM, Jon Schipp wrote: >>> >>> ~/netsniff-ng/Documentation/Bpfc: "Furthermore, the Linux kernel has >>> undocumented BPF filter extensions that can be found in the virtual >>> machine source code [123]" Link isn't listed for the reference point. >>> Is there any sort of reference for the undocumented kernel extensions? >>> Yes, I know they're officially undocumented but maybe someone has >>> written about them?. What kernel source file has the code for these? >>> >>> I'm interested in these two at the moment. >>> #type Packet class1 , e.g. Broadcast, Multicast, Outgoing, ... >>> #ifidx Network device index the packet was received on >> >> >> ifidx: >> >> You see which ifindex what netdevice has via: ip a (the number >> followed by the colon). This option might be useful if you use >> the "any" device and want to see traffic originating from two or >> more devices, bit not all of them. >> >> type: >> >> The definitions are part of linux/if_packet.h: >> >> /* Packet types */ >> #define PACKET_HOST 0 /* To us */ >> #define PACKET_BROADCAST 1 /* To all */ >> #define PACKET_MULTICAST 2 /* To group */ >> #define PACKET_OTHERHOST 3 /* To someone else */ >> #define PACKET_OUTGOING 4 /* Outgoing of any type */ >> /* These ones are invisible by user level */ >> #define PACKET_LOOPBACK 5 /* MC/BRD frame looped back */ >> #define PACKET_FASTROUTE 6 /* Fastrouted frame */ >> >> So you can use sth like (uncompiled, untested): >> >> ld #type >> jneq #0, drop >> jneq #1, drop > > > s/jneq/jeq/a > > >> ret #-1 >> drop: >> ret #0 > > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > >
-- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
