On 2008-09-19 07:48, Guy Harris wrote: > and 1) has no clue whether the program is being generated for the kernel > or userland and 2) takes raw generated code, not a filter expression > from which to generate code, as an argument, so there's no place to > *tell* it what kind of code to generate.
There's really no need. The BPF engine can certainly be protected against this. E.g. count each BPF instruction you execute and bail after a threshold is reached. On bailing, you could also detach the filter, if you want to set a very high threshold. -- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]> "Never try to retrieve anything from a bear."--National Park Service - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
