Wireshark · Wireshark-users: Re: [Wireshark-users] dumpcap and bpf assembler

Wireshark-users: Re: [Wireshark-users] dumpcap and bpf assembler

From: Richard Stearn <richard@xxxxxxxxxxxxxxxxxxxxxx>

Date: Thu, 28 May 2015 09:44:03 +0100

Sake Blok wrote:

Hi Sake

I think I misunderstood you then. I thought you were looking for a

> way to write some assembly/machine code for the BPF pseudo processor.

You understood me perfectly.  That exactly what I wish to do.

Which of course works only on the content of a packet (link layer

> data and upwards). I believe that anything the BPF engine can do can

In Linux there are some extensions to BPF that allow access to a few
Linux internal variables:

	https://www.kernel.org/doc/Documentation/networking/filter.txt

I just need to find or code a method of passing the assembler source
to the kernel within dumpcap.

--
Regards
	Richard

References:
- [Wireshark-users] dumpcap and bpf assembler
  - From: Richard Stearn
- Re: [Wireshark-users] dumpcap and bpf assembler
  - From: Sake Blok
- Re: [Wireshark-users] dumpcap and bpf assembler
  - From: Richard Stearn
- Re: [Wireshark-users] dumpcap and bpf assembler
  - From: Sake Blok

Prev by Date: Re: [Wireshark-users] dumpcap and bpf assembler
Next by Date: [Wireshark-users] StarTech USB32000SPT
Previous by thread: Re: [Wireshark-users] dumpcap and bpf assembler
Next by thread: Re: [Wireshark-users] dumpcap and bpf assembler
Index(es):
- Date
- Thread