BPF data representation
Viktor Penkoff
vpenkoff at gmail.com
Fri Mar 8 09:02:21 UTC 2013
Hi guys. I'm diggin some bpf stuff and i can't figure out, why there are 3
types of data representations: words, halfwords and bytes? I mean how can i
know, which one is best in a place to use? In some basic example, e.g. for
packet capturing, considering BPF's manual, i use for ETHERTYPE in the
ethernet header a halfword representation, but for a IP address - word
representation.
Let's say we have some read instructions:
BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 12),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ETHERTYPE_IP, X, Y),
....
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, 26),
BPF_JUMP(BPF_JMP+BPF+JEQ+BPF_K, 0xABABABAB, X,Y)
Can someone explain?
Thanks!
More information about the freebsd-net
mailing list