dhcpcd-discuss

Home Other Lists Thread Index Date Index Search
Thread Prev Thread Next Date Prev Date Next Thread Index Date Index

Re: RE: Yocto Build and Feature Request

Roy Marples

Tue Dec 15 14:47:48 2015
Hi Nate

On Monday 14 December 2015 23:54:58 Karstens, Nate wrote:
> Something else I noticed. From bpf-filter.h with notes in comments:
> 
> static const struct bpf_insn arp_bpf_filter [] = {
> #ifndef BPF_SKIPTYPE
>        /* Make sure this is an ARP packet... */
>        BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12),
>        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_ARP, 0, 3), /* should
> be 5 ... */ #endif
>        /* Make sure this is an ARP REQUEST... */
>        BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20 + BPF_ETHCOOK),
>        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPOP_REQUEST, 2, 0),
>        /* or ARP REPLY... */
>        BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20 + BPF_ETHCOOK), /* this line
> isn't strictly necessary */ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K,
> ARPOP_REPLY, 0, 1), /* if it is 3 then we jump here */ /* If we passed all
> the tests, ask for the whole packet. */ BPF_STMT(BPF_RET + BPF_K,
> BPF_WHOLEPACKET),
>        /* Otherwise, drop it. */
>        BPF_STMT(BPF_RET + BPF_K, 0),
> };
> 
> This can be confirmed by putting the pcap filter through a BPF compiler.
> 
> arp && (arp[6:2] == 1 || arp[6:2] == 2)
> 
> Compiles to:
> 
> static const struct bpf_insn arp_bpf_filter [] = {
> #ifndef BPF_SKIPTYPE
>        /* Make sure this is an ARP packet... */
>        BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12),
>        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_ARP, 0, 5),
> #endif
>        /* Make sure this is an ARP REQUEST or REPLY... */
>        BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20 + BPF_ETHCOOK),
>        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPOP_REQUEST, 1, 0),
>        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPOP_REPLY, 0, 1),
>        /* If we passed all the tests, ask for the whole packet. */
>        BPF_STMT(BPF_RET + BPF_K, BPF_WHOLEPACKET),
>        /* Otherwise, drop it. */
>        BPF_STMT(BPF_RET + BPF_K, 0),
> };


Applied here: http://roy.marples.name/projects/dhcpcd/info/d20598aa1b763a92
I've also made a subsequent change to check for ETHERTYPE_IP as the ARP 
protocol in the BPF filter here:
http://roy.marples.name/projects/dhcpcd/info/d20598aa1b763a92

Let me know of that works for you as well!

Thanks

Roy
Follow-Ups:
RE: RE: Yocto Build and Feature RequestKarstens, Nate
References:
Yocto Build and Feature RequestKarstens, Nate
RE: Yocto Build and Feature RequestKarstens, Nate
Archive administrator: postmaster@marples.name