Re: detailed description of linux socket filter and sniffing problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--- Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:
> > 5) so i remove the filter expression by means of setsockopt
> > SO_DETACH_FILTER and then regenrate the bpfcode for the nw
> expression.
> > 
> > 6) now i do a attach operation on the socket by means of setsockopt
> and
> > so attach the new filter.
> 
> You can just issue a new SO_ATTACH_FILTER and it will swap them over
> rather
> than having an 'all packets' time. You will have some buffered frames
> matching
> the old filter

Hello Alan, 

But the reason why i am not doing this right now is that as soon as i
determine that i need to change the bpfcode, i would possibly require
that at that very instant i don't miss the next 2-3 packets
corresponding to the new criteria which are of prime importance. Then
if i take my time in compiling and then attaching the new code in the
manner u have suggested, the kernel might drop those important packets
as during this time the bpfcode is still the old one. So, at that very
instant i detach the bpfcode. This helps me in the way that this is the
fastest way in which i can grab the next 2-3 packets. But this would
possibly provide an inlet for the invalid or not required packets also
to be buffered in the kernel. So, if i have a way that the buffered
packets should be now filtered on the basis of the new bpfcode  which i
have attached to the socket, then things will be fine.

Thus this is the reason why i am trying to  find the solution for the
case as i have explained it in the previous mail. 

If there is some way out for this problem, then please suggest me the
same, as i am in urgent need of a solution for this problem of mine.

PS: Alan, It's a great pleasure to have your mail in my inbox. I have
read your name so much in the kernel code, that seeing your mail seems
like dream come true.

=====

Image by FlamingText.com

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux