Ethereal-dev: Re: [Ethereal-dev] An interesting project for somebody

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 14 Oct 2002 09:56:21 -0700
On Mon, Oct 14, 2002 at 10:23:57AM +0100, Richard Urwin wrote:
> 4. People often ask if they can capture-filter on a field in a packet
> which is at varying offsets from  packet to packet, or on a string which
> can exist anywhere in the packet.
> 5. These filters are possible in BPF,

Really?

What would the BPF code be to check for a string anywhere in the packet?

(Note that BPF does *NOT* support loops; BPF branches can only branch
forward.  That was done so that BPF programs cannot loop infinitely,
so that the kernel's BPF-program-checking code has fewer things to worry
about.  This means that a BPF program that loops checking multiple
offsets is impossible, so that's not a valid BPF filter to check for a
string that can exist anywhere in the packet.)