Ethereal-dev: Re: RE : [Ethereal-dev] about ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 25 Jun 2003 01:24:19 -0700
On Tue, Jun 24, 2003 at 05:05:02PM +0200, RABRET Laurent FTRD/DAC/ISS wrote:
> I suppose the filtering is performed in kernel mode...

>From looking at your code, the filtering doesn't seem to be done at all.
"pcap_setfilter()" calls the SetFilter method of the pcap_t_ passed to
it, but that method doesn't use its "struct bpf_program *" argument -
it's not passed into the NetMon driver, so the filtering can't be done
in kernel mode (the kernel doesn't even know about the BPF program - and
I suspect there's no BPF interpreter in Microsoft's NetMon driver
anyway, so there's nothing it could do with a BPF program if it *did*
know about it), and there are no calls to "bpf_filter()" anywhere in
your code, so the filtering isn't done in user mode, either.