iovisor-dev@lists.iovisor.org | Embedding pcap filters in C

Home Messages Hashtags Subgroups

Date Date 1 - 3 of 3

Embedding pcap filters in C

Adrian Moreno #953 Hi all, I'm playing around with bcc (which I find awesome, by the way) and I'm trying to embed a pcap filter inside another BPF program so that I can have the user-friendlyness of tcpdump-like expressions and the coolness of BPF-maps, for example. Is that possible without going down into LLVM or writing BPF code directly? Can someone give me a hit? I tried to inline the pcap-filter in a C program using __asm__() but LLVM fails with: "LLVM ERROR: Inline asm not supported by this streamer because we don't have an asm parser for this target" Thanks very much in advance. BR. Adrian
More All Messages By This Member
Yonghong Song #957 On Sat, Aug 19, 2017 at 3:44 AM, Adrian Moreno via iovisor-dev <iovisor-dev@...> wrote: Hi all, I'm playing around with bcc (which I find awesome, by the way) and I'm trying to embed a pcap filter inside another BPF program so that I can have the user-friendlyness of tcpdump-like expressions and the coolness of BPF-maps, for example. Is that possible without going down into LLVM or writing BPF code directly? Can someone give me a hit? you may have to do that for an arbitrary filter. Maybe bpf code is simpler, there are some examples in how trace.py/argdist.py translating a simple spec to a bpf program. I tried to inline the pcap-filter in a C program using __asm__() but LLVM fails with: "LLVM ERROR: Inline asm not supported by this streamer because we don't have an asm parser for this target" inline assembler is not supported for bpf backend. Thanks very much in advance. BR. Adrian _______________________________________________ iovisor-dev mailing list iovisor-dev@... https://lists.iovisor.org/mailman/listinfo/iovisor-dev
More All Messages By This Member
Adrian Moreno #958 On 08/19/2017 10:41 PM, Y Song wrote: On Sat, Aug 19, 2017 at 3:44 AM, Adrian Moreno via iovisor-dev <iovisor-dev@...> wrote: Hi all, I'm playing around with bcc (which I find awesome, by the way) and I'm trying to embed a pcap filter inside another BPF program so that I can have the user-friendlyness of tcpdump-like expressions and the coolness of BPF-maps, for example. Is that possible without going down into LLVM or writing BPF code directly? Can someone give me a hit? you may have to do that for an arbitrary filter. Maybe bpf code is simpler, there are some examples in how trace.py/argdist.py translating a simple spec to a bpf program. Thanks! I'll give it a try.
More All Messages By This Member

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms