C Structs mnemonics in Linux Socket Filter. trying to make sense
I am trying to discover details about C Linux Socket filter or C Linux BPS sockets. The network filter for socket on this link and other places on this link https://www.kernel.org/doc/Documentation/networking/filter.txt is something like this
/* From the example above: tcpdump -i em1 port 22 -dd */
struct sock_filter code[] = {
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 8, 0x000086dd },
{ 0x30, 0, 0, 0x00000014 },
{ 0x15, 2, 0, 0x00000084 },
{ 0x15, 1, 0, 0x00000006 },
{ 0x15, 0, 17, 0x00000011 },
{ 0x28, 0, 0, 0x00000036 },
{ 0x15, 14, 0, 0x00000016 },
{ 0x28, 0, 0, 0x00000038 },
{ 0x15, 12, 13, 0x00000016 },
{ 0x15, 0, 12, 0x00000800 },
{ 0x30, 0, 0, 0x00000017 },
{ 0x15, 2, 0, 0x00000084 },
{ 0x15, 1, 0, 0x00000006 },
{ 0x15, 0, 8, 0x00000011 },
{ 0x28, 0, 0, 0x00000014 },
{ 0x45, 6, 0, 0x00001fff },
{ 0xb1, 0, 0, 0x0000000e },
{ 0x48, 0, 0, 0x0000000e },
{ 0x15, 2, 0, 0x00000016 },
{ 0x48, 0, 0, 0x00000010 },
{ 0x15, 0, 1, 0x00000016 },
{ 0x06, 0, 0, 0x0000ffff },
{ 0x06, 0, 0, 0x00000000 },
};
when I run the command of tcp dump
tcpdump -i eth0 -s 1500 port not 22
it shows packets coming in eth0. and probably also packets going out (you tell me).
I like to make sense of the C filter structs and how to make sense of the codes above and connection to jt, jf and k value in the sock_filter struct. some info how can I delve deeper into this to understand these hex codes in sock_filter. I am also finding as of now about JIT and assembly language so please guide me with some info about how to start making sense of the struct and its definition.
In the sample filter code in the link mentioned this tcpdump command
tcpdump -i em1 port 22 -dd
when I try this in terminal it says no device is detected. Is this the command to generate the hex codes (also please try to explain a bit may be a few elements of array of sock_filter data above).
user7860 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0