BPF support in flow_meter

Question

BPF support in flow_meter

Closed this issue 8 years ago · 2 comments

@whitetiger21022014 mentioned an idea about filtering support in flow_meter in #28.
It shouldn't be hard to add it, since we currently use libpcap...
http://www.tcpdump.org/pcap.html -> "Filtering traffic"

So, what about adding -F parameter and something like this:

if (filter_exp != NULL) {
   if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
      fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
   }
   if (pcap_setfilter(handle, &fp) == -1) {
      fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
      return(2);
   }
}

into flow_meter?
Any comments? @thorgrin @havraji6 @vaclavbartos
Can this work on OpenWrt? Do we have any plans about dpdk or pf_ring? I currently don't have idea if the filtering can cause any troubles...

Answer 1 · 2017-02-01T07:57:08.000Z

As long as it uses libpcap, add the option. If you ever decide to add support for dpdk, pf_ring or something without the bpf support, you can always drop it, or limit it to libpcap.

Answer 2 · 2017-02-01T12:25:56.000Z

I totally agree with @thorgrin, if it's easy to add this functionality thanks to libpcap, do it. Even if we add support for other inputs than libpcap, it's still better to have filtering limited to libpcap only, than not have it at all.

@cejkato2 Add a return after line 3 in your code snippet.