Re: NPF on 8.1 and pcap-filter expressions

To: current-users%netbsd.org@localhost
Subject: Re: NPF on 8.1 and pcap-filter expressions
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Thu, 22 Aug 2019 11:22:26 -0000 (UTC)

kardel%netbsd.org@localhost (Frank Kardel) writes:

>I just tripped over:
>   pass in final pcap-filter "ip multicast or ip6 multicast"

>flawlessly compiles ... but:
>   pass in final pcap-filter "ip broadcast"

>gives in "npf validate"
>/etc/npf.conf:xx:9: invalid pcap-filter(7) syntax

>although man 7 pcap-filter says otherwise and tcpdump gladly accepts ip 
>broadcast.

from libpcap:

        case Q_IP:
                /* 
                 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff)
                 * as an indication that we don't know the netmask, and fail
                 * in that case.
                 */
                if (cstate->netmask == PCAP_NETMASK_UNKNOWN)
                        bpf_error(cstate, "netmask not known, so 'ip broadcast'
not supported");

npfctl compiles the filter expression with PCAP_NETMASK_UNKNOWN, there
is no netmask it could apply.

-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."

Follow-Ups:
- Re: NPF on 8.1 and pcap-filter expressions
  - From: Frank Kardel

References:
- NPF on 8.1 and pcap-filter expressions
  - From: Frank Kardel

Prev by Date: NPF on 8.1 and pcap-filter expressions
Next by Date: Re: NPF on 8.1 and pcap-filter expressions
Previous by Thread: NPF on 8.1 and pcap-filter expressions
Next by Thread: Re: NPF on 8.1 and pcap-filter expressions
Indexes:

Home | Main Index | Thread Index | Old Index