1) when i start sniffing i attach a bpf code to the socket by means of
setsockopt system call. (as given in the filter.txt file in the docs of
lsf)
2) then i do some reads on the socket and now i want to change the
filtering criteria and so the bpfcode which was attached to the socket
also needs to be changed.
3) for that i need to again call the setsockopt to attach the new
bpfcode.
4) but the necessity is that as soon as i find the need to change the
criteria, i need to grab all the packets after that till the time i
have not attached the new code (altough this will be few of
milliseconds).
5) so i remove the filter expression by means of setsockopt
SO_DETACH_FILTER and then regenrate the bpfcode for the nw expression.
6) now i do a attach operation on the socket by means of setsockopt and
so attach the new filter.
7) now here comes my real question. All the packets which were buffered
by the kernel after the detach operation and then the attach operation
(as in point 6), will they be filtered on the basis of the new filter
expression and then passed to the user process or will they be passed
as it is (i.e. without filtering) and only those packets which were
received after the second attach operation will be filtered on the
basis of the new expression ?
(sorry if i am unclear this time also..i will mail u the program next
if i am unclear this time too.)
thanks
mal
=====
Image by FlamingText.com
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/