DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th March 2013
vpenkoff vpenkoff is offline
New User
 
Join Date: Mar 2013
Posts: 2
Default FreeBSD's BPF data representation

Hi guys. I'm diggin some bpf stuff and i can't figure out, why there are 3 types of data representations: words, halfwords and bytes? I mean how can i know, which one is best to use? In some basic example, e.g. for packet capture, considering BPF's manual, i use for ETHERTYPE in the ethernet header a halfword representation, but for a IP address - word representation. Can somebody explain? 10x!
Reply With Quote
  #2   (View Single Post)  
Old 8th March 2013
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Hello!

This is the sort of questions that's pretty unlikely to get a decent answer on these forums.

The best place to ask is on a FreeBSD mailing list, this is where the developers hang out. freebsd-net@ seems the appropriate list. The FreeBSD handbook lists them all.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #3   (View Single Post)  
Old 8th March 2013
vpenkoff vpenkoff is offline
New User
 
Join Date: Mar 2013
Posts: 2
Default

Aw yeah.. the mailing lists! I forgot them ! Anyway, thanks! If i figure out the mystery, i'll post!
Reply With Quote
  #4   (View Single Post)  
Old 8th March 2013
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 163
Default

I read the BPF Usenix document from 1993 that I found on wikipedia:

http://en.wikipedia.org/wiki/Berkeley_Packet_Filter

http://www.tcpdump.org/papers/bpf-usenix93.pdf

The document describes a "pseudo machine" language for BPF similar to the machine languages used on a Motorola 6800 or IBM z machines.

It is big-endian (unlike Intel/AMD machines) and uses 32 bit words.

So to answer your question about why to use words, half-words and bytes.

A byte is 8 bits.
A half-word is 2 bytes or 16 bits
A word is 4 bytes or 32 bits.

The question of when to use each type is dependent on the sizes defined in the TCP/IP packet headers:

http://nmap.org/book/tcpip-ref.html

For example the ipv4 address of daemonforums.org is 94.142.245.224

This is a 4 byte word and In big-endian hexadecimal is: 0x5E8EF5E0

One can break it down into the 4 bytes:

94 = 0x5E
142 = 0x8E
245 = 0xF5
224 = 0xE0
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Data modeling software sutures FreeBSD General 1 24th September 2011 02:34 PM
Is this an accurate representation of market share? guitarscn OpenBSD General 1 24th January 2010 06:03 PM
Mounting FreeBSD Data on Windows tuck Other OS 11 13th February 2009 10:19 AM
Data Structures in C JMJ_coder Programming 9 6th November 2008 02:22 AM
data recovery. LateNiteTV FreeBSD General 8 29th August 2008 08:11 PM


All times are GMT. The time now is 07:52 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick