richard%aiai.edinburgh.ac.uk@nss.cs.ucl.ac.uk (Richard Tobin) (04/07/89)
I want a nit filter that gives me all non-ip packets and certain ip
packets. As I read the manual [nit_pf(4m)], this code should give me all
the non-ip packets:
*fwp++ = ENF_PUSHWORD + shorts(offsetof(struct ether_header, ether_type));
*fwp++ = ENF_PUSHLIT | ENF_CNAND;
*fwp++ = ETHERTYPE_IP;
... tests for the ip packets I want ...
but it appears to reject the non-ip packets instead. If I replace it with
this (which should be equivalent) it works:
*fwp++ = ENF_PUSHWORD + shorts(offsetof(struct ether_header, ether_type));
*fwp++ = ENF_PUSHLIT | ENF_EQ;
*fwp++ = ETHERTYPE_IP;
*fwp++ = ENF_PUSHZERO | ENF_COR;
... tests for the ip packets I want ...
In the first case, CNAND shoud return true if ether_type and ETHERTYPE_IP
are not equal.
In the second case, COR should return true if
(ether_type == ETHERTYPE_IP) and zero are equal.
Is there a bug in the manual, the implementation, or my understanding?
[The macros shorts and offsetof are defined like this:
#define offsetof(type, field) ((int)&((type *)0)->field)
#define shorts(n) ((u_short)((n) / sizeof(u_short)))
]
-- Richard