pflua
pflua copied to clipboard
Igalia
Packet filtering in Lua
Here's an example showing the difference between tcpdump and pflua: ``` $ pflua-compile 'ip6 net 178.79.151.0' return function(P,length) return false end $ tcpdump -d 'ip6 net 178.79.151.0' tcpdump: 'ip6' modifier...
The following are libpcap pflang expressions which pflua doesn't allow, and their pflua equivalents. The root issue is that libpcap-pflang automatically uses the previous keyword if it's elided. `port 3...
On this expression, tcpdump emits a syntax error: ``` /usr/sbin/tcpdump -d "proto tcp" tcpdump: syntax error ``` While Pflua has an internal error: ``` $ ../tools/pflua-compile "proto tcp" luajit: ./pf/expand.lua:1149:...
Edit: my original description here was incorrect, I think this is a weird corner case in pflang that should maybe be ruled out? I think the pflang expression `ip dst...
This PR implements a simple operator which can match a VLAN tag. Pflan 'vlan' handles VLAN hierarchies incrementing filter offsets by 4 on each use [1] The proposed 'vlanid' operator...
On the good side: pflua appears to have fairly good libpcap compatibility on this point. The only incompatible detail that has appeared is that pflua does not treat hexadecimal arguments...
Add the ability to dump the AST, ANF, and SSA IRs to pflua-compile, with and without optimization. Obsolete pflua-expand. Update other tools/internals to reflect convert_anf and convert_ssa requiring an optimize...
The following pflang is from Juho Snellman's blog post, and looks for the window-scaling option among the first 6 TCP options. I think it miscompiles though, because it looks like...
Pflang, as implemented by both pflua and libpcap, compiles pflang expressions to checks against fixed offsets, before looking at any packets. The consequence of their current implementations is that in...