I am struggling to come up with a bpf filter (or lsf I guess because I
am using Linux) that will allow me to receive only the 5 necessary
messages for ipv6 neighbor discovery on my raw socket. These would
include neighbor solicitations, neighbor advertisements, router
solicitations, router advertisements, and redirects. The socket I am
creating in my C++ code is:
sock=socket(PF_PACKET, SOCK_RAW,htons(ETH_P_IPV6));
I have used tcpdump to make a filter to limit packets on this socket to
only icmp6 messages. However, I need to limit it further so my
application cannot be bombarded with echo requests and replies.
Tcpdump does not have support for the necessary type of expression
(i.e. icmp6[x]), so I cannot utilize it to create the bpf and must
instead come up with it on my own. Being a novice at bpf, this is
proving difficult.
Can anyone help or at least point me in the right direction?
My current filter (limiting to all icmp6 traffic) is:
struct sock_filter bpf[] = {
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 3, 0x000086dd },
{ 0x30, 0, 0, 0x00000014 },
{ 0x15, 0, 1, 0x0000003a },
{ 0x6, 0, 0, 0x00000060 },
{ 0x6, 0, 0, 0x00000000 }
};
Thanks in advance for the help.
|
Similar Threads
Linear Mode
