PF or BPF

classic Classic list List threaded Threaded
69 messages Options
1234
Reply | Threaded
Open this post in threaded view
|

PF or BPF

dfeustel
What can BPF do that PF can not?

Thanks,
Dave Feustel
--
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Ted Unangst-2
On 2/13/06, Dave Feustel <[hidden email]> wrote:
> What can BPF do that PF can not?

different things.

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

dfeustel
On Monday 13 February 2006 12:45, Ted Unangst wrote:
> On 2/13/06, Dave Feustel <[hidden email]> wrote:
> > What can BPF do that PF can not?
>
> different things.

OK, I'll bite. Such as?
(this might be a loong, drawnout thread, but I've got time :-))

--
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Greg Thomas-3
In reply to this post by dfeustel
On 2/13/06, Dave Feustel <[hidden email]> wrote:
> What can BPF do that PF can not?
>

Your questions keep getting better and better.  Just curious as to
whether you've heard of Google?

1.  Make an /etc/bpf.conf and see what happens.  Oh, wait, I don't see
a reference to a config file in man bpf.  Hmmm, maybe bpf doesn't do
anything related to pf.

or

2.  Google for pf vs bpf and see that they can work together but do
very dissimilar duties.

Greg

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Ted Unangst-2
In reply to this post by dfeustel
On 2/13/06, Dave Feustel <[hidden email]> wrote:
> On Monday 13 February 2006 12:45, Ted Unangst wrote:
> > On 2/13/06, Dave Feustel <[hidden email]> wrote:
> > > What can BPF do that PF can not?
> >
> > different things.
>
> OK, I'll bite. Such as?

no, if you can't read a man page, you aren't qualified to read my emails either.

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Jon Simola-2
In reply to this post by dfeustel
On 2/13/06, Dave Feustel <[hidden email]> wrote:
> On Monday 13 February 2006 12:45, Ted Unangst wrote:
> > On 2/13/06, Dave Feustel <[hidden email]> wrote:
> > > What can BPF do that PF can not?
> >
> > different things.
>
> OK, I'll bite. Such as?
> (this might be a loong, drawnout thread, but I've got time :-))

man 4 bpf
     The Berkeley Packet Filter provides a raw interface to data link layers
     in a protocol-independent fashion.

man 8 pfctl
     Packet filtering restricts the types of packets that pass through network
     interfaces entering or leaving the host based on filter rules as de-
     scribed in pf.conf(5).

There, thread over.

--
Jon Simola
Systems Administrator
ABC Communications

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Stuart Henderson
In reply to this post by dfeustel
On 2006/02/13 13:00, Dave Feustel wrote:
> On Monday 13 February 2006 12:45, Ted Unangst wrote:
> > On 2/13/06, Dave Feustel <[hidden email]> wrote:
> > > What can BPF do that PF can not?
> >
> > different things.
>
> OK, I'll bite. Such as?
> (this might be a loong, drawnout thread, but I've got time :-))

PF is for firewalling/natting etc.

BPF is for reading and injecting packets on a network interface
(used by tcpdump etc, amongst others).

I'm sure there must be some books suitable for learning this type of thing.

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

dereck
In reply to this post by Ted Unangst-2
This is getting ridiculous!  The guy said he was under
attack.(!)  What is the point of a _misc_ list anyway?
 He's not clogging the dev list!

The responses here are totally out of line.  Haven't
any of you guys EVER had a desperate situation before?

Sheesh.

--- Ted Unangst <[hidden email]> wrote:

> On 2/13/06, Dave Feustel <[hidden email]>
> wrote:
> > On Monday 13 February 2006 12:45, Ted Unangst
> wrote:
> > > On 2/13/06, Dave Feustel
> <[hidden email]> wrote:
> > > > What can BPF do that PF can not?
> > >
> > > different things.
> >
> > OK, I'll bite. Such as?
>
> no, if you can't read a man page, you aren't
> qualified to read my emails either.

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Joe S-3
In reply to this post by dfeustel
Dave Feustel wrote:
> What can BPF do that PF can not?
>
> Thanks,
> Dave Feustel
One is a packet sniffer, one is a firewall.

However, you are not qualified to operate such tools.
Please disconnect your keyboard from your PC.

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

dfeustel
In reply to this post by dereck
On Monday 13 February 2006 13:51, dereck wrote:
> This is getting ridiculous!  The guy said he was under
> attack.(!)  What is the point of a _misc_ list anyway?
>  He's not clogging the dev list!
>
> The responses here are totally out of line.  Haven't
> any of you guys EVER had a desperate situation before?

Dereck,

Thanks for the support. However, my situation is not desparate.
By refusing to answer a question to which he indicated he had an
answer, Ted has left all of us hanging as to whether he *really*
knows what the differences are between the capabilities of pf and bpf.
 *I* could certainly not testify that Ted actually knows the answer to
that question as he claims to. :-)

(BTW, I had read the bpf man page and, frankly, I couldn't make
any sense out of it on first reading. I started getting a better idea
of bpf by the time I started reading the freebsd bpf man page,
but then I started wondering "why bother with bpf? How do I
even use it?". It must have a useful purpose or it wouldn't be in OpenBSD.)

Maybe someone else can jump in here.

Dave

--
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Greg Thomas-3
On 2/13/06, Dave Feustel <[hidden email]> wrote:
>
> Dereck,
>
> Thanks for the support. However, my situation is not desparate.
> By refusing to answer a question to which he indicated he had an
> answer, Ted has left all of us hanging as to whether he *really*
> knows what the differences are between the capabilities of pf and bpf.

You're a complete tool.  If I said what Ted said then that would be
possible.  I think everyone here realizes that Ted knows the
differences.

>  *I* could certainly not testify that Ted actually knows the answer to
> that question as he claims to. :-)
>
> (BTW, I had read the bpf man page and, frankly, I couldn't make
> any sense out of it on first reading.

Did it sound anything like pf?  Did you look anywhere other than the
man page before posting your question?

Greg

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Jason Crawford
In reply to this post by dfeustel
On 2/13/06, Dave Feustel <[hidden email]> wrote:

> On Monday 13 February 2006 13:51, dereck wrote:
> > This is getting ridiculous!  The guy said he was under
> > attack.(!)  What is the point of a _misc_ list anyway?
> >  He's not clogging the dev list!
> >
> > The responses here are totally out of line.  Haven't
> > any of you guys EVER had a desperate situation before?
>
> Dereck,
>
> Thanks for the support. However, my situation is not desparate.
> By refusing to answer a question to which he indicated he had an
> answer, Ted has left all of us hanging as to whether he *really*
> knows what the differences are between the capabilities of pf and bpf.
>  *I* could certainly not testify that Ted actually knows the answer to
> that question as he claims to. :-)

If he can code rthreads, I think it's pretty safe to say he
understands the differences between bpf and pf, those seem like some
really inflammatory remarks to me. If you bother to take some time to
read the manuals instead of expecting to be spoon fed the information
on the mailing list, then you'll learn a lot more, as well as not get
flamed by others on the list. Ted has much better things to do (like
make rthreads kick even more ass) than to answer silly questions by a
user who is too lazy to read.

>
> (BTW, I had read the bpf man page and, frankly, I couldn't make
> any sense out of it on first reading. I started getting a better idea
> of bpf by the time I started reading the freebsd bpf man page,
> but then I started wondering "why bother with bpf? How do I
> even use it?". It must have a useful purpose or it wouldn't be in OpenBSD.)

You cannot learn all there is to know about bpf and how to effectively
use it in 10 minutes, so you, personally, do NOT need to use bpf at
all. It's what the other utilities like pf and tcpdump use to do what
they do. The utilities are nice user friendly wrappers to the bpf
interfaces, and someone with your experience (lack there of?) should
probably not be touching bpf directly. bpf is very powerful and very
useful, but you really need to understand a lot more than what you
have grasped so far to use bpf effectively.

Jason

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

dfeustel
On Monday 13 February 2006 14:52, Jason Crawford wrote:
> You cannot learn all there is to know about bpf and how to effectively
> use it in 10 minutes, so you, personally, do NOT need to use bpf at
> all. It's what the other utilities like pf and tcpdump use to do what
> they do. The utilities are nice user friendly wrappers to the bpf
> interfaces, and someone with your experience (lack there of?) should
> probably not be touching bpf directly. bpf is very powerful and very
> useful, but you really need to understand a lot more than what you
> have grasped so far to use bpf effectively.

Well, one thing is for certain, the caustic responders to this thread aren't psychic.

So let's try   a   r e a l   s i m p l e   q u e s t i o n :

What OpenBSD programs use bpf.

Please don't try to figure out why I am asking the question.
Just answer it or go do something else that won't upset you.

Thanks,
Dave Feustel
--
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Ted Unangst-2
On 2/13/06, Dave Feustel <[hidden email]> wrote:
> What OpenBSD programs use bpf.

tcpdump.

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Josh Grosse
In reply to this post by dfeustel
On Mon, Feb 13, 2006 at 03:29:09PM -0500, Dave Feustel wrote:

> So let's try   a   r e a l   s i m p l e   q u e s t i o n :
>
> What OpenBSD programs use bpf.

I used this command, Dave:

        find /usr/src -name "*.c" -exec grep bpf {} /dev/null \;

And discovered this list:

        libpcap
        dhclient
        pflogd
        sysctl
        dhcpd
        dhcrelay
        hostapd
        mopd
        pppd
        pppoe
        rarpd
        rbootd
        tcpdump

You could have done this, Dave.  

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Jason Crawford
In reply to this post by dfeustel
On 2/13/06, Dave Feustel <[hidden email]> wrote:

> On Monday 13 February 2006 14:52, Jason Crawford wrote:
> > You cannot learn all there is to know about bpf and how to effectively
> > use it in 10 minutes, so you, personally, do NOT need to use bpf at
> > all. It's what the other utilities like pf and tcpdump use to do what
> > they do. The utilities are nice user friendly wrappers to the bpf
> > interfaces, and someone with your experience (lack there of?) should
> > probably not be touching bpf directly. bpf is very powerful and very
> > useful, but you really need to understand a lot more than what you
> > have grasped so far to use bpf effectively.
>
> Well, one thing is for certain, the caustic responders to this thread aren't psychic.
>
> So let's try   a   r e a l   s i m p l e   q u e s t i o n :
>
> What OpenBSD programs use bpf.
>
> Please don't try to figure out why I am asking the question.
> Just answer it or go do something else that won't upset you.

You're right, none of the responders are psychic, which is why if you
don't include some information, the responses may be inaccurate.
Reading the man page (and some unix common sense) will easily answer
that for you. 1) you have all the source code 2) the man page says
what exact include file bpf has for it's ioctl interface and 3) you
can use find and/or grep to search text files. It's really not hard,
just try to actually think. While you may get upset about this kind of
stuff, I have much better and more important things to worry about.
Trust me, nothing on an internet mailing list is that important to me.

Jason

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Aaron Glenn
In reply to this post by dfeustel
On 2/13/06, Dave Feustel <[hidden email]> wrote:
>
> Well, one thing is for certain, the caustic responders to this thread aren't psychic.
>
> So let's try   a   r e a l   s i m p l e   q u e s t i o n :
>
> What OpenBSD programs use bpf.
>
> Please don't try to figure out why I am asking the question.
> Just answer it or go do something else that won't upset you.

Here's something really simple: try answering questions on your own.

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Otto Moerbeek
In reply to this post by Ted Unangst-2
On Mon, 13 Feb 2006, Ted Unangst wrote:

> On 2/13/06, Dave Feustel <[hidden email]> wrote:
> > What OpenBSD programs use bpf.
>
> tcpdump.

And there's more:

$ cd /usr/src
$ grep -lr bpf.h bin sbin usr.bin usr.sbin libexec

will give you a nice list.

        -Otto

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Diana Eichert
In reply to this post by Ted Unangst-2
On 2/13/06, Dave Feustel <[hidden email]> wrote:
> What OpenBSD programs use bpf.

Oh c'mon Dave, use the tools that are given to you.

find /usr/src -name "*.[c|h]" -exec grep 'bpf.h' /dev/null {} \;

will find files that include references to bpf.

Your comments re: Ted are sad.  I can't believe some of the questions you
ask sometimes.

diana

Reply | Threaded
Open this post in threaded view
|

Re: PF or BPF

Daniel Ouellet
In reply to this post by Aaron Glenn
Aaron Glenn wrote:

> On 2/13/06, Dave Feustel <[hidden email]> wrote:
>> Well, one thing is for certain, the caustic responders to this thread aren't psychic.
>>
>> So let's try   a   r e a l   s i m p l e   q u e s t i o n :
>>
>> What OpenBSD programs use bpf.
>>
>> Please don't try to figure out why I am asking the question.
>> Just answer it or go do something else that won't upset you.
>
> Here's something really simple: try answering questions on your own.

A quick google on why asking why may provide some inside.

May be the process is just starting. Like some study showed:

"Educational software designer believes in learning it by doing it."

May be the process of how to asked a question start by asking a bunch of
them, then see witch form of them actually get the highest level of
response and provoke some kind of learning pleasure.

http://gtresearchnews.gatech.edu/reshor/rh-win00/bruckman.html

And then I found "The Secret Life of Dave"

http://www.geocities.com/jadeddave1/about.html

Many things sound the same, but something tells me this one (on the URL,
just in case) have some hope.

1234