It occurs to me that BPF needs a similar "special" instruction to chase down a particular header. At present, BPF filters will fail to match any TCP packet that has any extension header present. Thus a "chase" or "find" instruction is needed.
An example of such an instruction might be: ldxbf [8],6 where starting with the contents at offset 8, look for a byte value that matches "6". If [8] contains another value, start at the end of the IPv6 header and search extension headers for the value "6". At the end, "x" contains the offset to the start of the protocol header that matches the value "6". Thoughts? Darren - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
