Hi, all,
When using tcpdump capture trace, we can add filter expressions ( in a
form of primitive [and/or primitive] ).
I want to know how the packets are parsed and matched to this filter
expression. Is there some intermediate data structure for the filter
expression? Is the filter used as it is parsed on each layer of the headers
or used once after the packet is parsed completely?
Is there some material about this?
Regards,
Wenfei Wu
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
