jnetpcap.filter.bpf
Class BPFFilter

java.lang.Object
  jnetpcap.filter.bpf.BPFFilter

All Implemented Interfaces:

Filter

public class BPFFilter
extends java.lang.Object
implements Filter

Berkley Packet Filter (BFP) filter program. The BPF filter is natively supported in the kernel by most unix implementations and is executed as a special byte-code interpreted program with a small virtaul machine on byte buffers. The jNetPCAP framework also provides two additional BPF filter interpreters, native "userland" BPF interpreter from tcpdump library and java based "userland" BPF provided as a fall back if none of the other interpreters are available. The library chooses the interpreters in the following order:

• For live captures - kernel level BPF
• For filtering capture files - tcpdump level BPF if native jNetPCAP package (based on C version of libpcap) is detected
• For filtering capture files - if native jNetPCAP package is not available the supplied java interpreter is invoked to process the filter.

Author:

Mark Bednarczyk, Sly Technologies, Inc.

Nested Class Summary

Nested classes/interfaces inherited from interface jnetpcap.filter.Filter

Filter.And, Filter.Or

Constructor Summary

BPFFilter(byte[] bpfCode, FilterTarget encapsulation)

BPFFilter(FilterExpression expression)
Initializes the BPF filter with the specified filter expression in what ever syntax the user chooses.

Method Summary

boolean

execute(java.nio.ByteBuffer buffer, FilterTarget dlt) Executes the given filter and returns the result of the evaluation against the buffer.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BPFFilter

public BPFFilter(FilterExpression expression)

Initializes the BPF filter with the specified filter expression in what ever syntax the user chooses. The expression is compiled and applied appropriately for each FilterTarget type of the active CaptureSystems.

Parameters:

expression - expression to be compiled to binary BPF program

BPFFilter

public BPFFilter(byte[] bpfCode,
                 FilterTarget encapsulation)

Method Detail

execute

public boolean execute(java.nio.ByteBuffer buffer,
                       FilterTarget dlt)

Description copied from interface: Filter

Executes the given filter and returns the result of the evaluation against the buffer. True means the filter matched, false means it failed.

Specified by:

execute in interface Filter

Parameters:

buffer - buffer to execute the filter against

dlt - TODO

Returns:

true filter succeeded, false failed